Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for Savings Wave

- - - - -
Started by Metallica , Apr 05 2014 08:44 AM

  • Please log in to reply
No replies to this topic

#1
Metallica
Posted 05 April 2014 - 08:44 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts

Content is republished with permission from Malwarebytes.

 

What is Savings Wave?
 
The Malwarebytes research team has determined that Savings Wave is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also displays advertisements.
 
How do I know if my computer is affected by Savings Wave?
 
You may see these browser extensions/add-ons:
 
warning1.png
 
warning2.png
 
warning3.png
 
and this entry in your list of installed programs:
 
warning4.png
 
 
How did Savings Wave get on my computer?
 
Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.
 
How do I remove Savings Wave?
 
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
  • Enable free trial of Malwarebytes Anti-Malware Premium
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
    • Is there anything else I need to do to get rid of Savings Wave?
     
  • The Chrome extension can now safely be removed. Open "Settings" > "Extensions" and click the bin behind the Savings Wave listing. Then confirm removal.
    • How would the full version of Malwarebytes Anti-Malware help protect me?
     
    We hope our application and this guide have helped you eradicate this hijacker.  
     
    As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Savings Wave rogue.  It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.
     
     

    protection1.png

    Technical details for experts
     
    Signs in a HijackThis log:
    O2 - BHO: CrossriderApp0012765 - {11111111-1111-1111-1111-110111271165} - C:\Program Files\Savings Wave\Savings Wave-bho.dll
     
    Alterations made by the installer:
    File system details  
---------------------------------------------
Adds the folder C:\Program Files\Savings Wave
  Adds the file background.html"="8/8/2013 10:30 AM, 740 bytes, A
  Adds the file Installer.log"="4/5/2014 3:48 PM, 165836 bytes, A
  Adds the file Savings Wave.ico"="8/8/2013 10:30 AM, 9662 bytes, A
  Adds the file Savings Wave-bg.exe"="4/5/2014 3:48 PM, 899960 bytes, A
  Adds the file Savings Wave-bho.dll"="4/5/2014 3:48 PM, 751992 bytes, A
  Adds the file Savings Wave-buttonutil.dll"="4/5/2014 3:48 PM, 397176 bytes, A
  Adds the file Savings Wave-buttonutil.exe"="4/5/2014 3:48 PM, 342392 bytes, A
  Adds the file Savings Wave-buttonutil64.dll"="4/5/2014 3:48 PM, 477048 bytes, A
  Adds the file Savings Wave-buttonutil64.exe"="4/5/2014 3:48 PM, 446840 bytes, A
  Adds the file Savings Wave-codedownloader.exe"="4/5/2014 3:48 PM, 480632 bytes, A
  Adds the file Savings Wave-helper.exe"="4/5/2014 3:48 PM, 315768 bytes, A
  Adds the file Uninstall.exe"="4/5/2014 3:48 PM, 492314 bytes, A
Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lglkfgcmohcdajpldlnhjjiojjgkbmhm_0
  Adds the file 1"="4/5/2014 3:48 PM, 7168 bytes, A
Adds the folder C:\Users\{username}\AppData\Local\Savings Wave\Chrome
  Adds the file 12765.xml"="4/5/2014 3:48 PM, 307 bytes, A
  Adds the file Savings Wave.crx"="4/5/2014 3:48 PM, 156314 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]
  Adds the file chrome.manifest"="8/8/2013 8:30 AM, 402 bytes, A
  Adds the file install.rdf"="8/8/2013 8:30 AM, 1185 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content
  Adds the file api.js"="8/8/2013 8:30 AM, 18192 bytes, A
  Adds the file background.html"="8/8/2013 8:30 AM, 2001 bytes, A
  Adds the file baseObject.js"="8/8/2013 8:30 AM, 19 bytes, A
  Adds the file browser.xul"="8/8/2013 8:30 AM, 3321 bytes, A
  Adds the file dialog.js"="8/8/2013 8:30 AM, 1343 bytes
  Adds the file main.js"="8/8/2013 8:30 AM, 27352 bytes, A
  Adds the file options.js"="8/8/2013 8:30 AM, 1931 bytes, A
  Adds the file options.xul"="8/8/2013 8:30 AM, 1803 bytes, A
  Adds the file search_dialog.xul"="8/8/2013 8:30 AM, 2402 bytes
Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\api
  Adds the file asyncDB.js"="8/8/2013 8:30 AM, 4606 bytes, A
  Adds the file background.js"="8/8/2013 8:30 AM, 1078 bytes, A
  Adds the file browserAction.js"="8/8/2013 8:30 AM, 6731 bytes, A
  Adds the file contextMenu.js"="8/8/2013 8:30 AM, 4980 bytes, A
  Adds the file dbManager.js"="8/8/2013 8:30 AM, 4988 bytes, A
  Adds the file dom_bg.js"="8/8/2013 8:30 AM, 1892 bytes, A
  Adds the file fileManager.js"="8/8/2013 8:30 AM, 848 bytes, A
  Adds the file firefox.js"="8/8/2013 8:30 AM, 258 bytes, A
  Adds the file firefoxNotifications.js"="8/8/2013 8:30 AM, 1021 bytes, A
  Adds the file firefoxOmnibox.js"="8/8/2013 8:30 AM, 1327 bytes, A
  Adds the file message.js"="8/8/2013 8:30 AM, 2733 bytes, A
  Adds the file pageAction.js"="8/8/2013 8:30 AM, 8935 bytes, A
  Adds the file request.js"="8/8/2013 8:30 AM, 2219 bytes, A
  Adds the file tabs.js"="8/8/2013 8:30 AM, 2565 bytes, A
  Adds the file webRequest.js"="8/8/2013 8:30 AM, 1066 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\core
  Adds the file console.js"="8/8/2013 8:30 AM, 1658 bytes, A
  Adds the file consts.js"="8/8/2013 8:30 AM, 1440 bytes, A
  Adds the file delegate.js"="8/8/2013 8:30 AM, 1963 bytes, A
  Adds the file httpObserver.js"="8/8/2013 8:30 AM, 2561 bytes, A
  Adds the file IDBWrapper.js"="8/8/2013 8:30 AM, 4073 bytes, A
  Adds the file installer.js"="8/8/2013 8:30 AM, 581 bytes, A
  Adds the file pluginsManager.js"="8/8/2013 8:30 AM, 3910 bytes, A
  Adds the file prefs.js"="8/8/2013 8:30 AM, 1499 bytes, A
  Adds the file progressListenerObserver.js"="8/8/2013 8:30 AM, 1476 bytes, A
  Adds the file registry.js"="8/8/2013 8:30 AM, 1063 bytes, A
  Adds the file reloadObserver.js"="8/8/2013 8:30 AM, 255 bytes, A
  Adds the file reports.js"="8/8/2013 8:30 AM, 3488 bytes, A
  Adds the file requestObject.js"="8/8/2013 8:30 AM, 1181 bytes, A
  Adds the file searchSettings.js"="8/8/2013 8:30 AM, 3371 bytes, A
  Adds the file uninstallObserver.js"="8/8/2013 8:30 AM, 2067 bytes, A
  Adds the file updateManager.js"="8/8/2013 8:30 AM, 9039 bytes, A
  Adds the file utils.js"="8/8/2013 8:30 AM, 8770 bytes, A
  Adds the file xhr.js"="8/8/2013 8:30 AM, 2701 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\extensionCode
  Adds the file backgroundCode.js"="8/8/2013 8:30 AM, 1 bytes, A
  Adds the file pageCode.js"="8/8/2013 8:30 AM, 1 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\defaults\preferences
  Adds the file prefs.js"="8/8/2013 8:30 AM, 1833 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData
  Adds the file manifest.xml"="8/8/2013 8:30 AM, 1696 bytes, A
  Adds the file plugins.json"="8/8/2013 8:30 AM, 4314 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\plugins
  Adds the file 1_base.js"="8/8/2013 8:30 AM, 6696 bytes, A
  Adds the file 1000014_GPL Plugin (Loader).js"="8/8/2013 8:30 AM, 12543 bytes, A
  Adds the file 1000015_GPL Background (BG).js"="8/8/2013 8:30 AM, 19411 bytes, A
  Adds the file 13_CrossriderAppUtils.js"="8/8/2013 8:30 AM, 5955 bytes, A
  Adds the file 14_CrossriderUtils.js"="8/8/2013 8:30 AM, 12369 bytes, A
  Adds the file 16_FFAppAPIWrapper.js"="8/8/2013 8:30 AM, 12462 bytes, A
  Adds the file 17_jQuery.js"="8/8/2013 8:30 AM, 79982 bytes, A
  Adds the file 21_debug.js"="8/8/2013 8:30 AM, 3644 bytes, A
  Adds the file 22_resources.js"="8/8/2013 8:30 AM, 9082 bytes, A
  Adds the file 28_initializer.js"="8/8/2013 8:30 AM, 664 bytes, A
  Adds the file 4_jquery_1_7_1.js"="8/8/2013 8:30 AM, 94180 bytes, A
  Adds the file 47_resources_background.js"="8/8/2013 8:30 AM, 7720 bytes, A
  Adds the file 64_appApiMessage.js"="8/8/2013 8:30 AM, 2332 bytes, A
  Adds the file 72_appApiValidation.js"="8/8/2013 8:30 AM, 23223 bytes, A
  Adds the file 78_CrossriderInfo.js"="8/8/2013 8:30 AM, 2467 bytes, A
  Adds the file 98_omniCommands.js"="8/8/2013 8:30 AM, 1712 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\userCode
  Adds the file background.js"="8/8/2013 8:30 AM, 3 bytes, A
  Adds the file extension.js"="8/8/2013 8:30 AM, 203 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\locale
Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\locale\en-US
  Adds the file translations.dtd"="8/8/2013 8:30 AM, 425 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\skin
  Adds the file button1.png"="8/8/2013 8:30 AM, 1361 bytes, A
  Adds the file button2.png"="8/8/2013 8:30 AM, 1361 bytes, A
  Adds the file button3.png"="8/8/2013 8:30 AM, 1361 bytes, A
  Adds the file button4.png"="8/8/2013 8:30 AM, 1361 bytes, A
  Adds the file button5.png"="8/8/2013 8:30 AM, 1361 bytes, A
  Adds the file crossrider_statusbar.png"="8/8/2013 8:30 AM, 1361 bytes, A
  Adds the file icon128.png"="8/8/2013 8:30 AM, 5858 bytes, A
  Adds the file icon16.png"="8/8/2013 8:30 AM, 1114 bytes, A
  Adds the file icon24.png"="8/8/2013 8:30 AM, 3030 bytes, A
  Adds the file icon48.png"="8/8/2013 8:30 AM, 5613 bytes, A
  Adds the file panelarrow-up.png"="8/8/2013 8:30 AM, 917 bytes, A
  Adds the file popup.html"="8/8/2013 8:30 AM, 349 bytes, A
  Adds the file skin.css"="8/8/2013 8:30 AM, 715 bytes, A
  Adds the file update.css"="8/8/2013 8:30 AM, 140 bytes, A
In the existing folder C:\Windows\System32\Tasks
  Adds the file Updater12765.exe"="4/5/2014 3:48 PM, 3788 bytes, A
 
Registry details  
------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111271165}]
  "(Default)"="REG_SZ", "Savings Wave"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111271165}\InprocServer32]
  "(Default)"="REG_SZ", "C:\Program Files\Savings Wave\Savings Wave-bho.dll"
  "ThreadingModel"="REG_SZ", "Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111271165}\ProgID]
  "(Default)"="REG_SZ", "CrossriderApp0012765.BHO.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111271165}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111271165}\TypeLib]
  "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440144274465}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111271165}\VersionIndependentProgID]
  "(Default)"="REG_SZ", "CrossriderApp0012765"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122272265}]
  "(Default)"="REG_SZ", "CrossriderApp0012765.Sandbox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122272265}\InprocServer32]
  "(Default)"="REG_SZ", "C:\Program Files\Savings Wave\Savings Wave-bho.dll"
  "ThreadingModel"="REG_SZ", "Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122272265}\ProgID]
  "(Default)"="REG_SZ", "CrossriderApp0012765.Sandbox.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122272265}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122272265}\TypeLib]
  "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440144274465}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122272265}\VersionIndependentProgID]
  "(Default)"="REG_SZ", "CrossriderApp0012765.Sandbox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0012765.BHO]
  "(Default)"="REG_SZ", "CrossriderApp0012765"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0012765.BHO\CLSID]
  "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110111271165}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0012765.BHO\CurVer]
  "(Default)"="REG_SZ", "CrossriderApp0012765"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0012765.BHO.1]
  "(Default)"="REG_SZ", "CrossriderApp0012765"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0012765.BHO.1\CLSID]
  "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110111271165}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0012765.Sandbox]
  "(Default)"="REG_SZ", "CrossriderApp0012765.Sandbox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0012765.Sandbox\CLSID]
  "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220122272265}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0012765.Sandbox\CurVer]
  "(Default)"="REG_SZ", "CrossriderApp0012765.Sandbox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0012765.Sandbox.1]
  "(Default)"="REG_SZ", "CrossriderApp0012765.Sandbox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0012765.Sandbox.1\CLSID]
  "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220122272265}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155275565}]
  "(Default)"="REG_SZ", "ICrossriderBHO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155275565}\ProxyStubClsid]
  "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155275565}\ProxyStubClsid32]
  "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155275565}\TypeLib]
  "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440144274465}"
  "Version"="REG_SZ", "1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166276665}]
  "(Default)"="REG_SZ", "ISandBox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166276665}\ProxyStubClsid]
  "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166276665}\ProxyStubClsid32]
  "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166276665}\TypeLib]
  "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440144274465}"
  "Version"="REG_SZ", "1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440144274465}\1.0]
  "(Default)"="REG_SZ", "CrossriderApp0012765 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440144274465}\1.0\0\win32]
  "(Default)"="REG_SZ", "C:\Program Files\Savings Wave\Savings Wave-bho.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440144274465}\1.0\FLAGS]
  "(Default)"="REG_SZ", "0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440144274465}\1.0\HELPDIR]
  "(Default)"="REG_SZ", "C:\Program Files\Savings Wave"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{04e67525-320c-4e62-a25f-7d50b671ec76}
  "AppName"="REG_SZ", "Savings Wave-helper.exe"
  "AppPath"="REG_SZ", "C:\Program Files\Savings Wave"
  "Policy"="REG_DWORD", 3
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111271165}]
  "(Default)"="REG_SZ", "CrossriderApp0012765"
  "NoExplorer"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271165}]
  "(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Savings Wave]
  "CrAppId"="REG_SZ", "12765"
  "CrPublisherId"="REG_SZ", "390"
  "DisplayIcon"="REG_SZ", "C:\Program Files\Savings Wave\Uninstall.exe"
  "DisplayName"="REG_SZ", "Savings Wave"
  "DisplayVersion"="REG_SZ", "1.27.153.11"
  "Publisher"="REG_SZ", "Innovative Apps"
  "UninstallString"="REG_SZ", "C:\Program Files\Savings Wave\Uninstall.exe /fromcontrolpanel=1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Savings Wave\Installer]
  "BundledChrome"="REG_DWORD", 1
  "BundledFirefox"="REG_DWORD", 1
  "BundledIe"="REG_DWORD", 1]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271165}]
  "(Default)"="REG_SZ", ""
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]
  "215AppVerifier"="REG_SZ", "93a87d09a3aabd2d5cffe42b01baed79"
  "Bic"="REG_SZ", "58FA9CEE80514E1397A962B2D7F1DC3AIE"
  "Verifier"="REG_SZ", "5a4a73021e5b984a9a0f95d928813179"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Savings Wave]
  "ActiveAppId"="REG_SZ", "12765"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Savings Wave\Agent]
  "ErrorsDomain"="REG_SZ", "http://errors.ourdatasrv.com"
  "JsonDomain"="REG_SZ", "http://update.ourdatasrv.com"
  "StatsDomain"="REG_SZ", "http://stats.ourdatasrv.com"
  "Version"="REG_SZ", "1"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Savings Wave\Code]
  "AppJavaScript"="REG_SZ", "if("undefined"!=typeof _GPL_PLUGIN){var _GPL_=function()"
  "NewTabJavaScript"="REG_SZ", ""
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Savings Wave\Installer]
  "CodeDownloadDomain"="REG_SZ", "http://app-static.crossrider.com"
  "Domain"="REG_SZ", "http://app-static.crossrider.com"
  "ErrorsDomain"="REG_SZ", "http://errors.ourdatasrv.com"
  "FullVersion"="REG_SZ", "1.27.153.11"
  "FullVersionForUrl"="REG_SZ", "1_27_153"
  "MinorVersion"="REG_SZ", "11"
  "Params"="REG_SZ", "{"source_id" : "327230", "sub_id" : "default", "uzid" : "327230&subid=&pid=1618"}"
  "PlatformVersion"="REG_SZ", "1"
  "ScriptVersion"="REG_SZ", "27"
  "SetHomepage"="REG_SZ", "false"
  "SetNewTab"="REG_SZ", "false"
  "SetSearch"="REG_SZ", "false"
  "SoftwareDetected"="REG_SZ", "{"AnySoftware":false,"Wireshark":false,"VirtualBox":false,"VMWare":false,"InsideVM":true,"InsideVMWare":false,"InsideVirtualBox":true,"InsideVirtualPc":false}"
  "SrcId"="REG_SZ", "327230"
  "StatsDomain"="REG_SZ", "http://stats.ourdatasrv.com"
  "SubId"="REG_SZ", "default"
  "ThankYouPage"="REG_SZ", "true"
  "Time"="REG_SZ", "1396705692"
  "UserConfirmation"="REG_SZ", "false"
  "ZData"="REG_SZ", "327230&subid=&pid=1618"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Savings Wave\Log]
  "savings wave-bho"="REG_DWORD", 0
  "savings wave-helper"="REG_DWORD", 0
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Savings Wave\Manifest]
  "AddressbarURL"="REG_SZ", "NA"
  "BgVersion"="REG_SZ", "42"
  "ChangePrevious"="REG_SZ", "false"
  "Description"="REG_SZ", "Savings Wave"
  "DisableIe"="REG_SZ", "true"
  "EnableSearchIE"="REG_SZ", "false"
  "HomePageUrl"="REG_SZ", "NA"
  "IsButtonEnabled"="REG_SZ", "false"
  "Manifest"="REG_SZ", "NA"
  "ModeType"="REG_SZ", "production"
  "Name"="REG_SZ", "Savings Wave"
  "PluginsManifestVersion"="REG_SZ", "65"
  "PublisherId"="REG_SZ", "390"
  "PublisherName"="REG_SZ", "Innovative Apps"
  "RunInFrame"="REG_SZ", "false"
  "SetNewTab"="REG_SZ", "false"
  "ThanksUrl"="REG_SZ", "NA"
  "UninstallerOfferAction"="REG_SZ", "NA"
  "UninstallerOfferUrl"="REG_SZ", "NA"
  "UpdateInterval"="REG_DWORD", 360
  "Version"="REG_SZ", "71"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Savings Wave\Plugins]
  "AppPluginList"="REG_SZ", "42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,1,21,22,182,183,72,177,1000014,28"
  "BgPluginList"="REG_SZ", "42,38,46,41,44,39,35,43,36,4,14,78,64,183,47,182,72,1000015"
  "BrowserEventPluginList"="REG_SZ", "14,42,41,44,39,38,43,37,64,72"
  "NewTabPluginList"="REG_SZ", "42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,1,21,22,72,28"
  "OnRequestPluginList"="REG_SZ", "14,42,41,39,38,43,45,64,72"
  "PopupPluginList"="REG_SZ", "42,38,46,41,44,39,35,43,36,4,14,78,13,64,47,182,72,94"
{"Javascript pkugins removed, full log available by request"}
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Savings Wave\Update]
  "LastCheck"="REG_DWORD", 1396705697
[HKEY_CURRENT_USER\Software\Cr_Installer\12765]
  "InstallationThankYouPage"="REG_DWORD", 1
  "InstallationTime"="REG_DWORD", 1396705692
  "InstallationUserSettings"="REG_SZ", "{"searchUserConifrmation": false, "setSearch": false, "setHomepage": false, "setNewTab": false}"
  "InstallerIdentifiers"="REG_SZ", "{"installer_bic" : "58FA9CEE80514E1397A962B2D7F1DC3AIE", "installer_verifier" : "5a4a73021e5b984a9a0f95d928813179", "installer_verifier_for_215app" : "93a87d09a3aabd2d5cffe42b01baed79"}"
  "InstallerParams"="REG_SZ", "{"source_id" : "327230", "sub_id" : "default", "uzid" : "327230&subid=&pid=1618"}"
  "SoftwareDetected"="REG_SZ", "{"AnySoftware":false,"Wireshark":false,"VirtualBox":false,"VMWare":false,"InsideVM":true,"InsideVMWare":false,"InsideVirtualBox":true,"InsideVirtualPc":false}"
[HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\Innovative Apps]
  "12765"="REG_SZ", "Savings Wave"
     
    Malwarebytes Anti-Malware log:
    Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/5/2014
Scan Time: 4:02:25 PM
Logfile: mbamSavingsWave.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.05.03
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Malwarebytes
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 206767
Time Elapsed: 3 min, 30 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 22
PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110111271165}, Quarantined, [922542e43d3e51e541e13235fb06c13f],
PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440144274465}, Quarantined, [922542e43d3e51e541e13235fb06c13f],
PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550155275565}, Quarantined, [922542e43d3e51e541e13235fb06c13f],
PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660166276665}, Quarantined, [922542e43d3e51e541e13235fb06c13f],
PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0012765.BHO.1, Quarantined, [922542e43d3e51e541e13235fb06c13f],
PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110111271165}, Quarantined, [922542e43d3e51e541e13235fb06c13f],
PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0012765.BHO, Quarantined, [922542e43d3e51e541e13235fb06c13f],
PUP.Optional.SavingsWave.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110111271165}, Quarantined, [922542e43d3e51e541e13235fb06c13f],
PUP.Optional.SavingsWave.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110111271165}, Quarantined, [922542e43d3e51e541e13235fb06c13f],
PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110111271165}, Quarantined, [922542e43d3e51e541e13235fb06c13f],
PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110111271165}, Quarantined, [922542e43d3e51e541e13235fb06c13f],
PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220122272265}, Quarantined, [922542e43d3e51e541e13235fb06c13f],
PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0012765.Sandbox.1, Quarantined, [922542e43d3e51e541e13235fb06c13f],
PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0012765.Sandbox, Quarantined, [922542e43d3e51e541e13235fb06c13f],
PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110111271165}\INPROCSERVER32, Quarantined, [922542e43d3e51e541e13235fb06c13f],
PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Savings Wave, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],
PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\Savings Wave, Quarantined, [8433f72f136855e1f4019ac3986a9e62],
PUP.Optional.Ligtning.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [486f7babcab142f40d30e78318eae917],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [feb9a77fd5a659dd5d9cbddbac57b54b],
PUP.Optional.SavingsWave.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Savings Wave, Quarantined, [b3042402a1dadf577c77df7e9270639d],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CR_INSTALLER\12765, Quarantined, [bef9899d7308ef478af1e4a24bb831cf],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Innovative Apps, Quarantined, [7047c75fc1ba191d775a0a8308fb6d93],
 
Registry Values: 0
(No malicious items detected)
 
Folders: 22
PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],
PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, Quarantined, [8d2a21059be02d090d4c81e9768cf907],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [a413d4524c2f290d55d29fb809f9cc34],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0, Quarantined, [a413d4524c2f290d55d29fb809f9cc34],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Updater12765, Quarantined, [d0e7cf572a5162d44316e17679892ad6],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected], Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\api, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\core, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\extensionCode, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\defaults, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\defaults\preferences, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\plugins, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\userCode, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\locale, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\locale\en-US, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\skin, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lglkfgcmohcdajpldlnhjjiojjgkbmhm_0, Quarantined, [4473cb5b1665bd793aee72eba65cd22e],
PUP.Optional.SavingsWave.A, C:\Users\{username}\AppData\Local\Savings Wave, Quarantined, [82359e88c0bba98d33094716bc46c43c],
PUP.Optional.SavingsWave.A, C:\Users\{username}\AppData\Local\Savings Wave\Chrome, Quarantined, [82359e88c0bba98d33094716bc46c43c],
 
Files: 233
PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\Savings Wave-bho.dll, Quarantined, [922542e43d3e51e541e13235fb06c13f],
PUP.Optional.SavingsWave.A, C:\Users\{username}\Desktop\Savings wave (crossRider).exe, Quarantined, [0fa8ed39bbc076c0fe2489ded1308a76],
PUP.Optional.SavingsWave.A, C:\Users\{username}\AppData\Local\Updater12765\Updater12765.exe, Quarantined, [3c7b2ef8215a2f074fd3e48307faf808],
PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\background.html, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],
PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\Installer.log, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],
PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\Savings Wave-bg.exe, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],
PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\Savings Wave-buttonutil.dll, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],
PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\Savings Wave-buttonutil.exe, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],
PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\Savings Wave-buttonutil64.dll, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],
PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\Savings Wave-buttonutil64.exe, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],
PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\Savings Wave-codedownloader.exe, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],
PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\Savings Wave-helper.exe, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],
PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\Savings Wave.ico, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],
PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\Uninstall.exe, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],
PUP.Optional.NewTab.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx, Quarantined, [6a4dd65098e32d09458e23474eb43ec2],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.html, Quarantined, [a413d4524c2f290d55d29fb809f9cc34],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.js, Quarantined, [a413d4524c2f290d55d29fb809f9cc34],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\data.json, Quarantined, [a413d4524c2f290d55d29fb809f9cc34],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\icon128.png, Quarantined, [a413d4524c2f290d55d29fb809f9cc34],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\jquery.js, Quarantined, [a413d4524c2f290d55d29fb809f9cc34],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\manifest.json, Quarantined, [a413d4524c2f290d55d29fb809f9cc34],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xa.js, Quarantined, [a413d4524c2f290d55d29fb809f9cc34],
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xagainit.js, Quarantined, [a413d4524c2f290d55d29fb809f9cc34],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome.manifest, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\install.rdf, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\api.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\background.html, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\baseObject.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\browser.xul, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\dialog.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\main.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\options.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\options.xul, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\search_dialog.xul, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\api\asyncDB.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\api\background.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\api\browserAction.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\api\contextMenu.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\api\dbManager.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\api\dom_bg.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\api\fileManager.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\api\firefox.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\api\firefoxNotifications.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\api\firefoxOmnibox.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\api\message.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\api\pageAction.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\api\request.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\api\tabs.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\api\webRequest.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\core\console.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\core\consts.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\core\delegate.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\core\httpObserver.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\core\IDBWrapper.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\core\installer.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\core\pluginsManager.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\core\prefs.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\core\progressListenerObserver.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\core\registry.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\core\reloadObserver.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\core\reports.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\core\requestObject.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\core\searchSettings.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\core\uninstallObserver.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\core\updateManager.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\core\utils.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\core\xhr.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\extensionCode\backgroundCode.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\chrome\content\extensionCode\pageCode.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\defaults\preferences\prefs.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\manifest.xml, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\plugins.json, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\plugins\1000014_GPL Plugin (Loader).js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\plugins\1000015_GPL Background (BG).js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\plugins\13_CrossriderAppUtils.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\plugins\14_CrossriderUtils.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\plugins\16_FFAppAPIWrapper.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\plugins\17_jQuery.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\plugins\1_base.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\plugins\21_debug.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\plugins\22_resources.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\plugins\28_initializer.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\plugins\47_resources_background.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\plugins\4_jquery_1_7_1.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\plugins\64_appApiMessage.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\plugins\72_appApiValidation.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\plugins\78_CrossriderInfo.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\plugins\98_omniCommands.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\userCode\background.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\extensionData\userCode\extension.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\locale\en-US\translations.dtd, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\skin\button1.png, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\skin\button2.png, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\skin\button3.png, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\skin\button4.png, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\skin\button5.png, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\skin\crossrider_statusbar.png, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\skin\icon128.png, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\skin\icon16.png, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\skin\icon24.png, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\skin\icon48.png, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\skin\panelarrow-up.png, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\skin\popup.html, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\skin\skin.css, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]\skin\update.css, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lglkfgcmohcdajpldlnhjjiojjgkbmhm_0\1, Quarantined, [4473cb5b1665bd793aee72eba65cd22e],
PUP.Optional.SavingsWave.A, C:\Users\{username}\AppData\Local\Savings Wave\Chrome\12765.xml, Quarantined, [82359e88c0bba98d33094716bc46c43c],{"javascript removed, full log available by request"}
PUP.Optional.SavingsWave.A, C:\Users\{username}\AppData\Local\Savings Wave\Chrome\Savings Wave.crx, Quarantined, [82359e88c0bba98d33094716bc46c43c],
 
 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
     
    As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
    We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
    • Save yourself the hassle and get protected.

    • 0

    Advertisements

    Back to Malware Removal Guides and Tutorials


    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    1. Geeks to Go Community
    2. Security
    3. Malware Removal Guides and Tutorials

    As Featured On:

    featured
    Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

    Never used a forum? Learn how.