What is CinemaBig-1.1?
The Malwarebytes research team has determined that CinemaBig-1.1 is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.
How do I know if my computer is affected by CinemaBig-1.1?
You may see these browser extensions/add-ons:
and this entry in your list of installed programs:
How did CinemaBig-1.1 get on my computer?
Browser hijackers use different methods for distributing themselves. This particular one was offered as a video enhancing browser extension.
How do I remove CinemaBig-1.1?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
- If you are using Opera, you may have to remove the Extension manually under Opera > Extensions click the x behind CinemaBig-1.1 and click OK in the prompt to confirm.
- If you are using Chrome, this hijacker alters the shortcuts for Chrome on your desktop, in the taskbar and in the Startmenu Programs. Read here how to clean your shortcuts.
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the CinemaBig-1.1 hijacker. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
Signs in a HijackThis log:
O2 - BHO: CrossriderApp0063163 - {11111111-1111-1111-1111-110611311163} - C:\Program Files\CinemaBig-1.1\CinemaBig-1.1-bho.dll
Alterations made by the installer:
File system details --------------------------------------------- Adds the folder C:\Program Files\CinemaBig-1.1 Adds the file 1293297481.mxaddon"="8/14/2014 6:46 PM, 44330 bytes, A Adds the file 2844e31d-de44-442c-be25-ece4e7851f84.exe"="11/5/2014 12:55 PM, 31560 bytes, A Adds the file 376f5e67-fff8-4b21-8991-a4c316ddf6c4.crx"="11/5/2014 12:55 PM, 257930 bytes, A Adds the file 376f5e67-fff8-4b21-8991-a4c316ddf6c4.xpi"="11/5/2014 12:55 PM, 299958 bytes, A Adds the file 376f5e67-fff8-4b21-8991-a4c316ddf6c4-11.exe"="11/5/2014 12:55 PM, 1978184 bytes, A Adds the file 376f5e67-fff8-4b21-8991-a4c316ddf6c4-2.exe"="11/5/2014 12:55 PM, 398664 bytes, A Adds the file 376f5e67-fff8-4b21-8991-a4c316ddf6c4-4.exe"="11/5/2014 12:55 PM, 1485640 bytes, A Adds the file 376f5e67-fff8-4b21-8991-a4c316ddf6c4-5.exe"="11/5/2014 12:55 PM, 501064 bytes, A Adds the file background.html"="8/15/2014 7:37 AM, 729 bytes, A Adds the file c31268d7-d449-4e78-b419-b35d87891dfd.crx"="11/5/2014 12:55 PM, 259139 bytes, A Adds the file CinemaBig-1.1.ico"="8/15/2014 7:37 AM, 9662 bytes, A Adds the file CinemaBig-1.1-bg.exe"="11/5/2014 12:55 PM, 629576 bytes, A Adds the file CinemaBig-1.1-bho.dll"="11/5/2014 12:55 PM, 610120 bytes, A Adds the file CinemaBig-1.1-codedownloader.exe"="11/5/2014 12:55 PM, 579912 bytes, A Adds the file d485b807-b4c8-4c28-85ae-6a2e77bb8802.exe"="11/5/2014 12:55 PM, 369480 bytes, A Adds the file Interop.IWshRuntimeLibrary.dll"="11/5/2014 12:55 PM, 53576 bytes, A Adds the file Newtonsoft.Json.dll"="11/5/2014 12:55 PM, 495432 bytes, A Adds the file SuperSocket.ClientEngine.Common.dll"="11/5/2014 12:55 PM, 23368 bytes, A Adds the file SuperSocket.ClientEngine.Core.dll"="11/5/2014 12:55 PM, 26440 bytes, A Adds the file SuperSocket.ClientEngine.Protocol.dll"="11/5/2014 12:55 PM, 19784 bytes, A Adds the file Uninstall.exe"="11/5/2014 12:55 PM, 88904 bytes, A Adds the file utils.exe"="11/5/2014 12:55 PM, 2384533 bytes, A Adds the file WebSocket4Net.dll"="11/5/2014 12:55 PM, 64328 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch Alters the file Google Chrome.lnk 6/8/2014 11:14 AM, 2229 bytes, A ==> 11/5/2014 12:55 PM, 2287 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar Alters the file Google Chrome.lnk 6/8/2014 11:11 AM, 2240 bytes, A ==> 11/5/2014 12:55 PM, 2316 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\defaults Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\locale Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\edjkooiccbgjhlpfhkknkjhfpmjkmelk\1.26.14_0 Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\edjkooiccbgjhlpfhkknkjhfpmjkmelk\1.26.14_0\extensionData Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\edjkooiccbgjhlpfhkknkjhfpmjkmelk\1.26.14_0\icons Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\edjkooiccbgjhlpfhkknkjhfpmjkmelk\1.26.14_0\js In the existing folder C:\Users\Public\Desktop Alters the file Google Chrome.lnk 10/25/2014 12:26 PM, 2129 bytes, A ==> 11/5/2014 12:55 PM, 2187 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file 2844e31d-de44-442c-be25-ece4e7851f84"="11/5/2014 12:55 PM, 3654 bytes, A Adds the file 376f5e67-fff8-4b21-8991-a4c316ddf6c4-1"="11/5/2014 12:55 PM, 4840 bytes, A Adds the file 376f5e67-fff8-4b21-8991-a4c316ddf6c4-11"="11/5/2014 12:55 PM, 7512 bytes, A Adds the file 376f5e67-fff8-4b21-8991-a4c316ddf6c4-2"="11/5/2014 12:55 PM, 4454 bytes, A Adds the file 376f5e67-fff8-4b21-8991-a4c316ddf6c4-5"="11/5/2014 12:55 PM, 4714 bytes, A Adds the file 376f5e67-fff8-4b21-8991-a4c316ddf6c4-5_user"="11/5/2014 12:55 PM, 4740 bytes, A Adds the file d485b807-b4c8-4c28-85ae-6a2e77bb8802"="11/5/2014 12:55 PM, 4434 bytes, A In the existing folder C:\Windows\Tasks Adds the file 2844e31d-de44-442c-be25-ece4e7851f84.job"="11/5/2014 12:55 PM, 618 bytes, A Adds the file 376f5e67-fff8-4b21-8991-a4c316ddf6c4-1.job"="11/5/2014 12:55 PM, 1810 bytes, A Adds the file 376f5e67-fff8-4b21-8991-a4c316ddf6c4-11.job"="11/5/2014 12:55 PM, 4482 bytes, A Adds the file 376f5e67-fff8-4b21-8991-a4c316ddf6c4-2.job"="11/5/2014 12:55 PM, 1424 bytes, A Adds the file 376f5e67-fff8-4b21-8991-a4c316ddf6c4-5.job"="11/5/2014 12:55 PM, 1684 bytes, A Adds the file 376f5e67-fff8-4b21-8991-a4c316ddf6c4-5_user.job"="11/5/2014 12:55 PM, 1704 bytes, A Adds the file d485b807-b4c8-4c28-85ae-6a2e77bb8802.job"="11/5/2014 12:55 PM, 1404 bytes, A Registry details ------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaBig-1.1\fctFDkshvwPDFt3/7LvSFja0HjgsKG1Q9Qylkpcvk2tpEDtcMLCHWwy+aPTtVstERVzLCtsSzDT77KHbzVuPg3oFNxk+raSxlPEfSlccsjn4M9ptY+RU73MWF6Zyb+/7bheN3bz9szi8WdpDOgA+hUvLmY8vYT1pNTAu4kR6LwQ=] "Rde+ECgqV6Sbsh90DgkgBDKFhaFOQ6NmGnt6sjUr6M3+Jt9bXyOf1BdBZhPZK1kKEeaLOaQgRN3OQR5DW0v9eXkqMKwne2XJcDEsRhPG5f9gn3B5WlQC4eLyiuC419QFOBonvObOXSY+wqRWHqDXzg8vK2Ppiq6ukIBK0apm3LY="="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaBig-1.1\Firefox] "TotalProfiles"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaBig-1.1\Firefox\Profiles] "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaBig-1.1\IE] "TotalProfiles"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaBig-1.1\IE\Profiles] "S-1-5-21-4016700205-1717049133-1125222536-1001"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaBig-1.1\Installer] "BundledAddCh"="REG_DWORD", 1 "BundledFirefox"="REG_DWORD", 1 "BundledIe"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaBig-1.1\qHHVv5XSqrbDS07Ma/lyw5Kz89vW/rGd8WU6ZgokhSBy1GM6JESz5/ooRfD6WY9/xI+aQl77wXeXP/qtHthRX02eigWfuC+dsTP4CoG1l3ZhHv+M/6TYDL+MdE4CbivyGMGMSbP6lcgceJr1Ky4f4ZiiaqAj3BZwF6WS6kgJANQ=] "D5L5OU1JxapBMSGomANHvLX1znT/1QdOZ7gb6eFkAPWsfNnd7wes8+v6NA+RWpQ/oOKRI4kn/bWq2Ynt6uv27+W22PpyiFMFJ57/rJD3/QInYGShhiSQA2damgAiYpWFqG2EBfyIVjUEqXEr15739klPCmsAX0Kky2FrgsSvHaY="="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaBig-1.1\THT7D/lAUDEKFlIKu7JQR+GN+0tlMOLy5VKyPsVIb77ZtPa8Bt0HPiAtwHOCr9aE975LnHimTvIudhyPbgZulDeodg0SFuYdKb+DKFjgSrWjgrz2uvusj72VI2qrcPj5UFncWnf24KY6omNoQrWmoKHRDesgt51Yg1/uh15jRRU=] "ZFGBcEgEDbj5T9Y53aNkLQsSYluAeo94e7qVtQ9S81uLMmdWaFZrJeh60XhMQt88NfYTk5HzD6ZHUIv8B02AjscORjdVQw52Evon7nyAhhHZCoR91kc9U7IPI59SaxSHnInTMgEAv8VdCjdvM2xJ5W5V6wARKrQUali7f+7LCoM="="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}] "(Default)"="REG_SZ", "CinemaBig-1.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}\Implemented Categories] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}\InprocServer32] "(Default)"="REG_SZ", "C:\Program Files\CinemaBig-1.1\CinemaBig-1.1-bho.dll" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}\ProgID] "(Default)"="REG_SZ", "CrossriderApp0063163.BHO.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644314463}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}\VersionIndependentProgID] "(Default)"="REG_SZ", "CrossriderApp0063163" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622312263}] "(Default)"="REG_SZ", "CrossriderApp0063163.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622312263}\InprocServer32] "(Default)"="REG_SZ", "C:\Program Files\CinemaBig-1.1\CinemaBig-1.1-bho.dll" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622312263}\ProgID] "(Default)"="REG_SZ", "CrossriderApp0063163.Sandbox.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622312263}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622312263}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644314463}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622312263}\VersionIndependentProgID] "(Default)"="REG_SZ", "CrossriderApp0063163.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.BHO] "(Default)"="REG_SZ", "CrossriderApp0063163" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.BHO\CLSID] "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611311163}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.BHO\CurVer] "(Default)"="REG_SZ", "CrossriderApp0063163" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.BHO.1] "(Default)"="REG_SZ", "CrossriderApp0063163" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.BHO.1\CLSID] "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611311163}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.Sandbox] "(Default)"="REG_SZ", "CrossriderApp0063163.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.Sandbox\CLSID] "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622312263}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.Sandbox\CurVer] "(Default)"="REG_SZ", "CrossriderApp0063163.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.Sandbox.1] "(Default)"="REG_SZ", "CrossriderApp0063163.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.Sandbox.1\CLSID] "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622312263}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655315563}] "(Default)"="REG_SZ", "ICrossriderBHO" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655315563}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655315563}\ProxyStubClsid32] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655315563}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644314463}" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666316663}] "(Default)"="REG_SZ", "ISandBox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666316663}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666316663}\ProxyStubClsid32] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666316663}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644314463}" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644314463}\1.0] "(Default)"="REG_SZ", "CrossriderApp0063163 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644314463}\1.0\0\win32] "(Default)"="REG_SZ", "C:\Program Files\CinemaBig-1.1\CinemaBig-1.1-bho.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644314463}\1.0\FLAGS] "(Default)"="REG_SZ", "0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644314463}\1.0\HELPDIR] "(Default)"="REG_SZ", "C:\Program Files\CinemaBig-1.1" [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\27058] "63163"="REG_SZ", "CinemaBig-1.1" [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\27058\Status] "Installed"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION] "CinemaBig-1.1-bg.exe"="REG_DWORD", 8000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611311163}] "(Default)"="REG_SZ", "CrossriderApp0063163" "NoExplorer"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID] "{11111111-1111-1111-1111-110611311163}"="REG_SZ", "1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinemaBig-1.1] "CrAppId"="REG_SZ", "63163" "CrPublisherId"="REG_SZ", "27058" "DisplayIcon"="REG_SZ", "C:\Program Files\CinemaBig-1.1\utils.exe" "DisplayName"="REG_SZ", "CinemaBig-1.1" "DisplayVersion"="REG_SZ", "1.34.8.12" "Publisher"="REG_SZ", "CinemaBig" "UninstallString"="REG_SZ", "C:\Program Files\CinemaBig-1.1\Uninstall.exe /fcp=1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "2844e31d-de44-442c-be25-ece4e7851f84.job"="REG_BINARY, ................................ "2844e31d-de44-442c-be25-ece4e7851f84.job.fp"="REG_DWORD", 1932492337 "376f5e67-fff8-4b21-8991-a4c316ddf6c4-1.job"="REG_BINARY, ......................:......... "376f5e67-fff8-4b21-8991-a4c316ddf6c4-1.job.fp"="REG_DWORD", -638472885 "376f5e67-fff8-4b21-8991-a4c316ddf6c4-11.job"="REG_BINARY, ................................ "376f5e67-fff8-4b21-8991-a4c316ddf6c4-11.job.fp"="REG_DWORD", 1371229798 "376f5e67-fff8-4b21-8991-a4c316ddf6c4-2.job"="REG_BINARY, ................................ "376f5e67-fff8-4b21-8991-a4c316ddf6c4-2.job.fp"="REG_DWORD", -130117662 "376f5e67-fff8-4b21-8991-a4c316ddf6c4-5.job"="REG_BINARY, ................................ "376f5e67-fff8-4b21-8991-a4c316ddf6c4-5.job.fp"="REG_DWORD", -1910714373 "376f5e67-fff8-4b21-8991-a4c316ddf6c4-5_user.job"="REG_BINARY, ................................ "376f5e67-fff8-4b21-8991-a4c316ddf6c4-5_user.job.fp"="REG_DWORD", -1512246573 "d485b807-b4c8-4c28-85ae-6a2e77bb8802.job"="REG_BINARY, ................................ "d485b807-b4c8-4c28-85ae-6a2e77bb8802.job.fp"="REG_DWORD", 1604698398 [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaBig-1.1] "ActiveAppId"="REG_SZ", "63163" "BhoRunningVersion"="REG_SZ", "153" "IsBhoEnabled"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaBig-1.1\Background " { JavaScript removed, full log available on request } " [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaBig-1.1\Debug] "DebuggedAppUrl"="REG_SZ", "file://C:\Users\{username}\Documents\debug.js" "DebuggedBgUrl"="REG_SZ", "file://C:\Users\{username}\Documents\bg_debug.js" "DebuggedNewTabUrl"="REG_SZ", "file://C:\Users\{username}\Documents\new_debug.js" "IsDebuggingPlugins"="REG_DWORD", 0 "IsDebugMode"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaBig-1.1\Installer] "AdditionalInfo"="REG_SZ", "{"asw":[67108864, -1073733563, 0],"browser_name":"ie"}" "CodeDownloadDomain"="REG_SZ", "http://js.inputdatacloud.com" "CodeDownloadFbDomain"="REG_SZ", "http://js.clientdemocloud.com" "DefaultBrowser"="REG_SZ", "ie" "ErrorsDomain"="REG_SZ", "http://errors.inputdatacloud.com" "FullVersion"="REG_SZ", "1.34.8.12" "FullVersionForUrl"="REG_SZ", "1_34_08_12" "OsName"="REG_SZ", "7" "Params"="REG_SZ", "{ "source_id" : "001712", "sub_id" : "0", "uzid" : "0"}" "SrcId"="REG_SZ", "001712" "StatsDomain"="REG_SZ", "http://stats.inputdatacloud.com" "SubId"="REG_SZ", "0" "Time"="REG_SZ", "1415188505" "ZData"="REG_SZ", "0" [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaBig-1.1\Manifest] "AddressbarURL"="REG_SZ", "NA" "BgVersion"="REG_SZ", "1" "ChangePrevious"="REG_SZ", "false" "Description"="REG_SZ", "HQ Videos is an add-on for your Internet browser that enhances your online experience by displaying online videos in their highest quality format available." "DisableIe"="REG_SZ", "true" "EnableSearchIE"="REG_SZ", "false" "HomePageUrl"="REG_SZ", "NA" "IsButtonEnabled"="REG_SZ", "false" "Manifest"="REG_SZ", "NA" "ModeType"="REG_SZ", "production" "Name"="REG_SZ", "HQ-Video-Pro-2.1c" "PluginsManifestVersion"="REG_SZ", "39" "PublisherId"="REG_SZ", "27058" "PublisherName"="REG_SZ", "HQ-Video" "RunInFrame"="REG_SZ", "false" "SetNewTab"="REG_SZ", "false" "ThanksUrl"="REG_SZ", "NA" "UninstallerOfferAction"="REG_SZ", "NA" "UninstallerOfferUrl"="REG_SZ", "NA" "UpdateInterval"="REG_DWORD", 360 "Version"="REG_SZ", "45" [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaBig-1.1\Update] "LastCheck"="REG_DWORD", 1415188523 [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider] "Bic"="REG_SZ", "A3F07E0D8F534036A1FEA5CD7B8830E5IE" "Verifier"="REG_SZ", "ad5f2923f8c42e11d79d8e4bd1f27caf" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onBeforeNavigate] "63163"="REG_SZ", "" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onRequest] "63163"="REG_SZ", "" [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\27058] "63163"="REG_SZ", "CinemaBig-1.1" [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\27058\Status] "Installed"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\CinemaBig] "63163"="REG_SZ", "CinemaBig-1.1" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611311163}] "Flags"="REG_DWORD", 1024 "VerCache"="REG_BINARY, ......................
Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/5/2014 Scan Time: 1:09:39 PM Logfile: mbamCinemaBig.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.05.05 Rootkit Database: v2014.11.01.02 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Malwarebytes Scan Type: Threat Scan Result: Completed Objects Scanned: 274132 Time Elapsed: 3 min, 23 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 2 PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\d485b807-b4c8-4c28-85ae-6a2e77bb8802.exe, 2244, Delete-on-Reboot, [53d6c2769ce0e353ece3cfeba16027d9] PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\2844e31d-de44-442c-be25-ece4e7851f84.exe, 7572, Delete-on-Reboot, [959448f0c8b402343dd91e0148bb43bd] Modules: 6 PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\Interop.IWshRuntimeLibrary.dll, Delete-on-Reboot, [959448f0c8b402343dd91e0148bb43bd], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\Newtonsoft.Json.dll, Delete-on-Reboot, [959448f0c8b402343dd91e0148bb43bd], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\SuperSocket.ClientEngine.Common.dll, Delete-on-Reboot, [959448f0c8b402343dd91e0148bb43bd], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\SuperSocket.ClientEngine.Core.dll, Delete-on-Reboot, [959448f0c8b402343dd91e0148bb43bd], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\SuperSocket.ClientEngine.Protocol.dll, Delete-on-Reboot, [959448f0c8b402343dd91e0148bb43bd], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\WebSocket4Net.dll, Delete-on-Reboot, [959448f0c8b402343dd91e0148bb43bd], Registry Keys: 36 PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611311163}, Quarantined, [61c8df59ea9266d0a6295466a1608080], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644314463}, Quarantined, [61c8df59ea9266d0a6295466a1608080], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655315563}, Quarantined, [61c8df59ea9266d0a6295466a1608080], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666316663}, Quarantined, [61c8df59ea9266d0a6295466a1608080], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0063163.BHO.1, Quarantined, [61c8df59ea9266d0a6295466a1608080], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611311163}, Quarantined, [61c8df59ea9266d0a6295466a1608080], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0063163.BHO, Quarantined, [61c8df59ea9266d0a6295466a1608080], PUP.Optional.CinemaBig.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110611311163}, Quarantined, [61c8df59ea9266d0a6295466a1608080], PUP.Optional.CinemaBig.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110611311163}, Quarantined, [61c8df59ea9266d0a6295466a1608080], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622312263}, Quarantined, [61c8df59ea9266d0a6295466a1608080], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0063163.Sandbox.1, Quarantined, [61c8df59ea9266d0a6295466a1608080], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0063163.Sandbox, Quarantined, [61c8df59ea9266d0a6295466a1608080], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611311163}\INPROCSERVER32, Quarantined, [61c8df59ea9266d0a6295466a1608080], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CinemaBig-1.1, Quarantined, [b07997a118645adc315671c45ca73fc1], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE, Quarantined, [80a9c57395e7ae889ab32c12c93a8878], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\27058, Quarantined, [b7722018a7d54cea4504aaafac57956b], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [d05942f6b7c5c76fa41f841aa0640af6], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [a1889f99c8b4a393e1e3821c20e401ff], PUP.Optional.CinemaBig.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\CinemaBig-1.1, Quarantined, [e643d266463682b41c6db77e57acfe02], PUP.Optional.CrossRider.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [50d9bd7bc2bac76f5aa21e71c3414cb4], PUP.Optional.CrossRider.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\27058, Quarantined, [1f0afa3e3547a78f9a77dd5525de847c], PUP.Optional.CrossRider.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\CinemaBig, Quarantined, [06237eba413bf640023b9e90ce3553ad], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CinemaBig-1.1, Quarantined, [959448f0c8b402343dd91e0148bb43bd], Registry Values: 1 PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE|path, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [80a9c57395e7ae889ab32c12c93a8878] Registry Data: 0 (No malicious items detected) Folders: 21 PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Download, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Install, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline\{46436406-B67C-49FF-9684-775D411F634C}, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.106611, Quarantined, [f831092f027af73f02766baaaf5425db], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\defaults, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\defaults\preferences, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\userCode, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\locale, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\locale\en-US, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1, Delete-on-Reboot, [959448f0c8b402343dd91e0148bb43bd], Files: 171 PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\d485b807-b4c8-4c28-85ae-6a2e77bb8802.exe, Delete-on-Reboot, [53d6c2769ce0e353ece3cfeba16027d9], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\CinemaBig-1.1-bho.dll, Quarantined, [61c8df59ea9266d0a6295466a1608080], PUP.Optional.CrossRider.A, C:\Users\{username}\Desktop\CinemaBig-1.1.exe, Quarantined, [f534152383f993a3a4a05ae620e0659b], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\376f5e67-fff8-4b21-8991-a4c316ddf6c4-11.exe, Quarantined, [62c786b2f58790a602cd06b47f8246ba], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\376f5e67-fff8-4b21-8991-a4c316ddf6c4-2.exe, Quarantined, [6dbc81b7a1dbbf77a02f9327d031ce32], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\376f5e67-fff8-4b21-8991-a4c316ddf6c4-4.exe, Quarantined, [51d843f57705ef47903f0ab009f8758b], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\376f5e67-fff8-4b21-8991-a4c316ddf6c4-5.exe, Quarantined, [05246ace59230036418e3189659cce32], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\CinemaBig-1.1-bg.exe, Quarantined, [39f071c78fede74f646bf2c831d040c0], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\CinemaBig-1.1-codedownloader.exe, Quarantined, [e049cb6d106cae88339c36842bd6ef11], PUP.Optional.CrossRider.A, C:\Program Files\CinemaBig-1.1\utils.exe, Quarantined, [d653ca6e7903c6706dd745fb758b916f], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\376f5e67-fff8-4b21-8991-a4c316ddf6c4-1, Quarantined, [5ccdd95f69135adc361257e7c83b2fd1], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\376f5e67-fff8-4b21-8991-a4c316ddf6c4-11, Quarantined, [8b9e2a0e2458e05676d2cf6fd52efe02], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\376f5e67-fff8-4b21-8991-a4c316ddf6c4-2, Quarantined, [e74291a7a6d6aa8c84c46bd3bd46a65a], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\376f5e67-fff8-4b21-8991-a4c316ddf6c4-5, Quarantined, [f73295a33d3fac8a14343c02ea194db3], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\376f5e67-fff8-4b21-8991-a4c316ddf6c4-5_user, Quarantined, [64c5da5e027a58de6ade99a53cc7936d], PUP.Optional.CrossRider.T, C:\Windows\Tasks\376f5e67-fff8-4b21-8991-a4c316ddf6c4-1.job, Quarantined, [3ced0e2a91eb79bd0f4a326a18ec6898], PUP.Optional.CrossRider.T, C:\Windows\Tasks\376f5e67-fff8-4b21-8991-a4c316ddf6c4-11.job, Quarantined, [c861d26692ea60d6e27709930ff50af6], PUP.Optional.CrossRider.T, C:\Windows\Tasks\376f5e67-fff8-4b21-8991-a4c316ddf6c4-2.job, Quarantined, [280118201d5ffd39ef6a049891736f91], PUP.Optional.CrossRider.T, C:\Windows\Tasks\376f5e67-fff8-4b21-8991-a4c316ddf6c4-5.job, Quarantined, [c366ed4b7c00b0861148811bd034a55b], PUP.Optional.CrossRider.T, C:\Windows\Tasks\376f5e67-fff8-4b21-8991-a4c316ddf6c4-5_user.job, Quarantined, [21080e2a2458aa8c2c2df0acec1805fb], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Quarantined, [0227ef49176523134d2219836d9738c8], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, Quarantined, [bf6a5ade87f51b1b8ce4f2aa71937b85], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Quarantined, [270230083844072fadc4c7d5c44059a7], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, Quarantined, [93963bfd0973d066660ce0bc7f856e92], PUP.Optional.CrossRider.A, C:\Windows\Tasks\2844e31d-de44-442c-be25-ece4e7851f84.job, Quarantined, [67c2e454fd7f80b6f2cfe0be1ce8867a], PUP.Optional.CrossRider.A, C:\Windows\Tasks\d485b807-b4c8-4c28-85ae-6a2e77bb8802.job, Quarantined, [af7ad761ceae7abc3a870c9245bf9c64], PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\2844e31d-de44-442c-be25-ece4e7851f84, Quarantined, [a188d1672c50e155942ee1bd42c2a35d], PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\d485b807-b4c8-4c28-85ae-6a2e77bb8802, Quarantined, [cf5a2d0be5976dc9ba081c8240c4e719], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psuser.dll, Quarantined, [0722b880c6b6ef47b6a63dd8c34002fe], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.106611\GoogleCrashHandler.exe, Quarantined, [f831092f027af73f02766baaaf5425db], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.106611\GoogleUpdate.exe, Quarantined, [f831092f027af73f02766baaaf5425db], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.106611\GoogleUpdateBroker.exe, Quarantined, [f831092f027af73f02766baaaf5425db], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.106611\GoogleUpdateHelper.msi, Quarantined, [f831092f027af73f02766baaaf5425db], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.106611\GoogleUpdateOnDemand.exe, Quarantined, [f831092f027af73f02766baaaf5425db], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.106611\goopdate.dll, Quarantined, [f831092f027af73f02766baaaf5425db], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.106611\goopdateres_en.dll, Quarantined, [f831092f027af73f02766baaaf5425db], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.106611\npGoogleUpdate4.dll, Quarantined, [f831092f027af73f02766baaaf5425db], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.106611\psmachine.dll, Quarantined, [f831092f027af73f02766baaaf5425db], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.106611\psuser.dll, Quarantined, [f831092f027af73f02766baaaf5425db], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome.manifest, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\install.rdf, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\3ce967b25a8a60eb96c232222c891691.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\3dd39487d4ae266339f750ee1de7ab3c.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\444d47c1beb315b2c526781583c5ec5a.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\593072b0ed4f53a54a7d25c0e5ced375.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\67995db88a0e06a48aba4dbc21d6e239.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\7d5824571fe09ed79c7fa78e829029ca.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\background.html, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\browser.xul, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\dialog.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\options.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\options.xul, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\search_dialog.xul, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\0038e8846448e26683a2e8cc1660b99a.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\037a8d9087b03a3a763018d410644009.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\0977e32a7df7ca07c32d68d432ab5e95.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\16c47bccbc18aeca3cc17bb25c7559db.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\17e7350a2a2489a0d822bb8f415e6aaa.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\22fa969baf6f36753044e415204a8edb.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\30e96ad87cc49e02d95ef5ddca8df2e7.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\5d516665640532ed6d6f85c1dd85ee1e.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\6cc2a415e9d3b0962beba14404ae1cff.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\88342dd92ea8248dd432bd66a366822a.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\9329d155ba80d7d2056340a9c3b2d512.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\b5d1091651381144bf1af2e0c92bdc24.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\c31ffeac84d82353a0060616bd5ae3fd.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\cb85b237c47e1f7d4c737d2af7671d6e.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\d9f0aba3ed728bb95f58049340e94dca.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\e352de64f6be3178d83c4dfc4b8ffaf3.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\09a0c75028be5844e3d2043aeafef5c2.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\1dd28ea299c644c76d4a4f328512afb2.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\3397aac44a54fbcd5ec9412666158c93.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\41d74c16233a709b22622e3f0fff9cbc.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\46054d39ac976b9148115caebe4d0dcc.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\463b55282ad67d0e7979a7181bffbbb0.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\5032e37fd1d1923aecdd3a0d44ed8255.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\75981405a646845270b728649c174cd1.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\83a6b24298a897365f3f4f8a173a20a0.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\8d94931d3b3906f477cb10069802b951.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\937bf05dee0d64928749b69fca98e5d2.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\95d6877e9be15954d5425ba2b12fca89.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\ad2b946c561846e5e08cf2e2eced25d1.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\c3c40b764b6e0086039740bda0082482.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\ce5118001319a9da72001bc93fb4a2ec.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\d88e170d611bb0115c7f3a9c68a1a872.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\e3a1bae1459aff5d62446e11fd34da8a.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\e5b3bcc1bac99b49fb412f187a737768.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\ebc3c8c9d96391364aa351c49c4378f2.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\fc35905c4bf63e325a57253a0a96a87a.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\installer.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\defaults\preferences\prefs.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\manifest.xml, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins.json, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\102.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\104.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\119.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\13.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\14.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\16.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\17.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\178.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\179.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\180.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\184.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\191.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\195.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\220.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\223.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\232.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\242.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\244.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\246.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\262.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\263.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\268.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\273.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\275.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\286.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\288.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\289.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\300.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\4.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\47.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\64.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\7.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\78.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\9.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\91.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\93.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\userCode\background.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\userCode\extension.js, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\locale\en-US\translations.dtd, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\button1.png, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\button2.png, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\button3.png, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\button4.png, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\button5.png, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\crossrider_statusbar.png, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\icon128.png, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\icon16.png, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\icon24.png, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\icon48.png, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\panelarrow-up.png, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\popup.html, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\skin.css, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\update.css, Quarantined, [d653b781df9d13234bb3fb23aa59fc04], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\1293297481.mxaddon, Quarantined, [959448f0c8b402343dd91e0148bb43bd], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\2844e31d-de44-442c-be25-ece4e7851f84.exe, Delete-on-Reboot, [959448f0c8b402343dd91e0148bb43bd], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\376f5e67-fff8-4b21-8991-a4c316ddf6c4.crx, Quarantined, [959448f0c8b402343dd91e0148bb43bd], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\376f5e67-fff8-4b21-8991-a4c316ddf6c4.xpi, Quarantined, [959448f0c8b402343dd91e0148bb43bd], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\background.html, Quarantined, [959448f0c8b402343dd91e0148bb43bd], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\c31268d7-d449-4e78-b419-b35d87891dfd.crx, Quarantined, [959448f0c8b402343dd91e0148bb43bd], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\CinemaBig-1.1.ico, Quarantined, [959448f0c8b402343dd91e0148bb43bd], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\Interop.IWshRuntimeLibrary.dll, Delete-on-Reboot, [959448f0c8b402343dd91e0148bb43bd], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\Newtonsoft.Json.dll, Delete-on-Reboot, [959448f0c8b402343dd91e0148bb43bd], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\SuperSocket.ClientEngine.Common.dll, Delete-on-Reboot, [959448f0c8b402343dd91e0148bb43bd], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\SuperSocket.ClientEngine.Core.dll, Delete-on-Reboot, [959448f0c8b402343dd91e0148bb43bd], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\SuperSocket.ClientEngine.Protocol.dll, Delete-on-Reboot, [959448f0c8b402343dd91e0148bb43bd], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\Uninstall.exe, Quarantined, [959448f0c8b402343dd91e0148bb43bd], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\WebSocket4Net.dll, Delete-on-Reboot, [959448f0c8b402343dd91e0148bb43bd], Physical Sectors: 0 (No malicious items detected) (end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention
Back to top
Sign In
Create Account
