Jump to content

Removal instructions for CinemaxME


Recommended Posts

  • Staff

What is CinemaxME?

 

The Malwarebytes research team has determined that CinemaxME is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

 

How do I know if my computer is affected by CinemaxME?

 

You may see these browser extensions/add-ons:

 

warning1.png

 

warning2.png

warning3.png

 

and this entry in your list of installed programs:

 

warning4.png

 

 

How did CinemaxME get on my computer?

 

Browser hijackers use different methods for distributing themselves. This particular one was offered as a video-enhancing browser extension.

 

How do I remove CinemaxME?

 

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of CinemaxME?
  • If you are using Opera, you may have to remove the Extension manually under Opera > Extensions click the x behind CinemaxME and click OK in the prompt to confirm.
How would the full version of Malwarebytes Anti-Malware help protect me?

 

We hope our application and this guide have helped you eradicate this hijacker.  

 

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the CinemaxME hijacker.  It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

 

 

protection1.png

 

Technical details for experts

 

Signs in a HijackThis log:

   

O2 - BHO: a7c9e3c0eb27013147ac1bd4f3c7881c0061195 - {11111111-1111-1111-1111-110611111195} - C:\Program Files\CinemaxME_v1+\CinemaxME_v1+-bho.dll
 

Alterations made by the installer:

  

File system details  ---------------------------------------------    Adds the folder C:\Program Files\CinemaxME_v1+       Adds the file 1293297481.mxaddon"="10/14/2014 6:22 PM, 45407 bytes, A       Adds the file 18aa4fcc-de88-4863-845d-3c32ca50266c.crx"="10/22/2014 1:49 PM, 296918 bytes, A       Adds the file 18aa4fcc-de88-4863-845d-3c32ca50266c.xpi"="10/22/2014 1:49 PM, 354121 bytes, A       Adds the file 18aa4fcc-de88-4863-845d-3c32ca50266c-11.exe"="10/22/2014 1:49 PM, 1968544 bytes, A       Adds the file 18aa4fcc-de88-4863-845d-3c32ca50266c-2.exe"="10/22/2014 1:49 PM, 905120 bytes, A       Adds the file 18aa4fcc-de88-4863-845d-3c32ca50266c-4.exe"="10/22/2014 1:49 PM, 1486240 bytes, A       Adds the file 18aa4fcc-de88-4863-845d-3c32ca50266c-5.exe"="10/22/2014 1:49 PM, 839072 bytes, A       Adds the file a22f0697-6996-4be4-85c1-2a80a46d39ba.crx"="10/22/2014 1:49 PM, 298122 bytes, A       Adds the file background.html"="10/16/2014 2:15 PM, 729 bytes, A       Adds the file CinemaxME_v1+.ico"="10/16/2014 2:15 PM, 9662 bytes, A       Adds the file CinemaxME_v1+-bg.exe"="10/22/2014 1:49 PM, 567200 bytes, A       Adds the file CinemaxME_v1+-bho.dll"="10/22/2014 1:49 PM, 545696 bytes, A       Adds the file CinemaxME_v1+-codedownloader.exe"="10/22/2014 1:49 PM, 1079200 bytes, A       Adds the file Uninstall.exe"="10/22/2014 1:49 PM, 102304 bytes, A       Adds the file utils.exe"="10/22/2014 1:49 PM, 2520924 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\defaults    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\locale    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\skin    Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\hgoipgmdackgnpgaaoghdplnhcbklpeo\1.26.56_0    Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\hgoipgmdackgnpgaaoghdplnhcbklpeo\1.26.56_0\extensionData    Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\hgoipgmdackgnpgaaoghdplnhcbklpeo\1.26.56_0\icons    Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\hgoipgmdackgnpgaaoghdplnhcbklpeo\1.26.56_0\js    In the existing folder C:\Windows\System32\Tasks       Adds the file 18aa4fcc-de88-4863-845d-3c32ca50266c-1"="10/22/2014 1:49 PM, 6130 bytes, A       Adds the file 18aa4fcc-de88-4863-845d-3c32ca50266c-11"="10/22/2014 1:49 PM, 7856 bytes, A       Adds the file 18aa4fcc-de88-4863-845d-3c32ca50266c-2"="10/22/2014 1:49 PM, 5126 bytes, A       Adds the file 18aa4fcc-de88-4863-845d-3c32ca50266c-5"="10/22/2014 1:49 PM, 5462 bytes, A       Adds the file 18aa4fcc-de88-4863-845d-3c32ca50266c-5_user"="10/22/2014 1:49 PM, 5468 bytes, A    In the existing folder C:\Windows\Tasks       Adds the file 18aa4fcc-de88-4863-845d-3c32ca50266c-1.job"="10/22/2014 1:49 PM, 3100 bytes, A       Adds the file 18aa4fcc-de88-4863-845d-3c32ca50266c-11.job"="10/22/2014 1:49 PM, 4826 bytes, A       Adds the file 18aa4fcc-de88-4863-845d-3c32ca50266c-2.job"="10/22/2014 1:49 PM, 2096 bytes, A       Adds the file 18aa4fcc-de88-4863-845d-3c32ca50266c-5.job"="10/22/2014 1:49 PM, 2432 bytes, A       Adds the file 18aa4fcc-de88-4863-845d-3c32ca50266c-5_user.job"="10/22/2014 1:49 PM, 2432 bytes, ARegistry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaxME_v1+\btVZFoBzW7YAoglp83Sg07L/6qPUxxriXDOL0NH8dR3ryC4WYDJwRctGvgzMwUL6xI4itCR6KYji564iMO7gS6mS4epBp98jR7EEWTe+H8xsHLkTIUIZwhwIl+ySYeS7nazfehAwvWmATIQW4HHmdX/b+rMmWVZk2FbIPkr3Hak=]       "UqUy81clYDwE42VdTkzyv50/1j88vYI2eda7urlpJMhy6LsFC8KgSPukFp6Zf8dyojzJ1600kaI6H8/owK+Qby706YxWT6IJfevmb1+LZ30l+OHVxZsUootx9z6SmZn1hgQEjv49jBHmhXysn7Bu7H0my6Gq3ZXHb3GC3mMX0GKXfpzne7bBpeK/tCtyC5ajhBXyMoPfI7LcFwoiDlc8z/G3u7VA9kiwPQSHZxV2lhMIrk9FGqwxzanuvWEgp31oyd/9+iL2Ot/X3pxtKuXNPR1AIrmP/PgqpGVDoqAHFZ9NbeD+e7eQENUI5O3Z4Zle66+qLIXCLVKVZpVO8ByoxQ=="="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaxME_v1+\IE]       "TotalProfiles"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaxME_v1+\IE\Profiles]       "S-1-5-21-4016700205-1717049133-1125222536-1001"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaxME_v1+\Installer]       "BundledAddCh"="REG_DWORD", 1       "BundledFirefox"="REG_DWORD", 1       "BundledIe"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaxME_v1+\olcenRfi7FbGfaPcPvf+4/HPX5GdO9P/MKHgEllERNY3D2M0kokyAoqv/WZrmi+tJx7tygRyrQrU+cDphmMMbIyRIJblFqDmh2/z5IxRXfmJrNC9kvjUxtEiYWODgDXclAtegkxuLVOnMea4PNHp2TzUr+im+HS2T2/pONWKqvY=]       "NXbOnCVuwgkVDzZ72G/myjepX1eCoB7RXTM5LYtGEkOanGul1RbL8LbgKU4UpBHIfYq+BfJy3uufSOBNjZRGUa/T9P+eoXX0W+jnQm9Bjwd00EpcIBrvn36pXZIrZ5rMzRLG6VAbJoUtYsphlmT57ee0K/yMGQJaPCmzhgPYQ8k="="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaxME_v1+\VWRDIg2H0Ou+3Lu30UKdl47XJJGtxYGtFqvWK3u2jkzq07wPGdSEWCUo/AL7nESf/OPHdXooBqmLclgDbfxLwFgTNTKzV9J9iM55xdqdyu3H6xpj78/poBw8fMNaVtipMjnEIvnwctNwzbGH85XLqYMuBBUUuQSN8KEnnpPgMX0=]       "l3OPMj3YeNKqXqIEtoKaI+/yoF6uSyFzdAlwoyDhdmMXWaGha0fWizN1qjcTPF2Pne3wVdpfIUmj8QgxizC6fSddVAORjUEE9XTcgq9kiBVuqeDZZkmxtkwxltkXDPazoCSBnKdc1thW6s0XNIakoUcdZ88JKcZMtNSVsYkRkc4="="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\CinemaxME_v1+\XO4wExe4NahqYaGygLdvk4Gg/HFhPKzqbiYAa/u0ovpx0CV/02WCZOLi3Mm/AiD9Tu0kzpyJTI282/gkU5ddJ7UZG3dJlSbQOcqka3GchqFZOasF5fbZhogjqfSRDWXqIoqphiysGbt00gtj/cWwIYm22O0vYpramJ6wMfQXiyE=]       "NXbOnCVuwgkVDzZ72G/myjepX1eCoB7RXTM5LYtGEkOanGul1RbL8LbgKU4UpBHIfYq+BfJy3uufSOBNjZRGUa/T9P+eoXX0W+jnQm9Bjwd00EpcIBrvn36pXZIrZ5rMzRLG6VAbJoUtYsphlmT57ee0K/yMGQJaPCmzhgPYQ8k="="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\a7c9e3c0eb27013147ac1bd4f3c7881c0061195.BHO]       "(Default)"="REG_SZ", "a7c9e3c0eb27013147ac1bd4f3c7881c0061195"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\a7c9e3c0eb27013147ac1bd4f3c7881c0061195.BHO\CLSID]       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611111195}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\a7c9e3c0eb27013147ac1bd4f3c7881c0061195.BHO\CurVer]       "(Default)"="REG_SZ", "a7c9e3c0eb27013147ac1bd4f3c7881c0061195"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\a7c9e3c0eb27013147ac1bd4f3c7881c0061195.BHO.1]       "(Default)"="REG_SZ", "a7c9e3c0eb27013147ac1bd4f3c7881c0061195"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\a7c9e3c0eb27013147ac1bd4f3c7881c0061195.BHO.1\CLSID]       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611111195}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\a7c9e3c0eb27013147ac1bd4f3c7881c0061195.Sandbox]       "(Default)"="REG_SZ", "a7c9e3c0eb27013147ac1bd4f3c7881c0061195.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\a7c9e3c0eb27013147ac1bd4f3c7881c0061195.Sandbox\CLSID]       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622112295}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\a7c9e3c0eb27013147ac1bd4f3c7881c0061195.Sandbox\CurVer]       "(Default)"="REG_SZ", "a7c9e3c0eb27013147ac1bd4f3c7881c0061195.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\a7c9e3c0eb27013147ac1bd4f3c7881c0061195.Sandbox.1]       "(Default)"="REG_SZ", "a7c9e3c0eb27013147ac1bd4f3c7881c0061195.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\a7c9e3c0eb27013147ac1bd4f3c7881c0061195.Sandbox.1\CLSID]       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622112295}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611111195}]       "(Default)"="REG_SZ", "CinemaxME_v1+"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611111195}\Implemented Categories]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611111195}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611111195}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\CinemaxME_v1+\CinemaxME_v1+-bho.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611111195}\ProgID]       "(Default)"="REG_SZ", "a7c9e3c0eb27013147ac1bd4f3c7881c0061195.BHO.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611111195}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611111195}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644114495}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611111195}\VersionIndependentProgID]       "(Default)"="REG_SZ", "a7c9e3c0eb27013147ac1bd4f3c7881c0061195"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622112295}]       "(Default)"="REG_SZ", "a7c9e3c0eb27013147ac1bd4f3c7881c0061195.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622112295}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\CinemaxME_v1+\CinemaxME_v1+-bho.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622112295}\ProgID]       "(Default)"="REG_SZ", "a7c9e3c0eb27013147ac1bd4f3c7881c0061195.Sandbox.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622112295}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622112295}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644114495}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622112295}\VersionIndependentProgID]       "(Default)"="REG_SZ", "a7c9e3c0eb27013147ac1bd4f3c7881c0061195.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655115595}]       "(Default)"="REG_SZ", "ICrossriderBHO"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655115595}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655115595}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655115595}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644114495}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666116695}]       "(Default)"="REG_SZ", "ISandBox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666116695}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666116695}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666116695}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644114495}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644114495}\1.0]       "(Default)"="REG_SZ", "a7c9e3c0eb27013147ac1bd4f3c7881c0061195 Type Library"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644114495}\1.0\0\win32]       "(Default)"="REG_SZ", "C:\Program Files\CinemaxME_v1+\CinemaxME_v1+-bho.dll"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644114495}\1.0\FLAGS]       "(Default)"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644114495}\1.0\HELPDIR]       "(Default)"="REG_SZ", "C:\Program Files\CinemaxME_v1+"    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\31163]       "61195"="REG_SZ", "CinemaxME_v1+"    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\31163\Status]       "Installed"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION]       "CinemaxME_v1+-bg.exe"="REG_DWORD", 8000    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611111195}]       "(Default)"="REG_SZ", "a7c9e3c0eb27013147ac1bd4f3c7881c0061195"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]       "{11111111-1111-1111-1111-110611111195}"="REG_SZ", "1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinemaxME_v1+]       "CrAppId"="REG_SZ", "61195"       "CrPublisherId"="REG_SZ", "31163"       "DisplayIcon"="REG_SZ", "C:\Program Files\CinemaxME_v1+\utils.exe"       "DisplayName"="REG_SZ", "CinemaxME_v1+"       "DisplayVersion"="REG_SZ", "1.35.9.29"       "Publisher"="REG_SZ", "SBG"       "UninstallString"="REG_SZ", "C:\Program Files\CinemaxME_v1+\Uninstall.exe /fcp=1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]       "18aa4fcc-de88-4863-845d-3c32ca50266c-1.job"="REG_BINARY, ................................       "18aa4fcc-de88-4863-845d-3c32ca50266c-1.job.fp"="REG_DWORD", -1994258917       "18aa4fcc-de88-4863-845d-3c32ca50266c-11.job"="REG_BINARY, ................................       "18aa4fcc-de88-4863-845d-3c32ca50266c-11.job.fp"="REG_DWORD", 1633417146       "18aa4fcc-de88-4863-845d-3c32ca50266c-2.job"="REG_BINARY, ................................       "18aa4fcc-de88-4863-845d-3c32ca50266c-2.job.fp"="REG_DWORD", 1706067411       "18aa4fcc-de88-4863-845d-3c32ca50266c-5.job"="REG_BINARY, ................................       "18aa4fcc-de88-4863-845d-3c32ca50266c-5.job.fp"="REG_DWORD", 755532104       "18aa4fcc-de88-4863-845d-3c32ca50266c-5_user.job"="REG_BINARY, ................................       "18aa4fcc-de88-4863-845d-3c32ca50266c-5_user.job.fp"="REG_DWORD", -1281018315    [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaxME_v1+]       "ActiveAppId"="REG_SZ", "61195"       "BhoRunningVersion"="REG_SZ", "154"       "IsBhoEnabled"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaxME_v1+\Background]       " { javascript removed, full log avauilable on request } "    [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaxME_v1+\Debug]       "DebuggedAppUrl"="REG_SZ", "file://C:\Users\{username}\Documents\debug.js"       "DebuggedBgUrl"="REG_SZ", "file://C:\Users\{username}\Documents\bg_debug.js"       "DebuggedNewTabUrl"="REG_SZ", "file://C:\Users\{username}\Documents\new_debug.js"       "IsDebuggingPlugins"="REG_DWORD", 0       "IsDebugMode"="REG_DWORD", 0    [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaxME_v1+\Installer]       "AdditionalInfo"="REG_SZ", "{"asw":[67108864, -1073733563, 0],"browser_name":"ie","proc_id":"1ED77B3754C94C0AA8F506477CA4E927PI","os":{"name":"7","build":"7601","product":"Windows 7 Ultimate N","sp":"Service Pack 1","install_date":"1363633411"},"upi":"8655ebc447297b398088e5f1933333c9"}"       "CodeDownloadDomain"="REG_SZ", "http://js.newgenonlinesrv.com"       "CodeDownloadFbDomain"="REG_SZ", "http://js.clientdemocloud.com"       "DefaultBrowser"="REG_SZ", "ie"       "ErrorsDomain"="REG_SZ", "http://errors.newgenonlinesrv.com"       "FullVersion"="REG_SZ", "1.35.9.29"       "FullVersionForUrl"="REG_SZ", "1_35_09_29"       "OsName"="REG_SZ", "7"       "Params"="REG_SZ", "{   "source_id" : "001998",   "sub_id" : "0",   "uzid" : "0"}"       "SrcId"="REG_SZ", "001998"       "StatsDomain"="REG_SZ", "http://stats.newgenonlinesrv.com"       "SubId"="REG_SZ", "0"       "Time"="REG_SZ", "1413978561"       "ZData"="REG_SZ", "0"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaxME_v1+\Manifest]       "AddressbarURL"="REG_SZ", "NA"       "BgVersion"="REG_SZ", "1"       "ChangePrevious"="REG_SZ", "false"       "Description"="REG_SZ", "Lights out for YouTube"       "DisableIe"="REG_SZ", "true"       "EnableSearchIE"="REG_SZ", "false"       "HomePageUrl"="REG_SZ", "NA"       "IsButtonEnabled"="REG_SZ", "false"       "Manifest"="REG_SZ", "NA"       "ModeType"="REG_SZ", "production"       "Name"="REG_SZ", "CinemaxME"       "PluginsManifestVersion"="REG_SZ", "48"       "PublisherId"="REG_SZ", "31163"       "PublisherName"="REG_SZ", "SBG"       "RunInFrame"="REG_SZ", "false"       "SetNewTab"="REG_SZ", "false"       "ThanksUrl"="REG_SZ", "NA"       "UninstallerOfferAction"="REG_SZ", "NA"       "UninstallerOfferUrl"="REG_SZ", "NA"       "UpdateInterval"="REG_DWORD", 360       "Version"="REG_SZ", "57"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\CinemaxME_v1+\Update]       "LastCheck"="REG_DWORD", 1413978580    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]       "Bic"="REG_SZ", "B8D7EA8D3B6643028AB03C021402EC45IE"       "Verifier"="REG_SZ", "d80171d31a9a8cf97a9cb14eff77fe9f"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onBeforeNavigate]       "61195"="REG_SZ", ""    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onRequest]       "61195"="REG_SZ", ""    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\31163]       "61195"="REG_SZ", "CinemaxME_v1+"    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\31163\Status]       "Installed"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\SBG]       "61195"="REG_SZ", "CinemaxME_v1+"    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611111195}]       "Flags"="REG_DWORD", 1024
 

Malwarebytes Anti-Malware log:

  

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 10/22/2014Scan Time: 1:56:27 PMLogfile: mbamCinemaxME.txtAdministrator: YesVersion: 2.00.3.1025Malware Database: v2014.10.22.04Rootkit Database: v2014.10.21.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 270802Time Elapsed: 3 min, 14 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 36PUP.Optional.Cinemax.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611111195}, Quarantined, [4b716fa8fc80e452fe68fcbeb051758b], PUP.Optional.Cinemax.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644114495}, Quarantined, [4b716fa8fc80e452fe68fcbeb051758b], PUP.Optional.Cinemax.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655115595}, Quarantined, [4b716fa8fc80e452fe68fcbeb051758b], PUP.Optional.Cinemax.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666116695}, Quarantined, [4b716fa8fc80e452fe68fcbeb051758b], PUP.Optional.Cinemax.A, HKLM\SOFTWARE\CLASSES\a7c9e3c0eb27013147ac1bd4f3c7881c0061195.BHO.1, Quarantined, [4b716fa8fc80e452fe68fcbeb051758b], PUP.Optional.Cinemax.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611111195}, Quarantined, [4b716fa8fc80e452fe68fcbeb051758b], PUP.Optional.Cinemax.A, HKLM\SOFTWARE\CLASSES\a7c9e3c0eb27013147ac1bd4f3c7881c0061195.BHO, Quarantined, [4b716fa8fc80e452fe68fcbeb051758b], PUP.Optional.Cinemax.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110611111195}, Quarantined, [4b716fa8fc80e452fe68fcbeb051758b], PUP.Optional.Cinemax.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110611111195}, Quarantined, [4b716fa8fc80e452fe68fcbeb051758b], PUP.Optional.Cinemax.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622112295}, Quarantined, [4b716fa8fc80e452fe68fcbeb051758b], PUP.Optional.Cinemax.A, HKLM\SOFTWARE\CLASSES\a7c9e3c0eb27013147ac1bd4f3c7881c0061195.Sandbox.1, Quarantined, [4b716fa8fc80e452fe68fcbeb051758b], PUP.Optional.Cinemax.A, HKLM\SOFTWARE\CLASSES\a7c9e3c0eb27013147ac1bd4f3c7881c0061195.Sandbox, Quarantined, [4b716fa8fc80e452fe68fcbeb051758b], PUP.Optional.Cinemax.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611111195}\INPROCSERVER32, Quarantined, [4b716fa8fc80e452fe68fcbeb051758b], PUP.Optional.CinemaMax.A, HKLM\SOFTWARE\CinemaxME_v1+, Quarantined, [308c44d3770504321271b4ded331f20e], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE, Quarantined, [8f2d4acdd8a4c274ae7eec42ee1558a8], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\31163, Quarantined, [8e2ebc5b6d0f2c0a9f930b3e42c17c84], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [e1db1601ceae6ccaa71e820ce81ca25e], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [8f2da770c2ba55e1b412fa94d232be42], PUP.Optional.CinemaMax.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CinemaxME_v1+, Quarantined, [c9f3898e3f3de94d3352187a45bf9769], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [cdefaf68b7c5ac8a1be096e98183f30d], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\31163, Quarantined, [a715d443c2ba37ffecfef42dfe05d62a], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\SBG, Quarantined, [a913a5726517ce6887c9a6812cd7d030], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.CinemaMax.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CinemaxME_v1+, Quarantined, [befe0a0d651723130f50e23939ca20e0], Registry Values: 1PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE|path, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [8f2d4acdd8a4c274ae7eec42ee1558a8]Registry Data: 0(No malicious items detected)Folders: 21PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Download, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Install, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline\{9653DB96-B65E-4834-90F2-7E03C627F657}, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.107098, Quarantined, [e4d8b0672f4d270ff47cac5d47bc33cd], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\api, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\core, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\defaults, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\defaults\preferences, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\userCode, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\locale, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\locale\en-US, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\skin, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CinemaMax.A, C:\Program Files\CinemaxME_v1+, Quarantined, [befe0a0d651723130f50e23939ca20e0], Files: 158PUP.Optional.Cinemax.A, C:\Program Files\CinemaxME_v1+\CinemaxME_v1+-bho.dll, Quarantined, [4b716fa8fc80e452fe68fcbeb051758b], PUP.Optional.CrossRider.A, C:\Users\{username}\Desktop\CinemaxME_v1+.exe, Quarantined, [b10b75a249330b2bdfc23a0e56aa7888], PUP.Optional.Cinemax.A, C:\Program Files\CinemaxME_v1+\18aa4fcc-de88-4863-845d-3c32ca50266c-11.exe, Quarantined, [d8e4b95ea4d8c17520463e7c6c95b749], PUP.Optional.Cinemax.A, C:\Program Files\CinemaxME_v1+\18aa4fcc-de88-4863-845d-3c32ca50266c-2.exe, Quarantined, [2e8e4fc8cbb163d3aabc843627da6f91], PUP.Optional.Cinemax.A, C:\Program Files\CinemaxME_v1+\18aa4fcc-de88-4863-845d-3c32ca50266c-4.exe, Quarantined, [edcf69ae2359c472c4a2c1f9b9481be5], PUP.Optional.Cinemax.A, C:\Program Files\CinemaxME_v1+\18aa4fcc-de88-4863-845d-3c32ca50266c-5.exe, Quarantined, [ceeefe19295313234f1716a43ec315eb], PUP.Optional.Cinemax.A, C:\Program Files\CinemaxME_v1+\CinemaxME_v1+-bg.exe, Quarantined, [09b37d9a2d4f261094d2b60439c8d12f], PUP.Optional.Cinemax.A, C:\Program Files\CinemaxME_v1+\CinemaxME_v1+-codedownloader.exe, Quarantined, [ac10d344abd10c2ae3839f1b35cc0bf5], PUP.Optional.CrossRider.A, C:\Program Files\CinemaxME_v1+\utils.exe, Quarantined, [5a62fb1c5824b87e6a37f454b14fa35d], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\18aa4fcc-de88-4863-845d-3c32ca50266c-1, Quarantined, [b606cb4c0e6ebf7750d7240a7f84a35d], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\18aa4fcc-de88-4863-845d-3c32ca50266c-11, Quarantined, [4676b85f8defc86e51d6f33b956edc24], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\18aa4fcc-de88-4863-845d-3c32ca50266c-2, Quarantined, [45776aad6c10a88e260156d89d66a45c], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\18aa4fcc-de88-4863-845d-3c32ca50266c-5, Quarantined, [5765aa6d324a7cba87a058d6e320d12f], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\18aa4fcc-de88-4863-845d-3c32ca50266c-5_user, Quarantined, [2d8f001796e646f0ff28939b897a827e], PUP.Optional.CrossRider.T, C:\Windows\Tasks\18aa4fcc-de88-4863-845d-3c32ca50266c-1.job, Quarantined, [c1fbd1466517a6905efd6d1fd430fb05], PUP.Optional.CrossRider.T, C:\Windows\Tasks\18aa4fcc-de88-4863-845d-3c32ca50266c-11.job, Quarantined, [0ab2ae695f1de15564f7d5b7ad5757a9], PUP.Optional.CrossRider.T, C:\Windows\Tasks\18aa4fcc-de88-4863-845d-3c32ca50266c-2.job, Quarantined, [3b8148cf1369a19589d21c70ad5757a9], PUP.Optional.CrossRider.T, C:\Windows\Tasks\18aa4fcc-de88-4863-845d-3c32ca50266c-5.job, Quarantined, [c5f7100788f44aec2b304f3dde268977], PUP.Optional.CrossRider.T, C:\Windows\Tasks\18aa4fcc-de88-4863-845d-3c32ca50266c-5_user.job, Quarantined, [b408f81f1963bf77e279305c1ee6649c], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Quarantined, [e2dadb3c3c40270fcca5226a05ffed13], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, Quarantined, [98248e89d0acee4851217e0e10f42cd4], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Quarantined, [2c90f4238fed87afe291e3a9fe06c937], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, Quarantined, [ffbd2aed88f493a3dc982f5da85c49b7], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psuser.dll, Quarantined, [219bba5d1f5d999de96b8782877c8a76], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.107098\GoogleCrashHandler.exe, Quarantined, [e4d8b0672f4d270ff47cac5d47bc33cd], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.107098\GoogleUpdate.exe, Quarantined, [e4d8b0672f4d270ff47cac5d47bc33cd], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.107098\GoogleUpdateBroker.exe, Quarantined, [e4d8b0672f4d270ff47cac5d47bc33cd], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.107098\GoogleUpdateHelper.msi, Quarantined, [e4d8b0672f4d270ff47cac5d47bc33cd], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.107098\GoogleUpdateOnDemand.exe, Quarantined, [e4d8b0672f4d270ff47cac5d47bc33cd], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.107098\goopdate.dll, Quarantined, [e4d8b0672f4d270ff47cac5d47bc33cd], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.107098\goopdateres_en.dll, Quarantined, [e4d8b0672f4d270ff47cac5d47bc33cd], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.107098\npGoogleUpdate4.dll, Quarantined, [e4d8b0672f4d270ff47cac5d47bc33cd], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.107098\psmachine.dll, Quarantined, [e4d8b0672f4d270ff47cac5d47bc33cd], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.107098\psuser.dll, Quarantined, [e4d8b0672f4d270ff47cac5d47bc33cd], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome.manifest, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\install.rdf, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\362e213b4c7171a42b356052995a84f0.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\7aa140133e056058b1a5abfcf789c0c5.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\7cab926977e350bf6c2bea2ae3cb913b.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\9330256e99652e0ddac66a36633126a9.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\9796a2a2a9d6c362dc63cb11379abb24.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\background.html, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\browser.xul, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\cd7cd681c01b1b446bd2b40d896f5a6f.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\dialog.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\options.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\options.xul, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\search_dialog.xul, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\api\8acdcfc40eaeef23b4c9b5595c8f6f3b.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\api\15f0eea5905d9d7f6995c12622512a6d.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\api\51b9ec4d402cab1bf3387eb13bd4e79b.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\api\55190b7f54cd3a994ce5d8b5ed5fb295.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\api\55e9c044b1a13f26aa19ed6c015c59aa.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\api\55f2a4232f294c9337f1c18f2b61704e.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\api\58604582b8b7417a86c491d26c4376b5.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\api\627c0fa32182b7e6a91c429c1cc2cdf9.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\api\770233ecc4f5e690022a98cc66ee195e.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\api\8e4162ba544c57cf75fcffec3ceb0aad.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\api\956aca404a557393d27fbbb7970199d4.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\api\9c33265126e889f8f9dfa9063b963c71.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\api\ac26eae93cc0bf4a96ed97657e6a63a3.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\api\bdc9e062b1bb49da79facfbd89ba386d.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\api\edcf139a6bad01e7a988026669d083d4.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\api\fe979ae08c50a5632b4d92e21f9fc608.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\core\02d4bf5f6aa2fdb82a01cda17b39c486.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\core\199d5c4081a5ec0018383a23598d4fdf.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\core\1dbadee4e576a27454f7a955dc096e58.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\core\2411507f92d83afe5991a3ee4d09d45b.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\core\24d9f07d5a9eeaba0ee992b0fb52a184.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\core\3233cf33fb18b2ae1611e3fca45e7320.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\core\371daa83215286351ffcbe3baed0bab3.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\core\3a9cc1b995997146837cd9cf77d91aa1.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\core\3f91f4403195771adf0a9685b16f6ded.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\core\4bc943ae45d6366c04704b622a255554.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\core\4f6353fca99e7afd8939d33933c18a5d.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\core\6e7a5acdd2cfebedb01a17f527d7481f.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\core\7826eaa6eb72060c4ab95af92e8bc318.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\core\807d4a6b287684e69b000b9cbffa7f74.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\core\8ec5e80fb5dc5659bd78f54abe4bea3b.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\core\ac503bf97b95466e03243f2a001718af.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\core\b43f65b78619058ed40d4864da295260.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\core\d325a31b2bc0af52f5b2c3865d9162c6.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\core\e0867f12f44a6d6b71854b7ccf3004bb.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\core\e09c5041ebb6a87a3520f730900008f1.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\chrome\content\core\installer.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\defaults\preferences\prefs.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\manifest.xml, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins.json, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\102.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\104.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\13.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\14.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\16.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\17.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\180.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\184.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\192.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\193.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\195.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\220.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\221.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\223.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\226.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\242.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\244.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\246.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\262.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\263.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\268.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\273.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\275.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\281.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\289.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\300.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\302.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\4.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\47.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\64.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\7.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\78.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\9.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\91.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\plugins\93.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\userCode\background.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\extensionData\userCode\extension.js, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\locale\en-US\translations.dtd, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\skin\button1.png, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\skin\button2.png, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\skin\button3.png, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\skin\button4.png, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\skin\button5.png, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\skin\crossrider_statusbar.png, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\skin\icon128.png, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\skin\icon16.png, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\skin\icon24.png, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\skin\icon48.png, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\skin\panelarrow-up.png, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\skin\popup.html, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\skin\skin.css, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\9d2db1ce83264e61a7ee63d4f@f932995ed00643899218cf824d695.com\skin\update.css, Quarantined, [a01c4bcc8eee49ed33813dd1ac57f30d], PUP.Optional.CinemaMax.A, C:\Program Files\CinemaxME_v1+\1293297481.mxaddon, Quarantined, [befe0a0d651723130f50e23939ca20e0], PUP.Optional.CinemaMax.A, C:\Program Files\CinemaxME_v1+\18aa4fcc-de88-4863-845d-3c32ca50266c.crx, Quarantined, [befe0a0d651723130f50e23939ca20e0], PUP.Optional.CinemaMax.A, C:\Program Files\CinemaxME_v1+\18aa4fcc-de88-4863-845d-3c32ca50266c.xpi, Quarantined, [befe0a0d651723130f50e23939ca20e0], PUP.Optional.CinemaMax.A, C:\Program Files\CinemaxME_v1+\a22f0697-6996-4be4-85c1-2a80a46d39ba.crx, Quarantined, [befe0a0d651723130f50e23939ca20e0], PUP.Optional.CinemaMax.A, C:\Program Files\CinemaxME_v1+\background.html, Quarantined, [befe0a0d651723130f50e23939ca20e0], PUP.Optional.CinemaMax.A, C:\Program Files\CinemaxME_v1+\CinemaxME_v1+.ico, Quarantined, [befe0a0d651723130f50e23939ca20e0], PUP.Optional.CinemaMax.A, C:\Program Files\CinemaxME_v1+\Uninstall.exe, Quarantined, [befe0a0d651723130f50e23939ca20e0], Physical Sectors: 0(No malicious items detected)(end)
 

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.