Removal instructions for Savings Wave

Metallica · April 5, 2014

What is Savings Wave?

The Malwarebytes research team has determined that Savings Wave is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is affected by Savings Wave?

You may see these browser extensions/add-ons:

and this entry in your list of installed programs:

How did Savings Wave get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove Savings Wave?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.

Please download Malwarebytes Anti-Malware to your desktop.
Double-click mbam-setup-version.exe and follow the prompts to install the program.
At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
Then click Finish.
If an update is found, you will be prompted to download and install the latest version.
Once the program has loaded, select Scan now.
When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
Reboot your computer if prompted.

Is there anything else I need to do to get rid of Savings Wave?

The Chrome extension can now safely be removed. Open "Settings" > "Extensions" and click the bin behind the Savings Wave listing. Then confirm removal.

How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Savings Wave rogue. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

Technical details for experts

Signs in a HijackThis log:

O2 - BHO: CrossriderApp0012765 - {11111111-1111-1111-1111-110111271165} - C:\Program Files\Savings Wave\Savings Wave-bho.dll

Alterations made by the installer:

File system details  ---------------------------------------------	Adds the folder C:\Program Files\Savings Wave	   Adds the file background.html"="8/8/2013 10:30 AM, 740 bytes, A	   Adds the file Installer.log"="4/5/2014 3:48 PM, 165836 bytes, A	   Adds the file Savings Wave.ico"="8/8/2013 10:30 AM, 9662 bytes, A	   Adds the file Savings Wave-bg.exe"="4/5/2014 3:48 PM, 899960 bytes, A	   Adds the file Savings Wave-bho.dll"="4/5/2014 3:48 PM, 751992 bytes, A	   Adds the file Savings Wave-buttonutil.dll"="4/5/2014 3:48 PM, 397176 bytes, A	   Adds the file Savings Wave-buttonutil.exe"="4/5/2014 3:48 PM, 342392 bytes, A	   Adds the file Savings Wave-buttonutil64.dll"="4/5/2014 3:48 PM, 477048 bytes, A	   Adds the file Savings Wave-buttonutil64.exe"="4/5/2014 3:48 PM, 446840 bytes, A	   Adds the file Savings Wave-codedownloader.exe"="4/5/2014 3:48 PM, 480632 bytes, A	   Adds the file Savings Wave-helper.exe"="4/5/2014 3:48 PM, 315768 bytes, A	   Adds the file Uninstall.exe"="4/5/2014 3:48 PM, 492314 bytes, A	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lglkfgcmohcdajpldlnhjjiojjgkbmhm_0	   Adds the file 1"="4/5/2014 3:48 PM, 7168 bytes, A	Adds the folder C:\Users\{username}\AppData\Local\Savings Wave\Chrome	   Adds the file 12765.xml"="4/5/2014 3:48 PM, 307 bytes, A	   Adds the file Savings Wave.crx"="4/5/2014 3:48 PM, 156314 bytes, A	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com	   Adds the file chrome.manifest"="8/8/2013 8:30 AM, 402 bytes, A	   Adds the file install.rdf"="8/8/2013 8:30 AM, 1185 bytes, A	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content	   Adds the file api.js"="8/8/2013 8:30 AM, 18192 bytes, A	   Adds the file background.html"="8/8/2013 8:30 AM, 2001 bytes, A	   Adds the file baseObject.js"="8/8/2013 8:30 AM, 19 bytes, A	   Adds the file browser.xul"="8/8/2013 8:30 AM, 3321 bytes, A	   Adds the file dialog.js"="8/8/2013 8:30 AM, 1343 bytes	   Adds the file main.js"="8/8/2013 8:30 AM, 27352 bytes, A	   Adds the file options.js"="8/8/2013 8:30 AM, 1931 bytes, A	   Adds the file options.xul"="8/8/2013 8:30 AM, 1803 bytes, A	   Adds the file search_dialog.xul"="8/8/2013 8:30 AM, 2402 bytes	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\api	   Adds the file asyncDB.js"="8/8/2013 8:30 AM, 4606 bytes, A	   Adds the file background.js"="8/8/2013 8:30 AM, 1078 bytes, A	   Adds the file browserAction.js"="8/8/2013 8:30 AM, 6731 bytes, A	   Adds the file contextMenu.js"="8/8/2013 8:30 AM, 4980 bytes, A	   Adds the file dbManager.js"="8/8/2013 8:30 AM, 4988 bytes, A	   Adds the file dom_bg.js"="8/8/2013 8:30 AM, 1892 bytes, A	   Adds the file fileManager.js"="8/8/2013 8:30 AM, 848 bytes, A	   Adds the file firefox.js"="8/8/2013 8:30 AM, 258 bytes, A	   Adds the file firefoxNotifications.js"="8/8/2013 8:30 AM, 1021 bytes, A	   Adds the file firefoxOmnibox.js"="8/8/2013 8:30 AM, 1327 bytes, A	   Adds the file message.js"="8/8/2013 8:30 AM, 2733 bytes, A	   Adds the file pageAction.js"="8/8/2013 8:30 AM, 8935 bytes, A	   Adds the file request.js"="8/8/2013 8:30 AM, 2219 bytes, A	   Adds the file tabs.js"="8/8/2013 8:30 AM, 2565 bytes, A	   Adds the file webRequest.js"="8/8/2013 8:30 AM, 1066 bytes, A	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\core	   Adds the file console.js"="8/8/2013 8:30 AM, 1658 bytes, A	   Adds the file consts.js"="8/8/2013 8:30 AM, 1440 bytes, A	   Adds the file delegate.js"="8/8/2013 8:30 AM, 1963 bytes, A	   Adds the file httpObserver.js"="8/8/2013 8:30 AM, 2561 bytes, A	   Adds the file IDBWrapper.js"="8/8/2013 8:30 AM, 4073 bytes, A	   Adds the file installer.js"="8/8/2013 8:30 AM, 581 bytes, A	   Adds the file pluginsManager.js"="8/8/2013 8:30 AM, 3910 bytes, A	   Adds the file prefs.js"="8/8/2013 8:30 AM, 1499 bytes, A	   Adds the file progressListenerObserver.js"="8/8/2013 8:30 AM, 1476 bytes, A	   Adds the file registry.js"="8/8/2013 8:30 AM, 1063 bytes, A	   Adds the file reloadObserver.js"="8/8/2013 8:30 AM, 255 bytes, A	   Adds the file reports.js"="8/8/2013 8:30 AM, 3488 bytes, A	   Adds the file requestObject.js"="8/8/2013 8:30 AM, 1181 bytes, A	   Adds the file searchSettings.js"="8/8/2013 8:30 AM, 3371 bytes, A	   Adds the file uninstallObserver.js"="8/8/2013 8:30 AM, 2067 bytes, A	   Adds the file updateManager.js"="8/8/2013 8:30 AM, 9039 bytes, A	   Adds the file utils.js"="8/8/2013 8:30 AM, 8770 bytes, A	   Adds the file xhr.js"="8/8/2013 8:30 AM, 2701 bytes, A	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\extensionCode	   Adds the file backgroundCode.js"="8/8/2013 8:30 AM, 1 bytes, A	   Adds the file pageCode.js"="8/8/2013 8:30 AM, 1 bytes, A	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\defaults\preferences	   Adds the file prefs.js"="8/8/2013 8:30 AM, 1833 bytes, A	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData	   Adds the file manifest.xml"="8/8/2013 8:30 AM, 1696 bytes, A	   Adds the file plugins.json"="8/8/2013 8:30 AM, 4314 bytes, A	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\plugins	   Adds the file 1_base.js"="8/8/2013 8:30 AM, 6696 bytes, A	   Adds the file 1000014_GPL Plugin (Loader).js"="8/8/2013 8:30 AM, 12543 bytes, A	   Adds the file 1000015_GPL Background (BG).js"="8/8/2013 8:30 AM, 19411 bytes, A	   Adds the file 13_CrossriderAppUtils.js"="8/8/2013 8:30 AM, 5955 bytes, A	   Adds the file 14_CrossriderUtils.js"="8/8/2013 8:30 AM, 12369 bytes, A	   Adds the file 16_FFAppAPIWrapper.js"="8/8/2013 8:30 AM, 12462 bytes, A	   Adds the file 17_jQuery.js"="8/8/2013 8:30 AM, 79982 bytes, A	   Adds the file 21_debug.js"="8/8/2013 8:30 AM, 3644 bytes, A	   Adds the file 22_resources.js"="8/8/2013 8:30 AM, 9082 bytes, A	   Adds the file 28_initializer.js"="8/8/2013 8:30 AM, 664 bytes, A	   Adds the file 4_jquery_1_7_1.js"="8/8/2013 8:30 AM, 94180 bytes, A	   Adds the file 47_resources_background.js"="8/8/2013 8:30 AM, 7720 bytes, A	   Adds the file 64_appApiMessage.js"="8/8/2013 8:30 AM, 2332 bytes, A	   Adds the file 72_appApiValidation.js"="8/8/2013 8:30 AM, 23223 bytes, A	   Adds the file 78_CrossriderInfo.js"="8/8/2013 8:30 AM, 2467 bytes, A	   Adds the file 98_omniCommands.js"="8/8/2013 8:30 AM, 1712 bytes, A	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\userCode	   Adds the file background.js"="8/8/2013 8:30 AM, 3 bytes, A	   Adds the file extension.js"="8/8/2013 8:30 AM, 203 bytes, A	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\locale	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\locale\en-US	   Adds the file translations.dtd"="8/8/2013 8:30 AM, 425 bytes, A	Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\skin	   Adds the file button1.png"="8/8/2013 8:30 AM, 1361 bytes, A	   Adds the file button2.png"="8/8/2013 8:30 AM, 1361 bytes, A	   Adds the file button3.png"="8/8/2013 8:30 AM, 1361 bytes, A	   Adds the file button4.png"="8/8/2013 8:30 AM, 1361 bytes, A	   Adds the file button5.png"="8/8/2013 8:30 AM, 1361 bytes, A	   Adds the file crossrider_statusbar.png"="8/8/2013 8:30 AM, 1361 bytes, A	   Adds the file icon128.png"="8/8/2013 8:30 AM, 5858 bytes, A	   Adds the file icon16.png"="8/8/2013 8:30 AM, 1114 bytes, A	   Adds the file icon24.png"="8/8/2013 8:30 AM, 3030 bytes, A	   Adds the file icon48.png"="8/8/2013 8:30 AM, 5613 bytes, A	   Adds the file panelarrow-up.png"="8/8/2013 8:30 AM, 917 bytes, A	   Adds the file popup.html"="8/8/2013 8:30 AM, 349 bytes, A	   Adds the file skin.css"="8/8/2013 8:30 AM, 715 bytes, A	   Adds the file update.css"="8/8/2013 8:30 AM, 140 bytes, A	In the existing folder C:\Windows\System32\Tasks	   Adds the file Updater12765.exe"="4/5/2014 3:48 PM, 3788 bytes, ARegistry details  ------------------------------------------	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111271165}]	   "(Default)"="REG_SZ", "Savings Wave"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111271165}\InprocServer32]	   "(Default)"="REG_SZ", "C:\Program Files\Savings Wave\Savings Wave-bho.dll"	   "ThreadingModel"="REG_SZ", "Apartment"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111271165}\ProgID]	   "(Default)"="REG_SZ", "CrossriderApp0012765.BHO.1"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111271165}\Programmable]	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111271165}\TypeLib]	   "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440144274465}"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111271165}\VersionIndependentProgID]	   "(Default)"="REG_SZ", "CrossriderApp0012765"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122272265}]	   "(Default)"="REG_SZ", "CrossriderApp0012765.Sandbox"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122272265}\InprocServer32]	   "(Default)"="REG_SZ", "C:\Program Files\Savings Wave\Savings Wave-bho.dll"	   "ThreadingModel"="REG_SZ", "Apartment"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122272265}\ProgID]	   "(Default)"="REG_SZ", "CrossriderApp0012765.Sandbox.1"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122272265}\Programmable]	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122272265}\TypeLib]	   "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440144274465}"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122272265}\VersionIndependentProgID]	   "(Default)"="REG_SZ", "CrossriderApp0012765.Sandbox"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0012765.BHO]	   "(Default)"="REG_SZ", "CrossriderApp0012765"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0012765.BHO\CLSID]	   "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110111271165}"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0012765.BHO\CurVer]	   "(Default)"="REG_SZ", "CrossriderApp0012765"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0012765.BHO.1]	   "(Default)"="REG_SZ", "CrossriderApp0012765"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0012765.BHO.1\CLSID]	   "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110111271165}"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0012765.Sandbox]	   "(Default)"="REG_SZ", "CrossriderApp0012765.Sandbox"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0012765.Sandbox\CLSID]	   "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220122272265}"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0012765.Sandbox\CurVer]	   "(Default)"="REG_SZ", "CrossriderApp0012765.Sandbox"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0012765.Sandbox.1]	   "(Default)"="REG_SZ", "CrossriderApp0012765.Sandbox"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0012765.Sandbox.1\CLSID]	   "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220122272265}"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155275565}]	   "(Default)"="REG_SZ", "ICrossriderBHO"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155275565}\ProxyStubClsid]	   "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155275565}\ProxyStubClsid32]	   "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155275565}\TypeLib]	   "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440144274465}"	   "Version"="REG_SZ", "1.0"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166276665}]	   "(Default)"="REG_SZ", "ISandBox"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166276665}\ProxyStubClsid]	   "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166276665}\ProxyStubClsid32]	   "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166276665}\TypeLib]	   "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440144274465}"	   "Version"="REG_SZ", "1.0"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440144274465}\1.0]	   "(Default)"="REG_SZ", "CrossriderApp0012765 Type Library"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440144274465}\1.0\0\win32]	   "(Default)"="REG_SZ", "C:\Program Files\Savings Wave\Savings Wave-bho.dll"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440144274465}\1.0\FLAGS]	   "(Default)"="REG_SZ", "0"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440144274465}\1.0\HELPDIR]	   "(Default)"="REG_SZ", "C:\Program Files\Savings Wave"	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{04e67525-320c-4e62-a25f-7d50b671ec76}	   "AppName"="REG_SZ", "Savings Wave-helper.exe"	   "AppPath"="REG_SZ", "C:\Program Files\Savings Wave"	   "Policy"="REG_DWORD", 3	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111271165}]	   "(Default)"="REG_SZ", "CrossriderApp0012765"	   "NoExplorer"="REG_DWORD", 1	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271165}]	   "(Default)"="REG_SZ", ""	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Savings Wave]	   "CrAppId"="REG_SZ", "12765"	   "CrPublisherId"="REG_SZ", "390"	   "DisplayIcon"="REG_SZ", "C:\Program Files\Savings Wave\Uninstall.exe"	   "DisplayName"="REG_SZ", "Savings Wave"	   "DisplayVersion"="REG_SZ", "1.27.153.11"	   "Publisher"="REG_SZ", "Innovative Apps"	   "UninstallString"="REG_SZ", "C:\Program Files\Savings Wave\Uninstall.exe /fromcontrolpanel=1"	[HKEY_LOCAL_MACHINE\SOFTWARE\Savings Wave\Installer]	   "BundledChrome"="REG_DWORD", 1	   "BundledFirefox"="REG_DWORD", 1	   "BundledIe"="REG_DWORD", 1]	[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271165}]	   "(Default)"="REG_SZ", ""	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]	   "215AppVerifier"="REG_SZ", "93a87d09a3aabd2d5cffe42b01baed79"	   "Bic"="REG_SZ", "58FA9CEE80514E1397A962B2D7F1DC3AIE"	   "Verifier"="REG_SZ", "5a4a73021e5b984a9a0f95d928813179"	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Savings Wave]	   "ActiveAppId"="REG_SZ", "12765"	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Savings Wave\Agent]	   "ErrorsDomain"="REG_SZ", "http://errors.ourdatasrv.com"	   "JsonDomain"="REG_SZ", "http://update.ourdatasrv.com"	   "StatsDomain"="REG_SZ", "http://stats.ourdatasrv.com"	   "Version"="REG_SZ", "1"	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Savings Wave\Code]	   "AppJavaScript"="REG_SZ", "if("undefined"!=typeof _GPL_PLUGIN){var _GPL_=function()"	   "NewTabJavaScript"="REG_SZ", ""	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Savings Wave\Installer]	   "CodeDownloadDomain"="REG_SZ", "http://app-static.crossrider.com"	   "Domain"="REG_SZ", "http://app-static.crossrider.com"	   "ErrorsDomain"="REG_SZ", "http://errors.ourdatasrv.com"	   "FullVersion"="REG_SZ", "1.27.153.11"	   "FullVersionForUrl"="REG_SZ", "1_27_153"	   "MinorVersion"="REG_SZ", "11"	   "Params"="REG_SZ", "{"source_id" : "327230", "sub_id" : "default", "uzid" : "327230&subid=&pid=1618"}"	   "PlatformVersion"="REG_SZ", "1"	   "ScriptVersion"="REG_SZ", "27"	   "SetHomepage"="REG_SZ", "false"	   "SetNewTab"="REG_SZ", "false"	   "SetSearch"="REG_SZ", "false"	   "SoftwareDetected"="REG_SZ", "{"AnySoftware":false,"Wireshark":false,"VirtualBox":false,"VMWare":false,"InsideVM":true,"InsideVMWare":false,"InsideVirtualBox":true,"InsideVirtualPc":false}"	   "SrcId"="REG_SZ", "327230"	   "StatsDomain"="REG_SZ", "http://stats.ourdatasrv.com"	   "SubId"="REG_SZ", "default"	   "ThankYouPage"="REG_SZ", "true"	   "Time"="REG_SZ", "1396705692"	   "UserConfirmation"="REG_SZ", "false"	   "ZData"="REG_SZ", "327230&subid=&pid=1618"	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Savings Wave\Log]	   "savings wave-bho"="REG_DWORD", 0	   "savings wave-helper"="REG_DWORD", 0	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Savings Wave\Manifest]	   "AddressbarURL"="REG_SZ", "NA"	   "BgVersion"="REG_SZ", "42"	   "ChangePrevious"="REG_SZ", "false"	   "Description"="REG_SZ", "Savings Wave"	   "DisableIe"="REG_SZ", "true"	   "EnableSearchIE"="REG_SZ", "false"	   "HomePageUrl"="REG_SZ", "NA"	   "IsButtonEnabled"="REG_SZ", "false"	   "Manifest"="REG_SZ", "NA"	   "ModeType"="REG_SZ", "production"	   "Name"="REG_SZ", "Savings Wave"	   "PluginsManifestVersion"="REG_SZ", "65"	   "PublisherId"="REG_SZ", "390"	   "PublisherName"="REG_SZ", "Innovative Apps"	   "RunInFrame"="REG_SZ", "false"	   "SetNewTab"="REG_SZ", "false"	   "ThanksUrl"="REG_SZ", "NA"	   "UninstallerOfferAction"="REG_SZ", "NA"	   "UninstallerOfferUrl"="REG_SZ", "NA"	   "UpdateInterval"="REG_DWORD", 360	   "Version"="REG_SZ", "71"	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Savings Wave\Plugins]	   "AppPluginList"="REG_SZ", "42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,1,21,22,182,183,72,177,1000014,28"	   "BgPluginList"="REG_SZ", "42,38,46,41,44,39,35,43,36,4,14,78,64,183,47,182,72,1000015"	   "BrowserEventPluginList"="REG_SZ", "14,42,41,44,39,38,43,37,64,72"	   "NewTabPluginList"="REG_SZ", "42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,1,21,22,72,28"	   "OnRequestPluginList"="REG_SZ", "14,42,41,39,38,43,45,64,72"	   "PopupPluginList"="REG_SZ", "42,38,46,41,44,39,35,43,36,4,14,78,13,64,47,182,72,94"	{"Javascript pkugins removed, full log available by request"}	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Savings Wave\Update]	   "LastCheck"="REG_DWORD", 1396705697	[HKEY_CURRENT_USER\Software\Cr_Installer\12765]	   "InstallationThankYouPage"="REG_DWORD", 1	   "InstallationTime"="REG_DWORD", 1396705692	   "InstallationUserSettings"="REG_SZ", "{"searchUserConifrmation": false, "setSearch": false, "setHomepage": false, "setNewTab": false}"	   "InstallerIdentifiers"="REG_SZ", "{"installer_bic" : "58FA9CEE80514E1397A962B2D7F1DC3AIE", "installer_verifier" : "5a4a73021e5b984a9a0f95d928813179", "installer_verifier_for_215app" : "93a87d09a3aabd2d5cffe42b01baed79"}"	   "InstallerParams"="REG_SZ", "{"source_id" : "327230", "sub_id" : "default", "uzid" : "327230&subid=&pid=1618"}"	   "SoftwareDetected"="REG_SZ", "{"AnySoftware":false,"Wireshark":false,"VirtualBox":false,"VMWare":false,"InsideVM":true,"InsideVMWare":false,"InsideVirtualBox":true,"InsideVirtualPc":false}"	[HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\Innovative Apps]	   "12765"="REG_SZ", "Savings Wave"

Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 4/5/2014Scan Time: 4:02:25 PMLogfile: mbamSavingsWave.txtAdministrator: YesVersion: 2.00.1.1004Malware Database: v2014.04.05.03Rootkit Database: v2014.03.27.01License: TrialMalware Protection: DisabledMalicious Website Protection: DisabledChameleon: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 206767Time Elapsed: 3 min, 30 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 22PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110111271165}, Quarantined, [922542e43d3e51e541e13235fb06c13f],PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440144274465}, Quarantined, [922542e43d3e51e541e13235fb06c13f],PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550155275565}, Quarantined, [922542e43d3e51e541e13235fb06c13f],PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660166276665}, Quarantined, [922542e43d3e51e541e13235fb06c13f],PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0012765.BHO.1, Quarantined, [922542e43d3e51e541e13235fb06c13f],PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110111271165}, Quarantined, [922542e43d3e51e541e13235fb06c13f],PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0012765.BHO, Quarantined, [922542e43d3e51e541e13235fb06c13f],PUP.Optional.SavingsWave.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110111271165}, Quarantined, [922542e43d3e51e541e13235fb06c13f],PUP.Optional.SavingsWave.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110111271165}, Quarantined, [922542e43d3e51e541e13235fb06c13f],PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110111271165}, Quarantined, [922542e43d3e51e541e13235fb06c13f],PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110111271165}, Quarantined, [922542e43d3e51e541e13235fb06c13f],PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220122272265}, Quarantined, [922542e43d3e51e541e13235fb06c13f],PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0012765.Sandbox.1, Quarantined, [922542e43d3e51e541e13235fb06c13f],PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0012765.Sandbox, Quarantined, [922542e43d3e51e541e13235fb06c13f],PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110111271165}\INPROCSERVER32, Quarantined, [922542e43d3e51e541e13235fb06c13f],PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Savings Wave, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],PUP.Optional.SavingsWave.A, HKLM\SOFTWARE\Savings Wave, Quarantined, [8433f72f136855e1f4019ac3986a9e62],PUP.Optional.Ligtning.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [486f7babcab142f40d30e78318eae917],PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [feb9a77fd5a659dd5d9cbddbac57b54b],PUP.Optional.SavingsWave.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Savings Wave, Quarantined, [b3042402a1dadf577c77df7e9270639d],PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CR_INSTALLER\12765, Quarantined, [bef9899d7308ef478af1e4a24bb831cf],PUP.Optional.CrossRider.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Innovative Apps, Quarantined, [7047c75fc1ba191d775a0a8308fb6d93],Registry Values: 0(No malicious items detected)Folders: 22PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, Quarantined, [8d2a21059be02d090d4c81e9768cf907],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [a413d4524c2f290d55d29fb809f9cc34],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0, Quarantined, [a413d4524c2f290d55d29fb809f9cc34],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Updater12765, Quarantined, [d0e7cf572a5162d44316e17679892ad6],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\api, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\core, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\extensionCode, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\defaults, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\defaults\preferences, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\plugins, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\userCode, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\locale, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\locale\en-US, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\skin, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lglkfgcmohcdajpldlnhjjiojjgkbmhm_0, Quarantined, [4473cb5b1665bd793aee72eba65cd22e],PUP.Optional.SavingsWave.A, C:\Users\{username}\AppData\Local\Savings Wave, Quarantined, [82359e88c0bba98d33094716bc46c43c],PUP.Optional.SavingsWave.A, C:\Users\{username}\AppData\Local\Savings Wave\Chrome, Quarantined, [82359e88c0bba98d33094716bc46c43c],Files: 233PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\Savings Wave-bho.dll, Quarantined, [922542e43d3e51e541e13235fb06c13f],PUP.Optional.SavingsWave.A, C:\Users\{username}\Desktop\Savings wave (crossRider).exe, Quarantined, [0fa8ed39bbc076c0fe2489ded1308a76],PUP.Optional.SavingsWave.A, C:\Users\{username}\AppData\Local\Updater12765\Updater12765.exe, Quarantined, [3c7b2ef8215a2f074fd3e48307faf808],PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\background.html, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\Installer.log, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\Savings Wave-bg.exe, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\Savings Wave-buttonutil.dll, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\Savings Wave-buttonutil.exe, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\Savings Wave-buttonutil64.dll, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\Savings Wave-buttonutil64.exe, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\Savings Wave-codedownloader.exe, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\Savings Wave-helper.exe, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\Savings Wave.ico, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],PUP.Optional.SavingsWave.A, C:\Program Files\Savings Wave\Uninstall.exe, Quarantined, [991e3fe7a9d24de928c95d00f60c32ce],PUP.Optional.NewTab.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx, Quarantined, [6a4dd65098e32d09458e23474eb43ec2],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.html, Quarantined, [a413d4524c2f290d55d29fb809f9cc34],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.js, Quarantined, [a413d4524c2f290d55d29fb809f9cc34],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\data.json, Quarantined, [a413d4524c2f290d55d29fb809f9cc34],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\icon128.png, Quarantined, [a413d4524c2f290d55d29fb809f9cc34],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\jquery.js, Quarantined, [a413d4524c2f290d55d29fb809f9cc34],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\manifest.json, Quarantined, [a413d4524c2f290d55d29fb809f9cc34],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xa.js, Quarantined, [a413d4524c2f290d55d29fb809f9cc34],PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xagainit.js, Quarantined, [a413d4524c2f290d55d29fb809f9cc34],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome.manifest, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\install.rdf, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\api.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\background.html, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\baseObject.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\browser.xul, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\dialog.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\main.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\options.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\options.xul, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\search_dialog.xul, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\api\asyncDB.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\api\background.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\api\browserAction.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\api\contextMenu.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\api\dbManager.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\api\dom_bg.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\api\fileManager.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\api\firefox.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\api\firefoxNotifications.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\api\firefoxOmnibox.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\api\message.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\api\pageAction.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\api\request.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\api\tabs.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\api\webRequest.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\core\console.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\core\consts.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\core\delegate.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\core\httpObserver.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\core\IDBWrapper.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\core\installer.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\core\pluginsManager.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\core\prefs.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\core\progressListenerObserver.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\core\registry.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\core\reloadObserver.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\core\reports.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\core\requestObject.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\core\searchSettings.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\core\uninstallObserver.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\core\updateManager.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\core\utils.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\core\xhr.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\extensionCode\backgroundCode.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\chrome\content\extensionCode\pageCode.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\defaults\preferences\prefs.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\manifest.xml, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\plugins.json, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\plugins\1000014_GPL Plugin (Loader).js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\plugins\1000015_GPL Background (BG).js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\plugins\13_CrossriderAppUtils.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\plugins\14_CrossriderUtils.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\plugins\16_FFAppAPIWrapper.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\plugins\17_jQuery.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\plugins\1_base.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\plugins\21_debug.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\plugins\22_resources.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\plugins\28_initializer.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\plugins\47_resources_background.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\plugins\4_jquery_1_7_1.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\plugins\64_appApiMessage.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\plugins\72_appApiValidation.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\plugins\78_CrossriderInfo.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\plugins\98_omniCommands.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\userCode\background.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\extensionData\userCode\extension.js, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\locale\en-US\translations.dtd, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\skin\button1.png, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\skin\button2.png, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\skin\button3.png, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\skin\button4.png, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\skin\button5.png, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\skin\crossrider_statusbar.png, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\skin\icon128.png, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\skin\icon16.png, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\skin\icon24.png, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\skin\icon48.png, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\skin\panelarrow-up.png, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\skin\popup.html, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\skin\skin.css, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossFire.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\crossriderapp12765@crossrider.com\skin\update.css, Quarantined, [2196af77a9d2ae88042aa1b96f937f81],PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lglkfgcmohcdajpldlnhjjiojjgkbmhm_0\1, Quarantined, [4473cb5b1665bd793aee72eba65cd22e],PUP.Optional.SavingsWave.A, C:\Users\{username}\AppData\Local\Savings Wave\Chrome\12765.xml, Quarantined, [82359e88c0bba98d33094716bc46c43c],{"javascript removed, full log available by request"}PUP.Optional.SavingsWave.A, C:\Users\{username}\AppData\Local\Savings Wave\Chrome\Savings Wave.crx, Quarantined, [82359e88c0bba98d33094716bc46c43c],Physical Sectors: 0(No malicious items detected)(end)

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

Dynamically Blocks Malware Sites & Servers
Malware Execution Prevention

Save yourself the hassle and get protected.

Sign In

Removal instructions for Savings Wave

Recommended Posts

Metallica

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information