Sign in to follow this  
Metallica

Removal instructions for Cinema 4u

Recommended Posts

What is Cinema 4u?

 

The Malwarebytes research team has determined that Cinema 4u is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

 

How do I know if my computer is affected by Cinema 4u?

 

You may see these browser extensions/add-ons:

 

warning1.png

 

warning2.png

warning3.png

 

and this entry in your list of installed programs:

 

warning4.png

 

 

How did Cinema 4u get on my computer?

 

Browser hijackers use different methods for distributing themselves. This particular one was offered as a video enhancing browser extension.

 

How do I remove Cinema 4u?

 

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of Cinema 4u?
  • If you are using Opera, you may have to remove the Extension manually under Opera > Extensions click the x behind Cinema 4u and click OK in the prompt to confirm.
How would the full version of Malwarebytes Anti-Malware help protect me?

 

We hope our application and this guide have helped you eradicate this hijacker.  

 

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Cinema 4u hijacker.  It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

 

 

protection1.png

 

Technical details for experts

 

Signs in a HijackThis log:

 

O2 - BHO: 193d727f3f5b4989a5c18f019e01ddb80066513 - {11111111-1111-1111-1111-110611651113} - C:\Program Files\Cinema 4u\Cinema 4u-bho.dll
 

Alterations made by the installer:

  

File system details  ---------------------------------------------    Adds the folder C:\Program Files\Cinema 4u       Adds the file 1293297481.mxaddon"="10/14/2014 6:22 PM, 45407 bytes, A       Adds the file 4d0ec2e7-584d-427b-a601-b9b87a4eb405.crx"="10/26/2014 10:38 AM, 261911 bytes, A       Adds the file 4d0ec2e7-584d-427b-a601-b9b87a4eb405.xpi"="10/26/2014 10:38 AM, 304787 bytes, A       Adds the file 4d0ec2e7-584d-427b-a601-b9b87a4eb405-11.exe"="10/26/2014 10:38 AM, 2025984 bytes, A       Adds the file 4d0ec2e7-584d-427b-a601-b9b87a4eb405-2.exe"="10/26/2014 10:38 AM, 938496 bytes, A       Adds the file 4d0ec2e7-584d-427b-a601-b9b87a4eb405-4.exe"="10/26/2014 10:38 AM, 1534464 bytes, A       Adds the file 4d0ec2e7-584d-427b-a601-b9b87a4eb405-5.exe"="10/26/2014 10:38 AM, 870912 bytes, A       Adds the file background.html"="10/22/2014 8:00 AM, 729 bytes, A       Adds the file Cinema 4u.ico"="10/22/2014 8:00 AM, 9662 bytes, A       Adds the file Cinema 4u-bg.exe"="10/26/2014 10:38 AM, 725504 bytes, A       Adds the file Cinema 4u-bho.dll"="10/26/2014 10:38 AM, 641024 bytes, A       Adds the file Cinema 4u-buttonutil.dll"="10/26/2014 10:38 AM, 427008 bytes, A       Adds the file Cinema 4u-buttonutil.exe"="10/26/2014 10:38 AM, 301568 bytes, A       Adds the file Cinema 4u-codedownloader.exe"="10/26/2014 10:38 AM, 1120256 bytes, A       Adds the file dcb4c861-fab4-466a-a1ee-d197e1960dca.crx"="10/26/2014 10:38 AM, 263114 bytes, A       Adds the file Uninstall.exe"="10/26/2014 10:38 AM, 99840 bytes, A       Adds the file utils.exe"="10/26/2014 10:38 AM, 2624279 bytes, A    Adds the folder C:\Users\{username}\AppData\LocalLow\Cinema 4u    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\defaults    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\locale    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\skin    Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\ianidlpabkhnkeelfjjonihijaphcjhn\1.26.7_0    Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\ianidlpabkhnkeelfjjonihijaphcjhn\1.26.7_0\extensionData    Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\ianidlpabkhnkeelfjjonihijaphcjhn\1.26.7_0\icons    Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\ianidlpabkhnkeelfjjonihijaphcjhn\1.26.7_0\js    In the existing folder C:\Windows\System32\Tasks       Adds the file 4d0ec2e7-584d-427b-a601-b9b87a4eb405-1"="10/26/2014 10:38 AM, 6114 bytes, A       Adds the file 4d0ec2e7-584d-427b-a601-b9b87a4eb405-11"="10/26/2014 10:38 AM, 7848 bytes, A       Adds the file 4d0ec2e7-584d-427b-a601-b9b87a4eb405-2"="10/26/2014 10:38 AM, 5118 bytes, A       Adds the file 4d0ec2e7-584d-427b-a601-b9b87a4eb405-5"="10/26/2014 10:38 AM, 5454 bytes, A       Adds the file 4d0ec2e7-584d-427b-a601-b9b87a4eb405-5_user"="10/26/2014 10:38 AM, 5460 bytes, A    In the existing folder C:\Windows\Tasks       Adds the file 4d0ec2e7-584d-427b-a601-b9b87a4eb405-1.job"="10/26/2014 10:38 AM, 3084 bytes, A       Adds the file 4d0ec2e7-584d-427b-a601-b9b87a4eb405-11.job"="10/26/2014 10:38 AM, 4818 bytes, A       Adds the file 4d0ec2e7-584d-427b-a601-b9b87a4eb405-2.job"="10/26/2014 10:38 AM, 2088 bytes, A       Adds the file 4d0ec2e7-584d-427b-a601-b9b87a4eb405-5.job"="10/26/2014 10:38 AM, 2424 bytes, A       Adds the file 4d0ec2e7-584d-427b-a601-b9b87a4eb405-5_user.job"="10/26/2014 10:38 AM, 2424 bytes, ARegistry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Cinema 4u\cBj4JdtZMesp85LgiU1CGDUvuAbkz2MqQa4z1I1vsHvDuPxfkxA4/F1QZjlKeilRsDnzkvG1O2C4txFZfb+uIwxTHrH16DXJZq0IJVCsY4PnuXZYWpaee3hcOCzmlbsCu+YlMj0Eu7acIzOqIk8s52BqODfxdun/lkwV2jnHBQM=]       "PbRf0VgQvBviunSGLaDclME6oiNlOZJ+mPofYWqUOrzN2x4Wf8eT4ziKuIHcdlrzBbGkjO/xLdPqKojKojhk5PsblMYUa/UgBx0Dqmfoqzmj6WTFkWOs+XcEhbq+P7uilTvwu2FxMYxUtau+aPC7IPxMic9h10vMogaOxxWaCdI="="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Cinema 4u\Fg6NlwIjVeTNUdCw46pYC3FSwO4DsM+F0Tq+9/DLYUVU+ufNrVKGLijLxX1/6Ijv/5ctDPbF8qBQpayyoiGswmDTNJXxwmNb/FlCfoHDc7FDlT3m+cLPUBaN7oAXZkLnHIEPiQcSFrxMb5OotQUhwygIiv34DxpNM8mpZPyuXPg=]       "YPWwrmL1/dcLBxiidKoaQi06ucjv85XanToKikxz1kvnrF+RTdlCwCOOt02wFdyQNJ+ocAPIQeMFhCAdFVghtTYa866JQHq7TuP04S9D/ryu9FjTHTBU+QQ0L2J5wRoEj5fERKb64ByDqPoGawUbbRQknp5XTPICZRC9rwdGv56Xfpzne7bBpeK/tCtyC5ajhBXyMoPfI7LcFwoiDlc8z/G3u7VA9kiwPQSHZxV2lhMIrk9FGqwxzanuvWEgp31oyd/9+iL2Ot/X3pxtKuXNPR1AIrmP/PgqpGVDoqAHFZ9NbeD+e7eQENUI5O3Z4Zle66+qLIXCLVKVZpVO8ByoxQ=="="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Cinema 4u\HDKCIntDjp5+FfjxCF4szR75V5L7q/wDp+MQKZLBcyWp9oR8uC5QmyEjfSLzoCyg9fEEsURt0723WHdVuyIuKjWx4fJ7ixFvP/Uh0oD2fxh3OO8OOW53c2TjPuZamgsOKk2dTFSAsHCPP6pLySRbktYSszv8fVOdTDcNhpIF/88=]       "PbRf0VgQvBviunSGLaDclME6oiNlOZJ+mPofYWqUOrzN2x4Wf8eT4ziKuIHcdlrzBbGkjO/xLdPqKojKojhk5PsblMYUa/UgBx0Dqmfoqzmj6WTFkWOs+XcEhbq+P7uilTvwu2FxMYxUtau+aPC7IPxMic9h10vMogaOxxWaCdI="="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Cinema 4u\IE]       "TotalProfiles"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Cinema 4u\IE\Profiles]       "S-1-5-21-4016700205-1717049133-1125222536-1001"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Cinema 4u\Installer]       "BundledAddCh"="REG_DWORD", 1       "BundledFirefox"="REG_DWORD", 1       "BundledIe"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Cinema 4u\M1SMgHqJzQ/ZF0xoFWreyD8JjbVqYe5BJDinWZVvPVgjx7FiyeaotaHLCsguW9GTnTNYD0L28T0W88Y3fgvhSyGAkXlArSZsoeH+vzEdrKrAxlaLvBcfRN9a+GDAdWQDsnRZNHWZxPWGXrLTbxXwRPdCvhGzMijCLHApNcUR6Dg=]       "JP9NBN0Oi/xdRplGLeLUGBQ4gspqLTtiyAReXPAaMYYWiRU4uSCsYVEE9re2d/p6f6QfV1cCjtm8hFavUKKZrr/2n906YhoNyxONZU2c3Gpf9W4e7X+Hwbwz9s8j5qHifXsKRLsO8Bx6JWNnPXs4Mh0qSaUEs3NQhM/+fdnkgzg="="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\193d727f3f5b4989a5c18f019e01ddb80066513.BHO]       "(Default)"="REG_SZ", "193d727f3f5b4989a5c18f019e01ddb80066513"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\193d727f3f5b4989a5c18f019e01ddb80066513.BHO\CLSID]       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611651113}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\193d727f3f5b4989a5c18f019e01ddb80066513.BHO\CurVer]       "(Default)"="REG_SZ", "193d727f3f5b4989a5c18f019e01ddb80066513"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\193d727f3f5b4989a5c18f019e01ddb80066513.BHO.1]       "(Default)"="REG_SZ", "193d727f3f5b4989a5c18f019e01ddb80066513"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\193d727f3f5b4989a5c18f019e01ddb80066513.BHO.1\CLSID]       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611651113}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\193d727f3f5b4989a5c18f019e01ddb80066513.Sandbox]       "(Default)"="REG_SZ", "193d727f3f5b4989a5c18f019e01ddb80066513.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\193d727f3f5b4989a5c18f019e01ddb80066513.Sandbox\CLSID]       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622652213}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\193d727f3f5b4989a5c18f019e01ddb80066513.Sandbox\CurVer]       "(Default)"="REG_SZ", "193d727f3f5b4989a5c18f019e01ddb80066513.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\193d727f3f5b4989a5c18f019e01ddb80066513.Sandbox.1]       "(Default)"="REG_SZ", "193d727f3f5b4989a5c18f019e01ddb80066513.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\193d727f3f5b4989a5c18f019e01ddb80066513.Sandbox.1\CLSID]       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622652213}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611651113}]       "(Default)"="REG_SZ", "Cinema 4u"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611651113}\Implemented Categories]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611651113}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611651113}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\Cinema 4u\Cinema 4u-bho.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611651113}\ProgID]       "(Default)"="REG_SZ", "193d727f3f5b4989a5c18f019e01ddb80066513.BHO.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611651113}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611651113}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644654413}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611651113}\VersionIndependentProgID]       "(Default)"="REG_SZ", "193d727f3f5b4989a5c18f019e01ddb80066513"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622652213}]       "(Default)"="REG_SZ", "193d727f3f5b4989a5c18f019e01ddb80066513.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622652213}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\Cinema 4u\Cinema 4u-bho.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622652213}\ProgID]       "(Default)"="REG_SZ", "193d727f3f5b4989a5c18f019e01ddb80066513.Sandbox.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622652213}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622652213}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644654413}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622652213}\VersionIndependentProgID]       "(Default)"="REG_SZ", "193d727f3f5b4989a5c18f019e01ddb80066513.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655655513}]       "(Default)"="REG_SZ", "ICrossriderBHO"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655655513}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655655513}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655655513}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644654413}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666656613}]       "(Default)"="REG_SZ", "ISandBox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666656613}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666656613}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666656613}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644654413}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644654413}\1.0]       "(Default)"="REG_SZ", "193d727f3f5b4989a5c18f019e01ddb80066513 Type Library"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644654413}\1.0\0\win32]       "(Default)"="REG_SZ", "C:\Program Files\Cinema 4u\Cinema 4u-bho.dll"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644654413}\1.0\FLAGS]       "(Default)"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644654413}\1.0\HELPDIR]       "(Default)"="REG_SZ", "C:\Program Files\Cinema 4u"    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\3487]       "66513"="REG_SZ", "Cinema 4u"    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\3487\Status]       "Installed"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION]       "Cinema 4u-bg.exe"="REG_DWORD", 8000    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611651113}]       "(Default)"="REG_SZ", "193d727f3f5b4989a5c18f019e01ddb80066513"       "NoExplorer"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]       "{11111111-1111-1111-1111-110611651113}"="REG_SZ", "1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cinema 4u]       "CrAppId"="REG_SZ", "66513"       "CrPublisherId"="REG_SZ", "3487"       "DisplayIcon"="REG_SZ", "C:\Program Files\Cinema 4u\utils.exe"       "DisplayName"="REG_SZ", "Cinema 4u"       "DisplayVersion"="REG_SZ", "1.35.9.29"       "Publisher"="REG_SZ", "ads"       "UninstallString"="REG_SZ", "C:\Program Files\Cinema 4u\Uninstall.exe /fcp=1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]       "4d0ec2e7-584d-427b-a601-b9b87a4eb405-1.job"="REG_BINARY, ................................       "4d0ec2e7-584d-427b-a601-b9b87a4eb405-1.job.fp"="REG_DWORD", -273349515       "4d0ec2e7-584d-427b-a601-b9b87a4eb405-11.job"="REG_BINARY, ................................       "4d0ec2e7-584d-427b-a601-b9b87a4eb405-11.job.fp"="REG_DWORD", -1784705379       "4d0ec2e7-584d-427b-a601-b9b87a4eb405-2.job"="REG_BINARY, ................................       "4d0ec2e7-584d-427b-a601-b9b87a4eb405-2.job.fp"="REG_DWORD", 1427373854       "4d0ec2e7-584d-427b-a601-b9b87a4eb405-5.job"="REG_BINARY, ................................       "4d0ec2e7-584d-427b-a601-b9b87a4eb405-5.job.fp"="REG_DWORD", 844698909       "4d0ec2e7-584d-427b-a601-b9b87a4eb405-5_user.job"="REG_BINARY, ................................       "4d0ec2e7-584d-427b-a601-b9b87a4eb405-5_user.job.fp"="REG_DWORD", -636984242    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Cinema 4u]       "ActiveAppId"="REG_SZ", "66513"       "BhoRunningVersion"="REG_SZ", "154"       "IsBhoEnabled"="REG_DWORD", 1       "LastSetSearch"="REG_DWORD", 1414316364    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Cinema 4u\background]       "{ javascript removed, full log available on request } "    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Cinema 4u\Debug]       "DebuggedAppUrl"="REG_SZ", "file://C:\Users\{username}\Documents\debug.js"       "DebuggedBgUrl"="REG_SZ", "file://C:\Users\{username}\Documents\bg_debug.js"       "DebuggedNewTabUrl"="REG_SZ", "file://C:\Users\{username}\Documents\new_debug.js"       "IsDebuggingPlugins"="REG_DWORD", 0       "IsDebugMode"="REG_DWORD", 0    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Cinema 4u\Installer]       "AdditionalInfo"="REG_SZ", "{"asw":[67108864, -1073733563, 0],"browser_name":"ie","proc_id":"969B7E23F445456DB2398B9EF5F5200FPI","os":{"name":"7","build":"7601","product":"Windows 7 Ultimate N","sp":"Service Pack 1","install_date":"1363633411"},"upi":"8655ebc447297b398088e5f1933333c9"}"       "CodeDownloadDomain"="REG_SZ", "http://js.newgenstatsnet.com"       "CodeDownloadFbDomain"="REG_SZ", "http://js.clientdemocloud.com"       "DefaultBrowser"="REG_SZ", "ie"       "ErrorsDomain"="REG_SZ", "http://errors.newgenstatsnet.com"       "FullVersion"="REG_SZ", "1.35.9.29"       "FullVersionForUrl"="REG_SZ", "1_35_09_29"       "OsName"="REG_SZ", "7"       "Params"="REG_SZ", "{   "source_id" : "002324",   "sub_id" : "0",   "uzid" : "0"}"       "SetSearch"="REG_SZ", "false"       "SrcId"="REG_SZ", "002324"       "StatsDomain"="REG_SZ", "http://stats.newgenstatsnet.com"       "SubId"="REG_SZ", "0"       "Time"="REG_SZ", "1414316312"       "ZData"="REG_SZ", "0"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Cinema 4u\Log]       "cinema 4u-buttonutil"="REG_DWORD", 0    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Cinema 4u\Manifest]       "AddressbarURL"="REG_SZ", "NA"       "BgVersion"="REG_SZ", "1"       "ChangePrevious"="REG_SZ", "false"       "Description"="REG_SZ", "Lights out for YouTube"       "DisableIe"="REG_SZ", "true"       "EnableSearchIE"="REG_SZ", "false"       "HomePageUrl"="REG_SZ", "NA"       "IsButtonEnabled"="REG_SZ", "false"       "Manifest"="REG_SZ", "NA"       "ModeType"="REG_SZ", "production"       "Name"="REG_SZ", "Cinema 4u"       "PluginsManifestVersion"="REG_SZ", "2"       "PublisherId"="REG_SZ", "3487"       "PublisherName"="REG_SZ", "ads"       "RunInFrame"="REG_SZ", "false"       "SetNewTab"="REG_SZ", "false"       "ThanksUrl"="REG_SZ", "NA"       "UninstallerOfferAction"="REG_SZ", "NA"       "UninstallerOfferUrl"="REG_SZ", "NA"       "UpdateInterval"="REG_DWORD", 360       "Version"="REG_SZ", "7"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Cinema 4u\Update]       "LastCheck"="REG_DWORD", 1414316327    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]       "Bic"="REG_SZ", "7A83D8883D0B40C297D6EEA1AE6FE447IE"       "Verifier"="REG_SZ", "2085a143dea249f8338a35d95cd77534"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onBeforeNavigate]       "66513"="REG_SZ", ""    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onRequest]       "66513"="REG_SZ", ""    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\3487]       "66513"="REG_SZ", "Cinema 4u"    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\3487\Status]       "Installed"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\ads]       "66513"="REG_SZ", "Cinema 4u"    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611651113}]       "Flags"="REG_DWORD", 1024
 

Malwarebytes Anti-Malware log:

  

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 10/26/2014Scan Time: 10:46:24 AMLogfile: mbamCinema4u.txtAdministrator: YesVersion: 2.00.3.1025Malware Database: v2014.10.26.02Rootkit Database: v2014.10.22.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 271319Time Elapsed: 3 min, 7 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 36PUP.Optional.Cinema4U.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611651113}, Quarantined, [df6b33e6b5c7072f92154393b74a24dc], PUP.Optional.Cinema4U.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644654413}, Quarantined, [df6b33e6b5c7072f92154393b74a24dc], PUP.Optional.Cinema4U.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655655513}, Quarantined, [df6b33e6b5c7072f92154393b74a24dc], PUP.Optional.Cinema4U.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666656613}, Quarantined, [df6b33e6b5c7072f92154393b74a24dc], PUP.Optional.Cinema4U.A, HKLM\SOFTWARE\CLASSES\193d727f3f5b4989a5c18f019e01ddb80066513.BHO.1, Quarantined, [df6b33e6b5c7072f92154393b74a24dc], PUP.Optional.Cinema4U.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611651113}, Quarantined, [df6b33e6b5c7072f92154393b74a24dc], PUP.Optional.Cinema4U.A, HKLM\SOFTWARE\CLASSES\193d727f3f5b4989a5c18f019e01ddb80066513.BHO, Quarantined, [df6b33e6b5c7072f92154393b74a24dc], PUP.Optional.Cinema4U.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110611651113}, Quarantined, [df6b33e6b5c7072f92154393b74a24dc], PUP.Optional.Cinema4U.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110611651113}, Quarantined, [df6b33e6b5c7072f92154393b74a24dc], PUP.Optional.Cinema4U.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622652213}, Quarantined, [df6b33e6b5c7072f92154393b74a24dc], PUP.Optional.Cinema4U.A, HKLM\SOFTWARE\CLASSES\193d727f3f5b4989a5c18f019e01ddb80066513.Sandbox.1, Quarantined, [df6b33e6b5c7072f92154393b74a24dc], PUP.Optional.Cinema4U.A, HKLM\SOFTWARE\CLASSES\193d727f3f5b4989a5c18f019e01ddb80066513.Sandbox, Quarantined, [df6b33e6b5c7072f92154393b74a24dc], PUP.Optional.Cinema4U.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611651113}\INPROCSERVER32, Quarantined, [df6b33e6b5c7072f92154393b74a24dc], PUP.Optional.Cinema4U.A, HKLM\SOFTWARE\Cinema 4u, Quarantined, [b2987a9f7408ee48a18f061992718d73], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE, Quarantined, [2a20be5bc1bb54e28673f14009fa4ab6], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3487, Quarantined, [4dfda1786a1289ad21de3814778cbf41], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [b298100990ec0531f198ace61aea5ba5], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [53f7ff1a324a38fec4c6c6cc897bf010], PUP.Optional.Cinema4U.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Cinema 4u, Quarantined, [8bbfc35619633006052d938c1de61ee2], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [1d2d2bee29532511aa161a69897b966a], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3487, Quarantined, [5ceedb3ed4a88caab702121307fc41bf], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\ads, Quarantined, [7dcdac6d7c0092a471c22ff04bb8af51], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.Cinema4U.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Cinema 4u, Quarantined, [e3671cfd5a220f279c5030ee7390dd23], Registry Values: 1PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE|path, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [2a20be5bc1bb54e28673f14009fa4ab6]Registry Data: 0(No malicious items detected)Folders: 21PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Download, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Install, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline\{C6C4E1B5-8E66-4AB4-BF22-B54486BF698D}, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.839, Quarantined, [331712076c103afcf4b7b557f70c24dc], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\api, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\core, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\defaults, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\defaults\preferences, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\plugins, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\userCode, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\locale, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\locale\en-US, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\skin, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.Cinema4U.A, C:\Program Files\Cinema 4u, Quarantined, [e3671cfd5a220f279c5030ee7390dd23], Files: 146PUP.Optional.Cinema4U.A, C:\Program Files\Cinema 4u\Cinema 4u-bho.dll, Quarantined, [df6b33e6b5c7072f92154393b74a24dc], PUP.Optional.CrossRider.A, C:\Users\{username}\Desktop\Cinema 4u.exe, Quarantined, [0c3ee9306e0e69cd45eff755c040748c], PUP.Optional.Cinema4U.A, C:\Program Files\Cinema 4u\4d0ec2e7-584d-427b-a601-b9b87a4eb405-11.exe, Quarantined, [3d0d1ffac5b7043201a621b50cf551af], PUP.Optional.Cinema4U.A, C:\Program Files\Cinema 4u\4d0ec2e7-584d-427b-a601-b9b87a4eb405-2.exe, Quarantined, [0149a6732953e254921533a34ab7ba46], PUP.Optional.Cinema4U.A, C:\Program Files\Cinema 4u\4d0ec2e7-584d-427b-a601-b9b87a4eb405-4.exe, Quarantined, [a1a975a4611b1f17089ff1e50100df21], PUP.Optional.Cinema4U.A, C:\Program Files\Cinema 4u\4d0ec2e7-584d-427b-a601-b9b87a4eb405-5.exe, Quarantined, [371330e9463695a16641cc0a5aa7cf31], PUP.Optional.Cinema4U.A, C:\Program Files\Cinema 4u\Cinema 4u-bg.exe, Quarantined, [5af0ab6ebac2d26452557b5bdf228f71], PUP.Optional.Cinema4U.A, C:\Program Files\Cinema 4u\Cinema 4u-buttonutil.exe, Quarantined, [2822d049502ccf67c7e0b4229b6627d9], PUP.Optional.Cinema4U.A, C:\Program Files\Cinema 4u\Cinema 4u-codedownloader.exe, Quarantined, [b09a26f3790382b4aff830a6f1108e72], PUP.Optional.CrossRider.A, C:\Program Files\Cinema 4u\utils.exe, Quarantined, [103a899098e43105fc3875d7a85859a7], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4d0ec2e7-584d-427b-a601-b9b87a4eb405-1, Quarantined, [f852da3f0b715adcec085bd66a992cd4], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4d0ec2e7-584d-427b-a601-b9b87a4eb405-11, Quarantined, [50fa67b285f7e056569e9e9371929d63], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4d0ec2e7-584d-427b-a601-b9b87a4eb405-2, Quarantined, [4cfe1702c6b653e3fef6c1705ca78779], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4d0ec2e7-584d-427b-a601-b9b87a4eb405-5, Quarantined, [80ca39e09fdd54e2d2220a27877cf50b], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4d0ec2e7-584d-427b-a601-b9b87a4eb405-5_user, Quarantined, [52f8180125578fa76b894fe2a063916f], PUP.Optional.CrossRider.T, C:\Windows\Tasks\4d0ec2e7-584d-427b-a601-b9b87a4eb405-1.job, Quarantined, [ac9e041559230c2a58c7751b73912ed2], PUP.Optional.CrossRider.T, C:\Windows\Tasks\4d0ec2e7-584d-427b-a601-b9b87a4eb405-11.job, Quarantined, [97b3b762d8a46cca31ee058bab59f10f], PUP.Optional.CrossRider.T, C:\Windows\Tasks\4d0ec2e7-584d-427b-a601-b9b87a4eb405-2.job, Quarantined, [7bcfc158cab2b97d948bf9978c78a858], PUP.Optional.CrossRider.T, C:\Windows\Tasks\4d0ec2e7-584d-427b-a601-b9b87a4eb405-5.job, Quarantined, [9eace237ec90f14526f94d4340c4f10f], PUP.Optional.CrossRider.T, C:\Windows\Tasks\4d0ec2e7-584d-427b-a601-b9b87a4eb405-5_user.job, Quarantined, [84c6cb4e49337eb8a47bb8d847bd2fd1], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Quarantined, [1a3072a787f50b2b5adbe7a930d4c43c], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, Quarantined, [b5952dec3e3eb581fe3899f70ef6e020], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Quarantined, [3515b861eb91c17537004a46ba4af60a], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, Quarantined, [78d2e237f785bd79db5de1af52b20ff1], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psuser.dll, Quarantined, [fd4d20f935475fd77c139b71b74c08f8], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.839\GoogleCrashHandler.exe, Quarantined, [331712076c103afcf4b7b557f70c24dc], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.839\GoogleUpdate.exe, Quarantined, [331712076c103afcf4b7b557f70c24dc], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.839\GoogleUpdateBroker.exe, Quarantined, [331712076c103afcf4b7b557f70c24dc], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.839\GoogleUpdateHelper.msi, Quarantined, [331712076c103afcf4b7b557f70c24dc], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.839\GoogleUpdateOnDemand.exe, Quarantined, [331712076c103afcf4b7b557f70c24dc], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.839\goopdate.dll, Quarantined, [331712076c103afcf4b7b557f70c24dc], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.839\goopdateres_en.dll, Quarantined, [331712076c103afcf4b7b557f70c24dc], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.839\npGoogleUpdate4.dll, Quarantined, [331712076c103afcf4b7b557f70c24dc], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.839\psmachine.dll, Quarantined, [331712076c103afcf4b7b557f70c24dc], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.839\psuser.dll, Quarantined, [331712076c103afcf4b7b557f70c24dc], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome.manifest, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\install.rdf, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\5d067b4f38fee64a49f4585c40d681d3.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\6e7e60777632efbb84a380b3608cb7fb.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\b30a7a10dc17d2e975dfd6b0d128d027.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\background.html, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\browser.xul, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\df3f789ad74415b360bfc7d46c5bfff5.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\dialog.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\e8e3dcd89618fd2c80dedc51ccbbd0f0.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\fd31bff43550b8bc5812c2d229521f29.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\options.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\options.xul, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\search_dialog.xul, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\api\8482e4cc6b3a9c0e47d89f4e3f3e584e.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\api\10e608951853b0ad7e7409d10f8d5209.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\api\1ac6be396b778e30687f23566001bb01.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\api\1ec6107c05c4e46a9cdfa16618ec1bfb.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\api\2a052b721b10c486d42a8efa2f19d714.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\api\32f726339522d168ce4a2bf53e9b6b89.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\api\48a2888c8b6073378846ab5649759d1c.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\api\4990ee19766baec8d064ec9f94614958.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\api\50f8068ada854b62b2e1b0ebe160784b.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\api\8ae583c11a1860267ab97770941ea386.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\api\8b9c27898300f91e60b4a9d7b3c0ca27.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\api\ba6b511cf210f75a79fc645b4b2b09df.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\api\d798ed46cdee8411894f53d97fe14eaf.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\api\e12d4edb8b45082cd6b4fb96a01dd7cb.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\api\f2e00f4f88073cf73399cc0fa39cfb7a.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\api\f43a4746d06141901e7e8080baa89389.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\core\98126a37b2635d064c4378d708e8057e.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\core\0958203afb4c57194951fcf876123a4b.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\core\19b7e01d846201eb5c6ebbd003781930.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\core\236153a3b74f6b6ba2936ae8c2d8ce01.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\core\2e158fc7e454f12ae2f22c17bdff7ee3.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\core\2e4f9010c2b929b25fae53dd028686a1.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\core\357c3c145b1f1aabc261f62d623c3dd2.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\core\3c57afd9d20519b34a69213e68f66083.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\core\56b7257d2c9a0bf8d1e9ef999dd0f058.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\core\7043ed9c987bf74813b58dd4bf761a32.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\core\85045699ee5706820ca36729f9b0e96d.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\core\8fdfd5dd265a387a1115f6d6083bcaee.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\core\a4167e250e71a9a6a58434a623ecc52a.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\core\a57724e33db5f0c4de31384342932f8d.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\core\a736e6f106f3075e6ad586f8e5cad7eb.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\core\b1d42c58d63b509aa4b80f515dfff655.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\core\b58c892fb2419bf316e184b03a32e611.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\core\d773906b7bd257545dcb0713e97899ad.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\core\ecea54ab254b267978b96cdbd7568654.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\core\f435e3727f5770497137267d1b0ba713.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\chrome\content\core\installer.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\defaults\preferences\prefs.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\manifest.xml, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\plugins.json, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\plugins\1.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\plugins\13.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\plugins\14.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\plugins\16.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\plugins\17.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\plugins\177.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\plugins\182.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\plugins\183.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\plugins\207.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\plugins\21.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\plugins\22.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\plugins\246.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\plugins\268.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\plugins\28.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\plugins\4.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\plugins\47.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\plugins\64.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\plugins\72.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\plugins\78.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\plugins\91.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\plugins\98.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\userCode\background.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\extensionData\userCode\extension.js, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\locale\en-US\translations.dtd, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\skin\button1.png, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\skin\button2.png, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\skin\button3.png, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\skin\button4.png, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\skin\button5.png, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\skin\crossrider_statusbar.png, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\skin\icon128.png, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\skin\icon16.png, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\skin\icon24.png, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\skin\icon48.png, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\skin\panelarrow-up.png, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\skin\popup.html, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\skin\skin.css, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com\skin\update.css, Quarantined, [9eac87921567ca6cf5f6d44a50b3b34d], PUP.Optional.Cinema4U.A, C:\Program Files\Cinema 4u\1293297481.mxaddon, Quarantined, [e3671cfd5a220f279c5030ee7390dd23], PUP.Optional.Cinema4U.A, C:\Program Files\Cinema 4u\4d0ec2e7-584d-427b-a601-b9b87a4eb405.crx, Quarantined, [e3671cfd5a220f279c5030ee7390dd23], PUP.Optional.Cinema4U.A, C:\Program Files\Cinema 4u\4d0ec2e7-584d-427b-a601-b9b87a4eb405.xpi, Quarantined, [e3671cfd5a220f279c5030ee7390dd23], PUP.Optional.Cinema4U.A, C:\Program Files\Cinema 4u\background.html, Quarantined, [e3671cfd5a220f279c5030ee7390dd23], PUP.Optional.Cinema4U.A, C:\Program Files\Cinema 4u\Cinema 4u-buttonutil.dll, Quarantined, [e3671cfd5a220f279c5030ee7390dd23], PUP.Optional.Cinema4U.A, C:\Program Files\Cinema 4u\Cinema 4u.ico, Quarantined, [e3671cfd5a220f279c5030ee7390dd23], PUP.Optional.Cinema4U.A, C:\Program Files\Cinema 4u\dcb4c861-fab4-466a-a1ee-d197e1960dca.crx, Quarantined, [e3671cfd5a220f279c5030ee7390dd23], PUP.Optional.Cinema4U.A, C:\Program Files\Cinema 4u\Uninstall.exe, Quarantined, [e3671cfd5a220f279c5030ee7390dd23], Physical Sectors: 0(No malicious items detected)(end)
 

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.