Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for Media Enhance

- - - - -
Started by Metallica , Mar 09 2014 05:34 AM

  • Please log in to reply
No replies to this topic

#1
Metallica
Posted 09 March 2014 - 05:34 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is Media Enhance?

The Malwarebytes research team has determined that Media Enhance is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is effected by Media Enhance?

You may see these browser extensions/add-ons:

Posted Image

Posted Image

Posted Image

and this entry in your list of installed programs:

Posted Image


How did Media Enhance get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was offered as a media enhancing browser extension.

How do I remove Media Enhance?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program. You will need Malwarebytes Anti-Malware version 2.00 (beta) or newer to disable the Chrome and Firefox extensions.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-consumer.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of Media Enhance?

  • The Firefox extension can now safely be removed. Open the "Extensions" tab under "Add-ons" and click "Remove" and "Restart" to complete the removal.
  • The Chrome extension can now safely be removed. Open "Settings" > "Extensions" and click the bin behind the media enhance 1.26.71 listing. Then confirm removal.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Media Enhance rogue. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.



Posted Image

Technical details for experts

Signs in a HijackThis log:
O2 - BHO: CrossriderApp0044150 - {11111111-1111-1111-1111-110411411150} - C:\Program Files\media enhance\media enhance-bho.dll

Alterations made by the installer:
File system details
---------------------------------------------
	Adds the folder C:\Program Files\media enhance
	   Adds the file 44150.crx"="3/9/2014 11:46 AM, 265108 bytes, A
	   Adds the file 44150.xpi"="3/9/2014 11:46 AM, 301069 bytes, A
	   Adds the file background.html"="3/5/2014 10:08 AM, 729 bytes, A
	   Adds the file Installer.log"="3/9/2014 11:46 AM, 266803 bytes, A
	   Adds the file media enhance.ico"="3/5/2014 10:08 AM, 15086 bytes, A
	   Adds the file media enhance-bg.exe"="3/9/2014 11:46 AM, 536280 bytes, A
	   Adds the file media enhance-bho.dll"="3/9/2014 11:46 AM, 509144 bytes, A
	   Adds the file media enhance-chromeinstaller.exe"="3/9/2014 11:46 AM, 2043096 bytes, A
	   Adds the file media enhance-codedownloader.exe"="3/9/2014 11:46 AM, 575192 bytes, A
	   Adds the file media enhance-enabler.exe"="3/9/2014 11:46 AM, 419544 bytes, A
	   Adds the file media enhance-firefoxinstaller.exe"="3/9/2014 11:46 AM, 971480 bytes, A
	   Adds the file media enhance-updater.exe"="3/9/2014 11:46 AM, 399576 bytes, A
	   Adds the file Uninstall.exe"="3/9/2014 11:46 AM, 84696 bytes, A
	   Adds the file utils.exe"="3/9/2014 11:46 AM, 2323693 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0
	   Adds the file 1"="3/9/2014 11:48 AM, 19456 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0
	   Adds the file background.html"="3/9/2014 11:46 AM, 1705 bytes, A
	   Adds the file chromeCoreFilesIndex.txt"="3/9/2014 11:46 AM, 853 bytes, A
	   Adds the file crossriderManifest.json"="3/9/2014 11:46 AM, 517 bytes, A
	   Adds the file manifest.json"="3/9/2014 11:46 AM, 1098 bytes, A
	   Adds the file popup.html"="3/9/2014 11:46 AM, 139 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData
	   Adds the file manifest.xml"="3/9/2014 11:46 AM, 1707 bytes, A
	   Adds the file plugins.json"="3/9/2014 11:46 AM, 8811 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins
	   Adds the file 1_base.js"="3/9/2014 11:46 AM, 6908 bytes, A
	   Adds the file 102_dealply_m.js"="3/9/2014 11:46 AM, 2201 bytes, A
	   Adds the file 103_intext_5_m.js"="3/9/2014 11:46 AM, 2412 bytes, A
	   Adds the file 104_jollywallet_m.js"="3/9/2014 11:46 AM, 1450 bytes, A
	   Adds the file 13_CrossriderAppUtils.js"="3/9/2014 11:46 AM, 7135 bytes, A
	   Adds the file 14_CrossriderUtils.js"="3/9/2014 11:46 AM, 20888 bytes, A
	   Adds the file 155_ibario_pops_m.js"="3/9/2014 11:46 AM, 656 bytes, A
	   Adds the file 17_jQuery.js"="3/9/2014 11:46 AM, 79982 bytes, A
	   Adds the file 177_crossriderDashboard.js"="3/9/2014 11:46 AM, 30419 bytes, A
	   Adds the file 182_openUrl.js"="3/9/2014 11:46 AM, 14301 bytes, A
	   Adds the file 183_tabsWrapper.js"="3/9/2014 11:46 AM, 2555 bytes, A
	   Adds the file 184_noproblemppc_m.js"="3/9/2014 11:46 AM, 855 bytes, A
	   Adds the file 19_CHAppAPIWrapper.js"="3/9/2014 11:46 AM, 7137 bytes, A
	   Adds the file 190_pops_5_m.js"="3/9/2014 11:46 AM, 2406 bytes, A
	   Adds the file 191_ciuvo_m.js"="3/9/2014 11:46 AM, 1106 bytes, A
	   Adds the file 195_icm_convertmedia_m.js"="3/9/2014 11:46 AM, 545 bytes, A
	   Adds the file 207_dbWrapper.js"="3/9/2014 11:46 AM, 1661 bytes, A
	   Adds the file 21_debug.js"="3/9/2014 11:46 AM, 3676 bytes, A
	   Adds the file 22_resources.js"="3/9/2014 11:46 AM, 9082 bytes, A
	   Adds the file 220_icm_base_m.js"="3/9/2014 11:46 AM, 47081 bytes, A
	   Adds the file 230_revizer_ws_dynamic_b2b_2_m.js"="3/9/2014 11:46 AM, 923 bytes, A
	   Adds the file 233_revizer_p_dynamic_b2b_2_m.js"="3/9/2014 11:46 AM, 921 bytes, A
	   Adds the file 28_initializer.js"="3/9/2014 11:46 AM, 664 bytes, A
	   Adds the file 4_jquery_1_7_1.js"="3/9/2014 11:46 AM, 94180 bytes, A
	   Adds the file 47_resources_background.js"="3/9/2014 11:46 AM, 7720 bytes, A
	   Adds the file 64_appApiMessage.js"="3/9/2014 11:46 AM, 2332 bytes, A
	   Adds the file 7_hooks.js"="3/9/2014 11:46 AM, 801 bytes, A
	   Adds the file 72_appApiValidation.js"="3/9/2014 11:46 AM, 46200 bytes, A
	   Adds the file 78_CrossriderInfo.js"="3/9/2014 11:46 AM, 3321 bytes, A
	   Adds the file 80_CHPopupAppAPI.js"="3/9/2014 11:46 AM, 194 bytes, A
	   Adds the file 9_search_engine_hook.js"="3/9/2014 11:46 AM, 2285 bytes, A
	   Adds the file 91_monetizationLoader.js.js"="3/9/2014 11:46 AM, 145043 bytes, A
	   Adds the file 93_superfish_no_coupons_m.js"="3/9/2014 11:46 AM, 775 bytes, A
	   Adds the file 97_resourceApiWrapper.js"="3/9/2014 11:46 AM, 3299 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\userCode
	   Adds the file background.js"="3/9/2014 11:46 AM, 429 bytes, A
	   Adds the file extension.js"="3/9/2014 11:46 AM, 734 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\icons
	   Adds the file icon128.png"="3/9/2014 11:46 AM, 3167 bytes, A
	   Adds the file icon16.png"="3/9/2014 11:46 AM, 1223 bytes, A
	   Adds the file icon48.png"="3/9/2014 11:46 AM, 3861 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\icons\actions
	   Adds the file 1.png"="3/9/2014 11:46 AM, 1223 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js
	   Adds the file background.js"="3/9/2014 11:46 AM, 34135 bytes, A
	   Adds the file main.js"="3/9/2014 11:46 AM, 8452 bytes, A
	   Adds the file platformVersion.js"="3/9/2014 11:46 AM, 408 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\api
	   Adds the file chrome.js"="3/9/2014 11:46 AM, 11499 bytes, A
	   Adds the file cookie.js"="3/9/2014 11:46 AM, 11743 bytes, A
	   Adds the file message.js"="3/9/2014 11:46 AM, 3346 bytes, A
	   Adds the file monitor.js"="3/9/2014 11:46 AM, 2039 bytes, A
	   Adds the file pageAction.js"="3/9/2014 11:46 AM, 1737 bytes, A
	   Adds the file pageActionBG.js"="3/9/2014 11:46 AM, 2519 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\lib
	   Adds the file app_api.js"="3/9/2014 11:46 AM, 6697 bytes, A
	   Adds the file bg_app_api.js"="3/9/2014 11:46 AM, 4685 bytes, A
	   Adds the file consts.js"="3/9/2014 11:46 AM, 335 bytes, A
	   Adds the file cookie_store.js"="3/9/2014 11:46 AM, 5905 bytes, A
	   Adds the file crossriderAPI.js"="3/9/2014 11:46 AM, 11366 bytes, A
	   Adds the file delegate.js"="3/9/2014 11:46 AM, 2002 bytes, A
	   Adds the file events.js"="3/9/2014 11:46 AM, 5757 bytes, A
	   Adds the file extensionDataStore.js"="3/9/2014 11:46 AM, 6656 bytes, A
	   Adds the file installer.js"="3/9/2014 11:46 AM, 780 bytes, A
	   Adds the file logFile.js"="3/9/2014 11:46 AM, 775 bytes, A
	   Adds the file logging.js"="3/9/2014 11:46 AM, 944 bytes, A
	   Adds the file onBGDocumentLoad.js"="3/9/2014 11:46 AM, 480 bytes, A
	   Adds the file reports.js"="3/9/2014 11:46 AM, 4929 bytes, A
	   Adds the file storageWrapper.js"="3/9/2014 11:46 AM, 903 bytes, A
	   Adds the file updateManager.js"="3/9/2014 11:46 AM, 8205 bytes, A
	   Adds the file util.js"="3/9/2014 11:46 AM, 5142 bytes, A
	   Adds the file xhr.js"="3/9/2014 11:46 AM, 2699 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\lib\popupResource
	   Adds the file newPopup.js"="3/9/2014 11:46 AM, 40 bytes, A
	   Adds the file popup.js"="3/9/2014 11:46 AM, 45 bytes, A
	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com
	   Adds the file chrome.manifest"="3/9/2014 11:46 AM, 732 bytes, A
	   Adds the file install.rdf"="3/9/2014 11:46 AM, 1346 bytes, A
	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome
	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content
	   Adds the file api.js"="3/9/2014 11:46 AM, 18796 bytes, A
	   Adds the file background.html"="3/9/2014 11:46 AM, 2001 bytes, A
	   Adds the file baseObject.js"="3/9/2014 11:46 AM, 19 bytes, A
	   Adds the file browser.xul"="3/9/2014 11:46 AM, 4817 bytes, A
	   Adds the file dialog.js"="3/9/2014 11:46 AM, 1343 bytes, A
	   Adds the file ffCoreFilesIndex.txt"="3/9/2014 11:46 AM, 1052 bytes, A
	   Adds the file main.js"="3/9/2014 11:46 AM, 18750 bytes, A
	   Adds the file options.js"="3/9/2014 11:46 AM, 1931 bytes, A
	   Adds the file options.xul"="3/9/2014 11:46 AM, 1913 bytes, A
	   Adds the file platformVersion.js"="3/9/2014 11:46 AM, 612 bytes, A
	   Adds the file search_dialog.xul"="3/9/2014 11:46 AM, 2457 bytes, A
	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api
	   Adds the file asyncDB.js"="3/9/2014 11:46 AM, 4805 bytes, A
	   Adds the file background.js"="3/9/2014 11:46 AM, 1336 bytes, A
	   Adds the file browserAction.js"="3/9/2014 11:46 AM, 8906 bytes, A
	   Adds the file contextMenu.js"="3/9/2014 11:46 AM, 5359 bytes, A
	   Adds the file dbManager.js"="3/9/2014 11:46 AM, 10097 bytes, A
	   Adds the file dom_bg.js"="3/9/2014 11:46 AM, 2505 bytes, A
	   Adds the file fileManager.js"="3/9/2014 11:46 AM, 943 bytes, A
	   Adds the file firefox.js"="3/9/2014 11:46 AM, 353 bytes, A
	   Adds the file firefoxNotifications.js"="3/9/2014 11:46 AM, 1116 bytes, A
	   Adds the file firefoxOmnibox.js"="3/9/2014 11:46 AM, 1515 bytes, A
	   Adds the file message.js"="3/9/2014 11:46 AM, 5210 bytes, A
	   Adds the file pageAction.js"="3/9/2014 11:46 AM, 11257 bytes, A
	   Adds the file request.js"="3/9/2014 11:46 AM, 2314 bytes, A
	   Adds the file tabs.js"="3/9/2014 11:46 AM, 3628 bytes, A
	   Adds the file webRequest.js"="3/9/2014 11:46 AM, 5806 bytes, A
	   Adds the file windowsMessagingHandler.js"="3/9/2014 11:46 AM, 960 bytes, A
	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core
	   Adds the file addressBarChangeObserver.js"="3/9/2014 11:46 AM, 130 bytes, A
	   Adds the file console.js"="3/9/2014 11:46 AM, 1753 bytes, A
	   Adds the file consts.js"="3/9/2014 11:46 AM, 2356 bytes, A
	   Adds the file delegate.js"="3/9/2014 11:46 AM, 2180 bytes, A
	   Adds the file extensionDataStore.js"="3/9/2014 11:46 AM, 8607 bytes, A
	   Adds the file folderIOWrapper.js"="3/9/2014 11:46 AM, 3526 bytes, A
	   Adds the file httpObserver.js"="3/9/2014 11:46 AM, 2561 bytes, A
	   Adds the file IDBWrapper.js"="3/9/2014 11:46 AM, 4191 bytes, A
	   Adds the file installer.js"="3/9/2014 11:46 AM, 1320 bytes, A
	   Adds the file logFile.js"="3/9/2014 11:46 AM, 1562 bytes, A
	   Adds the file prefs.js"="3/9/2014 11:46 AM, 1649 bytes, A
	   Adds the file progressListenerObserver.js"="3/9/2014 11:46 AM, 1368 bytes, A
	   Adds the file registry.js"="3/9/2014 11:46 AM, 1158 bytes, A
	   Adds the file reloadObserver.js"="3/9/2014 11:46 AM, 1527 bytes, A
	   Adds the file reports.js"="3/9/2014 11:46 AM, 3869 bytes, A
	   Adds the file requestObject.js"="3/9/2014 11:46 AM, 1261 bytes, A
	   Adds the file searchSettings.js"="3/9/2014 11:46 AM, 3426 bytes, A
	   Adds the file uninstallObserver.js"="3/9/2014 11:46 AM, 2372 bytes, A
	   Adds the file updateManager.js"="3/9/2014 11:46 AM, 11480 bytes, A
	   Adds the file utils.js"="3/9/2014 11:46 AM, 18554 bytes, A
	   Adds the file xhr.js"="3/9/2014 11:46 AM, 2852 bytes, A
	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\defaults
	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\defaults\preferences
	   Adds the file prefs.js"="3/9/2014 11:46 AM, 3980 bytes, A
	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData
	   Adds the file manifest.xml"="3/9/2014 11:48 AM, 1709 bytes, A
	   Adds the file plugins.json"="3/9/2014 11:48 AM, 14033 bytes, A
	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins
	   Adds the file 1_base.js"="3/9/2014 11:46 AM, 6908 bytes, A
	   Adds the file 102_dealply_m.js"="3/9/2014 11:46 AM, 2201 bytes, A
	   Adds the file 103_intext_5_m.js"="3/9/2014 11:46 AM, 2412 bytes, A
	   Adds the file 104_jollywallet_m.js"="3/9/2014 11:46 AM, 1450 bytes, A
	   Adds the file 13_CrossriderAppUtils.js"="3/9/2014 11:46 AM, 7135 bytes, A
	   Adds the file 14_CrossriderUtils.js"="3/9/2014 11:46 AM, 20888 bytes, A
	   Adds the file 155_ibario_pops_m.js"="3/9/2014 11:46 AM, 656 bytes, A
	   Adds the file 16_FFAppAPIWrapper.js"="3/9/2014 11:46 AM, 16158 bytes, A
	   Adds the file 17_jQuery.js"="3/9/2014 11:46 AM, 79982 bytes, A
	   Adds the file 177_crossriderDashboard.js"="3/9/2014 11:46 AM, 30419 bytes, A
	   Adds the file 182_openUrl.js"="3/9/2014 11:46 AM, 14301 bytes, A
	   Adds the file 183_tabsWrapper.js"="3/9/2014 11:46 AM, 2555 bytes, A
	   Adds the file 184_noproblemppc_m.js"="3/9/2014 11:48 AM, 1232 bytes, A
	   Adds the file 190_pops_5_m.js"="3/9/2014 11:46 AM, 2406 bytes, A
	   Adds the file 191_ciuvo_m.js"="3/9/2014 11:46 AM, 1106 bytes, A
	   Adds the file 195_icm_convertmedia_m.js"="3/9/2014 11:46 AM, 545 bytes, A
	   Adds the file 207_dbWrapper.js"="3/9/2014 11:46 AM, 1661 bytes, A
	   Adds the file 21_debug.js"="3/9/2014 11:46 AM, 3676 bytes, A
	   Adds the file 22_resources.js"="3/9/2014 11:46 AM, 9082 bytes, A
	   Adds the file 220_icm_base_m.js"="3/9/2014 11:46 AM, 47081 bytes, A
	   Adds the file 230_revizer_ws_dynamic_b2b_2_m.js"="3/9/2014 11:46 AM, 923 bytes, A
	   Adds the file 233_revizer_p_dynamic_b2b_2_m.js"="3/9/2014 11:46 AM, 921 bytes, A
	   Adds the file 246_setup.js"="3/9/2014 11:48 AM, 1454 bytes, A
	   Adds the file 28_initializer.js"="3/9/2014 11:46 AM, 664 bytes, A
	   Adds the file 4_jquery_1_7_1.js"="3/9/2014 11:46 AM, 94180 bytes, A
	   Adds the file 47_resources_background.js"="3/9/2014 11:46 AM, 7720 bytes, A
	   Adds the file 64_appApiMessage.js"="3/9/2014 11:46 AM, 2332 bytes, A
	   Adds the file 7_hooks.js"="3/9/2014 11:46 AM, 801 bytes, A
	   Adds the file 72_appApiValidation.js"="3/9/2014 11:46 AM, 46200 bytes, A
	   Adds the file 78_CrossriderInfo.js"="3/9/2014 11:46 AM, 3321 bytes, A
	   Adds the file 9_search_engine_hook.js"="3/9/2014 11:46 AM, 2285 bytes, A
	   Adds the file 91_monetizationLoader.js.js"="3/9/2014 11:48 AM, 144967 bytes, A
	   Adds the file 93_superfish_no_coupons_m.js"="3/9/2014 11:46 AM, 775 bytes, A
	   Adds the file 98_omniCommands.js"="3/9/2014 11:46 AM, 1936 bytes, A
	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\userCode
	   Adds the file background.js"="3/9/2014 11:46 AM, 429 bytes, A
	   Adds the file extension.js"="3/9/2014 11:48 AM, 736 bytes, A
	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\locale
	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\locale\en-US
	   Adds the file translations.dtd"="3/9/2014 11:46 AM, 425 bytes, A
	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin
	   Adds the file button1.png"="3/9/2014 11:46 AM, 1361 bytes, A
	   Adds the file button2.png"="3/9/2014 11:46 AM, 1361 bytes, A
	   Adds the file button3.png"="3/9/2014 11:46 AM, 1361 bytes, A
	   Adds the file button4.png"="3/9/2014 11:46 AM, 1361 bytes, A
	   Adds the file button5.png"="3/9/2014 11:46 AM, 1361 bytes, A
	   Adds the file crossrider_statusbar.png"="3/9/2014 11:46 AM, 1361 bytes, A
	   Adds the file icon128.png"="3/9/2014 11:46 AM, 3167 bytes, A
	   Adds the file icon16.png"="3/9/2014 11:46 AM, 1223 bytes, A
	   Adds the file icon24.png"="3/9/2014 11:46 AM, 1361 bytes, A
	   Adds the file icon48.png"="3/9/2014 11:46 AM, 3861 bytes, A
	   Adds the file panelarrow-up.png"="3/9/2014 11:46 AM, 917 bytes, A
	   Adds the file popup.html"="3/9/2014 11:46 AM, 349 bytes, A
	   Adds the file skin.css"="3/9/2014 11:46 AM, 990 bytes, A
	   Adds the file update.css"="3/9/2014 11:46 AM, 140 bytes, A
	In the existing folder C:\Windows\Tasks
	   Adds the file media enhance-chromeinstaller.job"="3/9/2014 11:46 AM, 3102 bytes, A
	   Adds the file media enhance-codedownloader.job"="3/9/2014 11:46 AM, 1476 bytes, A
	   Adds the file media enhance-enabler.job"="3/9/2014 11:46 AM, 1376 bytes, A
	   Adds the file media enhance-firefoxinstaller.job"="3/9/2014 11:46 AM, 2288 bytes, A
	   Adds the file media enhance-updater.job"="3/9/2014 11:46 AM, 1522 bytes, A

Registry details
------------------------------------------
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411411150}]
	   "(Default)"="REG_SZ, "media enhance"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411411150}\Implemented Categories]
	   "(Default)"="REG_SZ, ""
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411411150}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]
	   "(Default)"="REG_SZ, ""
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411411150}\InprocServer32]
	   "(Default)"="REG_SZ, "C:\Program Files\media enhance\media enhance-bho.dll"
	   "ThreadingModel"="REG_SZ, "Apartment"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411411150}\ProgID]
	   "(Default)"="REG_SZ, "CrossriderApp0044150.BHO.1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411411150}\Programmable]
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411411150}\TypeLib]
	   "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440444414450}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411411150}\VersionIndependentProgID]
	   "(Default)"="REG_SZ, "CrossriderApp0044150"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412250}]
	   "(Default)"="REG_SZ, "CrossriderApp0044150.Sandbox"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412250}\InprocServer32]
	   "(Default)"="REG_SZ, "C:\Program Files\media enhance\media enhance-bho.dll"
	   "ThreadingModel"="REG_SZ, "Apartment"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412250}\ProgID]
	   "(Default)"="REG_SZ, "CrossriderApp0044150.Sandbox.1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412250}\Programmable]
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412250}\TypeLib]
	   "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440444414450}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412250}\VersionIndependentProgID]
	   "(Default)"="REG_SZ, "CrossriderApp0044150.Sandbox"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0044150.BHO]
	   "(Default)"="REG_SZ, "CrossriderApp0044150"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0044150.BHO\CLSID]
	   "(Default)"="REG_SZ, "{11111111-1111-1111-1111-110411411150}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0044150.BHO\CurVer]
	   "(Default)"="REG_SZ, "CrossriderApp0044150"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0044150.BHO.1
	   "(Default)"="REG_SZ, "CrossriderApp0044150"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0044150.BHO.1\CLSID]
	   "(Default)"="REG_SZ, "{11111111-1111-1111-1111-110411411150}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0044150.Sandbox
	   "(Default)"="REG_SZ, "CrossriderApp0044150.Sandbox"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0044150.Sandbox\CLSID]
	   "(Default)"="REG_SZ, "{22222222-2222-2222-2222-220422412250}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0044150.Sandbox\CurVer]
	   "(Default)"="REG_SZ, "CrossriderApp0044150.Sandbox"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0044150.Sandbox.1
	   "(Default)"="REG_SZ, "CrossriderApp0044150.Sandbox"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0044150.Sandbox.1\CLSID]
	   "(Default)"="REG_SZ, "{22222222-2222-2222-2222-220422412250}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415550}]
	   "(Default)"="REG_SZ, "ICrossriderBHO"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415550}\ProxyStubClsid]
	   "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415550}\ProxyStubClsid32]
	   "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415550}\TypeLib]
	   "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440444414450}"
	   "Version"="REG_SZ, "1.0"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416650}]
	   "(Default)"="REG_SZ, "ISandBox"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416650}\ProxyStubClsid]
	   "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416650}\ProxyStubClsid32]
	   "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416650}\TypeLib]
	   "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440444414450}"
	   "Version"="REG_SZ, "1.0"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444414450}\1.0]
	   "(Default)"="REG_SZ, "CrossriderApp0044150 Type Library"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444414450}\1.0\0\win32]
	   "(Default)"="REG_SZ, "C:\Program Files\media enhance\media enhance-bho.dll"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444414450}\1.0\FLAGS]
	   "(Default)"="REG_SZ, "0"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444414450}\1.0\HELPDIR]
	   "(Default)"="REG_SZ, "C:\Program Files\media enhance"
	[HKEY_LOCAL_MACHINE\SOFTWARE\media enhance\Chrome]
	   "TotalProfiles"="REG_DWORD, 1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\media enhance\Chrome-Profiles]
	   "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default"="REG_DWORD, 1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\media enhance\Firefox]
	   "TotalProfiles"="REG_DWORD, 1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\media enhance\Firefox\Profiles]
	   "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default"="REG_DWORD, 1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\media enhance\IE]
	   "TotalProfiles"="REG_DWORD, 1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\media enhance\IE\Profiles]
	   "{userID}"="REG_DWORD, 1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\media enhance\Installer]
	   "BundledChrome"="REG_DWORD, 1"
	   "BundledFirefox"="REG_DWORD, 1"
	   "BundledIe"="REG_DWORD, 1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411150}]
	   "(Default)"="REG_SZ, "CrossriderApp0044150"
	   "NoExplorer"="REG_DWORD, 1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]
	   "{11111111-1111-1111-1111-110411411150}"="REG_SZ, "1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media enhance]
	   "CrAppId"="REG_SZ, "44150"
	   "CrPublisherId"="REG_SZ, "21636"
	   "DisplayIcon"="REG_SZ, "C:\Program Files\media enhance\utils.exe"
	   "DisplayName"="REG_SZ, "media enhance"
	   "DisplayVersion"="REG_SZ, "1.34.3.2"
	   "Publisher"="REG_SZ, "feven"
	   "UninstallString"="REG_SZ, "C:\Program Files\media enhance\Uninstall.exe /fromcontrolpanel=1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
	   "media enhance-chromeinstaller.job"="REG_BINARY, ................................"
	   "media enhance-chromeinstaller.job.fp"="REG_DWORD, -1746221491"
	   "media enhance-codedownloader.job"="REG_BINARY, ................................"
	   "media enhance-codedownloader.job.fp"="REG_DWORD, -1625764633"
	   "media enhance-enabler.job"="REG_BINARY, ................................"
	   "media enhance-enabler.job.fp"="REG_DWORD, 760984907
	   "media enhance-firefoxinstaller.job"="REG_BINARY, ................................"
	   "media enhance-firefoxinstaller.job.fp"="REG_DWORD, 1384005778"
	   "media enhance-updater.job"="REG_BINARY, ................................"
	   "media enhance-updater.job.fp"="REG_DWORD, 521803238"
	[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\DPX\Assets\4B8D84D894FD29F5
	   "DateTime
		REG_QWORD, .... ==> REG_QWORD, ....
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\media enhance\Debug]
	   "DebuggedAppUrl"="REG_SZ, "file://C:\Users\{username}\Documents\debug.js"
	   "DebuggedBgUrl"="REG_SZ, "file://C:\Users\{username}\Documents\bg_debug.js"
	   "DebuggedNewTabUrl"="REG_SZ, "file://C:\Users\{username}\Documents\new_debug.js"
	   "IsDebuggingPlugins"="REG_DWORD, 0"
	   "IsDebugMode"="REG_DWORD, 0"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\media enhance\Installer]
	   "CodeDownloadDomain"="REG_SZ, "http://app-static.crossrider.com"
	   "DefaultBrowser"="REG_SZ, "ie"
	   "ErrorsDomain"="REG_SZ, "http://errors.srvstatsdata.com"
	   "FullVersion"="REG_SZ, "1.34.3.2"
	   "FullVersionForUrl"="REG_SZ, "1_34_3_2"
	   "OsName"="REG_SZ, "7"
	   "Params"="REG_SZ, "{"source_id" : "000555","sub_id" : "0","uzid" : "0/"}"
	   "SrcId"="REG_SZ, "000555"
	   "StatsDomain"="REG_SZ, "http://stats.srvstatsdata.com"
	   "SubId"="REG_SZ, "0"
	   "Time"="REG_SZ, "1394361995"
	   "ZData"="REG_SZ, "0/"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\media enhance\Manifest]
	   "AddressbarURL"="REG_SZ, "NA"
	   "BgVersion"="REG_SZ, "1"
	   "ChangePrevious"="REG_SZ, "false"
	   "Description"="REG_SZ, "MediaPlayerEnhance Extension"
	   "DisableIe"="REG_SZ, "true"
	   "EnableSearchIE"="REG_SZ, "false"
	   "HomePageUrl"="REG_SZ, "NA"
	   "IsButtonEnabled"="REG_SZ, "false"
	   "Manifest"="REG_SZ, "NA"
	   "ModeType"="REG_SZ, "production"
	   "Name"="REG_SZ, "MediaPlayerEnhance"
	   "PluginsManifestVersion"="REG_SZ, "68"
	   "PublisherId"="REG_SZ, "21636"
	   "PublisherName"="REG_SZ, "Feven"
	   "RunInFrame"="REG_SZ, "false"
	   "SetNewTab"="REG_SZ, "false"
	   "ThanksUrl"="REG_SZ, "NA"
	   "UninstallerOfferAction"="REG_SZ, "NA"
	   "UninstallerOfferUrl"="REG_SZ, "NA"
	   "UpdateInterval"="REG_DWORD, 360
	   "Version"="REG_SZ, "75"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\media enhance\Plugins]
	   "AppPluginList"="REG_SZ, "246,42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,1,21,22,182,183,207,72,7,9,93,102,103,104,155,184,190,191,220,195,230,233,177,91,28"
	   "BgPluginList"="REG_SZ, "246,42,38,46,41,44,39,35,43,36,4,14,78,64,183,207,47,182,72,184,220,195,91"
	   "BrowserEventPluginList"="REG_SZ, "14,42,41,44,39,38,43,37,64,72"
	   "NewTabPluginList"="REG_SZ, "42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,1,21,22,72,28"
	   "OnRequestPluginList"="REG_SZ, "14,42,41,39,38,43,45,64,72"
	   "PopupPluginList"="REG_SZ, "42,38,46,41,44,39,35,43,36,4,14,78,13,64,207,47,182,72,94"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\media enhance\Plugins\1]
	   "JavaScript"="REG_SZ, "{ javascript removed. full log available by request }"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\media enhance\Update]
	   "LastCheck"="REG_DWORD, 1394362005"
	[HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\feven]
	   "44150"="REG_SZ, "media enhance"

Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/9/2014
Scan Time: 11:58:57 AM
Logfile: mbamME.txt
Administrator: Yes

Version: 2.00.0.0504
Malware Database: v2014.03.09.03
Rootkit Database: v2014.02.20.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Malwarebytes

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 199649
Time Elapsed: 2 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 1
PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\media enhance-bho.dll, Delete-on-Reboot, [69cec83965164de9b40a1491ed14a759],

Registry Keys: 19
PUP.Optional.MediaEnhance.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110411411150}, Quarantined, [69cec83965164de9b40a1491ed14a759],
PUP.Optional.MediaEnhance.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440444414450}, Quarantined, [69cec83965164de9b40a1491ed14a759],
PUP.Optional.MediaEnhance.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550455415550}, Quarantined, [69cec83965164de9b40a1491ed14a759],
PUP.Optional.MediaEnhance.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660466416650}, Quarantined, [69cec83965164de9b40a1491ed14a759],
PUP.Optional.MediaEnhance.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0044150.BHO.1, Quarantined, [69cec83965164de9b40a1491ed14a759],
PUP.Optional.MediaEnhance.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110411411150}, Quarantined, [69cec83965164de9b40a1491ed14a759],
PUP.Optional.MediaEnhance.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0044150.BHO, Quarantined, [69cec83965164de9b40a1491ed14a759],
PUP.Optional.MediaEnhance.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110411411150}, Quarantined, [69cec83965164de9b40a1491ed14a759],
PUP.Optional.MediaEnhance.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110411411150}, Quarantined, [69cec83965164de9b40a1491ed14a759],
PUP.Optional.MediaEnhance.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220422412250}, Quarantined, [69cec83965164de9b40a1491ed14a759],
PUP.Optional.MediaEnhance.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0044150.Sandbox.1, Quarantined, [69cec83965164de9b40a1491ed14a759],
PUP.Optional.MediaEnhance.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0044150.Sandbox, Quarantined, [69cec83965164de9b40a1491ed14a759],
PUP.Optional.MediaEnhance.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110411411150}\INPROCSERVER32, Quarantined, [69cec83965164de9b40a1491ed14a759],
PUP.Optional.MediaEnhance.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\media enhance, Quarantined, [e94e2ed3dba055e1ed265937fe0419e7],
PUP.Optional.MediaEnhance.A, HKLM\SOFTWARE\media enhance, Quarantined, [5bdc60a1106bfe3863b4f49c837fc33d],
PUP.Optional.Ligtning.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [1b1c43be74077cba89e4197c45bd1de3],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [75c24fb2146792a4b1a6cff5847f6799],
PUP.Optional.MediaEnhance.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\media enhance, Quarantined, [87b08b763a419c9a25f0d5bbd62cee12],
PUP.Optional.Feven.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\feven, Quarantined, [52e552af8af12f0725f2cfef5aa96b95],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 15
PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance, Delete-on-Reboot, [e94e2ed3dba055e1ed265937fe0419e7],
PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, Quarantined, [1b1ce8190b707abcdaaf860f41c1946c],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [d95e748d3a411e1872d2bbd209f915eb],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0, Quarantined, [d95e748d3a411e1872d2bbd209f915eb],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\userCode, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\icons, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\icons\actions, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\api, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\lib, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\lib\popupResource, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],

Files: 105
PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\media enhance-bho.dll, Delete-on-Reboot, [69cec83965164de9b40a1491ed14a759],
PUP.Optional.CrossRider.A, C:\Users\{username}\Desktop\Media enhance.exe, Quarantined, [e25511f01467c571a0f9544aae537e82],
PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\background.html, Quarantined, [e94e2ed3dba055e1ed265937fe0419e7],
PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\44150.crx, Quarantined, [e94e2ed3dba055e1ed265937fe0419e7],
PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\44150.xpi, Quarantined, [e94e2ed3dba055e1ed265937fe0419e7],
PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\Installer.log, Quarantined, [e94e2ed3dba055e1ed265937fe0419e7],
PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\media enhance-bg.exe, Quarantined, [e94e2ed3dba055e1ed265937fe0419e7],
PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\media enhance-chromeinstaller.exe, Quarantined, [e94e2ed3dba055e1ed265937fe0419e7],
PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\media enhance-codedownloader.exe, Quarantined, [e94e2ed3dba055e1ed265937fe0419e7],
PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\media enhance-enabler.exe, Quarantined, [e94e2ed3dba055e1ed265937fe0419e7],
PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\media enhance-firefoxinstaller.exe, Quarantined, [e94e2ed3dba055e1ed265937fe0419e7],
PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\media enhance-updater.exe, Quarantined, [e94e2ed3dba055e1ed265937fe0419e7],
PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\media enhance.ico, Quarantined, [e94e2ed3dba055e1ed265937fe0419e7],
PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\Uninstall.exe, Quarantined, [e94e2ed3dba055e1ed265937fe0419e7],
PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\utils.exe, Quarantined, [e94e2ed3dba055e1ed265937fe0419e7],
PUP.Optional.MediaEnhance.A, C:\Windows\Tasks\media enhance-chromeinstaller.job, Quarantined, [4aed2bd663183501060ed6ba00026c94],
PUP.Optional.MediaEnhance.A, C:\Windows\Tasks\media enhance-codedownloader.job, Quarantined, [8fa8da27205b7fb7c450335d4ab8be42],
PUP.Optional.MediaEnhance.A, C:\Windows\Tasks\media enhance-enabler.job, Quarantined, [2116a160d6a56ec82fe5e0b0b2506a96],
PUP.Optional.MediaEnhance.A, C:\Windows\Tasks\media enhance-firefoxinstaller.job, Quarantined, [41f6ed140e6d76c028ec157bee14ea16],
PUP.Optional.MediaEnhance.A, C:\Windows\Tasks\media enhance-updater.job, Quarantined, [de59a45d94e769cde92bd5bba260827e],
PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log\eGdpSvc.LOG, Quarantined, [1b1ce8190b707abcdaaf860f41c1946c],
PUP.Optional.NewTab.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx, Quarantined, [2512659cbcbf1e18976cf6a0de24f20e],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.html, Quarantined, [d95e748d3a411e1872d2bbd209f915eb],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.js, Quarantined, [d95e748d3a411e1872d2bbd209f915eb],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\data.json, Quarantined, [d95e748d3a411e1872d2bbd209f915eb],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\icon128.png, Quarantined, [d95e748d3a411e1872d2bbd209f915eb],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\jquery.js, Quarantined, [d95e748d3a411e1872d2bbd209f915eb],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\manifest.json, Quarantined, [d95e748d3a411e1872d2bbd209f915eb],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xa.js, Quarantined, [d95e748d3a411e1872d2bbd209f915eb],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xagainit.js, Quarantined, [d95e748d3a411e1872d2bbd209f915eb],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\background.html, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\chromeCoreFilesIndex.txt, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\crossriderManifest.json, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\manifest.json, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\popup.html, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\manifest.xml, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins.json, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\220_icm_base_m.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\102_dealply_m.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\103_intext_5_m.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\104_jollywallet_m.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\13_CrossriderAppUtils.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\14_CrossriderUtils.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\155_ibario_pops_m.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\177_crossriderDashboard.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\17_jQuery.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\182_openUrl.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\183_tabsWrapper.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\184_noproblemppc_m.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\190_pops_5_m.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\191_ciuvo_m.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\195_icm_convertmedia_m.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\19_CHAppAPIWrapper.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\1_base.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\207_dbWrapper.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\21_debug.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\22_resources.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\230_revizer_ws_dynamic_b2b_2_m.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\233_revizer_p_dynamic_b2b_2_m.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\28_initializer.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\47_resources_background.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\4_jquery_1_7_1.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\64_appApiMessage.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\72_appApiValidation.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\78_CrossriderInfo.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\7_hooks.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\80_CHPopupAppAPI.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\91_monetizationLoader.js.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\93_superfish_no_coupons_m.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\97_resourceApiWrapper.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\plugins\9_search_engine_hook.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\userCode\background.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\extensionData\userCode\extension.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\icons\icon128.png, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\icons\icon16.png, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\icons\icon48.png, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\icons\actions\1.png, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\background.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\main.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\platformVersion.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\api\chrome.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\api\cookie.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\api\message.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\api\monitor.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\api\pageAction.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\api\pageActionBG.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\lib\app_api.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\lib\bg_app_api.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\lib\consts.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\lib\cookie_store.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\lib\crossriderAPI.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\lib\delegate.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\lib\events.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\lib\extensionDataStore.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\lib\installer.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\lib\logFile.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\lib\logging.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\lib\onBGDocumentLoad.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\lib\reports.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\lib\storageWrapper.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\lib\updateManager.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\lib\util.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\lib\xhr.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\lib\popupResource\newPopup.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.71_0\js\lib\popupResource\popup.js, Quarantined, [191e02ff532875c1c9fcbbd2ad55d42c],

Physical Sectors: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements

Back to Malware Removal Guides and Tutorials


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Malware Removal Guides and Tutorials

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.