Jump to content

Recommended Posts

  • Staff

What is winservice86?

 

The Malwarebytes research team has determined that winservice86 is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

 

How do I know if my computer is affected by winservice86?

 

You may see these browser extensions/add-ons:

 

warning1.png

 

warning2.png

 

warning3.png

 

and this entry in your list of installed programs:

 

warning4.png

 

 

How did winservice86 get on my computer?

 

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

 

How do I remove winservice86?

 

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of winservice86?
  • If you are using Opera, you may have to remove the Extension manually under Opera > Extensions click the x behind winservice86 and click OK in the prompt to confirm.
How would the full version of Malwarebytes Anti-Malware help protect me?

 

We hope our application and this guide have helped you eradicate this hijacker.  

 

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the winservice86 hijacker.  It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

 

 

protection1.png

 

 

Technical details for experts

 

Signs in a HijackThis log:

  

 

O2 - BHO: 583e31c01eeb0132f0d1712b8d7ccf2e0064755 - {11111111-1111-1111-1111-110611471155} - C:\Program Files\winservice86\winservice86-bho.dll
 

Alterations made by the installer:

 

 

 File system details  ---------------------------------------------    Adds the folder C:\Program Files\winservice86       Adds the file 0f749bdb-d567-4e5e-8811-f6798588db1f.crx"="10/2/2014 8:59 AM, 261914 bytes, A       Adds the file 0f749bdb-d567-4e5e-8811-f6798588db1f.xpi"="10/2/2014 8:59 AM, 302276 bytes, A       Adds the file 0f749bdb-d567-4e5e-8811-f6798588db1f-11.exe"="10/2/2014 8:59 AM, 1929072 bytes, A       Adds the file 0f749bdb-d567-4e5e-8811-f6798588db1f-2.exe"="10/2/2014 8:59 AM, 908656 bytes, A       Adds the file 0f749bdb-d567-4e5e-8811-f6798588db1f-4.exe"="10/2/2014 8:59 AM, 1484656 bytes, A       Adds the file 0f749bdb-d567-4e5e-8811-f6798588db1f-5.exe"="10/2/2014 8:59 AM, 986992 bytes, A       Adds the file 1293297481.mxaddon"="8/14/2014 6:46 PM, 44330 bytes, A       Adds the file background.html"="9/15/2014 6:55 PM, 729 bytes, A       Adds the file dfd60c7a-d5ea-4dca-aaa6-c7bad690028b.crx"="10/2/2014 8:59 AM, 263107 bytes, A       Adds the file f128bd8c-0dda-4837-b253-79cc07064ec4.exe"="10/2/2014 8:59 AM, 32112 bytes, A       Adds the file fe5d212a-95c3-47b7-bbaf-c65759503c8f.exe"="10/2/2014 8:59 AM, 346480 bytes, A       Adds the file Interop.IWshRuntimeLibrary.dll"="10/2/2014 8:59 AM, 53616 bytes, A       Adds the file Newtonsoft.Json.dll"="10/2/2014 8:59 AM, 495472 bytes, A       Adds the file SuperSocket.ClientEngine.Common.dll"="10/2/2014 8:59 AM, 23408 bytes, A       Adds the file SuperSocket.ClientEngine.Core.dll"="10/2/2014 8:59 AM, 26480 bytes, A       Adds the file SuperSocket.ClientEngine.Protocol.dll"="10/2/2014 8:59 AM, 19824 bytes, A       Adds the file Uninstall.exe"="10/2/2014 8:59 AM, 102768 bytes, A       Adds the file utils.exe"="10/2/2014 8:59 AM, 2538720 bytes, A       Adds the file WebSocket4Net.dll"="10/2/2014 8:59 AM, 64368 bytes, A       Adds the file winservice86.ico"="9/15/2014 6:55 PM, 9662 bytes, A       Adds the file winservice86-bg.exe"="10/2/2014 8:59 AM, 575344 bytes, A       Adds the file winservice86-bho.dll"="10/2/2014 8:59 AM, 556912 bytes, A       Adds the file winservice86-codedownloader.exe"="10/2/2014 8:59 AM, 1080688 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\defaults\preferences       Adds the file prefs.js"="10/2/2014 8:59 AM, 2550 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\locale\en-US       Adds the file translations.dtd"="10/2/2014 8:59 AM, 425 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\skin    Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\onhcengeacabehdkdhbdcigfolmmakof\1.26.39_0       Adds the file background.html"="10/2/2014 8:59 AM, 2183 bytes, A       Adds the file chromeCoreFilesIndex.txt"="10/2/2014 8:59 AM, 812 bytes, A       Adds the file manifest.json"="10/2/2014 8:59 AM, 1265 bytes, A       Adds the file popup.html"="10/2/2014 8:59 AM, 139 bytes, A       Adds the file Settings.json"="10/2/2014 8:59 AM, 599 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\onhcengeacabehdkdhbdcigfolmmakof\1.26.39_0\extensionData    Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\onhcengeacabehdkdhbdcigfolmmakof\1.26.39_0\icons    Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\onhcengeacabehdkdhbdcigfolmmakof\1.26.39_0\js    In the existing folder C:\Windows\System32\Tasks       Adds the file 0f749bdb-d567-4e5e-8811-f6798588db1f-1"="10/2/2014 8:59 AM, 5782 bytes, A       Adds the file 0f749bdb-d567-4e5e-8811-f6798588db1f-11"="10/2/2014 8:59 AM, 7510 bytes, A       Adds the file 0f749bdb-d567-4e5e-8811-f6798588db1f-2"="10/2/2014 8:59 AM, 5124 bytes, A       Adds the file 0f749bdb-d567-4e5e-8811-f6798588db1f-5"="10/2/2014 8:59 AM, 5460 bytes, A       Adds the file 0f749bdb-d567-4e5e-8811-f6798588db1f-5_user"="10/2/2014 8:59 AM, 5466 bytes, A       Adds the file f128bd8c-0dda-4837-b253-79cc07064ec4"="10/2/2014 8:59 AM, 3650 bytes, A       Adds the file fe5d212a-95c3-47b7-bbaf-c65759503c8f"="10/2/2014 8:59 AM, 4478 bytes, A    In the existing folder C:\Windows\Tasks       Adds the file 0f749bdb-d567-4e5e-8811-f6798588db1f-1.job"="10/2/2014 8:59 AM, 2752 bytes, A       Adds the file 0f749bdb-d567-4e5e-8811-f6798588db1f-11.job"="10/2/2014 8:59 AM, 4480 bytes, A       Adds the file 0f749bdb-d567-4e5e-8811-f6798588db1f-2.job"="10/2/2014 8:59 AM, 2094 bytes, A       Adds the file 0f749bdb-d567-4e5e-8811-f6798588db1f-5.job"="10/2/2014 8:59 AM, 2430 bytes, A       Adds the file 0f749bdb-d567-4e5e-8811-f6798588db1f-5_user.job"="10/2/2014 8:59 AM, 2430 bytes, A       Adds the file f128bd8c-0dda-4837-b253-79cc07064ec4.job"="10/2/2014 8:59 AM, 614 bytes, A       Adds the file fe5d212a-95c3-47b7-bbaf-c65759503c8f.job"="10/2/2014 8:59 AM, 1448 bytes, A Registry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\583e31c01eeb0132f0d1712b8d7ccf2e0064755.BHO]       "(Default)"="REG_SZ", "583e31c01eeb0132f0d1712b8d7ccf2e0064755"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\583e31c01eeb0132f0d1712b8d7ccf2e0064755.BHO\CLSID]       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611471155}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\583e31c01eeb0132f0d1712b8d7ccf2e0064755.BHO\CurVer]       "(Default)"="REG_SZ", "583e31c01eeb0132f0d1712b8d7ccf2e0064755"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\583e31c01eeb0132f0d1712b8d7ccf2e0064755.BHO.1]       "(Default)"="REG_SZ", "583e31c01eeb0132f0d1712b8d7ccf2e0064755"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\583e31c01eeb0132f0d1712b8d7ccf2e0064755.BHO.1\CLSID]       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611471155}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\583e31c01eeb0132f0d1712b8d7ccf2e0064755.Sandbox]       "(Default)"="REG_SZ", "583e31c01eeb0132f0d1712b8d7ccf2e0064755.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\583e31c01eeb0132f0d1712b8d7ccf2e0064755.Sandbox\CLSID]       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622472255}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\583e31c01eeb0132f0d1712b8d7ccf2e0064755.Sandbox\CurVer]       "(Default)"="REG_SZ", "583e31c01eeb0132f0d1712b8d7ccf2e0064755.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\583e31c01eeb0132f0d1712b8d7ccf2e0064755.Sandbox.1]       "(Default)"="REG_SZ", "583e31c01eeb0132f0d1712b8d7ccf2e0064755.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\583e31c01eeb0132f0d1712b8d7ccf2e0064755.Sandbox.1\CLSID]       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622472255}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611471155}]       "(Default)"="REG_SZ", "winservice86"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611471155}\Implemented Categories]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611471155}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611471155}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\winservice86\winservice86-bho.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611471155}\ProgID]       "(Default)"="REG_SZ", "583e31c01eeb0132f0d1712b8d7ccf2e0064755.BHO.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611471155}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611471155}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644474455}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611471155}\VersionIndependentProgID]       "(Default)"="REG_SZ", "583e31c01eeb0132f0d1712b8d7ccf2e0064755"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622472255}]       "(Default)"="REG_SZ", "583e31c01eeb0132f0d1712b8d7ccf2e0064755.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622472255}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\winservice86\winservice86-bho.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622472255}\ProgID]       "(Default)"="REG_SZ", "583e31c01eeb0132f0d1712b8d7ccf2e0064755.Sandbox.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622472255}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622472255}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644474455}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622472255}\VersionIndependentProgID]       "(Default)"="REG_SZ", "583e31c01eeb0132f0d1712b8d7ccf2e0064755.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655475555}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655475555}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655475555}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644474455}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666476655}]       "(Default)"="REG_SZ", "ISandBox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666476655}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666476655}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666476655}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644474455}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644474455}\1.0]       "(Default)"="REG_SZ", "583e31c01eeb0132f0d1712b8d7ccf2e0064755 Type Library"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644474455}\1.0\0\win32]       "(Default)"="REG_SZ", "C:\Program Files\winservice86\winservice86-bho.dll"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644474455}\1.0\FLAGS]       "(Default)"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644474455}\1.0\HELPDIR]       "(Default)"="REG_SZ", "C:\Program Files\winservice86"    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\17638]       "64755"="REG_SZ", "winservice86"    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\17638\Status]       "Installed"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION]       "winservice86-bg.exe"="REG_DWORD", 8000    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611471155}]       "(Default)"="REG_SZ", "583e31c01eeb0132f0d1712b8d7ccf2e0064755"       "NoExplorer"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]       "{11111111-1111-1111-1111-110611471155}"="REG_SZ", "1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winservice86]       "CrAppId"="REG_SZ", "64755"       "CrPublisherId"="REG_SZ", "17638"       "DisplayIcon"="REG_SZ", "C:\Program Files\winservice86\utils.exe"       "DisplayName"="REG_SZ", "winservice86"       "DisplayVersion"="REG_SZ", "1.35.3.9"       "Publisher"="REG_SZ", "Corporate Inc"       "UninstallString"="REG_SZ", "C:\Program Files\winservice86\Uninstall.exe /fcp=1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]       "0f749bdb-d567-4e5e-8811-f6798588db1f-1.job"="REG_BINARY, ................................       "0f749bdb-d567-4e5e-8811-f6798588db1f-1.job.fp"="REG_DWORD", -456260097       "0f749bdb-d567-4e5e-8811-f6798588db1f-11.job"="REG_BINARY, ................................       "0f749bdb-d567-4e5e-8811-f6798588db1f-11.job.fp"="REG_DWORD", 280790756       "0f749bdb-d567-4e5e-8811-f6798588db1f-2.job"="REG_BINARY, ................................       "0f749bdb-d567-4e5e-8811-f6798588db1f-2.job.fp"="REG_DWORD", 1977921597       "0f749bdb-d567-4e5e-8811-f6798588db1f-5.job"="REG_BINARY, ................................       "0f749bdb-d567-4e5e-8811-f6798588db1f-5.job.fp"="REG_DWORD", -678709332       "0f749bdb-d567-4e5e-8811-f6798588db1f-5_user.job"="REG_BINARY, ................................       "0f749bdb-d567-4e5e-8811-f6798588db1f-5_user.job.fp"="REG_DWORD", 2146785570       "f128bd8c-0dda-4837-b253-79cc07064ec4.job"="REG_BINARY, ................................       "f128bd8c-0dda-4837-b253-79cc07064ec4.job.fp"="REG_DWORD", 1760040752       "fe5d212a-95c3-47b7-bbaf-c65759503c8f.job"="REG_BINARY, ......L.........................       "fe5d212a-95c3-47b7-bbaf-c65759503c8f.job.fp"="REG_DWORD", 361974167    [HKEY_LOCAL_MACHINE\SOFTWARE\winservice86\Firefox]       "TotalProfiles"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\winservice86\Firefox\Profiles]       "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\winservice86\IE]       "TotalProfiles"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\winservice86\IE\Profiles]       "S-1-5-21-4016700205-1717049133-1125222536-1001"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\winservice86\Installer]       "BundledAddCh"="REG_DWORD", 1       "BundledFirefox"="REG_DWORD", 1       "BundledIe"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\winservice86\IZsbRSw2hNBDv+cAjO9ZNgwF3pFfMMCWXpraIViV8+VNyG1OWx5tJ8VPZg2kxJbHqE/lp7D0UdYsV392FDK8J4j8R0IjjTFv1PZvpFXUgCi3buAL3XMsGjkRWYJAc+v9hvXRABc1VMU6K6yOcnb/EoCvgx+HF35mkr97+mB4qQQ=]       "olebfz87cVnUoytorvFHQeAHY3CTWvx97kaL+ezgBiwGxcnRg86QoforOXERYBbPk+Tr9+DgTdT3CFxpVxMuLyr+sudCdleQO83GozAfQ0kzdISWwiyLYEMGk9p8YL2tTc77pwVp0vvP58R1k8efUebtSLj8NfOuKGKqHWnDY5I="="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\winservice86\rZFxR/eVXqoprBhC66VYizsHYazRoYIUVedExAd9Q6vFEA2v5F52zmk7N3qalWewkl4+/wP23OadjEkA/lMUyzJKZtei2Wl0zjjMogBYCaX+ADXeNjL+dzKeqNBzJcAnwlZ5PTUMy8KpasfzicGlG689JYo+a5Lq0BJUNOcWtQI=]       "j90Wzu7ePJGXXlu6BXq9j+Rd1aMsi1D+xqAXzUMNpyfOQy1UuqE1ILtw1DbU7fpbnDG7wF4xbsvrARsBgPPX43rrzcAiMXL9SfgtShSemSVhAVZPGD3A0+zcn7ZorLu8h+O2Y1Kz7suRWOwNuojNVXHPRcoSpbsyzrP7TLdJEXg="="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]       "Bic"="REG_SZ", "98CEE06CAD2C44AF950FA1186781EB7BIE"       "Verifier"="REG_SZ", "9a3433283799ffd8e9f3d2096308d8c9"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onBeforeNavigate]       "64755"="REG_SZ", ""    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onRequest]       "64755"="REG_SZ", ""    [HKEY_CURRENT_USER\Software\AppDataLow\Software\winservice86       "ActiveAppId"="REG_SZ", "64755"       "BhoRunningVersion"="REG_SZ", "154"]       "IsBhoEnabled"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\AppDataLow\Software\winservice86\Background]       " {javascript removed, full log available on request } "    [HKEY_CURRENT_USER\Software\AppDataLow\Software\winservice86\Debug]       "DebuggedAppUrl"="REG_SZ", "file://C:\Users\{username}\Documents\debug.js"       "DebuggedBgUrl"="REG_SZ", "file://C:\Users\{username}\Documents\bg_debug.js"       "DebuggedNewTabUrl"="REG_SZ", "file://C:\Users\{username}\Documents\new_debug.js"       "IsDebuggingPlugins"="REG_DWORD", 0       "IsDebugMode"="REG_DWORD", 0    [HKEY_CURRENT_USER\Software\AppDataLow\Software\winservice86\Installer]       "AdditionalInfo"="REG_SZ", "{"asw":[67108864, -1073733563, 0],"browser_name":"ie"}"       "CodeDownloadDomain"="REG_SZ", "http://js.newclientonlinestorage.com"       "CodeDownloadFbDomain"="REG_SZ", "http://js.clientdemocloud.com"       "DefaultBrowser"="REG_SZ", "opera"       "ErrorsDomain"="REG_SZ", "http://errors.newclientonlinestorage.com"       "FullVersion"="REG_SZ", "1.35.3.9"       "FullVersionForUrl"="REG_SZ", "1_35_09_03"       "OsName"="REG_SZ", "7"       "Params"="REG_SZ", "{   "source_id" : "002201",   "sub_id" : "0",   "uzid" : "0"}"       "SrcId"="REG_SZ", "002201"       "StatsDomain"="REG_SZ", "http://stats.newclientonlinestorage.com"       "SubId"="REG_SZ", "0"       "Time"="REG_SZ", "1412233163"       "ZData"="REG_SZ", "0"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\winservice86\Manifest]       "AddressbarURL"="REG_SZ", "NA"       "BgVersion"="REG_SZ", "1"       "ChangePrevious"="REG_SZ", "false"       "Description"="REG_SZ", "winservice"       "DisableIe"="REG_SZ", "true"       "EnableSearchIE"="REG_SZ", "false"       "HomePageUrl"="REG_SZ", "NA"       "IsButtonEnabled"="REG_SZ", "false"       "Manifest"="REG_SZ", "NA"       "ModeType"="REG_SZ", "production"       "Name"="REG_SZ", "winservice86"       "PluginsManifestVersion"="REG_SZ", "37"       "PublisherId"="REG_SZ", "17638"       "PublisherName"="REG_SZ", "Corporate Inc"       "RunInFrame"="REG_SZ", "false"       "SetNewTab"="REG_SZ", "false"       "ThanksUrl"="REG_SZ", "NA"       "UninstallerOfferAction"="REG_SZ", "NA"       "UninstallerOfferUrl"="REG_SZ", "NA"       "UpdateInterval"="REG_DWORD", 360       "Version"="REG_SZ", "43"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\winservice86\Update]       "LastCheck"="REG_DWORD", 1412233187    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\17638]       "64755"="REG_SZ", "winservice86"    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\17638\Status]       "Installed"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\Corporate Inc]       "64755"="REG_SZ", "winservice86"    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611471155}]       "Flags"="REG_DWORD", 1024
 

Malwarebytes Anti-Malware log:

 

 

Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 10/2/2014Scan Time: 9:05:22 AMLogfile: mbamWinservice86.txtAdministrator: Yes Version: 2.00.3.1024Malware Database: v2014.10.02.02Rootkit Database: v2014.09.19.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: Malwarebytes Scan Type: Threat ScanResult: CompletedObjects Scanned: 266845Time Elapsed: 3 min, 11 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 2PUP.Optional.WinService.A, C:\Program Files\winservice86\fe5d212a-95c3-47b7-bbaf-c65759503c8f.exe, 5656, Delete-on-Reboot, [7d6d9877007c06308f055c66bf420ef2]PUP.Optional.WinService86.A, C:\Program Files\winservice86\f128bd8c-0dda-4837-b253-79cc07064ec4.exe, 4884, Delete-on-Reboot, [97536aa58eeec37362c5c0482ed5eb15] Modules: 3PUP.Optional.WinService86.A, C:\Program Files\winservice86\Interop.IWshRuntimeLibrary.dll, Delete-on-Reboot, [97536aa58eeec37362c5c0482ed5eb15], PUP.Optional.WinService86.A, C:\Program Files\winservice86\Newtonsoft.Json.dll, Delete-on-Reboot, [97536aa58eeec37362c5c0482ed5eb15], PUP.Optional.WinService86.A, C:\Program Files\winservice86\WebSocket4Net.dll, Delete-on-Reboot, [97536aa58eeec37362c5c0482ed5eb15],  Registry Keys: 37PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611471155}, Quarantined, [be2c29e63547af87d4c08e3406fbce32], PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644474455}, Quarantined, [be2c29e63547af87d4c08e3406fbce32], PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655475555}, Quarantined, [be2c29e63547af87d4c08e3406fbce32], PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666476655}, Quarantined, [be2c29e63547af87d4c08e3406fbce32], PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\583e31c01eeb0132f0d1712b8d7ccf2e0064755.BHO.1, Quarantined, [be2c29e63547af87d4c08e3406fbce32], PUP.Optional.WinService.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611471155}, Quarantined, [be2c29e63547af87d4c08e3406fbce32], PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\583e31c01eeb0132f0d1712b8d7ccf2e0064755.BHO, Quarantined, [be2c29e63547af87d4c08e3406fbce32], PUP.Optional.WinService.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110611471155}, Quarantined, [be2c29e63547af87d4c08e3406fbce32], PUP.Optional.WinService.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110611471155}, Quarantined, [be2c29e63547af87d4c08e3406fbce32], PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622472255}, Quarantined, [be2c29e63547af87d4c08e3406fbce32], PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\583e31c01eeb0132f0d1712b8d7ccf2e0064755.Sandbox.1, Quarantined, [be2c29e63547af87d4c08e3406fbce32], PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\583e31c01eeb0132f0d1712b8d7ccf2e0064755.Sandbox, Quarantined, [be2c29e63547af87d4c08e3406fbce32], PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611471155}\INPROCSERVER32, Quarantined, [be2c29e63547af87d4c08e3406fbce32], PUP.Optional.WinService86.A, HKLM\SOFTWARE\winservice86, Quarantined, [a842b75894e86dc9008c907b699a1de3], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE, Quarantined, [e406040b91eb87af3b198d8cd0337789], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\17638, Quarantined, [d713ca45ed8f21154234bb7913f0758b], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [1ecccb44cbb1dd59f8345327966eae52], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [5496db34b2caa39327062f4b29db7987], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [9f4bac63582436001540c0abf50fd828], PUP.Optional.WinService86.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\winservice86, Quarantined, [9c4ebc53e5971224c5c9f8134cb717e9], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\17638, Quarantined, [a04ab659e29a102619ec6e9f59aa34cc], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Corporate Inc, Quarantined, [509ac34ce49865d10dbb6cd1f3100ef2], PUP.Optional.Superfish.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\DOMSTORAGE\superfish.com, Quarantined, [e604e629700c201677f19ae237cd33cd], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.WinService86.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\winservice86, Quarantined, [97536aa58eeec37362c5c0482ed5eb15],  Registry Values: 1PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE|path, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [e406040b91eb87af3b198d8cd0337789] Registry Data: 0(No malicious items detected) Folders: 21PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Download, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Install, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline\{62A39A3A-9B18-45DE-A9C2-6082FB398054}, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.480793, Quarantined, [4f9bcb442b51d75fcf0e72874db59070], PUP.Optional.WinService86.A, C:\Program Files\winservice86, Delete-on-Reboot, [97536aa58eeec37362c5c0482ed5eb15], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\api, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\core, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\defaults, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\defaults\preferences, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\userCode, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\locale, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\locale\en-US, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\skin, Quarantined, [09e139d6304c3ff71234eb1de023cd33],  Files: 167PUP.Optional.WinService.A, C:\Program Files\winservice86\fe5d212a-95c3-47b7-bbaf-c65759503c8f.exe, Delete-on-Reboot, [7d6d9877007c06308f055c66bf420ef2], PUP.Optional.WinService.A, C:\Program Files\winservice86\winservice86-bho.dll, Quarantined, [be2c29e63547af87d4c08e3406fbce32], PUP.Optional.CrossRider.A, C:\Users\{username}\Desktop\winservice86.exe, Quarantined, [18d2957aacd0dd59828477de13edcd33], PUP.Optional.WinService.A, C:\Program Files\winservice86\0f749bdb-d567-4e5e-8811-f6798588db1f-11.exe, Quarantined, [09e1a768403c1f173f5518aae9182fd1], PUP.Optional.WinService.A, C:\Program Files\winservice86\0f749bdb-d567-4e5e-8811-f6798588db1f-2.exe, Quarantined, [43a765aa91ebcb6b7a1a744ee9186b95], PUP.Optional.WinService.A, C:\Program Files\winservice86\0f749bdb-d567-4e5e-8811-f6798588db1f-4.exe, Quarantined, [e307d7386e0e3ff7e1b34e74cd34629e], PUP.Optional.WinService.A, C:\Program Files\winservice86\0f749bdb-d567-4e5e-8811-f6798588db1f-5.exe, Quarantined, [0ae0c649d5a70630088c2e94818048b8], PUP.Optional.CrossRider.A, C:\Program Files\winservice86\utils.exe, Quarantined, [b03afc137efe4cea8b7b7adb77895da3], PUP.Optional.WinService.A, C:\Program Files\winservice86\winservice86-bg.exe, Quarantined, [608a22ed2c50c96d177d5c66c73aaf51], PUP.Optional.WinService.A, C:\Program Files\winservice86\winservice86-codedownloader.exe, Quarantined, [8e5c16f98cf0d75f870ddfe332cf8c74], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\0f749bdb-d567-4e5e-8811-f6798588db1f-1, Quarantined, [fceec24d03791521f35cdb3ec93afa06], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\0f749bdb-d567-4e5e-8811-f6798588db1f-11, Quarantined, [01e9b956681485b1e36c6bae57ac8e72], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\0f749bdb-d567-4e5e-8811-f6798588db1f-2, Quarantined, [76748c83b8c415213a1558c1b152f907], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\0f749bdb-d567-4e5e-8811-f6798588db1f-5, Quarantined, [8e5c25ea4d2ff046cc83f7222cd713ed], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\0f749bdb-d567-4e5e-8811-f6798588db1f-5_user, Quarantined, [f8f216f991ebfb3b3f100415c43f867a], PUP.Optional.CrossRider.T, C:\Windows\Tasks\0f749bdb-d567-4e5e-8811-f6798588db1f-1.job, Quarantined, [da1059b61963989ec9f59cdb45bfe41c], PUP.Optional.CrossRider.T, C:\Windows\Tasks\0f749bdb-d567-4e5e-8811-f6798588db1f-11.job, Quarantined, [6783a36c1e5e7db95e60284fa3613bc5], PUP.Optional.CrossRider.T, C:\Windows\Tasks\0f749bdb-d567-4e5e-8811-f6798588db1f-2.job, Quarantined, [569451be98e460d67b43a3d4857f4eb2], PUP.Optional.CrossRider.T, C:\Windows\Tasks\0f749bdb-d567-4e5e-8811-f6798588db1f-5.job, Quarantined, [9a5019f6b5c7a096a21cd5a29c68fb05], PUP.Optional.CrossRider.T, C:\Windows\Tasks\0f749bdb-d567-4e5e-8811-f6798588db1f-5_user.job, Quarantined, [ecfe759a0379a0969529e196887cd42c], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Quarantined, [c92145ca8def989e6272e98e9371c33d], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, Quarantined, [6783eb2483f90531e2f3aacd689cba46], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Quarantined, [0ddd848b3547d165ffd7c8af33d1dd23], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, Quarantined, [a644ac63aad2f640b4236e09f60e11ef], PUP.Optional.CrossRider.A, C:\Windows\Tasks\f128bd8c-0dda-4837-b253-79cc07064ec4.job, Quarantined, [797197788bf1e4524fdb7703b84c9769], PUP.Optional.CrossRider.A, C:\Windows\Tasks\fe5d212a-95c3-47b7-bbaf-c65759503c8f.job, Quarantined, [96543fd04c3047ef0b1f502a0ef630d0], PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\f128bd8c-0dda-4837-b253-79cc07064ec4, Quarantined, [0cdec04ff58742f42704087233d19a66], PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\fe5d212a-95c3-47b7-bbaf-c65759503c8f, Quarantined, [20ca62ad3f3d77bf54d7cbaf4abae31d], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psuser.dll, Quarantined, [cd1d4dc2384413233d841edb25dda15f], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.480793\GoogleCrashHandler.exe, Quarantined, [4f9bcb442b51d75fcf0e72874db59070], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.480793\GoogleUpdate.exe, Quarantined, [4f9bcb442b51d75fcf0e72874db59070], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.480793\GoogleUpdateBroker.exe, Quarantined, [4f9bcb442b51d75fcf0e72874db59070], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.480793\GoogleUpdateHelper.msi, Quarantined, [4f9bcb442b51d75fcf0e72874db59070], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.480793\GoogleUpdateOnDemand.exe, Quarantined, [4f9bcb442b51d75fcf0e72874db59070], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.480793\goopdate.dll, Quarantined, [4f9bcb442b51d75fcf0e72874db59070], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.480793\goopdateres_en.dll, Quarantined, [4f9bcb442b51d75fcf0e72874db59070], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.480793\npGoogleUpdate4.dll, Quarantined, [4f9bcb442b51d75fcf0e72874db59070], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.480793\psmachine.dll, Quarantined, [4f9bcb442b51d75fcf0e72874db59070], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.480793\psuser.dll, Quarantined, [4f9bcb442b51d75fcf0e72874db59070], PUP.Optional.WinService86.A, C:\Program Files\winservice86\Interop.IWshRuntimeLibrary.dll, Delete-on-Reboot, [97536aa58eeec37362c5c0482ed5eb15], PUP.Optional.WinService86.A, C:\Program Files\winservice86\0f749bdb-d567-4e5e-8811-f6798588db1f.crx, Quarantined, [97536aa58eeec37362c5c0482ed5eb15], PUP.Optional.WinService86.A, C:\Program Files\winservice86\0f749bdb-d567-4e5e-8811-f6798588db1f.xpi, Quarantined, [97536aa58eeec37362c5c0482ed5eb15], PUP.Optional.WinService86.A, C:\Program Files\winservice86\1293297481.mxaddon, Quarantined, [97536aa58eeec37362c5c0482ed5eb15], PUP.Optional.WinService86.A, C:\Program Files\winservice86\background.html, Quarantined, [97536aa58eeec37362c5c0482ed5eb15], PUP.Optional.WinService86.A, C:\Program Files\winservice86\dfd60c7a-d5ea-4dca-aaa6-c7bad690028b.crx, Quarantined, [97536aa58eeec37362c5c0482ed5eb15], PUP.Optional.WinService86.A, C:\Program Files\winservice86\f128bd8c-0dda-4837-b253-79cc07064ec4.exe, Delete-on-Reboot, [97536aa58eeec37362c5c0482ed5eb15], PUP.Optional.WinService86.A, C:\Program Files\winservice86\Newtonsoft.Json.dll, Delete-on-Reboot, [97536aa58eeec37362c5c0482ed5eb15], PUP.Optional.WinService86.A, C:\Program Files\winservice86\SuperSocket.ClientEngine.Common.dll, Quarantined, [97536aa58eeec37362c5c0482ed5eb15], PUP.Optional.WinService86.A, C:\Program Files\winservice86\SuperSocket.ClientEngine.Core.dll, Quarantined, [97536aa58eeec37362c5c0482ed5eb15], PUP.Optional.WinService86.A, C:\Program Files\winservice86\SuperSocket.ClientEngine.Protocol.dll, Quarantined, [97536aa58eeec37362c5c0482ed5eb15], PUP.Optional.WinService86.A, C:\Program Files\winservice86\Uninstall.exe, Quarantined, [97536aa58eeec37362c5c0482ed5eb15], PUP.Optional.WinService86.A, C:\Program Files\winservice86\WebSocket4Net.dll, Delete-on-Reboot, [97536aa58eeec37362c5c0482ed5eb15], PUP.Optional.WinService86.A, C:\Program Files\winservice86\winservice86.ico, Quarantined, [97536aa58eeec37362c5c0482ed5eb15], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome.manifest, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\install.rdf, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\02e31e376ea62339d4a76ba4ce4c2978.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\1b6cfbf4073ba49f09d2ab6e9353d53a.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\5699e48c099f63ef31d70bb2f163ab19.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\61abf3f3c158c80edaf00dd94c5e9aa6.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\6424cf111966699b4ee2fe89338374c6.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\7b0d919b99a7cb1d4bd38bd514350dc9.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\background.html, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\browser.xul, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\dialog.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\options.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\options.xul, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\search_dialog.xul, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\api\3e4bb000ced7a8a5576cbf772aa16756.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\api\54dd66b10373459e564dd79669f0cdf0.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\api\6a41cd15ee882c673e06e8c7c9603fb4.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\api\77bd5228410c45ed7ade444b7ae53b4c.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\api\95551096790cf2ff2bb97d6f8bb7764f.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\api\95948cb309d7b87a6e208385c01a2e0f.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\api\9ece0b78284a1c033e4bb2b4a9a006c5.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\api\a3222098e33f96b976229882048b3e55.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\api\c21700315aea53fbfd6dcbb9200c795c.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\api\d22b6ca3711c0c1102f7df9e3dd4b6c9.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\api\d4598d336cf3a89f51b1f6ca2583bf1c.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\api\d87f4478dbfe2939e59c8d61cf375c21.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\api\de335935cc1c3a1e59ec5c4932bc1e00.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\api\e4ee409e860616804ef3ca08fa24acbc.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\api\ee129e71d444d3ca266acc29b767e59b.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\api\f5339eed7623b50832bd6f269f156f0e.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\core\0966181e34189065ba2c9c65e1353761.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\core\24975defeda4c0ab6896327de9fc7588.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\core\29622ee495eefd9e0ab6afcac0473b34.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\core\4232d0881d97012cece8e4f2083821f4.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\core\4cbac006bb16d1d50648be5c1e437de4.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\core\64a5618d8ba5540d463bff82e77764c1.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\core\8f8363b7f8de4f5ed744839f10681c90.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\core\926e9661ea07f323b5c74382321e0b13.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\core\a2d9f8df202ea5de59304c1b107dcacd.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\core\b0d7031c32b4b5368ea36c2b7dc33cca.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\core\b956446e720efa8d2b65a493b557e9aa.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\core\bc726d98bf4def290bb732b0f3bdaeb7.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\core\be22282ffa35376d7fff0c1f0788b2b4.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\core\c78b9aa09bac68de793d0e56c8b94871.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\core\ca800bbcacd7a612a6a457ce8d05c96d.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\core\cbfa35bb52223916242accdcda31fbc7.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\core\d646aa327ddb0eb796a1af58e2a319c2.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\core\e21e58713fa2e412fc72862773836dc9.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\core\e2d80a1fb9a7b4ceddf2d0d26e116312.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\core\f14a11c0a278d27860f69ddecfab4081.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\chrome\content\core\installer.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\defaults\preferences\prefs.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\manifest.xml, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins.json, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\102.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\104.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\128.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\13.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\14.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\16.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\17.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\180.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\184.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\193.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\195.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\220.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\221.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\223.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\230.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\242.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\246.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\262.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\263.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\268.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\273.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\275.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\289.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\302.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\4.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\47.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\64.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\7.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\78.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\9.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\91.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\plugins\93.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\userCode\background.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\extensionData\userCode\extension.js, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\locale\en-US\translations.dtd, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\skin\button1.png, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\skin\button2.png, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\skin\button3.png, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\skin\button4.png, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\skin\button5.png, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\skin\crossrider_statusbar.png, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\skin\icon128.png, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\skin\icon16.png, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\skin\icon24.png, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\skin\icon48.png, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\skin\panelarrow-up.png, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\skin\popup.html, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\skin\skin.css, Quarantined, [09e139d6304c3ff71234eb1de023cd33], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\taylorralston@hotmail.com\skin\update.css, Quarantined, [09e139d6304c3ff71234eb1de023cd33],  Physical Sectors: 0(No malicious items detected)  (end)
 

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.