Removal instructions for MedPvid

Metallica · January 25, 2015

What is MedPvid?

The Malwarebytes research team has determined that MedPvid is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is affected by MedPvid?

You may see these browser extensions/add-ons:

these tasks in your Task Scheduler:

and this entry in your list of installed programs:

How did MedPvid get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove MedPvid?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.

Please download Malwarebytes Anti-Malware to your desktop.
Double-click mbam-setup-version.exe and follow the prompts to install the program.
At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
Then click Finish.
If an update is found, you will be prompted to download and install the latest version.
Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
Reboot your computer if prompted.

Is there anything else I need to do to get rid of MedPvid?

No, Malwarebytes' Anti-Malware removes MedPvid completely.
This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.

How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the MedPvid hijacker. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

Technical details for experts

Signs in a HijackThis log:

O2 - BHO: 5957acae63ad4d89b684a64590505c730067913 - {11111111-1111-1111-1111-110611791113} - C:\Program Files\MedPvid2.3\MedPvid2.3-bho.dll

You may see these entries in a FRST log:

 BHO: MedPvid2.3 -> {11111111-1111-1111-1111-110611791113} -> C:\Program Files\MedPvid2.3\MedPvid2.3-bho.dll (MedPServ4Player) FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\74979c91-c812-44d6-90e1-1ff0491351e5@e3e0c78c-dd15-4ac4-b6a0-08cad184bd23.com [Not Found] FF Extension: MedPvid2.3 - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\Extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com [2015-01-25] () C:\Windows\Tasks\2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-1.job () C:\Windows\Tasks\2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-5_user.job () C:\Windows\Tasks\2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-5.job () C:\Program Files\MedPvid2.3

Alterations made by the installer:

File system details  ---------------------------------------------    Adds the folder C:\Program Files\MedPvid2.3       Adds the file 2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3.xpi"="1/25/2015 2:30 PM, 363219 bytes, A       Adds the file 2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-4.exe"="1/25/2015 2:30 PM, 1477608 bytes, A       Adds the file 2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-5.exe"="1/25/2015 2:30 PM, 1119208 bytes, A       Adds the file background.html"="1/24/2015 11:15 AM, 729 bytes, A       Adds the file MedPvid2.3.ico"="1/24/2015 11:15 AM, 15086 bytes, A       Adds the file MedPvid2.3-bg.exe"="1/25/2015 2:30 PM, 589800 bytes, A       Adds the file MedPvid2.3-bho.dll"="1/25/2015 2:30 PM, 672744 bytes, A       Adds the file MedPvid2.3-codedownloader.exe"="1/25/2015 2:30 PM, 1078760 bytes, A       Adds the file Uninstall.exe"="1/25/2015 2:29 PM, 116200 bytes, A       Adds the file utils.exe"="1/25/2015 2:29 PM, 2764321 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com       Adds the file chrome.manifest"="1/25/2015 2:30 PM, 642 bytes, A       Adds the file install.rdf"="1/25/2015 2:30 PM, 1300 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\defaults    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\locale    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin    In the existing folder C:\Windows\System32\Tasks       Adds the file 2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-1"="1/25/2015 2:30 PM, 6118 bytes, A       Adds the file 2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-5"="1/25/2015 2:30 PM, 5456 bytes, A       Adds the file 2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-5_user"="1/25/2015 2:30 PM, 5462 bytes, A    In the existing folder C:\Windows\Tasks       Adds the file 2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-1.job"="1/25/2015 2:30 PM, 3088 bytes, A       Adds the file 2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-5.job"="1/25/2015 2:30 PM, 2426 bytes, A       Adds the file 2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-5_user.job"="1/25/2015 2:30 PM, 2426 bytes, ARegistry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\Software\Crossrider]       "Bic"="REG_SZ", "D5136CA6B3CF49129EEDA500852D5171IE"       "Verifier"="REG_SZ", "07fc858afac33166f6fb6cd426f16b6e"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\5957acae63ad4d89b684a64590505c730067913.BHO]       "(Default)"="REG_SZ", "5957acae63ad4d89b684a64590505c730067913"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\5957acae63ad4d89b684a64590505c730067913.BHO\CLSID]       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611791113}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\5957acae63ad4d89b684a64590505c730067913.BHO\CurVer]       "(Default)"="REG_SZ", "5957acae63ad4d89b684a64590505c730067913"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\5957acae63ad4d89b684a64590505c730067913.BHO.1]       "(Default)"="REG_SZ", "5957acae63ad4d89b684a64590505c730067913"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\5957acae63ad4d89b684a64590505c730067913.BHO.1\CLSID]       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611791113}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\5957acae63ad4d89b684a64590505c730067913.Sandbox]       "(Default)"="REG_SZ", "5957acae63ad4d89b684a64590505c730067913.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\5957acae63ad4d89b684a64590505c730067913.Sandbox\CLSID]       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622792213}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\5957acae63ad4d89b684a64590505c730067913.Sandbox\CurVer]       "(Default)"="REG_SZ", "5957acae63ad4d89b684a64590505c730067913.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\5957acae63ad4d89b684a64590505c730067913.Sandbox.1]       "(Default)"="REG_SZ", "5957acae63ad4d89b684a64590505c730067913.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\5957acae63ad4d89b684a64590505c730067913.Sandbox.1\CLSID]       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622792213}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611791113}]       "(Default)"="REG_SZ", "MedPvid2.3"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611791113}\Implemented Categories]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611791113}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611791113}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\MedPvid2.3\MedPvid2.3-bho.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611791113}\ProgID]       "(Default)"="REG_SZ", "5957acae63ad4d89b684a64590505c730067913.BHO.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611791113}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611791113}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644794413}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611791113}\VersionIndependentProgID]       "(Default)"="REG_SZ", "5957acae63ad4d89b684a64590505c730067913"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622792213}]       "(Default)"="REG_SZ", "5957acae63ad4d89b684a64590505c730067913.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622792213}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\MedPvid2.3\MedPvid2.3-bho.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622792213}\ProgID]       "(Default)"="REG_SZ", "5957acae63ad4d89b684a64590505c730067913.Sandbox.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622792213}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622792213}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644794413}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622792213}\VersionIndependentProgID]       "(Default)"="REG_SZ", "5957acae63ad4d89b684a64590505c730067913.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655795513}]       "(Default)"="REG_SZ", "ICrossriderBHO"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655795513}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655795513}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655795513}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644794413}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666796613}]       "(Default)"="REG_SZ", "ISandBox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666796613}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666796613}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666796613}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644794413}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644794413}\1.0]       "(Default)"="REG_SZ", "5957acae63ad4d89b684a64590505c730067913 Type Library"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644794413}\1.0\0\win32]       "(Default)"="REG_SZ", "C:\Program Files\MedPvid2.3\MedPvid2.3-bho.dll"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644794413}\1.0\FLAGS]       "(Default)"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644794413}\1.0\HELPDIR]       "(Default)"="REG_SZ", "C:\Program Files\MedPvid2.3"    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\21636]       "67913"="REG_SZ", "MedPvid2.3"    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\21636\Status]       "Installed"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\MedPvid2.3\IE]       "TotalProfiles"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\MedPvid2.3\IE\Profiles]       "S-1-5-21-4016700205-1717049133-1125222536-1001"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\MedPvid2.3\IHPX2kAymtFhkRoQR3HZW0zcsQNBHS+7Tz1C50jWabLEAkr+Q5LagphPLYzVfSB/TehBCut+UdbDSMXz2bXMIs/lRO2DNcQhrBeUfK1BUAFoJQ6nGeFRbx/95xgkbIssmCDCNUWvjY3OyfSaL95ekWgVSld/sb/0R0bs3kGcAQw=]       "tfVPIgJ+s9Go9rCXdkraKTSTGJG7FyO3VqoQ1ayeNEZd4ib8coWZpt0MUhIkkDEXDOevtI0HsRJxeitAzokFvs+nq5Yyn1z67TgyhclS6J26RwFSb843W8aKWI7XO1m8fEZc6DrTCi0lwVcbS4hE35fbJv0jU/cCDUL6QA4TMK6Xfpzne7bBpeK/tCtyC5ajhBXyMoPfI7LcFwoiDlc8z/G3u7VA9kiwPQSHZxV2lhMIrk9FGqwxzanuvWEgp31oyd/9+iL2Ot/X3pxtKuXNPR1AIrmP/PgqpGVDoqAHFZ9NbeD+e7eQENUI5O3Z4Zle66+qLIXCLVKVZpVO8ByoxQ=="="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\MedPvid2.3\Installer]       "BundledFirefox"="REG_DWORD", 1       "BundledIe"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\MedPvid2.3\NNZ/uA4+lhTSVVOHgWB8D4SvB8U3kQJPsKBwpSgHDKXWRSn/TCTnlJLzGFJU52mZdvtJEoqd+SqNdfo4/QUf2WbCtiolhUcKC/UM29y+XHvUVXK5imxiRKwHifniRvyuQHIUAk/uRmaMIeGrseQYtTDDg8wpaN6VNfq9UAE4y4w=]       "BK19fQY4bs80u8ossnbXY40WoZ15CMXpVoPsIF6js4adrcgoB2aoDR0eVFiAQqIjsXRSLZqkuvyW3AbqffHM1kV+phO02+SDuNDasw4s/NWE/WgvUMwToPqadHgEJDzic96nb4Aox9TLyfSsSAWDQdRhV1B5hCL1hToRfwuezs8="="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION]       "MedPvid2.3-bg.exe"="REG_DWORD", 8000    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611791113}]       "(Default)"="REG_SZ", "5957acae63ad4d89b684a64590505c730067913"       "NoExplorer"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MedPvid2.3]       "CrAppId"="REG_SZ", "67913"       "CrPublisherId"="REG_SZ", "21636"       "DisplayIcon"="REG_SZ", "C:\Program Files\MedPvid2.3\utils.exe"       "DisplayName"="REG_SZ", "MedPvid2.3"       "DisplayVersion"="REG_SZ", "1.36.01.22"       "Publisher"="REG_SZ", "MedPServ4Player"       "UninstallString"="REG_SZ", "C:\Program Files\MedPvid2.3\Uninstall.exe /fcp=1  "    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]       "2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-1.job"="REG_BINARY, ................................       "2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-1.job.fp"="REG_DWORD", -2116035594       "2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-5.job"="REG_BINARY, ................................       "2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-5.job.fp"="REG_DWORD", -1066016016       "2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-5_user.job"="REG_BINARY, ................................       "2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-5_user.job.fp"="REG_DWORD", 926217616    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]       "Bic"="REG_SZ", "D5136CA6B3CF49129EEDA500852D5171IE"       "Verifier"="REG_SZ", "07fc858afac33166f6fb6cd426f16b6e"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\MedPvid2.3]       "ActiveAppId"="REG_SZ", "67913"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\MedPvid2.3\Code]       " { JavaScript removed, full log available on request } "    [HKEY_CURRENT_USER\Software\AppDataLow\Software\MedPvid2.3\Installer]       "AdditionalInfo"="REG_SZ", "{"asw":[67108864, -1073733563, 0, 0],"browser_name":"ie","proc_id":"725AAB78230D47298A094A6FB3B5A9AAPI","os":{"name":"7","build":"7601","product":"Windows 7 Ultimate N","sp":"Service Pack 1","install_date":"1363633411"},"upi":"8655ebc447297b398088e5f1933333c9"}"       "CodeDownloadDomain"="REG_SZ", "http://js.onlineinputstorage.com"       "CodeDownloadFbDomain"="REG_SZ", "http://js.clientdemocloud.com"       "DefaultBrowser"="REG_SZ", "ie"       "ErrorsDomain"="REG_SZ", "http://errors.onlineinputstorage.com"       "FullVersion"="REG_SZ", "1.36.01.22"       "FullVersionForUrl"="REG_SZ", "1_36_01_22"       "OsName"="REG_SZ", "7"       "Params"="REG_SZ", "{   "source_id" : "002435",   "sub_id" : "0",   "uzid" : "0"}"       "SrcId"="REG_SZ", "002435"       "StatsDomain"="REG_SZ", "http://stats.onlineinputstorage.com"       "SubId"="REG_SZ", "0"       "Time"="REG_SZ", "1422192593"       "ZData"="REG_SZ", "0"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\MedPvid2.3\Manifest]       "AddressbarURL"="REG_SZ", "NA"       "BgVersion"="REG_SZ", "1"       "ChangePrevious"="REG_SZ", "false"       "Description"="REG_SZ", "MediaPlayerEnhance Extension"       "DisableIe"="REG_SZ", "true"       "EnableSearchIE"="REG_SZ", "false"       "HomePageUrl"="REG_SZ", "NA"       "IsButtonEnabled"="REG_SZ", "false"       "Manifest"="REG_SZ", "NA"       "ModeType"="REG_SZ", "production"       "Name"="REG_SZ", "MedPvid2.3"       "PluginsManifestVersion"="REG_SZ", "35"       "PublisherId"="REG_SZ", "21636"       "PublisherName"="REG_SZ", "MedPServ4Player"       "RunInFrame"="REG_SZ", "false"       "SetNewTab"="REG_SZ", "false"       "ThanksUrl"="REG_SZ", "NA"       "UninstallerOfferAction"="REG_SZ", "NA"       "UninstallerOfferUrl"="REG_SZ", "NA"       "UpdateInterval"="REG_DWORD", 360       "Version"="REG_SZ", "40"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\MedPvid2.3\Update]       "LastCheck"="REG_DWORD", 1422192605    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\MedPvid2.3]    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\21636]       "67913"="REG_SZ", "MedPvid2.3"    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\21636\Status]       "Installed"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\MedPServ4Player]       "67913"="REG_SZ", "MedPvid2.3"    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Approved Extensions]       "{11111111-1111-1111-1111-110611791113}"="REG_BINARY, ............    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611791113}]       "VerCache"="REG_BINARY, ......................

Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 1/25/2015Scan Time: 2:35:59 PMLogfile: mbamMedPVid.txtAdministrator: YesVersion: 2.00.4.1028Malware Database: v2015.01.25.06Rootkit Database: v2015.01.14.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 290726Time Elapsed: 5 min, 13 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 19PUP.Optional.MediaPlayerVideo.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611791113}, Quarantined, [ccce55a6d4b5bc7adbf823b916efd828], PUP.Optional.MediaPlayerVideo.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644794413}, Quarantined, [ccce55a6d4b5bc7adbf823b916efd828], PUP.Optional.MediaPlayerVideo.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655795513}, Quarantined, [ccce55a6d4b5bc7adbf823b916efd828], PUP.Optional.MediaPlayerVideo.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666796613}, Quarantined, [ccce55a6d4b5bc7adbf823b916efd828], PUP.Optional.MediaPlayerVideo.A, HKLM\SOFTWARE\CLASSES\5957acae63ad4d89b684a64590505c730067913.BHO.1, Quarantined, [ccce55a6d4b5bc7adbf823b916efd828], PUP.Optional.MediaPlayerVideo.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611791113}, Quarantined, [ccce55a6d4b5bc7adbf823b916efd828], PUP.Optional.MediaPlayerVideo.A, HKLM\SOFTWARE\CLASSES\5957acae63ad4d89b684a64590505c730067913.BHO, Quarantined, [ccce55a6d4b5bc7adbf823b916efd828], PUP.Optional.MediaPlayerVideo.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110611791113}, Quarantined, [ccce55a6d4b5bc7adbf823b916efd828], PUP.Optional.MediaPlayerVideo.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110611791113}, Quarantined, [ccce55a6d4b5bc7adbf823b916efd828], PUP.Optional.MediaPlayerVideo.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622792213}, Quarantined, [ccce55a6d4b5bc7adbf823b916efd828], PUP.Optional.MediaPlayerVideo.A, HKLM\SOFTWARE\CLASSES\5957acae63ad4d89b684a64590505c730067913.Sandbox.1, Quarantined, [ccce55a6d4b5bc7adbf823b916efd828], PUP.Optional.MediaPlayerVideo.A, HKLM\SOFTWARE\CLASSES\5957acae63ad4d89b684a64590505c730067913.Sandbox, Quarantined, [ccce55a6d4b5bc7adbf823b916efd828], PUP.Optional.MediaPlayerVideo.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611791113}\INPROCSERVER32, Quarantined, [ccce55a6d4b5bc7adbf823b916efd828], PUP.Optional.MediaPlayerVideo.A, HKLM\SOFTWARE\MedPvid2.3, Quarantined, [acee6992b1d89f97109307712bd81ce4], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636, Quarantined, [9604fffc8ffa7cba7aeccee623e0a759], PUP.Optional.CrossRider.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [ff9bca31711833032ba1edfd0301c63a], PUP.Optional.MediaPlayerVideo.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\MedPvid2.3, Quarantined, [c9d1f9024940a294168f6b0d867dfb05], PUP.Optional.CrossRider.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636, Quarantined, [9dfda556e5a4b680256b6e1fbd46ff01], PUP.Optional.MediaPlayerVideo.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MedPvid2.3, Quarantined, [4b4f0bf0791055e1e16985f392710ef2], Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 14PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\defaults, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\defaults\preferences, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\userCode, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\locale, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\locale\en-US, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.MediaPlayerVideo.A, C:\Program Files\MedPvid2.3, Quarantined, [4b4f0bf0791055e1e16985f392710ef2], Files: 121PUP.Optional.MediaPlayerVideo.A, C:\Program Files\MedPvid2.3\MedPvid2.3-bho.dll, Quarantined, [ccce55a6d4b5bc7adbf823b916efd828], PUP.Optional.CrossRider.A, C:\Users\{username}\Desktop\MedPvid2.3.exe, Quarantined, [c1d923d85f2a5fd74f5b4ab5ab56aa56], PUP.Optional.MediaPlayerVideo.A, C:\Program Files\MedPvid2.3\2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-4.exe, Quarantined, [069414e70a7fe650d300a23af70ea858], PUP.Optional.MediaPlayerVideo.A, C:\Program Files\MedPvid2.3\2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-5.exe, Quarantined, [772395667514bb7befe489530104f808], PUP.Optional.MediaPlayerVideo.A, C:\Program Files\MedPvid2.3\MedPvid2.3-bg.exe, Quarantined, [b2e873880a7f52e4f0e3aa32ad586997], PUP.Optional.MediaPlayerVideo.A, C:\Program Files\MedPvid2.3\MedPvid2.3-codedownloader.exe, Quarantined, [1189619aeb9e77bfdbf8defef90c0bf5], PUP.Optional.CrossRider.A, C:\Program Files\MedPvid2.3\utils.exe, Quarantined, [7228c437355446f09da02534956b3bc5], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-1, Quarantined, [900aa655ff8a9e98742e3f5ab64d7f81], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-5, Quarantined, [c9d1d2294049b87e4e542f6af50e20e0], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-5_user, Quarantined, [7a2048b3cfbaf244049eddbcf90a38c8], PUP.Optional.CrossRider.T, C:\Windows\Tasks\2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-1.job, Quarantined, [2b6ff902b0d978bedf3900f7897b2fd1], PUP.Optional.CrossRider.T, C:\Windows\Tasks\2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-5.job, Quarantined, [d4c6cd2e513816209e7a33c4b252758b], PUP.Optional.CrossRider.T, C:\Windows\Tasks\2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3-5_user.job, Quarantined, [990108f3682169cde43438bf7c88e818], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome.manifest, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\install.rdf, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\0482ee2ea15d79c49973a24211b6fd0f.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\848eda05501b10910fcfc779d924148b.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\91665dae7f574ffbc9774b5600cb7bea.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\9aa15a80771550c36083c4a20c89df58.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\ad0ed61b9257234d426156c424cac92b.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\background.html, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\browser.xul, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\d3869b3a65d24afb13275f19961170aa.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\dialog.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\options.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\options.xul, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\search_dialog.xul, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\7779646467ae6910e852987b9cdc0ce7.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\0955ff65e8b58e15eea6d2d7a48b604f.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\14f99f2e2647d7500c39ee5928ea8ab5.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\200fbe27b2a78c2863b66e9fe1f53dea.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\202af208b52bea526c00f22eacf00e6d.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\22c412e22c9424b43287a6c60f27b940.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\2ec9cf6b1aa5f6b9d00b86629300cee9.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\4b548b6558166e613a6c8d4357a8091d.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\636fc5c3ee2945ff3496bd9f00b2e733.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\7855fe5dac0f1236bdc31605c4b86fc3.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\949307c2eb8b28fead2f51f33892ce42.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\abb352d4614af73f6b2aedd043ad3af8.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\b38cd446a6d79da96b001ec8b58dd10b.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\e8d3d0ac8b3887039619df421b237e6b.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\fd39eae25d5160cdd4a7d186f7b7bd5f.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\ff6eff88afa64c35f5348e984ba355bc.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\03c6e3b55aadd913d9e2334a702953a5.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\154712f38e303ac13ce2740776683a49.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\1b2c01b0b34f00a34d1a998bdb1bdd32.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\22bfab19daabe00eff87fc88bf368f96.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\246c310a0244d0048636a4fbea92d4f2.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\3d3f401661b96e3115f878d0a478574c.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\44d952e1391370ad43afff090533c2d2.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\4e6cfe5770e9da34d105d99ba0799cf6.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\53b3e24ab6a19b05affa8bf9d466e888.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\6a7823d06f677af262717b173ab50c8f.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\70100dbcb8cf1d3d8b0b823d6133db53.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\87ca36d63ade51b0846b0d68001e57de.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\9b426925dfc770a148677bee2aae965e.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\a39e3a88207a69ab4fb0738781e35ae2.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\a8e7a5dd47fd277b8fb530ab7593cb44.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\c33f08d7b7c5bfc711bc8dcbdbb5a1f2.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\cc3843d5763ab7794d9c9f1926f70713.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\d283d288b75fcb1ad3bb3e3b31d30b24.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\d57ebb036433b7d414a9ab75f4ce05a2.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\e53c2aa12b16a318d63d0d2c9fb96f76.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\installer.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\defaults\preferences\prefs.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\manifest.xml, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins.json, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\102.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\13.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\14.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\16.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\17.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\180.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\184.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\192.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\193.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\195.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\200.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\220.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\221.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\223.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\242.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\246.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\253.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\262.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\263.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\273.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\281.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\288.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\301.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\345.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\354.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\4.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\47.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\64.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\7.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\78.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\9.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\91.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\userCode\background.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\userCode\extension.js, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\locale\en-US\translations.dtd, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\button1.png, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\button2.png, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\button3.png, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\button4.png, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\button5.png, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\crossrider_statusbar.png, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\icon128.png, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\icon16.png, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\icon24.png, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\icon48.png, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\panelarrow-up.png, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\popup.html, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\skin.css, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\update.css, Quarantined, [e4b69a6163266dc92d9e87e8a1622fd1], PUP.Optional.MediaPlayerVideo.A, C:\Program Files\MedPvid2.3\2ee80d9c-deb0-4b45-a3ca-ff8bf26ca6e3.xpi, Quarantined, [4b4f0bf0791055e1e16985f392710ef2], PUP.Optional.MediaPlayerVideo.A, C:\Program Files\MedPvid2.3\background.html, Quarantined, [4b4f0bf0791055e1e16985f392710ef2], PUP.Optional.MediaPlayerVideo.A, C:\Program Files\MedPvid2.3\MedPvid2.3.ico, Quarantined, [4b4f0bf0791055e1e16985f392710ef2], PUP.Optional.MediaPlayerVideo.A, C:\Program Files\MedPvid2.3\Uninstall.exe, Quarantined, [4b4f0bf0791055e1e16985f392710ef2], Physical Sectors: 0(No malicious items detected)(end)

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

Dynamically Blocks Malware Sites & Servers
Malware Execution Prevention

Save yourself the hassle and get protected.

Sign In

Removal instructions for MedPvid

Recommended Posts

Metallica

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information