Removal instructions for Savepass 2.0

Metallica · October 17, 2014

What is Savepass 2.0?

The Malwarebytes research team has determined that Savepass 2.0 is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is affected by Savepass 2.0?

You may see these browser extensions/add-ons:

and this entry in your list of installed programs:

How did Savepass 2.0 get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove Savepass 2.0?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.

Please download Malwarebytes Anti-Malware to your desktop.
Double-click mbam-setup-version.exe and follow the prompts to install the program.
At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
Then click Finish.
If an update is found, you will be prompted to download and install the latest version.
Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
Reboot your computer if prompted.

Is there anything else I need to do to get rid of Savepass 2.0?

If you are using Opera, you may have to remove the Extension manually under Opera > Extensions click the x behind Savepass 2.0 and click OK in the prompt to confirm.
If you are using Chrome, this hijacker alters the shortcuts for Chrome on your desktop, in the taskbar and in the Startmenu Programs. Read here how to clean your shortcuts.

How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Savepass 2.0 hijacker. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

Technical details for experts

Signs in a HijackThis log:

O2 - BHO: da025ad951204237900c3cae637586ab0066161 - {11111111-1111-1111-1111-110611611161} - C:\Program Files\Savepass 2.0\Savepass 2.0-bho.dll

Alterations made by the installer:

File system details  ---------------------------------------------    Adds the folder C:\Program Files\Savepass 2.0       Adds the file 1293297481.mxaddon"="8/14/2014 6:46 PM, 44330 bytes, A       Adds the file 17e33c18-1055-4500-b38d-1e3c3cbc6525.crx"="10/17/2014 9:06 AM, 233719 bytes, A       Adds the file 93c8f49d-4ebf-4a0d-9cdf-ad66731d0621.crx"="10/17/2014 9:06 AM, 232517 bytes, A       Adds the file 93c8f49d-4ebf-4a0d-9cdf-ad66731d0621.xpi"="10/17/2014 9:06 AM, 273211 bytes, A       Adds the file 93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-11.exe"="10/17/2014 9:06 AM, 2036640 bytes, A       Adds the file 93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-2.exe"="10/17/2014 9:06 AM, 960928 bytes, A       Adds the file 93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-4.exe"="10/17/2014 9:06 AM, 1561504 bytes, A       Adds the file 93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-5.exe"="10/17/2014 9:06 AM, 888224 bytes, A       Adds the file background.html"="10/13/2014 11:24 AM, 729 bytes, A       Adds the file f95309a3-5927-4266-8404-029344aa2ff7.exe"="10/17/2014 9:06 AM, 32672 bytes, A       Adds the file fe932deb-113b-44f0-89d9-2f2ba23adf9c.exe"="10/17/2014 9:06 AM, 390560 bytes, A       Adds the file Interop.IWshRuntimeLibrary.dll"="10/17/2014 9:06 AM, 53664 bytes, A       Adds the file Newtonsoft.Json.dll"="10/17/2014 9:06 AM, 495520 bytes, A       Adds the file Savepass 2.0.ico"="10/13/2014 11:24 AM, 15086 bytes, A       Adds the file Savepass 2.0-bg.exe"="10/17/2014 9:06 AM, 650656 bytes, A       Adds the file Savepass 2.0-bho.dll"="10/17/2014 9:06 AM, 624032 bytes, A       Adds the file Savepass 2.0-codedownloader.exe"="10/17/2014 9:06 AM, 1145760 bytes, A       Adds the file SuperSocket.ClientEngine.Common.dll"="10/17/2014 9:06 AM, 23456 bytes, A       Adds the file SuperSocket.ClientEngine.Core.dll"="10/17/2014 9:06 AM, 26528 bytes, A       Adds the file SuperSocket.ClientEngine.Protocol.dll"="10/17/2014 9:06 AM, 19872 bytes, A       Adds the file Uninstall.exe"="10/17/2014 9:06 AM, 104352 bytes, A       Adds the file utils.exe"="10/17/2014 9:06 AM, 2626166 bytes, A       Adds the file WebSocket4Net.dll"="10/17/2014 9:06 AM, 64416 bytes, A    In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch       Alters the file Google Chrome.lnk    In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar       Alters the file Google Chrome.lnk    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\defaults    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\locale    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin    Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\jpkcdolaggmoijdgaglfamlafleibeie\1.26.8_0    Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\jpkcdolaggmoijdgaglfamlafleibeie\1.26.8_0\extensionData    Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\jpkcdolaggmoijdgaglfamlafleibeie\1.26.8_0\icons    Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\jpkcdolaggmoijdgaglfamlafleibeie\1.26.8_0\js    Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\jpkcdolaggmoijdgaglfamlafleibeie\1.26.8_0\js\lib\popupResource    In the existing folder C:\Users\Public\Desktop       Alters the file Google Chrome.lnk    In the existing folder C:\Windows\System32\Tasks       Adds the file 93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-1"="10/17/2014 9:06 AM, 6126 bytes, A       Adds the file 93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-11"="10/17/2014 9:06 AM, 7854 bytes, A       Adds the file 93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-2"="10/17/2014 9:06 AM, 5124 bytes, A       Adds the file 93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-5"="10/17/2014 9:06 AM, 5460 bytes, A       Adds the file 93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-5_user"="10/17/2014 9:06 AM, 5466 bytes, A       Adds the file f95309a3-5927-4266-8404-029344aa2ff7"="10/17/2014 9:06 AM, 3584 bytes, A       Adds the file fe932deb-113b-44f0-89d9-2f2ba23adf9c"="10/17/2014 9:06 AM, 4370 bytes, A    In the existing folder C:\Windows\Tasks       Adds the file 93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-1.job"="10/17/2014 9:06 AM, 3096 bytes, A       Adds the file 93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-11.job"="10/17/2014 9:06 AM, 4824 bytes, A       Adds the file 93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-2.job"="10/17/2014 9:06 AM, 2094 bytes, A       Adds the file 93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-5.job"="10/17/2014 9:06 AM, 2430 bytes, A       Adds the file 93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-5_user.job"="10/17/2014 9:06 AM, 2430 bytes, A       Adds the file f95309a3-5927-4266-8404-029344aa2ff7.job"="10/17/2014 9:06 AM, 548 bytes, A       Adds the file fe932deb-113b-44f0-89d9-2f2ba23adf9c.job"="10/17/2014 9:06 AM, 1340 bytes, ARegistry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611611161}]       "(Default)"="REG_SZ", "Savepass 2.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611611161}\Implemented Categories]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611611161}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611611161}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\Savepass 2.0\Savepass 2.0-bho.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611611161}\ProgID]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161.BHO.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611611161}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611611161}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644614461}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611611161}\VersionIndependentProgID]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622612261}]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622612261}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\Savepass 2.0\Savepass 2.0-bho.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622612261}\ProgID]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161.Sandbox.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622612261}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622612261}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644614461}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622612261}\VersionIndependentProgID]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\da025ad951204237900c3cae637586ab0066161.BHO]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\da025ad951204237900c3cae637586ab0066161.BHO\CLSID]       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611611161}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\da025ad951204237900c3cae637586ab0066161.BHO\CurVer]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\da025ad951204237900c3cae637586ab0066161.BHO.1]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\da025ad951204237900c3cae637586ab0066161.BHO.1\CLSID]       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611611161}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\da025ad951204237900c3cae637586ab0066161.Sandbox]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\da025ad951204237900c3cae637586ab0066161.Sandbox\CLSID]       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622612261}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\da025ad951204237900c3cae637586ab0066161.Sandbox\CurVer]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\da025ad951204237900c3cae637586ab0066161.Sandbox.1]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\da025ad951204237900c3cae637586ab0066161.Sandbox.1\CLSID]       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622612261}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655615561}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644614461}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666616661}]       "(Default)"="REG_SZ", "ISandBox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666616661}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666616661}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666616661}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644614461}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644614461}\1.0]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161 Type Library"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644614461}\1.0\0\win32]       "(Default)"="REG_SZ", "C:\Program Files\Savepass 2.0\Savepass 2.0-bho.dll"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644614461}\1.0\FLAGS]       "(Default)"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644614461}\1.0\HELPDIR]       "(Default)"="REG_SZ", "C:\Program Files\Savepass 2.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\29777]       "66161"="REG_SZ", "Savepass 2.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\29777\Status]       "Installed"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION]       "Savepass 2.0-bg.exe"="REG_DWORD", 8000    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611611161}]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161"       "NoExplorer"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]       "{11111111-1111-1111-1111-110611611161}"="REG_SZ", "1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Savepass 2.0]       "CrAppId"="REG_SZ", "66161"       "CrPublisherId"="REG_SZ", "29777"       "DisplayIcon"="REG_SZ", "C:\Program Files\Savepass 2.0\utils.exe"       "DisplayName"="REG_SZ", "Savepass 2.0"       "DisplayVersion"="REG_SZ", "1.35.9.29"       "Publisher"="REG_SZ", "OB"       "UninstallString"="REG_SZ", "C:\Program Files\Savepass 2.0\Uninstall.exe /fcp=1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]       "93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-1.job"="REG_BINARY, ................................       "93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-1.job.fp"="REG_DWORD", 56292473       "93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-11.job"="REG_BINARY, ................................       "93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-11.job.fp"="REG_DWORD", -487243100       "93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-2.job"="REG_BINARY, ................................       "93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-2.job.fp"="REG_DWORD", -1870509817       "93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-5.job"="REG_BINARY, ................................       "93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-5.job.fp"="REG_DWORD", 1542482447       "93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-5_user.job"="REG_BINARY, ................................       "93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-5_user.job.fp"="REG_DWORD", -2094997316       "f95309a3-5927-4266-8404-029344aa2ff7.job"="REG_BINARY, ................................       "f95309a3-5927-4266-8404-029344aa2ff7.job.fp"="REG_DWORD", -2018957458       "fe932deb-113b-44f0-89d9-2f2ba23adf9c.job"="REG_BINARY, ................................       "fe932deb-113b-44f0-89d9-2f2ba23adf9c.job.fp"="REG_DWORD", 1773204549    [HKEY_LOCAL_MACHINE\SOFTWARE\Savepass 2.0\aMj9RTWVoVk3/htH66WcvREm9R8Ip70hdGP/wGzD7fFGZ3yrj0mlmtTTgXoXxYRC8svpE32PI7XRhbzpnOyO0b0drKOozdfU26/q238DZg3tWeDamho6T4qOsFiVZVVfaRYt68GM8PKTf1clundCs8WCUuVnSsNsjyF+MD6TyjY=]       "M7MKqTytJpDBLE9TudCwMkgY43UC7fk1uAZhtt7/4+EixceibUY86lKVNz0a5k16UhdDuc286nSJRpRPuhP9YjowEnGe9zoyWbZLgMe+RbpEuAMfjOn9amkUlNTfYIf8q/A0h5frEtq9lXYBupYIbc9tL4YgcIvtuO+sSnvmvKWXfpzne7bBpeK/tCtyC5ajhBXyMoPfI7LcFwoiDlc8z/G3u7VA9kiwPQSHZxV2lhMIrk9FGqwxzanuvWEgp31oyd/9+iL2Ot/X3pxtKuXNPR1AIrmP/PgqpGVDoqAHFZ9NbeD+e7eQENUI5O3Z4Zle66+qLIXCLVKVZpVO8ByoxQ=="="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Savepass 2.0\IE       "TotalProfiles"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Savepass 2.0\IE\Profiles       "S-1-5-21-4016700205-1717049133-1125222536-1001"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Savepass 2.0\INn7n+5qWzNJ/0UakVZtracYmrfvFHAJNEdHqiNo1jHsgR5ASvgqtM7BXefaHdMObgF8AuHIVdQX27al5RhPBxhyIDyvkpP9YWJQXztBvRqJjqKwE0M+SaA5SEA6MPJ4/md8vVecR2itgNO1nLG9qQTRsI7/C88KAaAQ+94M9ek=]       "aKJgi/h0vGreWCluaG6YBwzSoLR9uKlBbuhcqS9anb7mgJezMWSu1hlv12JmYDavD/p/4JQ121UE+rX5lBqayYr/Bfyt6zX0rDwKgidiazr/I3+zTZ5+HEgKuKRRHpe3l8YvmewAR+eawOIZc35newstpY8w5uh0N0jFrb7S8HQ="="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Savepass 2.0\Installer]       "BundledAddCh"="REG_DWORD", 1       "BundledFirefox"="REG_DWORD", 1       "BundledIe"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Savepass 2.0\Lqbzs696A/H6PmFDcoF0KcyihCgYugE2oh+Yo+lrkfTMpcn23jYUki2gBjnWKqDenSXU1XJ+zfz8DiZImeqFjTiLYJyc1x+bvSECmJg6Ru1eihNZJ8AGiT4MO7rsMHtqzZJohVc4lEtWM+Z6ICavqg1i8ki4BMXG+Ge7wKizemo=]       "djhAnne49htsm34urbaWlRGJtO5bIFcHy7/UThi5TZ5m08IaygbtPECNfo5dD78lZAA0ARmwSuHGW2GYR9+ToKuuJHR5PKOmhY6ZA45VVHRNMSeuMni8pLQvPzalTLHeAaHcqTyWHoR4sB/IO1Bd2v6XkSWChE0PHsAPsZfZdsM="="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Savepass 2.0\ngvoeYJTmuNceBbVC9zssmwpCsW3F/MkjoilA6smVpoJdBX8HxqCuYQ1Ug5MQlNz1uNH3NvYhnb2KCN7uFbl62untQfeUiDaZuGeUUQaRYhPFSA5BqrEEr380oiVWcsnhAurS4+yBg9w0MB61xGMZzTzHO2M1hazT3uYg1gwn7E=]       "djhAnne49htsm34urbaWlRGJtO5bIFcHy7/UThi5TZ5m08IaygbtPECNfo5dD78lZAA0ARmwSuHGW2GYR9+ToKuuJHR5PKOmhY6ZA45VVHRNMSeuMni8pLQvPzalTLHeAaHcqTyWHoR4sB/IO1Bd2v6XkSWChE0PHsAPsZfZdsM="="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]       "Bic"="REG_SZ", "FE8C7F3ACAC14F539B9AAD9688980D54IE"       "Verifier"="REG_SZ", "1accfb899fb2ed1be0f26a4a05ed8f33"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onBeforeNavigate]       "66161"="REG_SZ", ""    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onRequest]       "66161"="REG_SZ", ""    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Savepass 2.0]       "ActiveAppId"="REG_SZ", "66161"       "BhoRunningVersion"="REG_SZ", "154"       "IsBhoEnabled"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Savepass 2.0\Background]       " { javascript removed, full log available on request } "    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Savepass 2.0\Debug]       "DebuggedAppUrl"="REG_SZ", "file://C:\Users\{username}\Documents\debug.js"       "DebuggedBgUrl"="REG_SZ", "file://C:\Users\{username}\Documents\bg_debug.js"       "DebuggedNewTabUrl"="REG_SZ", "file://C:\Users\{username}\Documents\new_debug.js"       "IsDebuggingPlugins"="REG_DWORD", 0       "IsDebugMode"="REG_DWORD", 0    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Savepass 2.0\Installer]       "AdditionalInfo"="REG_SZ", "{"asw":[67108864, -1073733563, 0],"browser_name":"ie","proc_id":"419F0618A36D4FAA9BAA21A0FB78C9BDPI","os":{"name":"7","build":"7601","product":"Windows 7 Ultimate N","sp":"Service Pack 1","install_date":"1363633411"},"upi":"8655ebc447297b398088e5f1933333c9"}"       "CodeDownloadDomain"="REG_SZ", "http://js.newgenonlinesrv.com"       "CodeDownloadFbDomain"="REG_SZ", "http://js.clientdemocloud.com"       "DefaultBrowser"="REG_SZ", "ie"       "ErrorsDomain"="REG_SZ", "http://errors.newgenonlinesrv.com"       "FullVersion"="REG_SZ", "1.35.9.29"       "FullVersionForUrl"="REG_SZ", "1_35_09_29"       "OsName"="REG_SZ", "7"       "Params"="REG_SZ", "{   "source_id" : "001959",   "sub_id" : "0",   "uzid" : "0"}"       "SrcId"="REG_SZ", "001959"       "StatsDomain"="REG_SZ", "http://stats.newgenonlinesrv.com"       "SubId"="REG_SZ", "0"       "Time"="REG_SZ", "1413529571"       "ZData"="REG_SZ", "0"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Savepass 2.0\Manifest]       "AddressbarURL"="REG_SZ", "NA"       "BgVersion"="REG_SZ", "1"       "ChangePrevious"="REG_SZ", "false"       "Description"="REG_SZ", "Just Save!"       "DisableIe"="REG_SZ", "true"       "EnableSearchIE"="REG_SZ", "false"       "HomePageUrl"="REG_SZ", "NA"       "IsButtonEnabled"="REG_SZ", "false"       "Manifest"="REG_SZ", "NA"       "ModeType"="REG_SZ", "production"       "Name"="REG_SZ", "Savepass 2.0"       "PluginsManifestVersion"="REG_SZ", "10"       "PublisherId"="REG_SZ", "29777"       "PublisherName"="REG_SZ", "OB"       "RunInFrame"="REG_SZ", "false"       "SetNewTab"="REG_SZ", "false"       "ThanksUrl"="REG_SZ", "NA"       "UninstallerOfferAction"="REG_SZ", "NA"       "UninstallerOfferUrl"="REG_SZ", "NA"       "UpdateInterval"="REG_DWORD", 360       "Version"="REG_SZ", "15"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Savepass 2.0\Update]       "LastCheck"="REG_DWORD", 1413529591    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\29777]       "66161"="REG_SZ", "Savepass 2.0"    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\29777\Status]       "Installed"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\OB]       "66161"="REG_SZ", "Savepass 2.0"    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611611161}]       "Flags"="REG_DWORD", 1024

Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 10/17/2014Scan Time: 9:13:00 AMLogfile: mbamSavePass2.txtAdministrator: YesVersion: 2.00.3.1025Malware Database: v2014.10.17.02Rootkit Database: v2014.10.15.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 270353Time Elapsed: 3 min, 37 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 2PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\fe932deb-113b-44f0-89d9-2f2ba23adf9c.exe, 3016, Delete-on-Reboot, [73534ec76b118da9120b5c757d84639d]PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\f95309a3-5927-4266-8404-029344aa2ff7.exe, 3788, Delete-on-Reboot, [8e389a7bc6b61d197dc20606e023ef11]Modules: 6PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\Interop.IWshRuntimeLibrary.dll, Delete-on-Reboot, [8e389a7bc6b61d197dc20606e023ef11], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\Newtonsoft.Json.dll, Delete-on-Reboot, [8e389a7bc6b61d197dc20606e023ef11], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\SuperSocket.ClientEngine.Common.dll, Delete-on-Reboot, [8e389a7bc6b61d197dc20606e023ef11], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\SuperSocket.ClientEngine.Core.dll, Delete-on-Reboot, [8e389a7bc6b61d197dc20606e023ef11], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\SuperSocket.ClientEngine.Protocol.dll, Delete-on-Reboot, [8e389a7bc6b61d197dc20606e023ef11], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\WebSocket4Net.dll, Delete-on-Reboot, [8e389a7bc6b61d197dc20606e023ef11], Registry Keys: 36PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611611161}, Quarantined, [0fb7987d2a5294a2af6e3b967e8352ae], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644614461}, Quarantined, [0fb7987d2a5294a2af6e3b967e8352ae], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655615561}, Quarantined, [0fb7987d2a5294a2af6e3b967e8352ae], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666616661}, Quarantined, [0fb7987d2a5294a2af6e3b967e8352ae], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\da025ad951204237900c3cae637586ab0066161.BHO.1, Quarantined, [0fb7987d2a5294a2af6e3b967e8352ae], PUP.Optional.SavePass.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611611161}, Quarantined, [0fb7987d2a5294a2af6e3b967e8352ae], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\da025ad951204237900c3cae637586ab0066161.BHO, Quarantined, [0fb7987d2a5294a2af6e3b967e8352ae], PUP.Optional.SavePass.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110611611161}, Quarantined, [0fb7987d2a5294a2af6e3b967e8352ae], PUP.Optional.SavePass.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110611611161}, Quarantined, [0fb7987d2a5294a2af6e3b967e8352ae], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622612261}, Quarantined, [0fb7987d2a5294a2af6e3b967e8352ae], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\da025ad951204237900c3cae637586ab0066161.Sandbox.1, Quarantined, [0fb7987d2a5294a2af6e3b967e8352ae], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\da025ad951204237900c3cae637586ab0066161.Sandbox, Quarantined, [0fb7987d2a5294a2af6e3b967e8352ae], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611611161}\INPROCSERVER32, Quarantined, [0fb7987d2a5294a2af6e3b967e8352ae], PUP.Optional.SavePass.A, HKLM\SOFTWARE\Savepass 2.0, Quarantined, [9a2c9481bcc0171fdab427fc17ec29d7], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE, Quarantined, [64621302582405311e5c71b8de250000], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\29777, Quarantined, [a6200c09a0dcab8bee9a2420d132847c], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [477f3dd8bcc046f0759c107aa3611ee2], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [6462a66f6a12e35328ea7713cf35bc44], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [547285902557f145c581b3c87b899f61], PUP.Optional.SavePass.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Savepass 2.0, Quarantined, [13b342d34f2dc3734848c65dd42fef11], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\29777, Quarantined, [f2d40213d9a3f73fa39329f4798a01ff], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\OB, Quarantined, [9d29859056261c1a0299c75bbf4442be], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.SavePass.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Savepass 2.0, Quarantined, [8e389a7bc6b61d197dc20606e023ef11], Registry Values: 1PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE|path, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [64621302582405311e5c71b8de250000]Registry Data: 0(No malicious items detected)Folders: 21PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Download, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Install, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline\{E5DC1AAC-07D2-4A94-BD63-A79C011F0942}, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.371714, Quarantined, [94320c09b1cb40f6a5a47491dd269e62], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\defaults, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\defaults\preferences, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\userCode, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\locale, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\locale\en-US, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0, Delete-on-Reboot, [8e389a7bc6b61d197dc20606e023ef11], Files: 153PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\fe932deb-113b-44f0-89d9-2f2ba23adf9c.exe, Delete-on-Reboot, [73534ec76b118da9120b5c757d84639d], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\Savepass 2.0-bho.dll, Quarantined, [0fb7987d2a5294a2af6e3b967e8352ae], PUP.Optional.CrossRider.A, C:\Users\{username}\Desktop\Savepass 2.0.exe, Quarantined, [ad1962b3770576c0ea198acfdc2408f8], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-11.exe, Quarantined, [4680de37e29ad462bc61ae2307faf808], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-2.exe, Quarantined, [70561ff6a2dadb5b9f7e725f22df936d], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-4.exe, Quarantined, [596de62f83f957dfa4795f7261a0f40c], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-5.exe, Quarantined, [7056cf46374585b162bb5b76ca3733cd], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\Savepass 2.0-bg.exe, Quarantined, [c105967f91ebc76f6cb1d9f8a65ba45c], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\Savepass 2.0-codedownloader.exe, Quarantined, [18aee233fd7f6acce23b7b56788949b7], PUP.Optional.CrossRider.A, C:\Program Files\Savepass 2.0\utils.exe, Quarantined, [b70f6aab35477fb722e1b5a41de329d7], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-1, Quarantined, [279f0312b2ca81b5dc9935f408fb847c], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-11, Quarantined, [c402ab6a7a02af87a7ced55461a239c7], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-2, Quarantined, [963020f58cf045f1363f8f9ab053d729], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-5, Quarantined, [784e1500502cd462d3a22900cf34bf41], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-5_user, Quarantined, [4e78fc194636a294cfa6c9609073f907], PUP.Optional.CrossRider.T, C:\Windows\Tasks\93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-1.job, Quarantined, [f8ce5cb9acd0e65087203d4a49bbc63a], PUP.Optional.CrossRider.T, C:\Windows\Tasks\93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-11.job, Quarantined, [bd0923f2bebeab8befb83a4da65e38c8], PUP.Optional.CrossRider.T, C:\Windows\Tasks\93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-2.job, Quarantined, [2d99e92cb6c6cb6b8621f592a460d729], PUP.Optional.CrossRider.T, C:\Windows\Tasks\93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-5.job, Quarantined, [9531ab6af98365d16a3dc2c58f75b947], PUP.Optional.CrossRider.T, C:\Windows\Tasks\93c8f49d-4ebf-4a0d-9cdf-ad66731d0621-5_user.job, Quarantined, [675f9d78ec90ef47535462253bc9d52b], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Quarantined, [f7cf02133a42d264823babdce321a15f], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, Quarantined, [8046be57b2caf3432d91dea993718e72], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Quarantined, [ae18a86d621ac472e3dc5136d92bb64a], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, Quarantined, [8b3bd4416c1089adc7f920679a6a50b0], PUP.Optional.CrossRider.A, C:\Windows\Tasks\f95309a3-5927-4266-8404-029344aa2ff7.job, Quarantined, [299dd83dbcc0ea4c858aa8e29371916f], PUP.Optional.CrossRider.A, C:\Windows\Tasks\fe932deb-113b-44f0-89d9-2f2ba23adf9c.job, Quarantined, [b610b75e3c40b185907f0486788cf20e], PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\f95309a3-5927-4266-8404-029344aa2ff7, Quarantined, [af17eb2a1d5f05315bb5b8d2986c669a], PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\fe932deb-113b-44f0-89d9-2f2ba23adf9c, Quarantined, [03c3a273d1ab3ef8e729761439cbf30d], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psuser.dll, Quarantined, [4482cc49c0bc0135c76685802bd801ff], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.371714\GoogleCrashHandler.exe, Quarantined, [94320c09b1cb40f6a5a47491dd269e62], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.371714\GoogleUpdate.exe, Quarantined, [94320c09b1cb40f6a5a47491dd269e62], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.371714\GoogleUpdateBroker.exe, Quarantined, [94320c09b1cb40f6a5a47491dd269e62], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.371714\GoogleUpdateHelper.msi, Quarantined, [94320c09b1cb40f6a5a47491dd269e62], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.371714\GoogleUpdateOnDemand.exe, Quarantined, [94320c09b1cb40f6a5a47491dd269e62], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.371714\goopdate.dll, Quarantined, [94320c09b1cb40f6a5a47491dd269e62], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.371714\goopdateres_en.dll, Quarantined, [94320c09b1cb40f6a5a47491dd269e62], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.371714\npGoogleUpdate4.dll, Quarantined, [94320c09b1cb40f6a5a47491dd269e62], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.371714\psmachine.dll, Quarantined, [94320c09b1cb40f6a5a47491dd269e62], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.371714\psuser.dll, Quarantined, [94320c09b1cb40f6a5a47491dd269e62], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome.manifest, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\install.rdf, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\1fcf8c0d0053d16cc1c52600e26e0c94.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\22b671ec8284829c49c3d86c0619ea95.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\6422c9b7afc898158f11988309985458.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\6adeb597ec679058e687323770b36079.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\background.html, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\browser.xul, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\d81fec536d129eb74533d4bcaf5a8d97.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\dialog.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\e41ad64827a7d2d57eccf0dbc79894ff.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\options.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\options.xul, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\search_dialog.xul, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\89fbc39eaa8d78c6c88ad395c0cbb8ae.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\027e0ad2539aa79adaa68edabb867e50.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\25d5c3b131111612b25b5b9327bf2873.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\41969b743098fb428ad488c45eed43c1.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\568559cddce3047042eae715e2810014.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\66d002c20c08fff2ee85a1dcc3ca440f.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\7179585dcd5245d86572d61be80597a8.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\80568213bbde0ea4ff5ec0a527c66667.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\881d1e54f286b662598a9e61cf594eb6.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\b017dd2fef5f42f208ab7e66ec0b08ef.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\bba6c0664eb7acf82b98ead9b5214e76.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\ca4d183d9ac28d045215a382475cb340.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\d3cb99a6af77ef18da7e054d4bff228a.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\e3513c75f34bd7ccfa6921bbd2e9774e.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\f59f45847eae9b524a1d5602baf0b963.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\fb2fcac6f0b6cfe85d3b8b99c084532d.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\c89d86af7e2ccc2783ac680247500106.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\1138335ebb8aedb5245856c65e968015.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\13b3daf630ad05eda774827bef6cab28.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\19817f92be122bdada305a3b11c21214.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\29e019f07441bcf5cd8a55d547c80cd9.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\5174e78f40c60d606f0e3e0b9c59bb0e.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\541ca51a7d0931ab3ce3c9504193aca2.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\5636acb976366481edd5a7b941e3653a.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\6b0dfbca520cdf04c5f786397d78f3d0.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\707a72d67daea424401d74c2d8ad7a39.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\851136ce673252ce8653320b288bf585.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\8d3de5df280738199dc55824abb7b7fa.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\b0437324c5ffc40bd7148ea077f77376.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\d12be0f76d14b4e34a7405bd791113fd.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\d2dcc71ac2aa218346ad5fce46b3a7f6.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\daad1cf662512b5b9e7ee71ac193c1bf.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\e4d884ccb5b7ab97f1fb80664de2fff5.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\e8e3647b55270c7e57e1fd27a629c449.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\eae990975df85b4206dcfb090a7ad578.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\f04484277d049e5894b70a172f6bacbf.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\installer.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\defaults\preferences\prefs.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\manifest.xml, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins.json, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\104.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\13.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\14.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\16.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\17.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\184.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\223.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\242.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\246.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\268.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\275.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\289.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\4.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\47.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\64.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\78.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\91.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\93.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\userCode\background.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\userCode\extension.js, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\locale\en-US\translations.dtd, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\button1.png, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\button2.png, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\button3.png, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\button4.png, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\button5.png, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\crossrider_statusbar.png, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\icon128.png, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\icon16.png, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\icon24.png, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\icon48.png, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\panelarrow-up.png, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\popup.html, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\skin.css, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\update.css, Quarantined, [6a5cfe17a1db06301e6cdf2b778c966a], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\Interop.IWshRuntimeLibrary.dll, Delete-on-Reboot, [8e389a7bc6b61d197dc20606e023ef11], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\1293297481.mxaddon, Quarantined, [8e389a7bc6b61d197dc20606e023ef11], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\17e33c18-1055-4500-b38d-1e3c3cbc6525.crx, Quarantined, [8e389a7bc6b61d197dc20606e023ef11], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\93c8f49d-4ebf-4a0d-9cdf-ad66731d0621.crx, Quarantined, [8e389a7bc6b61d197dc20606e023ef11], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\93c8f49d-4ebf-4a0d-9cdf-ad66731d0621.xpi, Quarantined, [8e389a7bc6b61d197dc20606e023ef11], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\background.html, Quarantined, [8e389a7bc6b61d197dc20606e023ef11], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\f95309a3-5927-4266-8404-029344aa2ff7.exe, Delete-on-Reboot, [8e389a7bc6b61d197dc20606e023ef11], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\Newtonsoft.Json.dll, Delete-on-Reboot, [8e389a7bc6b61d197dc20606e023ef11], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\Savepass 2.0.ico, Quarantined, [8e389a7bc6b61d197dc20606e023ef11], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\SuperSocket.ClientEngine.Common.dll, Delete-on-Reboot, [8e389a7bc6b61d197dc20606e023ef11], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\SuperSocket.ClientEngine.Core.dll, Delete-on-Reboot, [8e389a7bc6b61d197dc20606e023ef11], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\SuperSocket.ClientEngine.Protocol.dll, Delete-on-Reboot, [8e389a7bc6b61d197dc20606e023ef11], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\Uninstall.exe, Quarantined, [8e389a7bc6b61d197dc20606e023ef11], PUP.Optional.SavePass.A, C:\Program Files\Savepass 2.0\WebSocket4Net.dll, Delete-on-Reboot, [8e389a7bc6b61d197dc20606e023ef11], Physical Sectors: 0(No malicious items detected)(end)

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

Dynamically Blocks Malware Sites & Servers
Malware Execution Prevention

Save yourself the hassle and get protected.

Sign In

Removal instructions for Savepass 2.0

Recommended Posts

Metallica

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information