CrossRider is a software that usually installs without your knowledge with free software downloads. Identified the 03/05/2013.

Features:

– It belongs to a family of PUP (Potentially Unwanted Program).
– Vendor : PUP.Optional

Main actions :

– It installs a program of extension for browser Mozilla Firefox (M2)
– It installs a plugin of the browser Mozilla Firefox (P2)
– It installs a plugin of the browser Google Chrome (G2)
– It is installed as a BHO (Browser Helper Object) of internet browser (O2),
– It installs as a process launched at startup of the system (RP),
– It settled in the Base of registers to be launched each time the system (O4).
– It starts a task planned in automatic (O39),
– It installs as a program (O42),
– It creates to many registry keys ‘Software’
– It creates additional folders (O43),
– It moved to the Windows prefetcher folder (O45).
– It installs as a driver system (O58),
– It creates multiple files users (O61),
– It changes the Internet research provider (O69),

ZHPDiag report:

[MD5.D565C6EF4CB50888B741367A3DC66B78] – (…) — C:\Users\Coolman\AppData\Local\mbot_fr_014010074\upmbot_fr_014010074.exe [3333264] [PID.1536] [MD5.1E436BE51C7272BB4EFE9BEBACCC8B0B] – (…) — C:\Program Files\mbot_fr_014010074\mbot_fr_014010074.exe [3983504] [PID.3976] [MD5.4239A0205C7C210A2787E2E8197C4AC8] – (.shift – Friven_s_Pro_16 exe.) — C:\Program Files (x86)\Friven_s_Pro_16\Friven_s_Pro_16-nova.exe [593768] [PID.2684] [MD5.0543F3B68F45FA6C641CBB528A3AEA54] – (.shift – Frieven_s_Prox_1.8 exe.) — C:\program files (x86)\frieven_s_prox_1.8\frieven_s_prox_1.8-bg.exe [577384] [PID.8456] [MD5.B723D7C2793B20EFB42AA9B8E8889D80] [SPRF][24/07/2014] (.Dwnloader – Dwnloader Setup.) — D:\Bureau\Setup.exe [414200] [MD5.7E20B594C938AB70D9DC4E5E6B365F38] – (…) — C:\Users\Coolman\AppData\Local\fabulous_07261115\fabulous_07261115.exe [2293760] [PID.1424] [MD5.75EF5C0ABD3306D094B23C03BBECBDEC] – (.Corporate Inc – winservice86 exe.) — C:\Program Files (x86)\winservice86\721bec50-90c3-42e5-9ee9-a7a3f064a495.exe [370544] [PID.1924] [MD5.13B8012D03A1BBA6AD4CA241A4D19E69] – (.Pas de propriétaire – Torpedo.) — C:\Program Files\videos+ MediaPlayer+\1cc062c8-4b55-4e61-9226-b044dded3960.exe [32152] [PID.2984] G2 – GCE: Preference [User Data\Default] [lglkfgcmohcdajpldlnhjjiojjgkbmhm] Savings Wave v.1.23.65 (Désactivé )
G2 – GCE: Preference [User Data\Default] [pgjflcoiggljdahilbdhjodelfpgaebm] Color FB v.1.23.97, (Désactivé )
G2 – GCE: Preference [User Data\Default] [fglhnbihmeinbfgalpnaiembmdhfijli] Feven v.1.23.23, (Activé )
G2 – GCE: Preference [User Data\Default] [hjghiofiijcepdnocbgefbdlbckjfheg] Feven Pro 1.1 v.1.26.18, (Activé)
G2 – GCE: Preference [User Data\Default] [kigpmgkoelepakabiliblldhdpnidcod] Shop-Up v.1.24.6 (Activé )
G2 – GCE: Preference [User Data\Default] [deghekbbihbapplmbffglehkdhkeibbm] HQVid1.9v3 v.1.26.35, (Activé)
G2 – GCE: Preference [User Data\Default] [lgonpmchaeokedifbjenbcnjcdefdceg] FLV Player Addon v.1.26.35, (Activé)
G2 – GCE: Preference [User Data\Default] [dmgpbjjcdccinnndjdgmegndbmhbgglb] Fpro1.2 v.1.26.29, (Activé) //Attention avec PDFpro1 LEGITIME
G2 – GCE: Preference [User Data\Default] [majjphhgppkndjjkmhhnbgafooenebhd] MPlayerplus v.1.26.31, (Activé)
G2 – GCE: Preference [User Data\Default] [ceenmgoldhkkegcnlieacjjhndklllkp] Frevens Pro 12 v.1.26.15, (Activé)
G2 – GCE: Preference [User Data\Default] [fbjkggpkjbbmknmckfdelgiebjfhlklj] AllSaver v.1.4 (Activé)
G2 – GCE: Preference [User Data\Default] [lndipknmjijnalnkamonmljeaojdbpna] Week Index v.0.1 (Activé)
G2 – GCE: Preference [User Data\Default] [ceenmgoldhkkegcnlieacjjhndklllkp] Frieven_s_Prox_1.8 v.1.26.18, (Activé)
G2 – GCE: Preference [User Data\Default] [mfhkgfigejkhikbkfkkglinnkfojkdek] Clock View v.0.1 (Activé)
G2 – GCE: Preference [User Data\Default] [ldikpdnngdmeceeameoaannjilbjppnm] Custom Print v.0.1, (Activé)
G2 – GCE: Preference [User Data\Default] [ookcommfdhjlndngjeppjcolccnkjgho] Favicon Grabber v.0.1 (Activé)
G2 – GCE: Preference [User Data\Default] [dnaojefanpmakfgcaliphepgoiiafmpf] video MediaPlay-Air v.1.26.35, (Activé)
G2 – GCE: Preference [User Data\Default] [mpfeggemggokijeahnacacopejaabljl] Plus-HD-2.6 v.1.23.7, (Activé )
G2 – GCE: Preference [User Data\Default] [ffhfoagmjcnkolneahbpagjcjjaeofbg] Browsers App v.1.26.10, (Activé)
G2 – GCE: Preference [User Data\Default] [hcbpgfdicpejhfdgnpnggefimkncelki] Auto Clip v.0.1 (Activé)
G2 – GCE: Preference [User Data\Default] [kpiglpdbbmcnncekagalndhicllimchm] Reddit this! v.0.1 (Activé)
G2 – GCE: Preference [User Data\Default] [onlnnachibjmjahfpoemhledlpakoicg] Remove Bloat! v.0.1 (Activé)
G2 – GCE: Preference [User Data\Default] [eeibjhjmddgcdbniedjoghdgbofbecad] Wiki Like v.0.1, (Activé)
G2 – GCE: Preference [User Data\Default] [dndpbhehbclolnjdfholblgioegcadih] BobyLyrics-15 v.1.25.15, (Activé)
G2 – GCE: Preference [User Data\Default] [jfmejhpappjkfglmlfgahliibnfgjibh] HQualityPro-1.6V03.10 v.1.26.33, (Désactivé)
G2 – GCE: Preference [User Data\Default] [hoidflomjnnnbiemmkjdjkkialmhbago] Browsers+_App+s+ v.1.26.9, (Activé)
G2 – GCE: Preference [User Data\Default] [cgbeihidkikgdcoogkeoeconphggdhop] Total-1.8 v.1.26.53, (Activé)
G2 – GCE: Preference [User Data\Default] [ofaemmlijemfcopjandkcndefpnacabg] HQual2y-v2.5V01.11 v.1.26.76, (Désactivé)
G2 – EXT: C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\dndpbhehbclolnjdfholblgioegcadih [BobyLyrics-15] G2 – EXT: C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek [Clock View] G2 – EXT: C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp [Frieven_s_Prox_1.8] G2 – EXT: C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [Text Highlighter] G2 – EXT: C:\Users\Ryad\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlnnachibjmjahfpoemhledlpakoicg [Remove Bloat!] G2 – EXT: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeibjhjmddgcdbniedjoghdgbofbecad [Wiki Like] G2 – EXT: C:\Users\carolephiphi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg [HQual2y-v2.5V01.11] M2 – MFEP: prefs.js [Coolman – plj96prl.default\crossriderapp12765@crossrider.com] [] Savings Wave v2.0 (..)
M2 – MFEP: prefs.js [Coolman – plj96prl.default\crossriderapp2258@crossrider.com] [] I Want This v5.0.7.0 (..)
M2 – MFEP: prefs.js [Coolman – plj96prl.default\6be3335b-ef79-4b0b-a0ba-b87afbc6f4ad@6bbb4d2e-e33e-4fa5-9b37-934f4fb50182.com] [] Feven v (..)
O2 – BHO: CrossriderApp0012765 [64Bits] – {11111111-1111-1111-1111-110111271165} . (.Innovative Apps – Savings Wave BHO.) — C:\Program Files (x86)\Savings Wave\Savings Wave-bho.dll
O2 – BHO: CrossriderApp0027096 [64Bits] – {11111111-1111-1111-1111-110211701196} . (.Corporate Inc – Services x86 BHO.) — C:\Program Files (x86)\Services x86\Services x86-bho.dll
O2 – BHO: CrossriderApp0031554 [64Bits] – {11111111-1111-1111-1111-110311151154} . (.Feven – Feven BHO.) — C:\Program Files (x86)\Feven\Feven-bho.dll
O2 – BHO: HDvid-Codec V9.0 – {11111111-1111-1111-1111-110511131156} . (…) — c:\program files\hdvid-codec v9.0\HDvid-Codec V9.0-bho.dll
O2 – BHO: CrossriderApp0059599 [64Bits] – {11111111-1111-1111-1111-110511951199} . (.enter – video MediaPlay-Air BHO.) — C:\Program Files (x86)\video MediaPlay-Air\video MediaPlay-Air-bho.dll
O2 – BHO: Vaudix [64Bits] – {33352849-DE7E-1FEA-41E2-A93D67F34C33} . (…) — C:\Program Files (x86)\Vaudix\1Swh5Aa.dll
O2 – BHO: CrossriderApp0043914 [64Bits] – {11111111-1111-1111-1111-110411391114} . (.LKB boby soft – BobyLyrics-15 BHO.) — C:\Program Files (x86)\BobyLyrics-15\BobyLyrics-15-bho.dll
O2 – BHO: edccb4a004ec01329fbb0fbe6070a3f60063285 – {11111111-1111-1111-1111-110611321185} . (.HDPlus-01TotalV21.09 – TotalPlus01-3.1V21.09 BHO.) — C:\Program Files\TotalPlus01-3.1V21.09\TotalPlus01-3.1V21.09-bho.dll
O2 – BHO: e105fff0f3e80131b6584734478597d40061911 [64Bits] – {11111111-1111-1111-1111-110611191111} . (.iWebar – Ge-Force BHO.) — C:\Program Files (x86)\Ge-Force\Ge-Force-bho.dll
O4 – HKCU\..\Run: [fabulous_07261115] . (…) — c:\users\Coolman\appdata\local\fabulous_07261115\fabulous_07261115.exe
O4 – HKUS\S-1-5-21-1137401237-2199336907-3109346764-1000\..\Run: [fabulous_07261115] . (…) — c:\users\Coolman\appdata\local\fabulous_07261115\fabulous_07261115.exe
O4 – HKLM\..\Run: [mbot_fr_014010074] . (…) — C:\Program Files\mbot_fr_014010074\mbot_fr_014010074.exe
O4 – HKLM\..\RunOnce: [upmbot_fr_014010074.exe] . (…) — C:\Users\Coolman\AppData\Local\mbot_fr_014010074\upmbot_fr_014010074.exe[MD5.6B927A0E10DD90F2189F66C3DB9DFAF3] [APT] [Updater12765.exe] (.Innovative Apps.) — C:\Users\Coolman\AppData\Local\Updater12765\Updater12765.exe [210312] O39 – APT:Automatic Planified Task – C:\Windows\Tasks\Feven-chromeinstaller.job [1872] O39 – APT:Automatic Planified Task – C:\Windows\Tasks\Feven-codedownloader.job [1176] O39 – APT:Automatic Planified Task – C:\Windows\Tasks\Feven-enabler.job [1076] O39 – APT:Automatic Planified Task – C:\Windows\Tasks\Feven-firefoxinstaller.job [1796] O39 – APT:Automatic Planified Task – C:\Windows\Tasks\Feven-updater.job [1172] O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-chromeinstaller.job [1976] O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-codedownloader.job [1262] O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-enabler.job [1162] O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-firefoxinstaller.job [1900] O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-updater.job [1356] [MD5.3358CCA51C64ACF4968F0B78B1151B9D] [APT] [Feven-chromeinstaller] (.Feven.) — C:\Program Files (x86)\Feven\Feven-chromeinstaller.exe [464232] [MD5.0F603FE8B10DB23F94A5891B477F6D91] [APT] [Feven-codedownloader] (.Feven.) — C:\Program Files (x86)\Feven\Feven-codedownloader.exe [478568] [MD5.2DD33F1BBE254BE24A5B12D648817BC0] [APT] [Feven-enabler] (.Feven.) — C:\Program Files (x86)\Feven\Feven-enabler.exe [345960] [MD5.DDED161DE2CB30DB7F32701C862693BB] [APT] [Feven-firefoxinstaller] (.Feven.) — C:\Program Files (x86)\Feven\Feven-firefoxinstaller.exe [725352] [MD5.987F5D34F03D3C6D200C2A9955DC2FA1] [APT] [Feven-updater] (.Feven.) — C:\Program Files (x86)\Feven\Feven-updater.exe [364392] O39 – APT:Automatic Planified Task – C:\Windows\Tasks\TubeSaver-chromeinstaller.job [1296] O39 – APT:Automatic Planified Task – C:\Windows\Tasks\TubeSaver-codedownloader.job [1908] O39 – APT:Automatic Planified Task – C:\Windows\Tasks\TubeSaver-enabler.job [1832] O39 – APT:Automatic Planified Task – C:\Windows\Tasks\TubeSaver-firefoxinstaller.job [1200] O39 – APT:Automatic Planified Task – C:\Windows\Tasks\TubeSaver-updater.job [1100] O39 – APT:Automatic Planified Task – C:\WINDOWS\Tasks\video-high-codedownloader.job [1446] O39 – APT:Automatic Planified Task – C:\WINDOWS\Tasks\video-high-enabler.job [1346] O39 – APT:Automatic Planified Task – C:\WINDOWS\Tasks\video-high-firefoxinstaller.job [2506] O39 – APT:Automatic Planified Task – C:\WINDOWS\Tasks\video-high-updater.job [1492] [MD5.1F1C07E7DE9A70D97E11E7C083FA2331] [APT] [OnlineHD V6.0-chromeinstaller] (.installdaddy.) — C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-chromeinstaller.exe [817664] [MD5.178DAF15539807530486B929242CEDA2] [APT] [OnlineHD V6.0-codedownloader] (.installdaddy.) — C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-codedownloader.exe [523776] [MD5.8D06AD8D0935BD879E62F2927A7470E0] [APT] [OnlineHD V6.0-firefoxinstaller] (.installdaddy.) — C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-firefoxinstaller.exe [886272] [MD5.D05AE10289E2629973013F193F03B70B] [APT] [OnlineHD V6.0-updater] (.installdaddy.) — C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-updater.exe [353792] O39 – APT: OnlineHD V6.0-chromeinstaller – (.installdaddy.) — C:\Windows\Tasks\OnlineHD V6.0-chromeinstaller.job [2002] O39 – APT: OnlineHD V6.0-chromeinstaller – (.installdaddy.) — C:\Windows\System32\Tasks\OnlineHD V6.0-chromeinstaller [2002] O39 – APT: OnlineHD V6.0-codedownloader – (.installdaddy.) — C:\Windows\Tasks\OnlineHD V6.0-codedownloader.job [1244] O39 – APT: OnlineHD V6.0-codedownloader – (.installdaddy.) — C:\Windows\System32\Tasks\OnlineHD V6.0-codedownloader [1244] O39 – APT: OnlineHD V6.0-enabler – (…) — C:\Windows\Tasks\OnlineHD V6.0-enabler.job [1154] O39 – APT: OnlineHD V6.0-enabler – (…) — C:\Windows\System32\Tasks\OnlineHD V6.0-enabler [1154] O39 – APT: OnlineHD V6.0-firefoxinstaller – (.installdaddy.) — C:\Windows\Tasks\OnlineHD V6.0-firefoxinstaller.job [2236] O39 – APT: OnlineHD V6.0-firefoxinstaller – (.installdaddy.) — C:\Windows\System32\Tasks\OnlineHD V6.0-firefoxinstaller [2236] O39 – APT: OnlineHD V6.0-updater – (.installdaddy.) — C:\Windows\Tasks\OnlineHD V6.0-updater.job [1352] O39 – APT: OnlineHD V6.0-updater – (.installdaddy.) — C:\Windows\System32\Tasks\OnlineHD V6.0-updater [1352] [MD5.FD4B699623E3BFCD0F23B1DCC290A208] [APT] [BobyLyrics-15-chromeinstaller] (.LKB boby soft.) — C:\Program Files (x86)\BobyLyrics-15\BobyLyrics-15-chromeinstaller.exe [471040] [MD5.147579A8789B144AAAC67258297963A1] [APT] [BobyLyrics-15-codedownloader] (.LKB boby soft.) — C:\Program Files (x86)\BobyLyrics-15\BobyLyrics-15-codedownloader.exe [494592] [MD5.3829BEB6C6E5E6EE689DAEF19419236A] [APT] [BobyLyrics-15-enabler] (.LKB boby soft.) — C:\Program Files (x86)\BobyLyrics-15\BobyLyrics-15-enabler.exe [355840] [MD5.91CEF1E7BC7CC35BFB4BE523CB509567] [APT] [BobyLyrics-15-firefoxinstaller] (.LKB boby soft.) — C:\Program Files (x86)\BobyLyrics-15\BobyLyrics-15-firefoxinstaller.exe [732160] 61F330E3F24D8FBDD3A7A02F7F52FEBF] [APT] [55d88d94-6b9b-4c81-bb2c-9653d27581f8-1] (.HDPlus-01TotalV21.09.) — C:\Program Files\TotalPlus01-3.1V21.09\TotalPlus01-3.1V21.09-codedownloader.exe [1110936] [MD5.66EFD4D54C14927D74DD590E6CD29A5B] [APT] [55d88d94-6b9b-4c81-bb2c-9653d27581f8-11] (.HDPlus-01TotalV21.09.) — C:\Program Files\TotalPlus01-3.1V21.09\55d88d94-6b9b-4c81-bb2c-9653d27581f8-11.exe [1965464] O39 – APT: ca4b525e-2a52-4c7a-a4ec-2d6f975fd891-11 – (.smarts.) — C:\Windows\System32\Tasks\ca4b525e-2a52-4c7a-a4ec-2d6f975fd891-11 [4490] O39 – APT: ca4b525e-2a52-4c7a-a4ec-2d6f975fd891-5_user – (.smarts.) — C:\Windows\Tasks\ca4b525e-2a52-4c7a-a4ec-2d6f975fd891-5_user.job [1696] [MD5.CE6C8D1B2BE9E1C93E150C0BA518E03F] [APT] [d1d2c144-47e8-4a2a-8b2a-51a0abf46219-4] (.HighD7.) — C:\Program Files (x86)\HighD-V11\d1d2c144-47e8-4a2a-8b2a-51a0abf46219-4.exe [1435512] [MD5.94664AD21A2B6383BA1BE658B2C7F6C0] [APT] [dc28f4f3-f705-4d8e-a99d-369241422a99] (…) — C:\Program Files (x86)\HighD-V11\dc28f4f3-f705-4d8e-a99d-369241422a99.exe [32120] O42 – Logiciel: Savings Wave – (.Innovative Apps.) [HKLM][64Bits] — Savings Wave
O42 – Logiciel: Services x86 – (.Corporate Inc.) [HKLM][64Bits] — Services x86
O42 – Logiciel: video-high – (.videohq.) [HKLM] — video-high
O42 – Logiciel: BetterDeals-11 – (.BetterDeals.) [HKLM][64Bits] — BetterDeals-11
O42 – Logiciel: Fpro1.2 – (.Freeven.) [HKLM] — Fpro1.2
O42 – Logiciel: MPlayerplus – (.Freeven.) [HKLM] — MPlayerplus
O42 – Logiciel: video MediaPlay-Air – (.enter.) [HKLM][64Bits] — video MediaPlay-Air
O42 – Logiciel: HQPureV1.8 – (.HQPure.) [HKLM][64Bits] — HQPureV1.8
O42 – Logiciel: Fabulous discounts – (…) [HKCU] — fabulous_07261115
O42 – Logiciel: Browsers App – (.browser.) [HKLM][64Bits] — Browsers App
O42 – Logiciel: CinamHDPureV9.5 – (.CinamHDPure.) [HKLM][64Bits] — CinamHDPureV9.5
O42 – Logiciel: BobyLyrics-15 – (.LKB boby soft.) [HKLM][64Bits] — BobyLyrics-15
O42 – Logiciel: TotalPlus01-3.1V21.09 – (.HDPlus-01TotalV21.09.) [HKLM] — TotalPlus01-3.1V21.09
O42 – Logiciel: BrowsersAppProPlus-v2.3 – (.browser.) [HKLM][64Bits] — BrowsersAppProPlus-v2.3
O42 – Logiciel: BrowserPlusBApps_version10.1 – (.App.) [HKLM][64Bits] — BrowserPlusBApps_version10.1
O42 – Logiciel: BROsrAppsEd3 – (.BrowserServiApp23.) [HKLM] — BROsrAppsEd3
O42 – Logiciel: MPPlayvideoEd2.0 – (.MediaProPlayer+.) [HKLM] — MPPlayvideoEd2.0
O42 – Logiciel: MedPlayV3.1 – (.PlayersMComp.) [HKLM] — MedPlayV3.1[HKLM\Software\Wow6432Node\Services x86] [HKCU\Software\AppDataLow\Software\Services x86] [HKCU\Software\AppDataLow\Software\Crossrider] [HKCU\Software\AppDataLow\Software\Savings Wave] [HKCU\Software\Cr_Installer] [HKLM\Software\Shop-Up] [HKCU\Software\video-high] [HKCU\Software\AppDataLow\Software\Frieven_s_Prox_1.8] [HKCU\Software\AppDataLow\Software\video MediaPlay-Air] [HKCU\Software\fabulous] [HKCU\Software\AppDataLow\Software\Browsers App] [HKLM\Software\Wow6432Node\CinamHDPureV9.5-nv] [HKCU\Software\AppDataLow\Software\BobyLyrics-15] [HKLM\Software\Wow6432Node\V-9.1HQ-nv] [HKCU\Software\AppDataLow\Software\winservice86] [HKLM\Software\Wow6432Node\winservice86-nv] [HKLM\Software\Wow6432Node\winservice86] [HKCU\Software\AppDataLow\Software\TotalPlus01-3.1V21.09] [HKCU\Software\HBLDI] [HKLM\Software\Browsers+_App+s+-nv] [HKLM\Software\Browsers+_App+s+] [HKCU\Software\AppDataLow\Software\BrowsersAppProPlus-v2.3] [HKLM\Software\HQual2y-v2.5V01.11-nv] [HKLM\Software\Wow6432Node\HQual2y-v2.5V01.11-nv] [HKLM\Software\Wow6432Node\VideoMedia+Player_v2.3-nv] [HKCU\Software\AppDataLow\Software\HD_Quality_v1.1V21.11] [HKCU\Software\AppDataLow\Software\I – Cinema] [HKLM\Software\Wow6432Node\I – Cinema-nv] [HKLM\Software\Wow6432Node\Ge-Force] [HKCU\Software\SavePass 1.1-nv] [HKCU\Software\SavePass 1.1] [HKCU\Software\Sense-nv] [HKLM\Software\CinPlus-2.4cV03.12-nv] O43 – CFD: 07/04/2013 – 00:38:19 – [0,009] —-D C:\Users\Coolman\AppData\Local\Services x86
O43 – CFD: 02/04/2013 – 18:59:59 – [0] —-D C:\Users\Coolman\AppData\Local\Savings Wave
O43 – CFD: 18/05/2013 – 17:52:32 – [0,201] —-D C:\Users\Coolman\AppData\Local\Updater12765
O43 – CFD: 20/05/2013 – 15:11:27 – [4,447] —-D C:\Program Files (x86)\Services x86
O43 – CFD: 06/10/2013 – 21:26:41 – [5,338] —-D C:\Program Files\Shop-Up
O43 – CFD: 09/03/2014 – 19:01:31 – [5,541] —-D C:\Program Files\video-high
O43 – CFD: 25/04/2014 – 03:20:22 – [] —-D C:\Program Files (x86)\BetterDeals-11
O43 – CFD: 11/05/2014 – 21:29:15 – [] —-D C:\Program Files (x86)\BobyLyrics-15
O43 – CFD: 09/06/2014 – 19:01:31 – [] —-D c:\program files\HDvid-Codec V9.0
O43 – CFD: 09/06/2014 – 19:01:31 – [] —-D c:\program files\hdvidcodec.com
O43 – CFD: 23/07/2014 – 02:07:42 – [] —-D C:\Program Files (x86)\video MediaPlay-Air
O43 – CFD: 22/07/2014 – 23:17:02 – [] —-D C:\Program Files (x86)\HQPureV1.8
O43 – CFD: 26/07/2014 – 13:15:32 – [] —-D C:\Users\Coolman\AppData\Local\fabulous_07261115
O43 – CFD: 31/07/2014 – 20:07:44 – [] —-D C:\Program Files (x86)\Browsers App
O43 – CFD: 18/08/2014 – 01:36:34 – [] —-D C:\Program Files (x86)\CinamHDPureV9.5
O43 – CFD: 16/09/2014 – 19:47:05 – [] —-D C:\Program Files (x86)\winservice86
O43 – CFD: 21/09/2014 – 17:06:31 – [] —-D C:\Program Files\TotalPlus01-3.1V21.09
O43 – CFD: 02/12/2014 – 14:16:48 – [] —-D C:\Program Files (x86)\Ge-Force
O43 – CFD: 01/12/2014 – 16:25:24 – [0] —-D C:\Program Files\Cinema Video Pro 2.1V14.11
O43 – CFD: 15/02/2015 – 22:43:22 – [] —-D C:\Program Files\MedPlayV3.1
O61 – LFC: 2015/08/28 22:36:45 A . (..) — C:\Users\Coolman\AppData\Local\mbot_fr_014010074\upmbot_fr_014010074.exe [3333264] O61 – LFC: 2015/08/29 01:39:46 A . (..) — C:\Users\Coolman\AppData\Local\mbot_fr_014010074\Download\myoffergroup_fr.exe [5183520] O61 – LFC: 18/05/2013 – 16:54:35 —A- C:\Users\Coolman\AppData\Roaming\Desk 365\icons\chrome_1da37a02e412dbdb6c2392f85ed86555.ico [55773] O61 – LFC: 18/05/2013 – 16:54:35 —A- C:\Users\Coolman\AppData\Roaming\Desk 365\icons\firefox_266215028a0bf0cee2a4f5132062976d.ico [295606] O61 – LFC: 26/07/2014 – 13:17:01 —A- . (…) — C:\Users\Coolman\AppData\Local\fabulous_07261115\fabulous_07261115.exe [2293760] O69 – SBI: prefs.js [Coolman – rwby5je5.default] user_pref(“extensions.crossrider.bic”, “13de1811d542bec9b2bf2643f3b612eb”);
O69 – SBI: prefs.js [Coolman – tlj96prl.default] user_pref(“extensions.crossriderapp12765.12765.InstallationThankYouPage”, true);[HKCR\CLSID\{22222222-2222-2222-2222-220522312272}] (CrossriderApp0053172.Sandbox) =>PUP.CrossRider[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}] (CrossriderApp0054246.Sandbox) =>PUP.CrossRider[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Savings Wave] [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Services x86] [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Savings Sidekick] [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BetterDeals-11] [HKLM\Software\Wow6432Node\Services x86] [HKCU\Software\AppDataLow\Software\Services x86] [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211701196}] [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211701196}] [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211701196}] [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110211701196}] [HKCU\Software\AppDataLow\Software\Crossrider] [HKCU\Software\AppDataLow\Software\Savings Wave] [HKCU\Software\Cr_Installer] [HKLM\Software\Classes\CrossriderApp0002258.BHO.1] [HKLM\Software\Classes\CrossriderApp0002258.FBApi.1] [HKLM\Software\Classes\CrossriderApp0002258.Sandbox.1] [HKLM\Software\Google\Chrome\Extensions\lglkfgcmohcdajpldlnhjjiojjgkbmhm] [HKLM\Software\Google\Chrome\Extensions\kigpmgkoelepakabiliblldhdpnidcod] C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lglkfgcmohcdajpldlnhjjiojjgkbmhm
C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod
C:\Users\Coolman\AppData\Local\Services x86
C:\Users\Coolman\AppData\Local\Savings Wave
C:\Users\Coolman\AppData\Local\Updater12765
C:\Program Files (x86)\Services x86
C:\Program Files (x86)\Feven
C:\Program Files\Shop-Up
C:\WINDOWS\tasks\Shop-Up-updater.job
C:\WINDOWS\tasks\Shop-Up-enabler.job
C:\WINDOWS\tasks\Shop-Up-chromeinstaller.job
C:\WINDOWS\tasks\Shop-Up-firefoxinstaller.job
C:\WINDOWS\tasks\Shop-Up-codedownloader.job
C:\Program Files (x86)\Shop-Up
C:\Program Files (x86)\Shop-Up\Shop-Up-updater.exe
C:\Program Files (x86)\Shop-Up\Shop-Up-firefoxinstaller.exe
C:\Program Files (x86)\Shop-Up\Shop-Up-enabler.exe
C:\Program Files (x86)\Shop-Up\Shop-Up-codedownloader.exe
C:\Program Files (x86)\Shop-Up\Shop-Up-chromeinstaller.exe
C:\Program Files (x86)\BetterDeals-11
C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.10_0\crossrider
C:\Windows\Tasks\HDvid-Codec V9.0-chromeinstaller.job
C:\Windows\System32\Tasks\HDvid-Codec V9.0-chromeinstaller
C:\Windows\Tasks\HDvid-Codec V9.0-codedownloader.job
C:\Windows\System32\Tasks\HDvid-Codec V9.0-codedownloader
C:\Windows\Tasks\HDvid-Codec V9.0-enabler.job
C:\Windows\System32\Tasks\HDvid-Codec V9.0-enabler
C:\Windows\Tasks\HDvid-Codec V9.0-firefoxinstaller.job
C:\Windows\System32\Tasks\HDvid-Codec V9.0-firefoxinstaller
C:\Windows\Tasks\HDvid-Codec V9.0-updater.job
C:\Windows\System32\Tasks\HDvid-Codec V9.0-updater

Alias:

PUP.Optional.Crossrider.A [ Malwarebytes Antimalware ] Adware.Crossrider

Remove:

– Remove software in Windows Configuration Panel,
Remove with ZHPcleaner
ZHPCleaner_EN2
Diagnose with ZHPDiag
ZHPDiag_2-300x220

2016-12-30T07:34:23+00:00 Categories: Adware, Hijacker, Polluteware, PUP|Tags: , , , |Comments Off on PUP.Optional.CrossRider