Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for Safe-Saver

- - - - -

  • Please log in to reply
No replies to this topic

#1
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,944 posts
Content is republished with permission from Malwarebytes.

What is Safe-Saver?

The Malwarebytes research team has determined that Safe-Saver is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the affected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is affected by Safe-Saver?

This is how the startpage of the hijacker looks:

main.png

You may see these browser extensions/add-ons:

warning1.png

warning2.png

warning3.png

this entry in your list of installed programs:

warning4.png

and this warning:

warning5.png


How did Safe-Saver get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was offered as a video enhancing browser extension.

How do I remove Safe-Saver?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of Safe-Saver?
  • The Chrome extension can now safely be removed. Open "Settings" > "Extensions" and click the bin behind the Safe-Saver listing. Then confirm removal.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Safe-Saver hijacker. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.



protection1.png

Technical details for experts

Signs in a HijackThis log:

O2 - BHO: CrossriderApp0033986 - {11111111-1111-1111-1111-110311391186} - C:\Program Files\Safe-Saver Generic\Safe-Saver Generic-bho.dll
Alterations made by the installer:
File system details  
---------------------------------------------
    Adds the folder C:\Program Files\Safe-Saver Generic
       Adds the file 33986.crx"="7/26/2014 2:15 PM, 365436 bytes, A
       Adds the file 33986.xpi"="7/26/2014 2:15 PM, 77939 bytes, A
       Adds the file background.html"="6/2/2013 5:41 PM, 740 bytes, A
       Adds the file Installer.log"="7/26/2014 2:16 PM, 198550 bytes, A
       Adds the file Safe-Saver Generic.ico"="6/2/2013 5:41 PM, 15086 bytes, A
       Adds the file Safe-Saver Generic-bg.exe"="7/26/2014 2:16 PM, 898408 bytes, A
       Adds the file Safe-Saver Generic-bho.dll"="7/26/2014 2:16 PM, 750952 bytes, A
       Adds the file Safe-Saver Generic-buttonutil.dll"="7/26/2014 2:16 PM, 395112 bytes, A
       Adds the file Safe-Saver Generic-buttonutil.exe"="7/26/2014 2:16 PM, 339816 bytes, A
       Adds the file Safe-Saver Generic-buttonutil64.dll"="7/26/2014 2:16 PM, 475496 bytes, A
       Adds the file Safe-Saver Generic-buttonutil64.exe"="7/26/2014 2:16 PM, 442728 bytes, A
       Adds the file Safe-Saver Generic-chromeinstaller.exe"="7/26/2014 2:15 PM, 464232 bytes, A
       Adds the file Safe-Saver Generic-codedownloader.exe"="7/26/2014 2:15 PM, 478568 bytes, A
       Adds the file Safe-Saver Generic-enabler.exe"="7/26/2014 2:16 PM, 345960 bytes, A
       Adds the file Safe-Saver Generic-firefoxinstaller.exe"="7/26/2014 2:15 PM, 725352 bytes, A
       Adds the file Safe-Saver Generic-helper.exe"="7/26/2014 2:16 PM, 316264 bytes, A
       Adds the file Safe-Saver Generic-updater.exe"="7/26/2014 2:16 PM, 364392 bytes, A
       Adds the file Uninstall.exe"="7/26/2014 2:15 PM, 915427 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\icons
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\icons\actions
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\api
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\app
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\lib
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\lib\popupResource
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\api
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\core
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\extensionCode
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\defaults\preferences
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\locale\en-US
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\skin
    In the existing folder C:\Windows\System32\Tasks
       Adds the file Safe-Saver Generic-chromeinstaller"="7/26/2014 2:15 PM, 4980 bytes, A
       Adds the file Safe-Saver Generic-codedownloader"="7/26/2014 2:16 PM, 4272 bytes, A
       Adds the file Safe-Saver Generic-enabler"="7/26/2014 2:16 PM, 4172 bytes, A
       Adds the file Safe-Saver Generic-firefoxinstaller"="7/26/2014 2:15 PM, 4906 bytes, A
       Adds the file Safe-Saver Generic-updater"="7/26/2014 2:16 PM, 4268 bytes, A
    In the existing folder C:\Windows\Tasks
       Adds the file Safe-Saver Generic-chromeinstaller.job"="7/26/2014 2:15 PM, 1950 bytes, A
       Adds the file Safe-Saver Generic-codedownloader.job"="7/26/2014 2:16 PM, 1242 bytes, A
       Adds the file Safe-Saver Generic-enabler.job"="7/26/2014 2:16 PM, 1142 bytes, A
       Adds the file Safe-Saver Generic-firefoxinstaller.job"="7/26/2014 2:15 PM, 1876 bytes, A
       Adds the file Safe-Saver Generic-updater.job"="7/26/2014 2:16 PM, 1238 bytes, A

Registry details  
------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311391186}]
       "(Default)"="REG_SZ", "Safe-Saver Generic"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311391186}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Program Files\Safe-Saver Generic\Safe-Saver Generic-bho.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311391186}\ProgID]
       "(Default)"="REG_SZ", "CrossriderApp0033986.BHO.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311391186}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311391186}\TypeLib]
       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440344394486}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311391186}\VersionIndependentProgID]
       "(Default)"="REG_SZ", "CrossriderApp0033986"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322392286}]
       "(Default)"="REG_SZ", "CrossriderApp0033986.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322392286}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Program Files\Safe-Saver Generic\Safe-Saver Generic-bho.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322392286}\ProgID]
       "(Default)"="REG_SZ", "CrossriderApp0033986.Sandbox.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322392286}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322392286}\TypeLib]
       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440344394486}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322392286}\VersionIndependentProgID]
       "(Default)"="REG_SZ", "CrossriderApp0033986.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0033986.BHO]
       "(Default)"="REG_SZ", "CrossriderApp0033986"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0033986.BHO\CLSID]
       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110311391186}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0033986.BHO\CurVer]
       "(Default)"="REG_SZ", "CrossriderApp0033986"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0033986.BHO.1]
       "(Default)"="REG_SZ", "CrossriderApp0033986"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0033986.BHO.1\CLSID]
       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110311391186}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0033986.Sandbox]
       "(Default)"="REG_SZ", "CrossriderApp0033986.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0033986.Sandbox\CLSID]
       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220322392286}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0033986.Sandbox\CurVer]
       "(Default)"="REG_SZ", "CrossriderApp0033986.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0033986.Sandbox.1]
       "(Default)"="REG_SZ", "CrossriderApp0033986.Sandbox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0033986.Sandbox.1\CLSID]
       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220322392286}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355395586}]
       "(Default)"="REG_SZ", "ICrossriderBHO"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355395586}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355395586}\ProxyStubClsid32]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355395586}\TypeLib]
       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440344394486}"
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366396686}]
       "(Default)"="REG_SZ", "ISandBox"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366396686}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366396686}\ProxyStubClsid32]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366396686}\TypeLib]
       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440344394486}"
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344394486}\1.0]
       "(Default)"="REG_SZ", "CrossriderApp0033986 Type Library"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344394486}\1.0\0\win32]
       "(Default)"="REG_SZ", "C:\Program Files\Safe-Saver Generic\Safe-Saver Generic-bho.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344394486}\1.0\FLAGS]
       "(Default)"="REG_SZ", "0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344394486}\1.0\HELPDIR]
       "(Default)"="REG_SZ", "C:\Program Files\Safe-Saver Generic"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311391186}]
       "(Default)"="REG_SZ", "CrossriderApp0033986"
       "NoExplorer"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311391186}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Safe-Saver Generic]
       "CrAppId"="REG_SZ", "33986"
       "CrPublisherId"="REG_SZ", "21074"
       "DisplayIcon"="REG_SZ", "C:\Program Files\Safe-Saver Generic\Uninstall.exe"
       "DisplayName"="REG_SZ", "Safe-Saver Generic"
       "DisplayVersion"="REG_SZ", "1.27.153.6"
       "Publisher"="REG_SZ", "Safe Saver"
       "UninstallString"="REG_SZ", "C:\Program Files\Safe-Saver Generic\Uninstall.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
       "Safe-Saver Generic-chromeinstaller.job"="REG_BINARY, ................................
       "Safe-Saver Generic-chromeinstaller.job.fp"="REG_DWORD", 1242162970
       "Safe-Saver Generic-codedownloader.job"="REG_BINARY, ................................
       "Safe-Saver Generic-codedownloader.job.fp"="REG_DWORD", -1752738017
       "Safe-Saver Generic-enabler.job"="REG_BINARY, ................................
       "Safe-Saver Generic-enabler.job.fp"="REG_DWORD", 1138693432
       "Safe-Saver Generic-firefoxinstaller.job"="REG_BINARY, ................................
       "Safe-Saver Generic-firefoxinstaller.job.fp"="REG_DWORD", -2136640164
       "Safe-Saver Generic-updater.job"="REG_BINARY, ................................
       "Safe-Saver Generic-updater.job.fp"="REG_DWORD", -1629876421
    [HKEY_LOCAL_MACHINE\SOFTWARE\Safe-Saver Generic\Chrome]
       "TotalProfiles"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Safe-Saver Generic\Chrome\Profiles]
       "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Safe-Saver Generic\Firefox]
       "TotalProfiles"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Safe-Saver Generic\Firefox\Profiles]
       "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Safe-Saver Generic\IE]
       "TotalProfiles"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Safe-Saver Generic\IE\Profiles]
       "S-1-5-21-4016700205-1717049133-1125222536-1001"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Safe-Saver Generic\Installer]
       "BundledChrome"="REG_DWORD", 1
       "BundledFirefox"="REG_DWORD", 1
       "BundledIe"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]
       "Bic"="REG_SZ", "4608C0F33EF74B81B7F573B823BD2E42IE"
       "Verifier"="REG_SZ", "458d6fc4615d212ff27d31ec9fea53f5"
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onBeforeNavigate]
       "33986"="REG_SZ", ""
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onRequest]
       "33986"="REG_SZ", " { javascript removed, full log availableon request } "
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Safe-Saver Generic\Db\Local\redirect_88]
       "Expiration"="REG_DWORD", 1896130800
       "Value"="REG_SZ", ""https://a199948-a.akamaihd.net/f1e57e72b3087c91a4db6a615cf7560f.js""
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Safe-Saver Generic\Debug]
       "DebuggedAppUrl"="REG_SZ", "file://C:\Users\{username}\Documents\debug.js"
       "DebuggedBgUrl"="REG_SZ", "file://C:\Users\{username}\Documents\bg_debug.js"
       "DebuggedNewTabUrl"="REG_SZ", "file://C:\Users\{username}\Documents\new_debug.js"
       "IsDebuggingPlugins"="REG_DWORD", 0
       "IsDebugMode"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Safe-Saver Generic\Installer]
       "CodeDownloadDomain"="REG_SZ", "http://app-static.crossrider.com"
       "Domain"="REG_SZ", "http://app-static.crossrider.com"
       "ErrorsDomain"="REG_SZ", "http://errors.myserverstat.com"
       "FullVersion"="REG_SZ", "1.27.153.6"
       "FullVersionForUrl"="REG_SZ", "1_27_153"
       "MinorVersion"="REG_SZ", "6"
       "Params"="REG_SZ", "{"source_id" : "000087", "sub_id" : "0", "uzid" : "0"}"
       "PlatformVersion"="REG_SZ", "1"
       "ScriptVersion"="REG_SZ", "27"
       "SetHomepage"="REG_SZ", "false"
       "SetNewTab"="REG_SZ", "false"
       "SetSearch"="REG_SZ", "false"
       "SrcId"="REG_SZ", "000087"
       "StatsDomain"="REG_SZ", "http://stats.myserverstat.com"
       "SubId"="REG_SZ", "0"
       "ThankYouPage"="REG_SZ", "false"
       "Time"="REG_SZ", "1406376918"
       "UserConfirmation"="REG_SZ", "false"
       "ZData"="REG_SZ", "0"
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Safe-Saver Generic\Log]
       "safe-saver generic-bg"="REG_DWORD", 0
       "safe-saver generic-bho"="REG_DWORD", 0
       "safe-saver generic-helper"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Safe-Saver Generic\Manifest]
       "AddressbarURL"="REG_SZ", "NA"
       "BgVersion"="REG_SZ", "3"
       "ChangePrevious"="REG_SZ", "false"
       "Description"="REG_SZ", "Safe Saver automatically detects available coupons while you browse your favourite stores online. Itâs easy to install and works silently in the background, only displaying once a coupon or multiple coupons have been found."
       "DisableIe"="REG_SZ", "true"
       "EnableSearchIE"="REG_SZ", "false"
       "HomePageUrl"="REG_SZ", "NA"
       "IsButtonEnabled"="REG_SZ", "false"
       "Manifest"="REG_SZ", "NA"
       "ModeType"="REG_SZ", "production"
       "Name"="REG_SZ", "Safe-Saver App"
       "PluginsManifestVersion"="REG_SZ", "102"
       "PublisherId"="REG_SZ", "21074"
       "PublisherName"="REG_SZ", "Safe Saver"
       "RunInFrame"="REG_SZ", "false"
       "SetNewTab"="REG_SZ", "false"
       "ThanksUrl"="REG_SZ", "http://crossrider.com/thank_you/33986"
       "UninstallerOfferAction"="REG_SZ", "NA"
       "UninstallerOfferUrl"="REG_SZ", "NA"
       "UpdateInterval"="REG_DWORD", 360
       "Version"="REG_SZ", "117"
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Safe-Saver Generic\Update]
       "LastCheck"="REG_DWORD", 1406376950
    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\Safe Saver]
       "33986"="REG_SZ", "Safe-Saver Generic"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311391186}]
       "Flags"="REG_DWORD", 1024
       "VerCache"="REG_BINARY, ......................

Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/26/2014
Scan Time: 2:24:02 PM
Logfile: mbamSafeSaver.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.26.05
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Malwarebytes

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 248138
Time Elapsed: 4 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 20
PUP.Optional.SafeSaver.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110311391186}, Quarantined, [5ebf099bc6b5f343299a158b12ef51af], 
PUP.Optional.SafeSaver.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440344394486}, Quarantined, [5ebf099bc6b5f343299a158b12ef51af], 
PUP.Optional.SafeSaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550355395586}, Quarantined, [5ebf099bc6b5f343299a158b12ef51af], 
PUP.Optional.SafeSaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660366396686}, Quarantined, [5ebf099bc6b5f343299a158b12ef51af], 
PUP.Optional.SafeSaver.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0033986.BHO.1, Quarantined, [5ebf099bc6b5f343299a158b12ef51af], 
PUP.Optional.SafeSaver.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110311391186}, Quarantined, [5ebf099bc6b5f343299a158b12ef51af], 
PUP.Optional.SafeSaver.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0033986.BHO, Quarantined, [5ebf099bc6b5f343299a158b12ef51af], 
PUP.Optional.SafeSaver.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110311391186}, Quarantined, [5ebf099bc6b5f343299a158b12ef51af], 
PUP.Optional.SafeSaver.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110311391186}, Quarantined, [5ebf099bc6b5f343299a158b12ef51af], 
PUP.Optional.SafeSaver.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110311391186}, Quarantined, [5ebf099bc6b5f343299a158b12ef51af], 
PUP.Optional.SafeSaver.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110311391186}, Quarantined, [5ebf099bc6b5f343299a158b12ef51af], 
PUP.Optional.SafeSaver.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220322392286}, Quarantined, [5ebf099bc6b5f343299a158b12ef51af], 
PUP.Optional.SafeSaver.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0033986.Sandbox.1, Quarantined, [5ebf099bc6b5f343299a158b12ef51af], 
PUP.Optional.SafeSaver.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0033986.Sandbox, Quarantined, [5ebf099bc6b5f343299a158b12ef51af], 
PUP.Optional.SafeSaver.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110311391186}\INPROCSERVER32, Quarantined, [5ebf099bc6b5f343299a158b12ef51af], 
PUP.Optional.SafeSaver.A, HKLM\SOFTWARE\Safe-Saver Generic, Quarantined, [0a138e16eb90ba7c7660d4f479890cf4], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [cb525252bdbeba7c70c7aa7433d126da], 
PUP.Optional.SafeSaver.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Safe-Saver Generic, Quarantined, [4ad3485c9ae10f27c6122c9c6e940af6], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Safe Saver, Quarantined, [b469d7cde39876c0835693358a785ea2], 
PUP.Optional.SafeSaver.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Safe-Saver Generic, Quarantined, [e5381094116a5fd714da5c6a12f0ae52], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 21
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\api, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\core, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\extensionCode, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\defaults, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\defaults\preferences, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\locale, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\locale\en-US, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\skin, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\icons, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\icons\actions, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\api, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\app, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\lib, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\lib\popupResource, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.SafeSaver.A, C:\Program Files\Safe-Saver Generic, Quarantined, [e5381094116a5fd714da5c6a12f0ae52], 

Files: 121
PUP.Optional.SafeSaver.A, C:\Program Files\Safe-Saver Generic\Safe-Saver Generic-bho.dll, Quarantined, [5ebf099bc6b5f343299a158b12ef51af], 
PUP.Optional.SafeSaver.A, C:\Users\{username}\Desktop\Safe-Saver Generic.exe, Quarantined, [c657dec697e42115cbf8f0b058a912ee], 
PUP.Optional.SafeSaver.A, C:\Windows\Tasks\Safe-Saver Generic-chromeinstaller.job, Quarantined, [c25be0c44536181eb91b5474748ecf31], 
PUP.Optional.SafeSaver.A, C:\Windows\Tasks\Safe-Saver Generic-codedownloader.job, Quarantined, [5ac3b4f0116aab8bf5df745451b1f50b], 
PUP.Optional.SafeSaver.A, C:\Windows\Tasks\Safe-Saver Generic-enabler.job, Quarantined, [29f4ebb981fac86e93413791956d8f71], 
PUP.Optional.SafeSaver.A, C:\Windows\Tasks\Safe-Saver Generic-firefoxinstaller.job, Quarantined, [36e7376d94e78fa751838d3b36cc23dd], 
PUP.Optional.SafeSaver.A, C:\Windows\Tasks\Safe-Saver Generic-updater.job, Quarantined, [0617871dc2b9280ead27577161a1847c], 
PUP.Optional.SafeSaver.A, C:\Windows\System32\Tasks\Safe-Saver Generic-chromeinstaller, Quarantined, [f02d1b89a1dab680508584442fd357a9], 
PUP.Optional.SafeSaver.A, C:\Windows\System32\Tasks\Safe-Saver Generic-codedownloader, Quarantined, [94894262b8c3e55115c0b315d9296d93], 
PUP.Optional.SafeSaver.A, C:\Windows\System32\Tasks\Safe-Saver Generic-enabler, Quarantined, [4fce782c700b171f3e97626625ddbf41], 
PUP.Optional.SafeSaver.A, C:\Windows\System32\Tasks\Safe-Saver Generic-firefoxinstaller, Quarantined, [fd202282e4978ea8cb0a7d4b0ef4a957], 
PUP.Optional.SafeSaver.A, C:\Windows\System32\Tasks\Safe-Saver Generic-updater, Quarantined, [120b2282b3c8b5814c89f2d67e847d83], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome.manifest, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\install.rdf, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\api.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\background.html, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\baseObject.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\browser.xul, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\dialog.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\main.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\options.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\options.xul, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\search_dialog.xul, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\api\asyncDB.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\api\background.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\api\browserAction.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\api\contextMenu.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\api\dbManager.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\api\dom_bg.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\api\fileManager.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\api\firefox.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\api\firefoxNotifications.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\api\firefoxOmnibox.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\api\message.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\api\request.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\api\tabs.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\api\webRequest.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\core\console.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\core\consts.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\core\delegate.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\core\httpObserver.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\core\IDBWrapper.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\core\installer.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\core\pluginsManager.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\core\prefs.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\core\progressListenerObserver.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\core\registry.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\core\reloadObserver.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\core\reports.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\core\requestObject.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\core\searchSettings.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\core\uninstallObserver.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\core\updateManager.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\core\utils.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\core\xhr.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\extensionCode\backgroundCode.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\chrome\content\extensionCode\pageCode.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\defaults\preferences\prefs.js, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\locale\en-US\translations.dtd, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\skin\button1.png, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\skin\button2.png, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\skin\button3.png, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\skin\button4.png, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\skin\button5.png, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\skin\crossrider_statusbar.png, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\skin\icon128.png, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\skin\icon16.png, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\skin\icon24.png, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\skin\icon48.png, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\skin\panelarrow-up.png, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\skin\popup.html, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\skin\skin.css, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\[email protected]4e0c28e56.com\skin\update.css, Quarantined, [ce4fdec64734ba7c59772d80cb3739c7], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\background.html, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\crossriderManifest.json, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\manifest.json, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\popup.html, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\icons\icon128.png, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\icons\icon16.png, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\icons\icon48.png, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\icons\actions\1.png, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\background.js, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\api\chrome.js, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\api\cookie.js, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\api\message.js, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\app\background.js, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\app\extension.js, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\lib\app_api.js, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\lib\async_api.js, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\lib\bg_app_api.js, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\lib\cookie_store.js, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\lib\crossriderAPI.js, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\lib\data_store.js, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\lib\delegate.js, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\lib\events.js, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\lib\installer.js, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\lib\logging.js, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\lib\onBGDocumentLoad.js, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\lib\reports.js, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\lib\util.js, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\lib\xhr.js, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\lib\popupResource\newPopup.js, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdecomoeoinffmfpcihlmacjmlnjfbgm\1.23.5_0\js\lib\popupResource\popup.js, Quarantined, [bd607f25afcc023420c9c105788a6799], 
PUP.Optional.SafeSaver.A, C:\Program Files\Safe-Saver Generic\Safe-Saver Generic-codedownloader.exe, Quarantined, [e5381094116a5fd714da5c6a12f0ae52], 
PUP.Optional.SafeSaver.A, C:\Program Files\Safe-Saver Generic\33986.crx, Quarantined, [e5381094116a5fd714da5c6a12f0ae52], 
PUP.Optional.SafeSaver.A, C:\Program Files\Safe-Saver Generic\33986.xpi, Quarantined, [e5381094116a5fd714da5c6a12f0ae52], 
PUP.Optional.SafeSaver.A, C:\Program Files\Safe-Saver Generic\background.html, Quarantined, [e5381094116a5fd714da5c6a12f0ae52], 
PUP.Optional.SafeSaver.A, C:\Program Files\Safe-Saver Generic\Installer.log, Quarantined, [e5381094116a5fd714da5c6a12f0ae52], 
PUP.Optional.SafeSaver.A, C:\Program Files\Safe-Saver Generic\Safe-Saver Generic-bg.exe, Quarantined, [e5381094116a5fd714da5c6a12f0ae52], 
PUP.Optional.SafeSaver.A, C:\Program Files\Safe-Saver Generic\Safe-Saver Generic-buttonutil.dll, Quarantined, [e5381094116a5fd714da5c6a12f0ae52], 
PUP.Optional.SafeSaver.A, C:\Program Files\Safe-Saver Generic\Safe-Saver Generic-buttonutil.exe, Quarantined, [e5381094116a5fd714da5c6a12f0ae52], 
PUP.Optional.SafeSaver.A, C:\Program Files\Safe-Saver Generic\Safe-Saver Generic-buttonutil64.dll, Quarantined, [e5381094116a5fd714da5c6a12f0ae52], 
PUP.Optional.SafeSaver.A, C:\Program Files\Safe-Saver Generic\Safe-Saver Generic-buttonutil64.exe, Quarantined, [e5381094116a5fd714da5c6a12f0ae52], 
PUP.Optional.SafeSaver.A, C:\Program Files\Safe-Saver Generic\Safe-Saver Generic-chromeinstaller.exe, Quarantined, [e5381094116a5fd714da5c6a12f0ae52], 
PUP.Optional.SafeSaver.A, C:\Program Files\Safe-Saver Generic\Safe-Saver Generic-enabler.exe, Quarantined, [e5381094116a5fd714da5c6a12f0ae52], 
PUP.Optional.SafeSaver.A, C:\Program Files\Safe-Saver Generic\Safe-Saver Generic-firefoxinstaller.exe, Quarantined, [e5381094116a5fd714da5c6a12f0ae52], 
PUP.Optional.SafeSaver.A, C:\Program Files\Safe-Saver Generic\Safe-Saver Generic-helper.exe, Quarantined, [e5381094116a5fd714da5c6a12f0ae52], 
PUP.Optional.SafeSaver.A, C:\Program Files\Safe-Saver Generic\Safe-Saver Generic-updater.exe, Quarantined, [e5381094116a5fd714da5c6a12f0ae52], 
PUP.Optional.SafeSaver.A, C:\Program Files\Safe-Saver Generic\Safe-Saver Generic.ico, Quarantined, [e5381094116a5fd714da5c6a12f0ae52], 
PUP.Optional.SafeSaver.A, C:\Program Files\Safe-Saver Generic\Uninstall.exe, Quarantined, [e5381094116a5fd714da5c6a12f0ae52], 
PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "147729bd4664b2fb71775cc1fdba1a17");), Replaced,[4bd25153ceadfc3ac11ceef628dc01ff]

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.