Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for CinemaBig

- - - - -
Started by Metallica , Aug 27 2014 12:46 PM

  • Please log in to reply
No replies to this topic

#1
Metallica
Posted 27 August 2014 - 12:46 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts

Content is republished with permission from Malwarebytes.

 

What is CinemaBig?
 
The Malwarebytes research team has determined that CinemaBig is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the affected browser visits their site or one of their choice. This one also displays advertisements.
 
How do I know if my computer is affected by CinemaBig?
 
You may see these browser extensions/add-ons:
 
warning1.png
 
warning2.png
 
and this entry in your list of installed programs:
 
warning4.png
 
 
How did CinemaBig get on my computer?
 
Browser hijackers use different methods for distributing themselves. This particular one was offered as a video enhancing browser extension.
 
How do I remove CinemaBig?
 
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
  • Enable free trial of Malwarebytes Anti-Malware Premium
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
    •  
    Is there anything else I need to do to get rid of CinemaBig?
  • No, Malwarebytes' Anti-Malware removes CinemaBig completely.
    • How would the full version of Malwarebytes Anti-Malware help protect me?
     
    We hope our application and this guide have helped you eradicate this hijacker.  
     
    As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the CinemaBig hijacker.  It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.
     

    protection1.png

    Technical details for experts
     
    Signs in a HijackThis log:
    O2 - BHO: CrossriderApp0063163 - {11111111-1111-1111-1111-110611311163} - C:\Program Files\CinemaBig-1.1\CinemaBig-1.1-bho.dll
     
    Alterations made by the installer:
     
File system details  
---------------------------------------------
    Adds the folder C:\Program Files\CinemaBig-1.1
       Adds the file 1293297481.mxaddon"="8/14/2014 6:46 PM, 44330 bytes, A
       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16.crx"="8/27/2014 2:04 PM, 257930 bytes, A
       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16.xpi"="8/27/2014 2:04 PM, 299964 bytes, A
       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-11.exe"="8/27/2014 2:04 PM, 1940296 bytes, A
       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-2.exe"="8/27/2014 2:04 PM, 373064 bytes, A
       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-4.exe"="8/27/2014 2:04 PM, 1453896 bytes, A
       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-5.exe"="8/27/2014 2:05 PM, 477512 bytes, A
       Adds the file 7628f0b7-9e97-42e2-913b-66501eb137f2.crx"="8/27/2014 2:04 PM, 259139 bytes, A
       Adds the file a26c1c29-694d-4266-9fd2-39ee0f36ae5e.exe"="8/27/2014 2:05 PM, 350024 bytes, A
       Adds the file background.html"="8/17/2014 8:08 AM, 729 bytes, A
       Adds the file CinemaBig-1.1.ico"="8/17/2014 8:08 AM, 9662 bytes, A
       Adds the file CinemaBig-1.1-bg.exe"="8/27/2014 2:04 PM, 592712 bytes, A
       Adds the file CinemaBig-1.1-bho.dll"="8/27/2014 2:04 PM, 568136 bytes, A
       Adds the file CinemaBig-1.1-codedownloader.exe"="8/27/2014 2:04 PM, 549704 bytes, A
       Adds the file f561d32c-f1d4-45a7-ae83-0a23da28781e.exe"="8/27/2014 2:04 PM, 31560 bytes, A
       Adds the file Interop.IWshRuntimeLibrary.dll"="8/27/2014 2:04 PM, 53576 bytes, A
       Adds the file Newtonsoft.Json.dll"="8/27/2014 2:04 PM, 495432 bytes, A
       Adds the file SuperSocket.ClientEngine.Common.dll"="8/27/2014 2:04 PM, 23368 bytes, A
       Adds the file SuperSocket.ClientEngine.Core.dll"="8/27/2014 2:04 PM, 26440 bytes, A
       Adds the file SuperSocket.ClientEngine.Protocol.dll"="8/27/2014 2:04 PM, 19784 bytes, A
       Adds the file Uninstall.exe"="8/27/2014 2:04 PM, 102728 bytes, A
       Adds the file utils.exe"="8/27/2014 2:04 PM, 2421803 bytes, A
       Adds the file WebSocket4Net.dll"="8/27/2014 2:04 PM, 64328 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\defaults\preferences
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\userCode
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\locale\en-US
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin
    In the existing folder C:\Windows\System32\Tasks
       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-1"="8/27/2014 2:04 PM, 4840 bytes, A
       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-11"="8/27/2014 2:04 PM, 7512 bytes, A
       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-2"="8/27/2014 2:04 PM, 4454 bytes, A
       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-5"="8/27/2014 2:05 PM, 4714 bytes, A
       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-5_user"="8/27/2014 2:05 PM, 4740 bytes, A
       Adds the file a26c1c29-694d-4266-9fd2-39ee0f36ae5e"="8/27/2014 2:05 PM, 4434 bytes, A
       Adds the file f561d32c-f1d4-45a7-ae83-0a23da28781e"="8/27/2014 2:04 PM, 3654 bytes, A
    In the existing folder C:\Windows\Tasks
       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-1.job"="8/27/2014 2:04 PM, 1810 bytes, A
       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-11.job"="8/27/2014 2:04 PM, 4482 bytes, A
       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-2.job"="8/27/2014 2:04 PM, 1424 bytes, A
       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-5.job"="8/27/2014 2:05 PM, 1684 bytes, A
       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-5_user.job"="8/27/2014 2:05 PM, 1704 bytes, A
       Adds the file a26c1c29-694d-4266-9fd2-39ee0f36ae5e.job"="8/27/2014 2:05 PM, 1404 bytes, A
       Adds the file f561d32c-f1d4-45a7-ae83-0a23da28781e.job"="8/27/2014 2:04 PM, 618 bytes, A
 
Registry details  
------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaBig-1.1\Firefox]
       "TotalProfiles"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaBig-1.1\Firefox\Profiles]
       "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaBig-1.1\IE]
       "TotalProfiles"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaBig-1.1\IE\Profiles]
       "S-1-5-21-4016700205-1717049133-1125222536-1001"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaBig-1.1\Installer]
       "BundledAddCh"="REG_DWORD", 1
       "BundledFirefox"="REG_DWORD", 1
       "BundledIe"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}]
       "(Default)"="REG_SZ", "CinemaBig-1.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}\Implemented Categories]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Program Files\CinemaBig-1.1\CinemaBig-1.1-bho.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}\ProgID]
       "(Default)"="REG_SZ", "CrossriderApp0063163.BHO.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}\TypeLib]
       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644314463}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}\VersionIndependentProgID]
       "(Default)"="REG_SZ", "CrossriderApp0063163"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622312263}]
       "(Default)"="REG_SZ", "CrossriderApp0063163.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622312263}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Program Files\CinemaBig-1.1\CinemaBig-1.1-bho.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622312263}\ProgID]
       "(Default)"="REG_SZ", "CrossriderApp0063163.Sandbox.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622312263}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622312263}\TypeLib]
       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644314463}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622312263}\VersionIndependentProgID]
       "(Default)"="REG_SZ", "CrossriderApp0063163.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.BHO]
       "(Default)"="REG_SZ", "CrossriderApp0063163"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.BHO\CLSID]
       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611311163}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.BHO\CurVer]
       "(Default)"="REG_SZ", "CrossriderApp0063163"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.BHO.1]
       "(Default)"="REG_SZ", "CrossriderApp0063163"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.BHO.1\CLSID]
       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611311163}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.Sandbox]
       "(Default)"="REG_SZ", "CrossriderApp0063163.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.Sandbox\CLSID]
       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622312263}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.Sandbox\CurVer]
       "(Default)"="REG_SZ", "CrossriderApp0063163.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.Sandbox.1]
       "(Default)"="REG_SZ", "CrossriderApp0063163.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.Sandbox.1\CLSID]
       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622312263}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655315563}]
       "(Default)"="REG_SZ", "ICrossriderBHO"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655315563}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655315563}\ProxyStubClsid32]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655315563}\TypeLib]
       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644314463}"
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666316663}]
       "(Default)"="REG_SZ", "ISandBox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666316663}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666316663}\ProxyStubClsid32]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666316663}\TypeLib]
       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644314463}"
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644314463}\1.0]
       "(Default)"="REG_SZ", "CrossriderApp0063163 Type Library"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644314463}\1.0\0\win32]
       "(Default)"="REG_SZ", "C:\Program Files\CinemaBig-1.1\CinemaBig-1.1-bho.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644314463}\1.0\FLAGS]
       "(Default)"="REG_SZ", "0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644314463}\1.0\HELPDIR]
       "(Default)"="REG_SZ", "C:\Program Files\CinemaBig-1.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\27058]
       "63163"="REG_SZ", "CinemaBig-1.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\27058\Status]
       "Installed"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611311163}]
       "(Default)"="REG_SZ", "CrossriderApp0063163"
       "NoExplorer"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]
       "{11111111-1111-1111-1111-110611311163}"="REG_SZ", "1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinemaBig-1.1]
       "CrAppId"="REG_SZ", "63163"
       "CrPublisherId"="REG_SZ", "27058"
       "DisplayIcon"="REG_SZ", "C:\Program Files\CinemaBig-1.1\utils.exe"
       "DisplayName"="REG_SZ", "CinemaBig-1.1"
       "DisplayVersion"="REG_SZ", "1.34.8.12"
       "Publisher"="REG_SZ", "CinemaBig"
       "UninstallString"="REG_SZ", "C:\Program Files\CinemaBig-1.1\Uninstall.exe /fcp=1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
       "3b5cc336-fd0a-4e26-afed-d51347c50e16-1.job"="REG_BINARY, ................................
       "3b5cc336-fd0a-4e26-afed-d51347c50e16-1.job.fp"="REG_DWORD", 2049440563
       "3b5cc336-fd0a-4e26-afed-d51347c50e16-11.job"="REG_BINARY, ................................
       "3b5cc336-fd0a-4e26-afed-d51347c50e16-11.job.fp"="REG_DWORD", -2123039215
       "3b5cc336-fd0a-4e26-afed-d51347c50e16-2.job"="REG_BINARY, ................................
       "3b5cc336-fd0a-4e26-afed-d51347c50e16-2.job.fp"="REG_DWORD", -433444608
       "3b5cc336-fd0a-4e26-afed-d51347c50e16-5.job"="REG_BINARY, ................................
       "3b5cc336-fd0a-4e26-afed-d51347c50e16-5.job.fp"="REG_DWORD", 2004434745
       "3b5cc336-fd0a-4e26-afed-d51347c50e16-5_user.job"="REG_BINARY, ................................
       "3b5cc336-fd0a-4e26-afed-d51347c50e16-5_user.job.fp"="REG_DWORD", 821064251
       "a26c1c29-694d-4266-9fd2-39ee0f36ae5e.job"="REG_BINARY, ................................
       "a26c1c29-694d-4266-9fd2-39ee0f36ae5e.job.fp"="REG_DWORD", -117493440
       "f561d32c-f1d4-45a7-ae83-0a23da28781e.job"="REG_BINARY, ................................
       "f561d32c-f1d4-45a7-ae83-0a23da28781e.job.fp"="REG_DWORD", -402344228
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaBig-1.1]
       "ActiveAppId"="REG_SZ", "63163"
       "BhoRunningVersion"="REG_SZ", "153"
       "IsBhoEnabled"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaBig-1.1\Background]
       " { javascript removed, full log available on request } "
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaBig-1.1\Debug]
       "DebuggedAppUrl"="REG_SZ", "file://C:\Users\{username}\Documents\debug.js"
       "DebuggedBgUrl"="REG_SZ", "file://C:\Users\{username}\Documents\bg_debug.js"
       "DebuggedNewTabUrl"="REG_SZ", "file://C:\Users\{username}\Documents\new_debug.js"
       "IsDebuggingPlugins"="REG_DWORD", 0
       "IsDebugMode"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaBig-1.1\Installer]
       "AdditionalInfo"="REG_SZ", "{"asw":[67108864, -1073733627, 0],"browser_name":"ie"}"
       "CodeDownloadDomain"="REG_SZ", "http://js.inputdatacloud.com"
       "CodeDownloadFbDomain"="REG_SZ", "http://js.clientdemocloud.com"
       "DefaultBrowser"="REG_SZ", "ie"
       "ErrorsDomain"="REG_SZ", "http://errors.inputdatacloud.com"
       "FullVersion"="REG_SZ", "1.34.8.12"
       "FullVersionForUrl"="REG_SZ", "1_34_08_12"
       "OsName"="REG_SZ", "7"
       "Params"="REG_SZ", "{   "source_id" : "001712",   "sub_id" : "0",   "uzid" : "0"}"
       "SrcId"="REG_SZ", "001712"
       "StatsDomain"="REG_SZ", "http://stats.inputdatacloud.com"
       "SubId"="REG_SZ", "0"
       "Time"="REG_SZ", "1409141077"
       "ZData"="REG_SZ", "0"
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaBig-1.1\Manifest]
       "AddressbarURL"="REG_SZ", "NA"
       "BgVersion"="REG_SZ", "1"
       "ChangePrevious"="REG_SZ", "false"
       "Description"="REG_SZ", "HQ Videos is an add-on for your Internet browser that enhances your online experience by displaying online videos in their highest quality format available."
       "DisableIe"="REG_SZ", "true"
       "EnableSearchIE"="REG_SZ", "false"
       "HomePageUrl"="REG_SZ", "NA"
       "IsButtonEnabled"="REG_SZ", "false"
       "Manifest"="REG_SZ", "NA"
       "ModeType"="REG_SZ", "production"
       "Name"="REG_SZ", "HQ-Video-Pro-2.1c"
       "PluginsManifestVersion"="REG_SZ", "12"
       "PublisherId"="REG_SZ", "27058"
       "PublisherName"="REG_SZ", "HQ-Video"
       "RunInFrame"="REG_SZ", "false"
       "SetNewTab"="REG_SZ", "false"
       "ThanksUrl"="REG_SZ", "NA"
       "UninstallerOfferAction"="REG_SZ", "NA"
       "UninstallerOfferUrl"="REG_SZ", "NA"
       "UpdateInterval"="REG_DWORD", 360
       "Version"="REG_SZ", "17"
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaBig-1.1\Update]
       "LastCheck"="REG_DWORD", 1409141097
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]
       "Bic"="REG_SZ", "A7C38773F36543FBAA3764D4E68B5765IE"
       "Verifier"="REG_SZ", "bf52b45d00e1643a415f6ec060c828e3"
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onBeforeNavigate]
       "63163"="REG_SZ", ""
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onRequest]
       "63163"="REG_SZ", ""
    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\27058]
       "63163"="REG_SZ", "CinemaBig-1.1"
    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\27058\Status]
       "Installed"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\CinemaBig]
       "63163"="REG_SZ", "CinemaBig-1.1"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611311163}]
       "Flags"="REG_DWORD", 1024
       "VerCache"="REG_BINARY, ......................
 
     
    Malwarebytes Anti-Malware log:
    Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/27/2014
Scan Time: 2:10:10 PM
Logfile: mbamCinemaBig.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.27.02
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Malwarebytes
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 258838
Time Elapsed: 3 min, 34 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\a26c1c29-694d-4266-9fd2-39ee0f36ae5e.exe, 2192, Delete-on-Reboot, [aae4309b98e3f73fbcc14c635ea3fc04]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 36
PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611311163}, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], 
PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644314463}, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], 
PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655315563}, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], 
PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666316663}, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], 
PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0063163.BHO.1, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], 
PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611311163}, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], 
PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0063163.BHO, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], 
PUP.Optional.CinemaBig.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110611311163}, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], 
PUP.Optional.CinemaBig.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110611311163}, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], 
PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622312263}, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], 
PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0063163.Sandbox.1, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], 
PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0063163.Sandbox, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], 
PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611311163}\INPROCSERVER32, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], 
PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CinemaBig-1.1, Quarantined, [1f6f24a77ffcb383d5c5767234ce44bc], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE, Quarantined, [4e404c7f6615f442434c28c9798934cc], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\27058, Quarantined, [731b9d2e1e5da492bb007f8dfc07827e], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [008eedde6a113105228f7bd7fb09ec14], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [a6e8f1da2b50a98d446e50027292d828], 
PUP.Optional.CinemaBig.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CinemaBig-1.1, Quarantined, [dfafa328c0bb72c43567c523fd05eb15], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [d5b932998dee81b5d3e42a198f75f30d], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\27058, Quarantined, [0c82e4e75229ec4addd74aa157ab07f9], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\CinemaBig, Quarantined, [dcb2dbf01c5fa195a0fbf9f0bf4304fc], 
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CinemaBig-1.1, Quarantined, [28667f4cea910f2792cf5096af5347b9], 
 
Registry Values: 1
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE|path, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [4e404c7f6615f442434c28c9798934cc]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 21
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Download, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Install, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline\{C49E296B-2198-454B-9EB5-90C1DD9650FB}, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.163672, Quarantined, [3658b417b8c388ae523beaf0cb37a15f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected], Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\defaults, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\defaults\preferences, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\userCode, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\locale, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\locale\en-US, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1, Delete-on-Reboot, [28667f4cea910f2792cf5096af5347b9], 
 
Files: 171
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\a26c1c29-694d-4266-9fd2-39ee0f36ae5e.exe, Delete-on-Reboot, [aae4309b98e3f73fbcc14c635ea3fc04], 
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\CinemaBig-1.1-bho.dll, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], 
PUP.Optional.CrossRider.A, C:\Users\{username}\Desktop\CinemaBig-1.1.exe, Quarantined, [a2ec8f3c750677bf53eff54b25dbea16], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\3b5cc336-fd0a-4e26-afed-d51347c50e16-1, Quarantined, [fe907d4eeb9060d6a6e4a34e5ba73cc4], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\3b5cc336-fd0a-4e26-afed-d51347c50e16-11, Quarantined, [97f7517a92e90a2c34565899ac5639c7], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\3b5cc336-fd0a-4e26-afed-d51347c50e16-2, Quarantined, [632b646763186acc33575b96a65c5fa1], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\3b5cc336-fd0a-4e26-afed-d51347c50e16-5, Quarantined, [ace20cbfe3988bab1b6f37ba6f937d83], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\3b5cc336-fd0a-4e26-afed-d51347c50e16-5_user, Quarantined, [177728a3bbc016206d1d4ea3788a42be], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\3b5cc336-fd0a-4e26-afed-d51347c50e16-1.job, Quarantined, [c3cb44877704f14537eff65a1be9c13f], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\3b5cc336-fd0a-4e26-afed-d51347c50e16-11.job, Quarantined, [0985ae1d691273c3da4c0b450cf85ca4], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\3b5cc336-fd0a-4e26-afed-d51347c50e16-2.job, Quarantined, [1d71e0eba0db56e0190de9678e764ab6], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\3b5cc336-fd0a-4e26-afed-d51347c50e16-5.job, Quarantined, [038bcdfe81fa6ec82ff7c789a55ffc04], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\3b5cc336-fd0a-4e26-afed-d51347c50e16-5_user.job, Quarantined, [4846ebe0daa15ed81a0cb69a887cd22e], 
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Quarantined, [87073e8d9ae1eb4be35964ec42c29c64], 
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, Quarantined, [345a8f3cdf9c5bdb0c312d23a95bd32d], 
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Quarantined, [a8e65b7038435cda5be3aea28e769f61], 
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, Quarantined, [fc923299e49755e1b28dcb856a9ac937], 
PUP.Optional.CrossRider.A, C:\Windows\Tasks\a26c1c29-694d-4266-9fd2-39ee0f36ae5e.job, Quarantined, [95f917b4512a96a0406f6de526dee719], 
PUP.Optional.CrossRider.A, C:\Windows\Tasks\f561d32c-f1d4-45a7-ae83-0a23da28781e.job, Quarantined, [028c7358a4d75adc812eb99921e3817f], 
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\a26c1c29-694d-4266-9fd2-39ee0f36ae5e, Quarantined, [b9d509c27ffc2a0cefc1a1b131d3827e], 
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\f561d32c-f1d4-45a7-ae83-0a23da28781e, Quarantined, [d0be2c9f0f6cf83e238d63efd92b19e7], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psuser.dll, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], 
PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.163672\GoogleCrashHandler.exe, Quarantined, [3658b417b8c388ae523beaf0cb37a15f], 
PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.163672\GoogleUpdate.exe, Quarantined, [3658b417b8c388ae523beaf0cb37a15f], 
PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.163672\GoogleUpdateBroker.exe, Quarantined, [3658b417b8c388ae523beaf0cb37a15f], 
PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.163672\GoogleUpdateHelper.msi, Quarantined, [3658b417b8c388ae523beaf0cb37a15f], 
PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.163672\GoogleUpdateOnDemand.exe, Quarantined, [3658b417b8c388ae523beaf0cb37a15f], 
PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.163672\goopdate.dll, Quarantined, [3658b417b8c388ae523beaf0cb37a15f], 
PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.163672\goopdateres_en.dll, Quarantined, [3658b417b8c388ae523beaf0cb37a15f], 
PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.163672\npGoogleUpdate4.dll, Quarantined, [3658b417b8c388ae523beaf0cb37a15f], 
PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.163672\psmachine.dll, Quarantined, [3658b417b8c388ae523beaf0cb37a15f], 
PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.163672\psuser.dll, Quarantined, [3658b417b8c388ae523beaf0cb37a15f], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome.manifest, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\install.rdf, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\1ca4d9207e8a6f408128d2adebfc5521.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\6a23bd1e4e3f3b9d1fb36b8c69e1da25.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\ab0c94ac118c2dec9422425e59d845e0.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\b947799cd8a7e9788861c767ae777b51.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\background.html, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\browser.xul, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\dialog.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\efdd1e30f939e1c33e55429f116f7ba6.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\f753a13d697c3658c84e5574a2478a0b.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\ffCoreFilesIndex.txt, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\options.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\options.xul, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\search_dialog.xul, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\b809e541499ca9e64d9839dc13f782c2.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\046e62795c3515839f8699f6ff52d5b8.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\2906ff80696f49450c8e262a6701caec.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\2b95bfe4887a23343c183fb85373c056.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\2ef98c78775ed76c611f8198d55a2ea7.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\4c45959f241f42c52adcbadd481647c1.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\7805ecabc310cc38a76e37a254bfbaa5.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\8dfbc48b1fd4216abd00e4f85dc775d2.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\9279c4f7a83990b1c0744c0482e3a912.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\c183f45dfd80f57dcef77df331a03161.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\c40d3df98d6d8a6c57ac728cced87ce6.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\dc65a95d74e48465da7b7ee818d99027.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\dca9b0fe3d8e01750007c78d05a2eb31.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\de7594ffb00d9eff78e6dab735947f64.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\f9782644dbfb4800dd63edeaa752ba2a.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\api\fd9c07f1a2026e59812999b402f95440.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\0a1f1d0fdab575b7563788e19e345a5a.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\0af1927f2eab6e9cbcdcfb13c9d88491.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\1122bd6810c5b24a56c479846d81b9c2.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\16cb99506b332cec9ac0dc2128e2087a.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\33be56f161da53d129174be854416c53.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\3b20eb3e6cb7bfb8d3e09cdf4365036c.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\478470a60fd4b44269429089c868037a.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\4f5bd79037611017617c64db7780c0c5.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\6d775de78ea2b1e5f737be39122197c3.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\71373d05771f46e5eb70680fa4f2e6bd.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\808181d28e03d3575488b69fe7666e83.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\829b6c80a90f6ae98045609c9290722a.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\920d8e7a3d6c8786e5cc769193d8ae9f.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\930c5d0941fecd0e10a9d0a195bc5585.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\954d8cbe400a797958eab63fe5de9c7b.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\97c88b785fb38c1fe5f93209f721f8e9.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\9cb13d184195a2de4ef17a68ed67cd8e.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\c00cd4d25b0acbd223b3156ac455992f.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\c1214ab7f31854496d96e863dc134783.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\ebf77f6211c6d8a1f3958ad5c06db61a.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\chrome\content\core\installer.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\defaults\preferences\prefs.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\manifest.xml, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins.json, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\102.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\104.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\119.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\13.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\14.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\16.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\17.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\178.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\179.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\180.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\184.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\191.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\195.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\220.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\223.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\232.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\242.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\244.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\246.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\262.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\263.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\268.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\273.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\275.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\286.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\288.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\289.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\300.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\4.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\47.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\64.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\7.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\78.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\9.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\91.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\plugins\93.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\userCode\background.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\extensionData\userCode\extension.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\locale\en-US\translations.dtd, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\button1.png, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\button2.png, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\button3.png, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\button4.png, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\button5.png, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\crossrider_statusbar.png, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\icon128.png, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\icon16.png, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\icon24.png, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\icon48.png, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\panelarrow-up.png, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\popup.html, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\skin.css, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]\skin\update.css, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], 
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\f561d32c-f1d4-45a7-ae83-0a23da28781e.exe, Quarantined, [28667f4cea910f2792cf5096af5347b9], 
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\1293297481.mxaddon, Quarantined, [28667f4cea910f2792cf5096af5347b9], 
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\3b5cc336-fd0a-4e26-afed-d51347c50e16-11.exe, Quarantined, [28667f4cea910f2792cf5096af5347b9], 
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\3b5cc336-fd0a-4e26-afed-d51347c50e16-2.exe, Quarantined, [28667f4cea910f2792cf5096af5347b9], 
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\3b5cc336-fd0a-4e26-afed-d51347c50e16-4.exe, Quarantined, [28667f4cea910f2792cf5096af5347b9], 
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\3b5cc336-fd0a-4e26-afed-d51347c50e16-5.exe, Quarantined, [28667f4cea910f2792cf5096af5347b9], 
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\3b5cc336-fd0a-4e26-afed-d51347c50e16.crx, Quarantined, [28667f4cea910f2792cf5096af5347b9], 
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\3b5cc336-fd0a-4e26-afed-d51347c50e16.xpi, Quarantined, [28667f4cea910f2792cf5096af5347b9], 
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\7628f0b7-9e97-42e2-913b-66501eb137f2.crx, Quarantined, [28667f4cea910f2792cf5096af5347b9], 
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\background.html, Quarantined, [28667f4cea910f2792cf5096af5347b9], 
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\CinemaBig-1.1-bg.exe, Quarantined, [28667f4cea910f2792cf5096af5347b9], 
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\CinemaBig-1.1-codedownloader.exe, Quarantined, [28667f4cea910f2792cf5096af5347b9], 
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\CinemaBig-1.1.ico, Quarantined, [28667f4cea910f2792cf5096af5347b9], 
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\Interop.IWshRuntimeLibrary.dll, Quarantined, [28667f4cea910f2792cf5096af5347b9], 
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\Newtonsoft.Json.dll, Quarantined, [28667f4cea910f2792cf5096af5347b9], 
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\SuperSocket.ClientEngine.Common.dll, Quarantined, [28667f4cea910f2792cf5096af5347b9], 
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\SuperSocket.ClientEngine.Core.dll, Quarantined, [28667f4cea910f2792cf5096af5347b9], 
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\SuperSocket.ClientEngine.Protocol.dll, Quarantined, [28667f4cea910f2792cf5096af5347b9], 
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\Uninstall.exe, Quarantined, [28667f4cea910f2792cf5096af5347b9], 
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\utils.exe, Quarantined, [28667f4cea910f2792cf5096af5347b9], 
PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\WebSocket4Net.dll, Quarantined, [28667f4cea910f2792cf5096af5347b9], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
     
    As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
    We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
    • Save yourself the hassle and get protected.

    • 0

    Advertisements

    Back to Malware Removal Guides and Tutorials


    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    1. Geeks to Go Community
    2. Security
    3. Malware Removal Guides and Tutorials

    As Featured On:

    featured
    Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

    Never used a forum? Learn how.