Jump to content
Sign in to follow this  
Metallica

Removal instructions for Savepass 3

Recommended Posts

What is Savepass 3?

 

The Malwarebytes research team has determined that Savepass 3 is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

 

How do I know if my computer is affected by Savepass 3?

 

You may see these browser extensions/add-ons:

 

warning1.png

 

warning2.png

 

warning3.png

 

and this entry in your list of installed programs:

 

warning4.png

 

 

How did Savepass 3 get on my computer?

 

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

 

How do I remove Savepass 3?

 

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of Savepass 3?
  • If you are using Chrome, this hijacker alters the shortcuts for Chrome on your desktop, in the taskbar and in the Startmenu Programs. Read here how to clean your shortcuts.
  • This PUP creates some scheduled tasks. You can read here how to remove Scheduled Tasks.
How would the full version of Malwarebytes Anti-Malware help protect me?

 

We hope our application and this guide have helped you eradicate this hijacker.  

 

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Savepass 3 hijacker. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

 

 

protection1.png

 

Technical details for experts

 

Signs in a HijackThis log:

 

O2 - BHO: da025ad951204237900c3cae637586ab0066161 - {11111111-1111-1111-1111-110611611161} - C:\Program Files\Savepass 3.0\Savepass 3.0-bho.dll
 

Alterations made by the installer:

  

 File system details  ---------------------------------------------    Adds the folder C:\Program Files\Savepass 3.0       Adds the file 1293297481.mxaddon"="10/14/2014 6:22 PM, 45407 bytes, A       Adds the file 2b25e704-375b-4ded-aacf-2ca34ab66425.crx"="11/26/2014 1:19 PM, 250337 bytes, A       Adds the file 2b25e704-375b-4ded-aacf-2ca34ab66425.xpi"="11/26/2014 1:19 PM, 291017 bytes, A       Adds the file 2b25e704-375b-4ded-aacf-2ca34ab66425-11.exe"="11/26/2014 1:19 PM, 2030504 bytes, A       Adds the file 2b25e704-375b-4ded-aacf-2ca34ab66425-2.exe"="11/26/2014 1:19 PM, 887208 bytes, A       Adds the file 2b25e704-375b-4ded-aacf-2ca34ab66425-4.exe"="11/26/2014 1:19 PM, 1539496 bytes, A       Adds the file 2b25e704-375b-4ded-aacf-2ca34ab66425-5.exe"="11/26/2014 1:20 PM, 1173416 bytes, A       Adds the file 9cb59dba-8284-4bfe-9ec7-b64f013044d6.exe"="11/26/2014 1:20 PM, 380328 bytes, A       Adds the file a6c7015d-3094-4303-a638-873c475371e3.exe"="11/26/2014 1:19 PM, 32680 bytes, A       Adds the file background.html"="11/23/2014 9:40 AM, 729 bytes, A       Adds the file d70e13e0-1592-4465-b11a-ace1b420a616.crx"="11/26/2014 1:19 PM, 251537 bytes, A       Adds the file Interop.IWshRuntimeLibrary.dll"="11/26/2014 1:19 PM, 53672 bytes, A       Adds the file Newtonsoft.Json.dll"="11/26/2014 1:19 PM, 495528 bytes, A       Adds the file Savepass 3.0.ico"="11/23/2014 9:40 AM, 15086 bytes, A       Adds the file Savepass 3.0-bg.exe"="11/26/2014 1:19 PM, 531880 bytes, A       Adds the file Savepass 3.0-bho.dll"="11/26/2014 1:19 PM, 722344 bytes, A       Adds the file Savepass 3.0-codedownloader.exe"="11/26/2014 1:19 PM, 1020328 bytes, A       Adds the file SuperSocket.ClientEngine.Common.dll"="11/26/2014 1:19 PM, 23464 bytes, A       Adds the file SuperSocket.ClientEngine.Core.dll"="11/26/2014 1:19 PM, 26536 bytes, A       Adds the file SuperSocket.ClientEngine.Protocol.dll"="11/26/2014 1:19 PM, 19880 bytes, A       Adds the file Uninstall.exe"="11/26/2014 1:19 PM, 103848 bytes, A       Adds the file utils.exe"="11/26/2014 1:19 PM, 2647346 bytes, A       Adds the file WebSocket4Net.dll"="11/26/2014 1:19 PM, 64424 bytes, A    In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch       Alters the file Google Chrome.lnk        6/8/2014 11:14 AM, 2229 bytes, A ==> 11/26/2014 1:19 PM, 2287 bytes, A    In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar       Alters the file Google Chrome.lnk        6/8/2014 11:11 AM, 2240 bytes, A ==> 11/26/2014 1:19 PM, 2316 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\defaults\preferences    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\locale    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin    Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\jpkcdolaggmoijdgaglfamlafleibeie\1.26.22_0    Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\jpkcdolaggmoijdgaglfamlafleibeie\1.26.22_0\extensionData    Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\jpkcdolaggmoijdgaglfamlafleibeie\1.26.22_0\icons    Adds the folder C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\jpkcdolaggmoijdgaglfamlafleibeie\1.26.22_0\js    In the existing folder C:\Users\Public\Desktop       Alters the file Google Chrome.lnk        10/25/2014 12:26 PM, 2129 bytes, A ==> 11/26/2014 1:19 PM, 2187 bytes, A    In the existing folder C:\Windows\System32\Tasks       Adds the file 2b25e704-375b-4ded-aacf-2ca34ab66425-1"="11/26/2014 1:19 PM, 6126 bytes, A       Adds the file 2b25e704-375b-4ded-aacf-2ca34ab66425-11"="11/26/2014 1:19 PM, 7854 bytes, A       Adds the file 2b25e704-375b-4ded-aacf-2ca34ab66425-2"="11/26/2014 1:19 PM, 5124 bytes, A       Adds the file 2b25e704-375b-4ded-aacf-2ca34ab66425-5"="11/26/2014 1:20 PM, 5460 bytes, A       Adds the file 2b25e704-375b-4ded-aacf-2ca34ab66425-5_user"="11/26/2014 1:20 PM, 5466 bytes, A       Adds the file 9cb59dba-8284-4bfe-9ec7-b64f013044d6"="11/26/2014 1:20 PM, 4448 bytes, A       Adds the file a6c7015d-3094-4303-a638-873c475371e3"="11/26/2014 1:19 PM, 3650 bytes, A    In the existing folder C:\Windows\Tasks       Adds the file 2b25e704-375b-4ded-aacf-2ca34ab66425-1.job"="11/26/2014 1:19 PM, 3096 bytes, A       Adds the file 2b25e704-375b-4ded-aacf-2ca34ab66425-11.job"="11/26/2014 1:19 PM, 4824 bytes, A       Adds the file 2b25e704-375b-4ded-aacf-2ca34ab66425-2.job"="11/26/2014 1:19 PM, 2094 bytes, A       Adds the file 2b25e704-375b-4ded-aacf-2ca34ab66425-5.job"="11/26/2014 1:20 PM, 2430 bytes, A       Adds the file 2b25e704-375b-4ded-aacf-2ca34ab66425-5_user.job"="11/26/2014 1:20 PM, 2430 bytes, A       Adds the file 9cb59dba-8284-4bfe-9ec7-b64f013044d6.job"="11/26/2014 1:20 PM, 1418 bytes, A       Adds the file a6c7015d-3094-4303-a638-873c475371e3.job"="11/26/2014 1:19 PM, 614 bytes, A Registry details      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611611161}]       "(Default)"="REG_SZ", "Savepass 3.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611611161}\Implemented Categories]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611611161}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611611161}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\Savepass 3.0\Savepass 3.0-bho.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611611161}\ProgID]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161.BHO.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611611161}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611611161}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644614461}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611611161}\VersionIndependentProgID]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622612261}]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622612261}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\Savepass 3.0\Savepass 3.0-bho.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622612261}\ProgID]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161.Sandbox.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622612261}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622612261}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644614461}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622612261}\VersionIndependentProgID]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\da025ad951204237900c3cae637586ab0066161.BHO]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\da025ad951204237900c3cae637586ab0066161.BHO\CLSID]       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611611161}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\da025ad951204237900c3cae637586ab0066161.BHO\CurVer]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\da025ad951204237900c3cae637586ab0066161.BHO.1]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\da025ad951204237900c3cae637586ab0066161.BHO.1\CLSID]       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110611611161}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\da025ad951204237900c3cae637586ab0066161.Sandbox]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\da025ad951204237900c3cae637586ab0066161.Sandbox\CLSID]       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622612261}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\da025ad951204237900c3cae637586ab0066161.Sandbox\CurVer]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\da025ad951204237900c3cae637586ab0066161.Sandbox.1]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\da025ad951204237900c3cae637586ab0066161.Sandbox.1\CLSID]       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220622612261}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655615561}]       "(Default)"="REG_SZ", "ICrossriderBHO"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655615561}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655615561}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655615561}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644614461}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666616661}]       "(Default)"="REG_SZ", "ISandBox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666616661}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666616661}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666616661}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440644614461}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644614461}\1.0]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161 Type Library"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644614461}\1.0\0\win32]       "(Default)"="REG_SZ", "C:\Program Files\Savepass 3.0\Savepass 3.0-bho.dll"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644614461}\1.0\FLAGS]       "(Default)"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644614461}\1.0\HELPDIR]       "(Default)"="REG_SZ", "C:\Program Files\Savepass 3.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\29777]       "66161"="REG_SZ", "Savepass 3.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\29777\Status]       "Installed"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION]       "Savepass 3.0-bg.exe"="REG_DWORD", 8000    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611611161}]       "(Default)"="REG_SZ", "da025ad951204237900c3cae637586ab0066161"       "NoExplorer"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]       "{11111111-1111-1111-1111-110611611161}"="REG_SZ", "1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Savepass 3.0]       "CrAppId"="REG_SZ", "66161"       "CrPublisherId"="REG_SZ", "29777"       "DisplayIcon"="REG_SZ", "C:\Program Files\Savepass 3.0\utils.exe"       "DisplayName"="REG_SZ", "Savepass 3.0"       "DisplayVersion"="REG_SZ", "1.35.9.29"       "Publisher"="REG_SZ", "OB"       "UninstallString"="REG_SZ", "C:\Program Files\Savepass 3.0\Uninstall.exe /fcp=1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]       "2b25e704-375b-4ded-aacf-2ca34ab66425-1.job"="REG_BINARY, ................................       "2b25e704-375b-4ded-aacf-2ca34ab66425-1.job.fp"="REG_DWORD", 290864381       "2b25e704-375b-4ded-aacf-2ca34ab66425-11.job"="REG_BINARY, ................................       "2b25e704-375b-4ded-aacf-2ca34ab66425-11.job.fp"="REG_DWORD", -907565652       "2b25e704-375b-4ded-aacf-2ca34ab66425-2.job"="REG_BINARY, ................................       "2b25e704-375b-4ded-aacf-2ca34ab66425-2.job.fp"="REG_DWORD", 1068994071       "2b25e704-375b-4ded-aacf-2ca34ab66425-5.job"="REG_BINARY, ................................       "2b25e704-375b-4ded-aacf-2ca34ab66425-5.job.fp"="REG_DWORD", 178196198       "2b25e704-375b-4ded-aacf-2ca34ab66425-5_user.job"="REG_BINARY, ................................       "2b25e704-375b-4ded-aacf-2ca34ab66425-5_user.job.fp"="REG_DWORD", -1844941867       "9cb59dba-8284-4bfe-9ec7-b64f013044d6.job"="REG_BINARY, ................................       "9cb59dba-8284-4bfe-9ec7-b64f013044d6.job.fp"="REG_DWORD", -1452464166       "a6c7015d-3094-4303-a638-873c475371e3.job"="REG_BINARY, ................................       "a6c7015d-3094-4303-a638-873c475371e3.job.fp"="REG_DWORD", 1636248449    [HKEY_LOCAL_MACHINE\SOFTWARE\Savepass 3.0\bggqZB+JPWyMgs3dRael+8+JHBAjazo5pUM1G6cvY3oVapbV84bjvvjpOO9elLYaW0j7kkHtdO4jYQHUF2pMqRfiB3tJl1x1hGJ9tgQTccJsW3EkINJ9i/oQcqKTZtDxkcT3cWRrh0pbni8YtPtQyIU9mRfav7VhY8egSgzMcXw=]       "FEsnpcSmrjOZKrtIefYZFjUuv1cJrTKQWiUGZiEJuB3KKlTNIxsaQjGHdXDNIPj1yTtWv706NIILzBnQjaak4i5WKbVBP0wQX8D3hrHd7WgGHMjlFQKygbP4ArWSQ7ibaWPddPFicbne5TwoGhYDrI43Xx/QCL9l4YPbsFGkSzY="="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Savepass 3.0\IE]       "TotalProfiles"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Savepass 3.0\IE\Profiles]       "S-1-5-21-4016700205-1717049133-1125222536-1001"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Savepass 3.0\Installer]       "BundledAddCh"="REG_DWORD", 1       "BundledFirefox"="REG_DWORD", 1       "BundledIe"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Savepass 3.0\j2hXJu9E0ZWXC1YCPFzFG21YiWBolVVlNp9wfNLGBBxKNRHVfHrGrByw4dkbrGT8N3wy10TNg1DBvO3oyTKMJtyACbcke2qpTeEnDHqkj/7/wf3lZ8rBZ5qAe9aRpWEn4s3P7qXIOTxiamdCIF3La7JGYAEfnRZbLepPgRl+42I=]       "lzs9joVD0//48bYx7r3FaIlXsYAuJTy28daCa3Y8QOy2QtYkBjoT2Swikgd9oApyl4dyyJDDTX5itpxveUa7h61owudpL8INMDSKJDflzEJHiYKROnzm92K80MTY4JyXloXok+1C3T1D3vlYj1+rXPA40uYON1PLlgtXc7fd1WaXfpzne7bBpeK/tCtyC5ajhBXyMoPfI7LcFwoiDlc8z/G3u7VA9kiwPQSHZxV2lhMIrk9FGqwxzanuvWEgp31oyd/9+iL2Ot/X3pxtKuXNPR1AIrmP/PgqpGVDoqAHFZ9NbeD+e7eQENUI5O3Z4Zle66+qLIXCLVKVZpVO8ByoxQ=="="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Savepass 3.0\Q4ORtBTT6onz+h3P+09swWcELm74Pd6algebpTZp39bzmpMYkY9hWo+hChrkbNzwo0JQMKEFVRsmtHCwbG9bBwRLJWcf8Zt15vWsDSdeD07aVZ59Me9p47nt7IDd0bTDVatKFjuABFfxIkWa/1i2Y1+69glHkhTagOZLw3fd5WA=]       "DevHs1U66XcWX1g1d2X+gpvxRXF9Dp8jhYV23ppfj3aVuicrjwWcchLLw+pFxdNMdNuq7c8Shq7BwgQbfMw5Dv2IswdXevNEfqTMNOl5A+vuUH5EXIRSSuQTP6JYpec6GANQECl/4rzsgXlMXPNiI6rni3CsSOqnUe+5Fm64lWQ="="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Savepass 3.0\XWq2lORNZqIWLs+oJd/bBKLGJcMH0yq23k6egb9XauhRDRxaVyhzPo5aUyjtD0EFgUvYskZAjT4yTqDGGw2SgCxb+27W+kL9KFXKUUn9tS2AyI2llZ6xAEBZ2txuwHfOfX8+C7Q2kxe9MKJlXLI2TW+zxoMYxuTurVHJhKHpnwg=]       "FEsnpcSmrjOZKrtIefYZFjUuv1cJrTKQWiUGZiEJuB3KKlTNIxsaQjGHdXDNIPj1yTtWv706NIILzBnQjaak4i5WKbVBP0wQX8D3hrHd7WgGHMjlFQKygbP4ArWSQ7ibaWPddPFicbne5TwoGhYDrI43Xx/QCL9l4YPbsFGkSzY="="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]       "Bic"="REG_SZ", "03F0D685BB8D4DF1AAD076DF54114D5DIE"       "Verifier"="REG_SZ", "fb0617fb84d4ab723d25da944fb3c85b"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onBeforeNavigate]       "66161"="REG_SZ", ""    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onRequest]       "66161"="REG_SZ", ""    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Savepass 3.0]       "ActiveAppId"="REG_SZ", "66161"       "BhoRunningVersion"="REG_SZ", "154"       "IsBhoEnabled"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Savepass 3.0\Background]       " { JavaScript removed, full log available on request} "    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Savepass 3.0\Debug]       "DebuggedAppUrl"="REG_SZ", "file://C:\Users\{username}\Documents\debug.js"       "DebuggedBgUrl"="REG_SZ", "file://C:\Users\{username}\Documents\bg_debug.js"       "DebuggedNewTabUrl"="REG_SZ", "file://C:\Users\{username}\Documents\new_debug.js"       "IsDebuggingPlugins"="REG_DWORD", 0       "IsDebugMode"="REG_DWORD", 0    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Savepass 3.0\Installer]       "AdditionalInfo"="REG_SZ", "{"asw":[67108864, -1073733563, 0],"browser_name":"ie","proc_id":"C83ED8C47ED94ECA8856DC8A621802B7PI","os":{"name":"7","build":"7601","product":"Windows 7 Ultimate N","sp":"Service Pack 1","install_date":"1363633411"},"upi":"8655ebc447297b398088e5f1933333c9"}"       "CodeDownloadDomain"="REG_SZ", "http://js.newonlinedemoserv.com"       "CodeDownloadFbDomain"="REG_SZ", "http://js.clientdemocloud.com"       "DefaultBrowser"="REG_SZ", "ie"       "ErrorsDomain"="REG_SZ", "http://errors.newonlinedemoserv.com"       "FullVersion"="REG_SZ", "1.35.9.29"       "FullVersionForUrl"="REG_SZ", "1_35_09_29"       "OsName"="REG_SZ", "7"       "Params"="REG_SZ", "{   "source_id" : "002443",   "sub_id" : "0",   "uzid" : "0"}"       "SrcId"="REG_SZ", "002443"       "StatsDomain"="REG_SZ", "http://stats.newonlinedemoserv.com"       "SubId"="REG_SZ", "0"       "Time"="REG_SZ", "1417004382"       "ZData"="REG_SZ", "0"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Savepass 3.0\Manifest]       "AddressbarURL"="REG_SZ", "NA"       "BgVersion"="REG_SZ", "1"       "ChangePrevious"="REG_SZ", "false"       "Description"="REG_SZ", "Just Save!"       "DisableIe"="REG_SZ", "true"       "EnableSearchIE"="REG_SZ", "false"       "HomePageUrl"="REG_SZ", "NA"       "IsButtonEnabled"="REG_SZ", "false"       "Manifest"="REG_SZ", "NA"       "ModeType"="REG_SZ", "production"       "Name"="REG_SZ", "Savepass 2.0"       "PluginsManifestVersion"="REG_SZ", "19"       "PublisherId"="REG_SZ", "29777"       "PublisherName"="REG_SZ", "OB"       "RunInFrame"="REG_SZ", "false"       "SetNewTab"="REG_SZ", "false"       "ThanksUrl"="REG_SZ", "NA"       "UninstallerOfferAction"="REG_SZ", "NA"       "UninstallerOfferUrl"="REG_SZ", "NA"       "UpdateInterval"="REG_DWORD", 360       "Version"="REG_SZ", "24"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Savepass 3.0\Update]       "LastCheck"="REG_DWORD", 1417004395    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\29777]       "66161"="REG_SZ", "Savepass 3.0"    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\29777\Status]       "Installed"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\OB]       "66161"="REG_SZ", "Savepass 3.0"    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611611161}]       "Flags"="REG_DWORD", 1024       "VerCache"="REG_BINARY, ......................
 

Malwarebytes Anti-Malware log:

  

Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 11/26/2014Scan Time: 1:26:35 PMLogfile: mbamSavePass3.txtAdministrator: Yes Version: 2.00.3.1025Malware Database: v2014.11.26.04Rootkit Database: v2014.11.22.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: Malwarebytes Scan Type: Threat ScanResult: CompletedObjects Scanned: 277903Time Elapsed: 3 min, 21 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 2PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\9cb59dba-8284-4bfe-9ec7-b64f013044d6.exe, 1932, Delete-on-Reboot, [421a60e0bbc1aa8c30c108cf7c853fc1]PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\a6c7015d-3094-4303-a638-873c475371e3.exe, 2412, Delete-on-Reboot, [0458f54b7ffd9f976e3ac866d42f4db3] Modules: 6PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\Interop.IWshRuntimeLibrary.dll, Delete-on-Reboot, [0458f54b7ffd9f976e3ac866d42f4db3], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\Newtonsoft.Json.dll, Delete-on-Reboot, [0458f54b7ffd9f976e3ac866d42f4db3], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\SuperSocket.ClientEngine.Common.dll, Delete-on-Reboot, [0458f54b7ffd9f976e3ac866d42f4db3], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\SuperSocket.ClientEngine.Core.dll, Delete-on-Reboot, [0458f54b7ffd9f976e3ac866d42f4db3], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\SuperSocket.ClientEngine.Protocol.dll, Delete-on-Reboot, [0458f54b7ffd9f976e3ac866d42f4db3], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\WebSocket4Net.dll, Delete-on-Reboot, [0458f54b7ffd9f976e3ac866d42f4db3],  Registry Keys: 36PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611611161}, Quarantined, [18441b25e09cad8951a0af28ff02db25], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644614461}, Quarantined, [18441b25e09cad8951a0af28ff02db25], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655615561}, Quarantined, [18441b25e09cad8951a0af28ff02db25], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666616661}, Quarantined, [18441b25e09cad8951a0af28ff02db25], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\da025ad951204237900c3cae637586ab0066161.BHO.1, Quarantined, [18441b25e09cad8951a0af28ff02db25], PUP.Optional.SavePass.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611611161}, Quarantined, [18441b25e09cad8951a0af28ff02db25], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\da025ad951204237900c3cae637586ab0066161.BHO, Quarantined, [18441b25e09cad8951a0af28ff02db25], PUP.Optional.SavePass.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110611611161}, Quarantined, [18441b25e09cad8951a0af28ff02db25], PUP.Optional.SavePass.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110611611161}, Quarantined, [18441b25e09cad8951a0af28ff02db25], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622612261}, Quarantined, [18441b25e09cad8951a0af28ff02db25], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\da025ad951204237900c3cae637586ab0066161.Sandbox.1, Quarantined, [18441b25e09cad8951a0af28ff02db25], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\da025ad951204237900c3cae637586ab0066161.Sandbox, Quarantined, [18441b25e09cad8951a0af28ff02db25], PUP.Optional.SavePass.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611611161}\INPROCSERVER32, Quarantined, [18441b25e09cad8951a0af28ff02db25], PUP.Optional.SavePass.A, HKLM\SOFTWARE\Savepass 3.0, Quarantined, [d18b1a266b11ef477b2b212ece35718f], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE, Quarantined, [c29a211f5c20c373b1dbee67f80b6799], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\29777, Quarantined, [ef6db8885f1d82b42356e987b84b6f91], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [124a9fa1443863d3fedf54618f757888], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [312bbe82592392a4439b61547094ce32], PUP.Optional.CrossRider.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [510bc17f80fcda5cf029099eae568080], PUP.Optional.SavePass.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Savepass 3.0, Quarantined, [fe5e94ac1f5d60d670384906f2119070], PUP.Optional.CrossRider.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\29777, Quarantined, [263669d7d5a761d5df7d58f18083d729], PUP.Optional.CrossRider.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\OB, Quarantined, [2537ee52b4c874c21b9c331b62a18878], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.SavePass.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Savepass 3.0, Quarantined, [0458f54b7ffd9f976e3ac866d42f4db3],  Registry Values: 1PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE|path, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [c29a211f5c20c373b1dbee67f80b6799] Registry Data: 0(No malicious items detected) Folders: 21PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Download, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Install, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline\{895B2B84-24D9-406F-AB7B-0B4E734E047E}, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.287057, Quarantined, [d7850f31aece231362559295699a10f0], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\defaults, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\defaults\preferences, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\userCode, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\locale, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\locale\en-US, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0, Delete-on-Reboot, [0458f54b7ffd9f976e3ac866d42f4db3],  Files: 164PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\9cb59dba-8284-4bfe-9ec7-b64f013044d6.exe, Delete-on-Reboot, [421a60e0bbc1aa8c30c108cf7c853fc1], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\Savepass 3.0-bho.dll, Quarantined, [18441b25e09cad8951a0af28ff02db25], PUP.Optional.Crossrider.A, C:\Users\{username}\Desktop\Savepass 3.0.exe, Quarantined, [3725ab959ddf69cd28549a51f011857b], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-11.exe, Quarantined, [98c4d9672755d85eb53c25b205fc629e], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-2.exe, Quarantined, [f4681030b0cca1952ac74e8941c0b34d], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-4.exe, Quarantined, [431957e90775ce681ad7c7106a9703fd], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-5.exe, Quarantined, [124a1e22295341f52fc2e4f3aa5752ae], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\Savepass 3.0-bg.exe, Quarantined, [a4b87cc4f18b0531ba37993e847d758b], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\Savepass 3.0-codedownloader.exe, Quarantined, [0a5273cd86f6e74fd120f9deb8498f71], PUP.Optional.Crossrider.A, C:\Program Files\Savepass 3.0\utils.exe, Quarantined, [de7e10308fede3532b519b50dc2529d7], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-1, Quarantined, [b0ac74cccdaf85b15d2ad18441c2956b], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-11, Quarantined, [86d654ecceae66d0d4b3fe57d62d6e92], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-2, Quarantined, [ef6dd07029537cba3b4cbc9922e14db3], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-5, Quarantined, [302c58e85c20b581592e75e0a85bfe02], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-5_user, Quarantined, [c696b28e86f664d24a3da0b5d52e27d9], PUP.Optional.CrossRider.T, C:\Windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-1.job, Quarantined, [aeae1a266b1157dfaacb10a359ab817f], PUP.Optional.CrossRider.T, C:\Windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-11.job, Quarantined, [560690b0f686b68064112b88e3216799], PUP.Optional.CrossRider.T, C:\Windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-2.job, Quarantined, [90cc9ea2ceae53e38bea555eb15317e9], PUP.Optional.CrossRider.T, C:\Windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-5.job, Quarantined, [a0bce55bd2aa03330f6604af877df10f], PUP.Optional.CrossRider.T, C:\Windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-5_user.job, Quarantined, [6def52ee2a529e98fa7bb300ad57ca36], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Quarantined, [64f8bd833c402f07f5965c5748bc55ab], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, Quarantined, [580492ae522aa19509832e85ad578b75], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Quarantined, [5c0041ff25572f073756a50eee1645bb], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, Quarantined, [38244ff199e3d264444a9e1561a37090], PUP.Optional.CrossRider.A, C:\Windows\Tasks\9cb59dba-8284-4bfe-9ec7-b64f013044d6.job, Quarantined, [91cbf0506a1211255e7de4d1b64e55ab], PUP.Optional.CrossRider.A, C:\Windows\Tasks\a6c7015d-3094-4303-a638-873c475371e3.job, Quarantined, [ee6eda664438d5612dae04b1bb49ff01], PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\9cb59dba-8284-4bfe-9ec7-b64f013044d6, Quarantined, [6fede55bfc80c373da02bcf9e81ccf31], PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\a6c7015d-3094-4303-a638-873c475371e3, Quarantined, [28344ef275079b9b30ac8d28c73dd62a], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psuser.dll, Quarantined, [b9a350f046360333a2f9fe2942c1f30d], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.287057\GoogleCrashHandler.exe, Quarantined, [d7850f31aece231362559295699a10f0], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.287057\GoogleUpdate.exe, Quarantined, [d7850f31aece231362559295699a10f0], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.287057\GoogleUpdateBroker.exe, Quarantined, [d7850f31aece231362559295699a10f0], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.287057\GoogleUpdateHelper.msi, Quarantined, [d7850f31aece231362559295699a10f0], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.287057\GoogleUpdateOnDemand.exe, Quarantined, [d7850f31aece231362559295699a10f0], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.287057\goopdate.dll, Quarantined, [d7850f31aece231362559295699a10f0], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.287057\goopdateres_en.dll, Quarantined, [d7850f31aece231362559295699a10f0], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.287057\npGoogleUpdate4.dll, Quarantined, [d7850f31aece231362559295699a10f0], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.287057\psmachine.dll, Quarantined, [d7850f31aece231362559295699a10f0], PUP.Optional.GlobalUpdate.A, C:\Users\{username}\AppData\Local\Temp\comh.287057\psuser.dll, Quarantined, [d7850f31aece231362559295699a10f0], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome.manifest, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\install.rdf, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\050f91d824114da66857f9e7cb3f97c9.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\06ad63793d473111ceb500934fd2a915.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\1b8ceb6892c601775ea83b05544c27c9.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\3358851be4ca02f063c8d8a674066e13.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\background.html, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\browser.xul, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\d7df59a6fd9c3c878c1298f1d7caab7e.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\dialog.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\f675c17e01089a3785e675f12da815e8.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\options.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\options.xul, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\search_dialog.xul, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\0b9780cb149ccc8c7489b643426a8190.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\1c73739e9958d1b3ab9704af61f8f696.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\376a78db0d26b262d8d318858307d06d.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\42150794d1646c79b00c2e2b7094411f.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\4ab09bb4ff19b5a1451d45055aa2b457.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\4daa20e8af362826b6d75624482fa268.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\82f7c48deae5c70c7a8f50ac26fe39f6.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\86ae0c7698b48e0a9f424337a8e8fc2b.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\8c83c5adbccdf55bd45d0a3c8da5fb15.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\a5cf4f5cc4e372153af54620687f11ef.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\ab4a6f013130047a52ded3b55bb3cf0f.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\ae21d35897dc1bf792d0d8c287495f1f.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\b8b3f2e00b4accba37353c39963235cd.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\dbc5030fdeedce49a1041451a1964ae1.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\e4b1f9a912d9585948853e3df6921657.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\api\eacb70e0287a8a7031cf5580f2554bd4.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\a87d3e41c6fb5540dd3ee034c15b6ff3.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\134b305f8ebf1d9e2aebc966597efcb6.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\176fc3f166f83c8979cf741a6ca65b81.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\43e810f4dae1d7ad33d64826edf62f3f.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\6fb745b47806607cec6a7e1e0a2f81d5.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\7474bd3bad6e4a10029ee7e0e7a0bb42.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\83432c5b050b861f9e5516088675b827.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\8e3d916cd2bc4acb89813c009f142e08.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\a5457680dfd3663ca963e4f1a16e5330.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\a6d747dab1182dc5b87738d9631c6c4c.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\a72ee3a8ad1d538836c1aae71b7d1ea9.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\b14d080c98b47fe5d539b1aeb9cd1d01.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\bb1305fca76417339bad2d0803832142.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\bd38b034deb5b7e8a4602abcd2be576d.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\c7e85ab898da8415c66a1581a6d95287.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\c7e8bddfe3c14b2e4bbda8b758372c78.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\e287344773722d4b84191f96c6a94095.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\e8152399fc9410d76f7b52475cd3bc08.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\ee79001633c6a2ced8238b7adc4859a6.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\fd09520a48bf3dd13b4a11e84b050486.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\chrome\content\core\installer.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\defaults\preferences\prefs.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\manifest.xml, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins.json, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\102.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\104.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\13.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\14.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\16.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\17.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\180.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\184.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\195.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\220.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\221.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\223.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\242.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\246.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\262.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\263.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\268.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\273.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\275.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\289.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\302.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\4.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\47.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\64.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\7.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\78.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\9.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\91.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\plugins\93.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\userCode\background.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\extensionData\userCode\extension.js, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\locale\en-US\translations.dtd, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\button1.png, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\button2.png, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\button3.png, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\button4.png, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\button5.png, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\crossrider_statusbar.png, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\icon128.png, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\icon16.png, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\icon24.png, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\icon48.png, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\panelarrow-up.png, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\popup.html, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\skin.css, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\EJHVSGU55273264@PBVE110833407.com\skin\update.css, Quarantined, [82dac17fd5a77abcc13531fbff047789], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\Interop.IWshRuntimeLibrary.dll, Delete-on-Reboot, [0458f54b7ffd9f976e3ac866d42f4db3], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\1293297481.mxaddon, Quarantined, [0458f54b7ffd9f976e3ac866d42f4db3], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425.crx, Quarantined, [0458f54b7ffd9f976e3ac866d42f4db3], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425.xpi, Quarantined, [0458f54b7ffd9f976e3ac866d42f4db3], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\a6c7015d-3094-4303-a638-873c475371e3.exe, Delete-on-Reboot, [0458f54b7ffd9f976e3ac866d42f4db3], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\background.html, Quarantined, [0458f54b7ffd9f976e3ac866d42f4db3], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\d70e13e0-1592-4465-b11a-ace1b420a616.crx, Quarantined, [0458f54b7ffd9f976e3ac866d42f4db3], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\Newtonsoft.Json.dll, Delete-on-Reboot, [0458f54b7ffd9f976e3ac866d42f4db3], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\Savepass 3.0.ico, Quarantined, [0458f54b7ffd9f976e3ac866d42f4db3], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\SuperSocket.ClientEngine.Common.dll, Delete-on-Reboot, [0458f54b7ffd9f976e3ac866d42f4db3], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\SuperSocket.ClientEngine.Core.dll, Delete-on-Reboot, [0458f54b7ffd9f976e3ac866d42f4db3], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\SuperSocket.ClientEngine.Protocol.dll, Delete-on-Reboot, [0458f54b7ffd9f976e3ac866d42f4db3], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\Uninstall.exe, Quarantined, [0458f54b7ffd9f976e3ac866d42f4db3], PUP.Optional.SavePass.A, C:\Program Files\Savepass 3.0\WebSocket4Net.dll, Delete-on-Reboot, [0458f54b7ffd9f976e3ac866d42f4db3],  Physical Sectors: 0(No malicious items detected)  (end)
 

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.