Sign in to follow this  
Metallica

Removal instructions for CinemaBig

Recommended Posts

What is CinemaBig?

The Malwarebytes research team has determined that CinemaBig is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the affected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is affected by CinemaBig?

You may see these browser extensions/add-ons:

warning1.png

warning2.png

and this entry in your list of installed programs:

warning4.png

How did CinemaBig get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was offered as a video enhancing browser extension.

How do I remove CinemaBig?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of CinemaBig?
  • No, Malwarebytes' Anti-Malware removes CinemaBig completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the CinemaBig hijacker. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

Signs in a HijackThis log:

O2 - BHO: CrossriderApp0063163 - {11111111-1111-1111-1111-110611311163} - C:\Program Files\CinemaBig-1.1\CinemaBig-1.1-bho.dll
Alterations made by the installer:

File system details  ---------------------------------------------    Adds the folder C:\Program Files\CinemaBig-1.1       Adds the file 1293297481.mxaddon"="8/14/2014 6:46 PM, 44330 bytes, A       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16.crx"="8/27/2014 2:04 PM, 257930 bytes, A       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16.xpi"="8/27/2014 2:04 PM, 299964 bytes, A       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-11.exe"="8/27/2014 2:04 PM, 1940296 bytes, A       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-2.exe"="8/27/2014 2:04 PM, 373064 bytes, A       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-4.exe"="8/27/2014 2:04 PM, 1453896 bytes, A       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-5.exe"="8/27/2014 2:05 PM, 477512 bytes, A       Adds the file 7628f0b7-9e97-42e2-913b-66501eb137f2.crx"="8/27/2014 2:04 PM, 259139 bytes, A       Adds the file a26c1c29-694d-4266-9fd2-39ee0f36ae5e.exe"="8/27/2014 2:05 PM, 350024 bytes, A       Adds the file background.html"="8/17/2014 8:08 AM, 729 bytes, A       Adds the file CinemaBig-1.1.ico"="8/17/2014 8:08 AM, 9662 bytes, A       Adds the file CinemaBig-1.1-bg.exe"="8/27/2014 2:04 PM, 592712 bytes, A       Adds the file CinemaBig-1.1-bho.dll"="8/27/2014 2:04 PM, 568136 bytes, A       Adds the file CinemaBig-1.1-codedownloader.exe"="8/27/2014 2:04 PM, 549704 bytes, A       Adds the file f561d32c-f1d4-45a7-ae83-0a23da28781e.exe"="8/27/2014 2:04 PM, 31560 bytes, A       Adds the file Interop.IWshRuntimeLibrary.dll"="8/27/2014 2:04 PM, 53576 bytes, A       Adds the file Newtonsoft.Json.dll"="8/27/2014 2:04 PM, 495432 bytes, A       Adds the file SuperSocket.ClientEngine.Common.dll"="8/27/2014 2:04 PM, 23368 bytes, A       Adds the file SuperSocket.ClientEngine.Core.dll"="8/27/2014 2:04 PM, 26440 bytes, A       Adds the file SuperSocket.ClientEngine.Protocol.dll"="8/27/2014 2:04 PM, 19784 bytes, A       Adds the file Uninstall.exe"="8/27/2014 2:04 PM, 102728 bytes, A       Adds the file utils.exe"="8/27/2014 2:04 PM, 2421803 bytes, A       Adds the file WebSocket4Net.dll"="8/27/2014 2:04 PM, 64328 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\defaults\preferences    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\userCode    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\locale\en-US    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin    In the existing folder C:\Windows\System32\Tasks       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-1"="8/27/2014 2:04 PM, 4840 bytes, A       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-11"="8/27/2014 2:04 PM, 7512 bytes, A       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-2"="8/27/2014 2:04 PM, 4454 bytes, A       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-5"="8/27/2014 2:05 PM, 4714 bytes, A       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-5_user"="8/27/2014 2:05 PM, 4740 bytes, A       Adds the file a26c1c29-694d-4266-9fd2-39ee0f36ae5e"="8/27/2014 2:05 PM, 4434 bytes, A       Adds the file f561d32c-f1d4-45a7-ae83-0a23da28781e"="8/27/2014 2:04 PM, 3654 bytes, A    In the existing folder C:\Windows\Tasks       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-1.job"="8/27/2014 2:04 PM, 1810 bytes, A       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-11.job"="8/27/2014 2:04 PM, 4482 bytes, A       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-2.job"="8/27/2014 2:04 PM, 1424 bytes, A       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-5.job"="8/27/2014 2:05 PM, 1684 bytes, A       Adds the file 3b5cc336-fd0a-4e26-afed-d51347c50e16-5_user.job"="8/27/2014 2:05 PM, 1704 bytes, A       Adds the file a26c1c29-694d-4266-9fd2-39ee0f36ae5e.job"="8/27/2014 2:05 PM, 1404 bytes, A       Adds the file f561d32c-f1d4-45a7-ae83-0a23da28781e.job"="8/27/2014 2:04 PM, 618 bytes, ARegistry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaBig-1.1\Firefox]       "TotalProfiles"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaBig-1.1\Firefox\Profiles]       "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaBig-1.1\IE]       "TotalProfiles"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaBig-1.1\IE\Profiles]       "S-1-5-21-4016700205-1717049133-1125222536-1001"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaBig-1.1\Installer]       "BundledAddCh"="REG_DWORD", 1       "BundledFirefox"="REG_DWORD", 1       "BundledIe"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}]       "(Default)"="REG_SZ", "CinemaBig-1.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}\Implemented Categories]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\CinemaBig-1.1\CinemaBig-1.1-bho.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}\ProgID]       "(Default)"="REG_SZ", "CrossriderApp0063163.BHO.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644314463}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611311163}\VersionIndependentProgID]       "(Default)"="REG_SZ", "CrossriderApp0063163"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622312263}]       "(Default)"="REG_SZ", "CrossriderApp0063163.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622312263}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\CinemaBig-1.1\CinemaBig-1.1-bho.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622312263}\ProgID]       "(Default)"="REG_SZ", "CrossriderApp0063163.Sandbox.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622312263}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622312263}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644314463}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622312263}\VersionIndependentProgID]       "(Default)"="REG_SZ", "CrossriderApp0063163.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.BHO]       "(Default)"="REG_SZ", "CrossriderApp0063163"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.BHO\CLSID]       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611311163}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.BHO\CurVer]       "(Default)"="REG_SZ", "CrossriderApp0063163"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.BHO.1]       "(Default)"="REG_SZ", "CrossriderApp0063163"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.BHO.1\CLSID]       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611311163}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.Sandbox]       "(Default)"="REG_SZ", "CrossriderApp0063163.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.Sandbox\CLSID]       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622312263}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.Sandbox\CurVer]       "(Default)"="REG_SZ", "CrossriderApp0063163.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.Sandbox.1]       "(Default)"="REG_SZ", "CrossriderApp0063163.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0063163.Sandbox.1\CLSID]       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622312263}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655315563}]       "(Default)"="REG_SZ", "ICrossriderBHO"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655315563}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655315563}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655315563}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644314463}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666316663}]       "(Default)"="REG_SZ", "ISandBox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666316663}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666316663}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666316663}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644314463}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644314463}\1.0]       "(Default)"="REG_SZ", "CrossriderApp0063163 Type Library"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644314463}\1.0\0\win32]       "(Default)"="REG_SZ", "C:\Program Files\CinemaBig-1.1\CinemaBig-1.1-bho.dll"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644314463}\1.0\FLAGS]       "(Default)"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644314463}\1.0\HELPDIR]       "(Default)"="REG_SZ", "C:\Program Files\CinemaBig-1.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\27058]       "63163"="REG_SZ", "CinemaBig-1.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\27058\Status]       "Installed"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611311163}]       "(Default)"="REG_SZ", "CrossriderApp0063163"       "NoExplorer"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]       "{11111111-1111-1111-1111-110611311163}"="REG_SZ", "1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinemaBig-1.1]       "CrAppId"="REG_SZ", "63163"       "CrPublisherId"="REG_SZ", "27058"       "DisplayIcon"="REG_SZ", "C:\Program Files\CinemaBig-1.1\utils.exe"       "DisplayName"="REG_SZ", "CinemaBig-1.1"       "DisplayVersion"="REG_SZ", "1.34.8.12"       "Publisher"="REG_SZ", "CinemaBig"       "UninstallString"="REG_SZ", "C:\Program Files\CinemaBig-1.1\Uninstall.exe /fcp=1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]       "3b5cc336-fd0a-4e26-afed-d51347c50e16-1.job"="REG_BINARY, ................................       "3b5cc336-fd0a-4e26-afed-d51347c50e16-1.job.fp"="REG_DWORD", 2049440563       "3b5cc336-fd0a-4e26-afed-d51347c50e16-11.job"="REG_BINARY, ................................       "3b5cc336-fd0a-4e26-afed-d51347c50e16-11.job.fp"="REG_DWORD", -2123039215       "3b5cc336-fd0a-4e26-afed-d51347c50e16-2.job"="REG_BINARY, ................................       "3b5cc336-fd0a-4e26-afed-d51347c50e16-2.job.fp"="REG_DWORD", -433444608       "3b5cc336-fd0a-4e26-afed-d51347c50e16-5.job"="REG_BINARY, ................................       "3b5cc336-fd0a-4e26-afed-d51347c50e16-5.job.fp"="REG_DWORD", 2004434745       "3b5cc336-fd0a-4e26-afed-d51347c50e16-5_user.job"="REG_BINARY, ................................       "3b5cc336-fd0a-4e26-afed-d51347c50e16-5_user.job.fp"="REG_DWORD", 821064251       "a26c1c29-694d-4266-9fd2-39ee0f36ae5e.job"="REG_BINARY, ................................       "a26c1c29-694d-4266-9fd2-39ee0f36ae5e.job.fp"="REG_DWORD", -117493440       "f561d32c-f1d4-45a7-ae83-0a23da28781e.job"="REG_BINARY, ................................       "f561d32c-f1d4-45a7-ae83-0a23da28781e.job.fp"="REG_DWORD", -402344228    [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaBig-1.1]       "ActiveAppId"="REG_SZ", "63163"       "BhoRunningVersion"="REG_SZ", "153"       "IsBhoEnabled"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaBig-1.1\Background]       " { javascript removed, full log available on request } "    [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaBig-1.1\Debug]       "DebuggedAppUrl"="REG_SZ", "file://C:\Users\{username}\Documents\debug.js"       "DebuggedBgUrl"="REG_SZ", "file://C:\Users\{username}\Documents\bg_debug.js"       "DebuggedNewTabUrl"="REG_SZ", "file://C:\Users\{username}\Documents\new_debug.js"       "IsDebuggingPlugins"="REG_DWORD", 0       "IsDebugMode"="REG_DWORD", 0    [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaBig-1.1\Installer]       "AdditionalInfo"="REG_SZ", "{"asw":[67108864, -1073733627, 0],"browser_name":"ie"}"       "CodeDownloadDomain"="REG_SZ", "http://js.inputdatacloud.com"       "CodeDownloadFbDomain"="REG_SZ", "http://js.clientdemocloud.com"       "DefaultBrowser"="REG_SZ", "ie"       "ErrorsDomain"="REG_SZ", "http://errors.inputdatacloud.com"       "FullVersion"="REG_SZ", "1.34.8.12"       "FullVersionForUrl"="REG_SZ", "1_34_08_12"       "OsName"="REG_SZ", "7"       "Params"="REG_SZ", "{   "source_id" : "001712",   "sub_id" : "0",   "uzid" : "0"}"       "SrcId"="REG_SZ", "001712"       "StatsDomain"="REG_SZ", "http://stats.inputdatacloud.com"       "SubId"="REG_SZ", "0"       "Time"="REG_SZ", "1409141077"       "ZData"="REG_SZ", "0"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaBig-1.1\Manifest]       "AddressbarURL"="REG_SZ", "NA"       "BgVersion"="REG_SZ", "1"       "ChangePrevious"="REG_SZ", "false"       "Description"="REG_SZ", "HQ Videos is an add-on for your Internet browser that enhances your online experience by displaying online videos in their highest quality format available."       "DisableIe"="REG_SZ", "true"       "EnableSearchIE"="REG_SZ", "false"       "HomePageUrl"="REG_SZ", "NA"       "IsButtonEnabled"="REG_SZ", "false"       "Manifest"="REG_SZ", "NA"       "ModeType"="REG_SZ", "production"       "Name"="REG_SZ", "HQ-Video-Pro-2.1c"       "PluginsManifestVersion"="REG_SZ", "12"       "PublisherId"="REG_SZ", "27058"       "PublisherName"="REG_SZ", "HQ-Video"       "RunInFrame"="REG_SZ", "false"       "SetNewTab"="REG_SZ", "false"       "ThanksUrl"="REG_SZ", "NA"       "UninstallerOfferAction"="REG_SZ", "NA"       "UninstallerOfferUrl"="REG_SZ", "NA"       "UpdateInterval"="REG_DWORD", 360       "Version"="REG_SZ", "17"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaBig-1.1\Update]       "LastCheck"="REG_DWORD", 1409141097    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]       "Bic"="REG_SZ", "A7C38773F36543FBAA3764D4E68B5765IE"       "Verifier"="REG_SZ", "bf52b45d00e1643a415f6ec060c828e3"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onBeforeNavigate]       "63163"="REG_SZ", ""    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onRequest]       "63163"="REG_SZ", ""    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\27058]       "63163"="REG_SZ", "CinemaBig-1.1"    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\27058\Status]       "Installed"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\CinemaBig]       "63163"="REG_SZ", "CinemaBig-1.1"    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611311163}]       "Flags"="REG_DWORD", 1024       "VerCache"="REG_BINARY, ......................
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 8/27/2014Scan Time: 2:10:10 PMLogfile: mbamCinemaBig.txtAdministrator: YesVersion: 2.00.2.1012Malware Database: v2014.08.27.02Rootkit Database: v2014.08.21.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 258838Time Elapsed: 3 min, 34 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 1PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\a26c1c29-694d-4266-9fd2-39ee0f36ae5e.exe, 2192, Delete-on-Reboot, [aae4309b98e3f73fbcc14c635ea3fc04]Modules: 0(No malicious items detected)Registry Keys: 36PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611311163}, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644314463}, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655315563}, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666316663}, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0063163.BHO.1, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611311163}, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0063163.BHO, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], PUP.Optional.CinemaBig.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110611311163}, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], PUP.Optional.CinemaBig.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110611311163}, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622312263}, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0063163.Sandbox.1, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0063163.Sandbox, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611311163}\INPROCSERVER32, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\CinemaBig-1.1, Quarantined, [1f6f24a77ffcb383d5c5767234ce44bc], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE, Quarantined, [4e404c7f6615f442434c28c9798934cc], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\27058, Quarantined, [731b9d2e1e5da492bb007f8dfc07827e], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [008eedde6a113105228f7bd7fb09ec14], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [a6e8f1da2b50a98d446e50027292d828], PUP.Optional.CinemaBig.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CinemaBig-1.1, Quarantined, [dfafa328c0bb72c43567c523fd05eb15], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [d5b932998dee81b5d3e42a198f75f30d], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\27058, Quarantined, [0c82e4e75229ec4addd74aa157ab07f9], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\CinemaBig, Quarantined, [dcb2dbf01c5fa195a0fbf9f0bf4304fc], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.CinemaBig.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CinemaBig-1.1, Quarantined, [28667f4cea910f2792cf5096af5347b9], Registry Values: 1PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE|path, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [4e404c7f6615f442434c28c9798934cc]Registry Data: 0(No malicious items detected)Folders: 21PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Download, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Install, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline\{C49E296B-2198-454B-9EB5-90C1DD9650FB}, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.163672, Quarantined, [3658b417b8c388ae523beaf0cb37a15f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\defaults, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\defaults\preferences, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\userCode, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\locale, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\locale\en-US, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1, Delete-on-Reboot, [28667f4cea910f2792cf5096af5347b9], Files: 171PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\a26c1c29-694d-4266-9fd2-39ee0f36ae5e.exe, Delete-on-Reboot, [aae4309b98e3f73fbcc14c635ea3fc04], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\CinemaBig-1.1-bho.dll, Quarantined, [f39b0dbed5a6ea4c0a734d621ee34cb4], PUP.Optional.CrossRider.A, C:\Users\{username}\Desktop\CinemaBig-1.1.exe, Quarantined, [a2ec8f3c750677bf53eff54b25dbea16], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\3b5cc336-fd0a-4e26-afed-d51347c50e16-1, Quarantined, [fe907d4eeb9060d6a6e4a34e5ba73cc4], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\3b5cc336-fd0a-4e26-afed-d51347c50e16-11, Quarantined, [97f7517a92e90a2c34565899ac5639c7], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\3b5cc336-fd0a-4e26-afed-d51347c50e16-2, Quarantined, [632b646763186acc33575b96a65c5fa1], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\3b5cc336-fd0a-4e26-afed-d51347c50e16-5, Quarantined, [ace20cbfe3988bab1b6f37ba6f937d83], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\3b5cc336-fd0a-4e26-afed-d51347c50e16-5_user, Quarantined, [177728a3bbc016206d1d4ea3788a42be], PUP.Optional.CrossRider.T, C:\Windows\Tasks\3b5cc336-fd0a-4e26-afed-d51347c50e16-1.job, Quarantined, [c3cb44877704f14537eff65a1be9c13f], PUP.Optional.CrossRider.T, C:\Windows\Tasks\3b5cc336-fd0a-4e26-afed-d51347c50e16-11.job, Quarantined, [0985ae1d691273c3da4c0b450cf85ca4], PUP.Optional.CrossRider.T, C:\Windows\Tasks\3b5cc336-fd0a-4e26-afed-d51347c50e16-2.job, Quarantined, [1d71e0eba0db56e0190de9678e764ab6], PUP.Optional.CrossRider.T, C:\Windows\Tasks\3b5cc336-fd0a-4e26-afed-d51347c50e16-5.job, Quarantined, [038bcdfe81fa6ec82ff7c789a55ffc04], PUP.Optional.CrossRider.T, C:\Windows\Tasks\3b5cc336-fd0a-4e26-afed-d51347c50e16-5_user.job, Quarantined, [4846ebe0daa15ed81a0cb69a887cd22e], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Quarantined, [87073e8d9ae1eb4be35964ec42c29c64], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, Quarantined, [345a8f3cdf9c5bdb0c312d23a95bd32d], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Quarantined, [a8e65b7038435cda5be3aea28e769f61], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, Quarantined, [fc923299e49755e1b28dcb856a9ac937], PUP.Optional.CrossRider.A, C:\Windows\Tasks\a26c1c29-694d-4266-9fd2-39ee0f36ae5e.job, Quarantined, [95f917b4512a96a0406f6de526dee719], PUP.Optional.CrossRider.A, C:\Windows\Tasks\f561d32c-f1d4-45a7-ae83-0a23da28781e.job, Quarantined, [028c7358a4d75adc812eb99921e3817f], PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\a26c1c29-694d-4266-9fd2-39ee0f36ae5e, Quarantined, [b9d509c27ffc2a0cefc1a1b131d3827e], PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\f561d32c-f1d4-45a7-ae83-0a23da28781e, Quarantined, [d0be2c9f0f6cf83e238d63efd92b19e7], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psuser.dll, Quarantined, [0589408bb7c49a9c531e1ebcca38a65a], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.163672\GoogleCrashHandler.exe, Quarantined, [3658b417b8c388ae523beaf0cb37a15f], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.163672\GoogleUpdate.exe, Quarantined, [3658b417b8c388ae523beaf0cb37a15f], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.163672\GoogleUpdateBroker.exe, Quarantined, [3658b417b8c388ae523beaf0cb37a15f], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.163672\GoogleUpdateHelper.msi, Quarantined, [3658b417b8c388ae523beaf0cb37a15f], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.163672\GoogleUpdateOnDemand.exe, Quarantined, [3658b417b8c388ae523beaf0cb37a15f], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.163672\goopdate.dll, Quarantined, [3658b417b8c388ae523beaf0cb37a15f], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.163672\goopdateres_en.dll, Quarantined, [3658b417b8c388ae523beaf0cb37a15f], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.163672\npGoogleUpdate4.dll, Quarantined, [3658b417b8c388ae523beaf0cb37a15f], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.163672\psmachine.dll, Quarantined, [3658b417b8c388ae523beaf0cb37a15f], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.163672\psuser.dll, Quarantined, [3658b417b8c388ae523beaf0cb37a15f], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome.manifest, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\install.rdf, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\1ca4d9207e8a6f408128d2adebfc5521.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\6a23bd1e4e3f3b9d1fb36b8c69e1da25.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\ab0c94ac118c2dec9422425e59d845e0.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\b947799cd8a7e9788861c767ae777b51.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\background.html, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\browser.xul, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\dialog.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\efdd1e30f939e1c33e55429f116f7ba6.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\f753a13d697c3658c84e5574a2478a0b.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\options.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\options.xul, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\search_dialog.xul, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\b809e541499ca9e64d9839dc13f782c2.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\046e62795c3515839f8699f6ff52d5b8.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\2906ff80696f49450c8e262a6701caec.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\2b95bfe4887a23343c183fb85373c056.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\2ef98c78775ed76c611f8198d55a2ea7.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\4c45959f241f42c52adcbadd481647c1.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\7805ecabc310cc38a76e37a254bfbaa5.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\8dfbc48b1fd4216abd00e4f85dc775d2.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\9279c4f7a83990b1c0744c0482e3a912.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\c183f45dfd80f57dcef77df331a03161.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\c40d3df98d6d8a6c57ac728cced87ce6.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\dc65a95d74e48465da7b7ee818d99027.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\dca9b0fe3d8e01750007c78d05a2eb31.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\de7594ffb00d9eff78e6dab735947f64.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\f9782644dbfb4800dd63edeaa752ba2a.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\api\fd9c07f1a2026e59812999b402f95440.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\0a1f1d0fdab575b7563788e19e345a5a.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\0af1927f2eab6e9cbcdcfb13c9d88491.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\1122bd6810c5b24a56c479846d81b9c2.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\16cb99506b332cec9ac0dc2128e2087a.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\33be56f161da53d129174be854416c53.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\3b20eb3e6cb7bfb8d3e09cdf4365036c.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\478470a60fd4b44269429089c868037a.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\4f5bd79037611017617c64db7780c0c5.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\6d775de78ea2b1e5f737be39122197c3.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\71373d05771f46e5eb70680fa4f2e6bd.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\808181d28e03d3575488b69fe7666e83.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\829b6c80a90f6ae98045609c9290722a.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\920d8e7a3d6c8786e5cc769193d8ae9f.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\930c5d0941fecd0e10a9d0a195bc5585.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\954d8cbe400a797958eab63fe5de9c7b.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\97c88b785fb38c1fe5f93209f721f8e9.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\9cb13d184195a2de4ef17a68ed67cd8e.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\c00cd4d25b0acbd223b3156ac455992f.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\c1214ab7f31854496d96e863dc134783.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\ebf77f6211c6d8a1f3958ad5c06db61a.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\chrome\content\core\installer.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\defaults\preferences\prefs.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\manifest.xml, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins.json, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\102.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\104.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\119.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\13.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\14.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\16.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\17.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\178.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\179.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\180.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\184.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\191.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\195.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\220.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\223.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\232.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\242.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\244.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\246.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\262.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\263.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\268.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\273.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\275.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\286.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\288.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\289.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\300.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\4.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\47.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\64.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\7.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\78.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\9.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\91.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins\93.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\userCode\background.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\userCode\extension.js, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\locale\en-US\translations.dtd, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\button1.png, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\button2.png, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\button3.png, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\button4.png, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\button5.png, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\crossrider_statusbar.png, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\icon128.png, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\icon16.png, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\icon24.png, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\icon48.png, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\panelarrow-up.png, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\popup.html, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\skin.css, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EKJVVD29402736@EUOWKG84927606.com\skin\update.css, Quarantined, [3856e1ea601b52e4a2a7559113efa55b], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\f561d32c-f1d4-45a7-ae83-0a23da28781e.exe, Quarantined, [28667f4cea910f2792cf5096af5347b9], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\1293297481.mxaddon, Quarantined, [28667f4cea910f2792cf5096af5347b9], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\3b5cc336-fd0a-4e26-afed-d51347c50e16-11.exe, Quarantined, [28667f4cea910f2792cf5096af5347b9], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\3b5cc336-fd0a-4e26-afed-d51347c50e16-2.exe, Quarantined, [28667f4cea910f2792cf5096af5347b9], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\3b5cc336-fd0a-4e26-afed-d51347c50e16-4.exe, Quarantined, [28667f4cea910f2792cf5096af5347b9], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\3b5cc336-fd0a-4e26-afed-d51347c50e16-5.exe, Quarantined, [28667f4cea910f2792cf5096af5347b9], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\3b5cc336-fd0a-4e26-afed-d51347c50e16.crx, Quarantined, [28667f4cea910f2792cf5096af5347b9], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\3b5cc336-fd0a-4e26-afed-d51347c50e16.xpi, Quarantined, [28667f4cea910f2792cf5096af5347b9], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\7628f0b7-9e97-42e2-913b-66501eb137f2.crx, Quarantined, [28667f4cea910f2792cf5096af5347b9], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\background.html, Quarantined, [28667f4cea910f2792cf5096af5347b9], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\CinemaBig-1.1-bg.exe, Quarantined, [28667f4cea910f2792cf5096af5347b9], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\CinemaBig-1.1-codedownloader.exe, Quarantined, [28667f4cea910f2792cf5096af5347b9], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\CinemaBig-1.1.ico, Quarantined, [28667f4cea910f2792cf5096af5347b9], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\Interop.IWshRuntimeLibrary.dll, Quarantined, [28667f4cea910f2792cf5096af5347b9], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\Newtonsoft.Json.dll, Quarantined, [28667f4cea910f2792cf5096af5347b9], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\SuperSocket.ClientEngine.Common.dll, Quarantined, [28667f4cea910f2792cf5096af5347b9], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\SuperSocket.ClientEngine.Core.dll, Quarantined, [28667f4cea910f2792cf5096af5347b9], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\SuperSocket.ClientEngine.Protocol.dll, Quarantined, [28667f4cea910f2792cf5096af5347b9], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\Uninstall.exe, Quarantined, [28667f4cea910f2792cf5096af5347b9], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\utils.exe, Quarantined, [28667f4cea910f2792cf5096af5347b9], PUP.Optional.CinemaBig.A, C:\Program Files\CinemaBig-1.1\WebSocket4Net.dll, Quarantined, [28667f4cea910f2792cf5096af5347b9], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.