Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for VeeHD

- - - - -
Started by Metallica , Feb 23 2014 06:01 AM

  • Please log in to reply
No replies to this topic

#1
Metallica
Posted 23 February 2014 - 06:01 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is VeeHD?

The Malwarebytes research team has determined that VeeHD is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is effected by VeeHD?

You may see these browser extensions/add-ons:

Posted Image

Posted Image

Posted Image

and this entry in your list of installed programs:

Posted Image


How did VeeHD get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was offered as a video enhancing browser extension.

How do I remove VeeHD?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program. You will need Malwarebytes Anti-Malware version 2.00 (beta) or newer to disable the Chrome and Firefox extensions.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-consumer.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.

Is there anything else I need to do to get rid of VeeHD?

  • The Firefox extension can now safely be removed. Open the "Extensions" tab under "Add-ons" and click "Remove" and "Restart" to complete the removal.
  • The Chrome extension can now safely be removed. Open "Settings" > "Extensions" and click the bin behind the Picora 2.0 listing. Then confirm removal.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the VeeHD rogue. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.


Posted Image

Technical details for experts

Signs in a HijackThis log:
O2 - BHO: CrossriderApp0051384 - {11111111-1111-1111-1111-110511131184} - C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-bho.dll

Alterations made by the installer:
File system details
---------------------------------------------
	Adds the folder C:\Program Files\VEEHD Plugin V9.0
	   Adds the file 51384.crx"="2/23/2014 12:24 PM, 243142 bytes, A
	   Adds the file 51384.xpi"="2/23/2014 12:24 PM, 279836 bytes, A
	   Adds the file background.html"="2/19/2014 5:12 PM, 729 bytes, A
	   Adds the file Installer.log"="2/23/2014 12:24 PM, 157810 bytes, A
	   Adds the file Uninstall.exe"="2/23/2014 12:24 PM, 77312 bytes, A
	   Adds the file utils.exe"="2/23/2014 12:24 PM, 2306672 bytes, A
	   Adds the file VEEHD Plugin V9.0.ico"="2/19/2014 5:12 PM, 9662 bytes, A
	   Adds the file VEEHD Plugin V9.0-bg.exe"="2/23/2014 12:24 PM, 806400 bytes, A
	   Adds the file VEEHD Plugin V9.0-bho.dll"="2/23/2014 12:24 PM, 682496 bytes, A
	   Adds the file VEEHD Plugin V9.0-buttonutil.dll"="2/23/2014 12:24 PM, 425984 bytes, A
	   Adds the file VEEHD Plugin V9.0-buttonutil.exe"="2/23/2014 12:24 PM, 344064 bytes, A
	   Adds the file VEEHD Plugin V9.0-chromeinstaller.exe"="2/23/2014 12:24 PM, 2028544 bytes, A
	   Adds the file VEEHD Plugin V9.0-codedownloader.exe"="2/23/2014 12:24 PM, 566272 bytes, A
	   Adds the file VEEHD Plugin V9.0-enabler.exe"="2/23/2014 12:24 PM, 411136 bytes, A
	   Adds the file VEEHD Plugin V9.0-firefoxinstaller.exe"="2/23/2014 12:24 PM, 947200 bytes, A
	   Adds the file VEEHD Plugin V9.0-helper.exe"="2/23/2014 12:24 PM, 340992 bytes, A
	   Adds the file VEEHD Plugin V9.0-updater.exe"="2/23/2014 12:24 PM, 391680 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0
	   Adds the file background.html"="2/23/2014 12:24 PM, 1705 bytes, A
	   Adds the file chromeCoreFilesIndex.txt"="2/23/2014 12:24 PM, 853 bytes, A
	   Adds the file crossriderManifest.json"="2/23/2014 12:24 PM, 513 bytes, A
	   Adds the file manifest.json"="2/23/2014 12:24 PM, 1152 bytes, A
	   Adds the file popup.html"="2/23/2014 12:24 PM, 139 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData
	   Adds the file manifest.xml"="2/23/2014 12:24 PM, 1758 bytes, A
	   Adds the file plugins.json"="2/23/2014 12:24 PM, 5594 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins
	   Adds the file 1_base.js"="2/23/2014 12:24 PM, 6908 bytes, A
	   Adds the file 13_CrossriderAppUtils.js"="2/23/2014 12:24 PM, 7056 bytes, A
	   Adds the file 14_CrossriderUtils.js"="2/23/2014 12:24 PM, 20810 bytes, A
	   Adds the file 17_jQuery.js"="2/23/2014 12:24 PM, 79982 bytes, A
	   Adds the file 177_crossriderDashboard.js"="2/23/2014 12:24 PM, 30419 bytes, A
	   Adds the file 180_bpo_serp_m.js"="2/23/2014 12:24 PM, 963 bytes, A
	   Adds the file 182_openUrl.js"="2/23/2014 12:24 PM, 14301 bytes, A
	   Adds the file 183_tabsWrapper.js"="2/23/2014 12:24 PM, 2555 bytes, A
	   Adds the file 19_CHAppAPIWrapper.js"="2/23/2014 12:24 PM, 7137 bytes, A
	   Adds the file 207_dbWrapper.js"="2/23/2014 12:24 PM, 1661 bytes, A
	   Adds the file 21_debug.js"="2/23/2014 12:24 PM, 3676 bytes, A
	   Adds the file 22_resources.js"="2/23/2014 12:24 PM, 9082 bytes, A
	   Adds the file 28_initializer.js"="2/23/2014 12:24 PM, 664 bytes, A
	   Adds the file 4_jquery_1_7_1.js"="2/23/2014 12:24 PM, 94180 bytes, A
	   Adds the file 47_resources_background.js"="2/23/2014 12:24 PM, 7720 bytes, A
	   Adds the file 64_appApiMessage.js"="2/23/2014 12:24 PM, 2332 bytes, A
	   Adds the file 72_appApiValidation.js"="2/23/2014 12:24 PM, 46524 bytes, A
	   Adds the file 78_CrossriderInfo.js"="2/23/2014 12:24 PM, 3321 bytes, A
	   Adds the file 80_CHPopupAppAPI.js"="2/23/2014 12:24 PM, 194 bytes, A
	   Adds the file 91_monetizationLoader.js.js"="2/23/2014 12:24 PM, 141583 bytes, A
	   Adds the file 97_resourceApiWrapper.js"="2/23/2014 12:24 PM, 3299 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\userCode
	   Adds the file background.js"="2/23/2014 12:24 PM, 118 bytes, A
	   Adds the file extension.js"="2/23/2014 12:24 PM, 746 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\icons
	   Adds the file icon128.png"="2/23/2014 12:24 PM, 5867 bytes, A
	   Adds the file icon16.png"="2/23/2014 12:24 PM, 1192 bytes, A
	   Adds the file icon48.png"="2/23/2014 12:24 PM, 2679 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\icons\actions
	   Adds the file 1.png"="2/23/2014 12:24 PM, 1223 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js
	   Adds the file background.js"="2/23/2014 12:24 PM, 34135 bytes, A
	   Adds the file main.js"="2/23/2014 12:24 PM, 8452 bytes, A
	   Adds the file platformVersion.js"="2/23/2014 12:24 PM, 408 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\api
	   Adds the file chrome.js"="2/23/2014 12:24 PM, 11499 bytes, A
	   Adds the file cookie.js"="2/23/2014 12:24 PM, 11743 bytes, A
	   Adds the file message.js"="2/23/2014 12:24 PM, 3346 bytes, A
	   Adds the file monitor.js"="2/23/2014 12:24 PM, 2039 bytes, A
	   Adds the file pageAction.js"="2/23/2014 12:24 PM, 1737 bytes, A
	   Adds the file pageActionBG.js"="2/23/2014 12:24 PM, 2519 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib
	   Adds the file app_api.js"="2/23/2014 12:24 PM, 6697 bytes, A
	   Adds the file bg_app_api.js"="2/23/2014 12:24 PM, 4685 bytes, A
	   Adds the file consts.js"="2/23/2014 12:24 PM, 335 bytes, A
	   Adds the file cookie_store.js"="2/23/2014 12:24 PM, 5905 bytes, A
	   Adds the file crossriderAPI.js"="2/23/2014 12:24 PM, 11366 bytes, A
	   Adds the file delegate.js"="2/23/2014 12:24 PM, 2002 bytes, A
	   Adds the file events.js"="2/23/2014 12:24 PM, 5757 bytes, A
	   Adds the file extensionDataStore.js"="2/23/2014 12:24 PM, 6656 bytes, A
	   Adds the file installer.js"="2/23/2014 12:24 PM, 780 bytes, A
	   Adds the file logFile.js"="2/23/2014 12:24 PM, 775 bytes, A
	   Adds the file logging.js"="2/23/2014 12:24 PM, 944 bytes, A
	   Adds the file onBGDocumentLoad.js"="2/23/2014 12:24 PM, 480 bytes, A
	   Adds the file reports.js"="2/23/2014 12:24 PM, 4929 bytes, A
	   Adds the file storageWrapper.js"="2/23/2014 12:24 PM, 903 bytes, A
	   Adds the file updateManager.js"="2/23/2014 12:24 PM, 8205 bytes, A
	   Adds the file util.js"="2/23/2014 12:24 PM, 5142 bytes, A
	   Adds the file xhr.js"="2/23/2014 12:24 PM, 2699 bytes, A
	Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\popupResource
	   Adds the file newPopup.js"="2/23/2014 12:24 PM, 40 bytes, A
	   Adds the file popup.js"="2/23/2014 12:24 PM, 45 bytes, A
	In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\5b89f4fc-4956-4b39-8e01-daabf7a94e50@fc8bd6c4-6346-4d41-98ba-5c9af3bd35c6.com\chrome\content\core
	   Alters the file installer.js
		2/23/2014 12:14 PM, 1320 bytes, A ==> 2/23/2014 12:24 PM, 1316 bytes, A
	In the existing folder C:\Windows\System32\Tasks
	   Adds the file VEEHD Plugin V9.0-chromeinstaller"="2/23/2014 12:24 PM, 6148 bytes, A
	   Adds the file VEEHD Plugin V9.0-codedownloader"="2/23/2014 12:24 PM, 4522 bytes, A
	   Adds the file VEEHD Plugin V9.0-enabler"="2/23/2014 12:24 PM, 4410 bytes, A
	   Adds the file VEEHD Plugin V9.0-firefoxinstaller"="2/23/2014 12:24 PM, 5458 bytes, A
	   Adds the file VEEHD Plugin V9.0-updater"="2/23/2014 12:24 PM, 4576 bytes, A
	In the existing folder C:\Windows\Tasks
	   Adds the file VEEHD Plugin V9.0-chromeinstaller.job"="2/23/2014 12:24 PM, 3118 bytes, A
	   Adds the file VEEHD Plugin V9.0-codedownloader.job"="2/23/2014 12:24 PM, 1492 bytes, A
	   Adds the file VEEHD Plugin V9.0-enabler.job"="2/23/2014 12:24 PM, 1380 bytes, A
	   Adds the file VEEHD Plugin V9.0-firefoxinstaller.job"="2/23/2014 12:24 PM, 2428 bytes, A
	   Adds the file VEEHD Plugin V9.0-updater.job"="2/23/2014 12:24 PM, 1546 bytes, A

Registry details
------------------------------------------
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131184}]
	   "(Default)"="REG_SZ, "VEEHD Plugin V9.0"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131184}\Implemented Categories]
	   "(Default)"="REG_SZ, ""
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131184}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]
	   "(Default)"="REG_SZ, ""
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131184}\InprocServer32]
	   "(Default)"="REG_SZ, "C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-bho.dll"
	   "ThreadingModel"="REG_SZ, "Apartment"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131184}\ProgID]
	   "(Default)"="REG_SZ, "CrossriderApp0051384.BHO.1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131184}\Programmable]
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131184}\TypeLib]
	   "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440544134484}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131184}\VersionIndependentProgID]
	   "(Default)"="REG_SZ, "CrossriderApp0051384"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132284}]
	   "(Default)"="REG_SZ, "CrossriderApp0051384.Sandbox"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132284}\InprocServer32]
	   "(Default)"="REG_SZ, "C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-bho.dll"
	   "ThreadingModel"="REG_SZ, "Apartment"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132284}\ProgID]
	   "(Default)"="REG_SZ, "CrossriderApp0051384.Sandbox.1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132284}\Programmable]
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132284}\TypeLib]
	   "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440544134484}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132284}\VersionIndependentProgID]
	   "(Default)"="REG_SZ, "CrossriderApp0051384.Sandbox"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051384.BHO]
	   "(Default)"="REG_SZ, "CrossriderApp0051384"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051384.BHO\CLSID]
	   "(Default)"="REG_SZ, "{11111111-1111-1111-1111-110511131184}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051384.BHO\CurVer]
	   "(Default)"="REG_SZ, "CrossriderApp0051384"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051384.BHO.1]
	   "(Default)"="REG_SZ, "CrossriderApp0051384"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051384.BHO.1\CLSID]
	   "(Default)"="REG_SZ, "{11111111-1111-1111-1111-110511131184}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051384.Sandbox]
	   "(Default)"="REG_SZ, "CrossriderApp0051384.Sandbox"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051384.Sandbox\CLSID]
	   "(Default)"="REG_SZ, "{22222222-2222-2222-2222-220522132284}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051384.Sandbox\CurVer]
	   "(Default)"="REG_SZ, "CrossriderApp0051384.Sandbox"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051384.Sandbox.1]
	   "(Default)"="REG_SZ, "CrossriderApp0051384.Sandbox"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051384.Sandbox.1\CLSID]
	   "(Default)"="REG_SZ, "{22222222-2222-2222-2222-220522132284}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135584}]
	   "(Default)"="REG_SZ, "ICrossriderBHO"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135584}\ProxyStubClsid]
	   "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135584}\ProxyStubClsid32]
	   "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135584}\TypeLib]
	   "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440544134484}"
	   "Version"="REG_SZ, "1.0"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136684}]
	   "(Default)"="REG_SZ, "ISandBox"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136684}\ProxyStubClsid]
	   "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136684}\ProxyStubClsid32]
	   "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136684}\TypeLib]
	   "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440544134484}"
	   "Version"="REG_SZ, "1.0"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544134484}\1.0]
	   "(Default)"="REG_SZ, "CrossriderApp0051384 Type Library"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544134484}\1.0\0\win32]
	   "(Default)"="REG_SZ, "C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-bho.dll"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544134484}\1.0\FLAGS]
	   "(Default)"="REG_SZ, "0"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544134484}\1.0\HELPDIR]
	   "(Default)"="REG_SZ, "C:\Program Files\VEEHD Plugin V9.0"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131184}]
	   "(Default)"="REG_SZ, "CrossriderApp0051384"
	   "NoExplorer"="REG_DWORD, 1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VEEHD Plugin V9.0]
	   "CrAppId"="REG_SZ, "51384"
	   "CrPublisherId"="REG_SZ, "3874"
	   "DisplayIcon"="REG_SZ, "C:\Program Files\VEEHD Plugin V9.0\utils.exe"
	   "DisplayName"="REG_SZ, "VEEHD Plugin V9.0"
	   "DisplayVersion"="REG_SZ, "1.34.2.13"
	   "Publisher"="REG_SZ, "installdaddy"
	   "UninstallString"="REG_SZ, "C:\Program Files\VEEHD Plugin V9.0\Uninstall.exe /fromcontrolpanel=1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
	   "VEEHD Plugin V9.0-chromeinstaller.job"="REG_BINARY, .............................S..
	   "VEEHD Plugin V9.0-chromeinstaller.job.fp"="REG_DWORD, -1484792606
	   "VEEHD Plugin V9.0-codedownloader.job"="REG_BINARY, ................................
	   "VEEHD Plugin V9.0-codedownloader.job.fp"="REG_DWORD, 1856972339
	   "VEEHD Plugin V9.0-enabler.job"="REG_BINARY, ................................
	   "VEEHD Plugin V9.0-enabler.job.fp"="REG_DWORD, -1936886202
	   "VEEHD Plugin V9.0-firefoxinstaller.job"="REG_BINARY, ................................
	   "VEEHD Plugin V9.0-firefoxinstaller.job.fp"="REG_DWORD, -875353481
	   "VEEHD Plugin V9.0-updater.job"="REG_BINARY, ........=.......................
	   "VEEHD Plugin V9.0-updater.job.fp"="REG_DWORD, -1525904177
	[HKEY_LOCAL_MACHINE\SOFTWARE\VEEHD Plugin V9.0\Chrome]
	   "TotalProfiles"="REG_DWORD, 1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\VEEHD Plugin V9.0\Chrome-Profiles]
	   "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default"="REG_DWORD, 1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\VEEHD Plugin V9.0\IE]
	   "TotalProfiles"="REG_DWORD, 1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\VEEHD Plugin V9.0\Installer]
	   "BundledChrome"="REG_DWORD, 1"
	   "BundledFirefox"="REG_DWORD, 1"
	   "BundledIe"="REG_DWORD, 1"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]
	   "Bic"="REG_SZ, "649BCDD37B2A4BF0BA52E5847CC8E6C4IE"
	   "Verifier"="REG_SZ, "a3011a96abb2d15daf550b5c0327d5b1"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\VEEHD Plugin V9.0]
	   "ActiveAppId"="REG_SZ, "51384"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\VEEHD Plugin V9.0\Installer]
	   "CodeDownloadDomain"="REG_SZ, "http://cr.install-daddy.com"
	   "DefaultBrowser"="REG_SZ, "ie"
	   "ErrorsDomain"="REG_SZ, "http://errors.srvstatsdata.com"
	   "FullVersion"="REG_SZ, "1.34.2.13"
	   "FullVersionForUrl"="REG_SZ, "1_34_2_13"
	   "OsName"="REG_SZ, "7"
	   "Params"="REG_SZ, "{   "source_id" : "001059",   "sub_id" : "0",   "uzid" : "0"}"
	   "SrcId"="REG_SZ, "001059"
	   "StatsDomain"="REG_SZ, "http://stats.srvstatsdata.com"
	   "SubId"="REG_SZ, "0"
	   "Time"="REG_SZ, "1393154650"
	   "ZData"="REG_SZ, "0"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\VEEHD Plugin V9.0\Log]
	   "veehd plugin v9.0-bho"="REG_DWORD, 0"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\VEEHD Plugin V9.0\Manifest]
	   "AddressbarURL"="REG_SZ, "NA"
	   "BgVersion"="REG_SZ, "1"
	   "ChangePrevious"="REG_SZ, "false"
	   "Description"="REG_SZ, "VEEHD Plugin - Enjoy the future of internet video with High Definition"
	   "DisableIe"="REG_SZ, "true"
	   "EnableSearchIE"="REG_SZ, "false"
	   "HomePageUrl"="REG_SZ, "NA"
	   "IsButtonEnabled"="REG_SZ, "false"
	   "Manifest"="REG_SZ, "NA"
	   "ModeType"="REG_SZ, "production"
	   "Name"="REG_SZ, "VEEHD Plugin V9.0"
	   "PluginsManifestVersion"="REG_SZ, "3"
	   "PublisherId"="REG_SZ, "3874"
	   "PublisherName"="REG_SZ, "installdaddy"
	   "RunInFrame"="REG_SZ, "false"
	   "SetNewTab"="REG_SZ, "false"
	   "ThanksUrl"="REG_SZ, "NA"
	   "UninstallerOfferAction"="REG_SZ, "NA"
	   "UninstallerOfferUrl"="REG_SZ, "NA"
	   "UpdateInterval"="REG_DWORD, 360
	   "Version"="REG_SZ, "10"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\VEEHD Plugin V9.0\Plugins]
	   "AppPluginList"="REG_SZ, "42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,1,21,22,182,183,207,72,180,177,91,28"
	   "BgPluginList"="REG_SZ, "42,38,46,41,44,39,35,43,36,4,14,78,64,183,207,47,182,72,91"
	   "BrowserEventPluginList"="REG_SZ, "14,42,41,44,39,38,43,37,64,72"
	   "NewTabPluginList"="REG_SZ, "42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,1,21,22,72,28"
	   "OnRequestPluginList"="REG_SZ, "14,42,41,39,38,43,45,64,72"
	   "PopupPluginList"="REG_SZ, "42,38,46,41,44,39,35,43,36,4,14,78,13,64,207,47,182,72,94"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\VEEHD Plugin V9.0\Plugins\1]
	   "JavaScript"="{ skipped javascript, full log available by request }"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\VEEHD Plugin V9.0\Update]
	   "LastCheck"="REG_DWORD, 1393154655
	[HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\installdaddy]
	   "51384"="REG_SZ, "VEEHD Plugin V9.0"

Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/23/2014
Scan Time: 12:21:43 PM
Logfile: MBAMveeHD.txt
Administrator: Yes

Version: 2.00.0.0503
Malware Database: v2014.02.23.04
Rootikt Database: v2014.02.20.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Malwarebytes

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 196405
Time Elapsed: 3 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 19
Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511131184}, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],
Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544134484}, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],
Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555135584}, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],
Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566136684}, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],
Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051384.BHO.1, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],
Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511131184}, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],
Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051384.BHO, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],
Registry Key, PUP.Optional.VeeHD.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511131184}, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],
Registry Key, PUP.Optional.VeeHD.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511131184}, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],
Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522132284}, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],
Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051384.Sandbox.1, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],
Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051384.Sandbox, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],
Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511131184}\INPROCSERVER32, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],
Registry Key, PUP.Optional.CrossRider.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [960af0ef9edce551d406a90b1ae91ee2],
Registry Key, PUP.Optional.VeeHD.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\VEEHD Plugin V9.0, Quarantined, [d4cc9649cdad979f336694ee867c03fd],
Registry Key, PUP.Optional.CrossRider.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\installdaddy, Quarantined, [00a08f50f288b97d140af4adb84b9e62],
Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\VEEHD Plugin V9.0, Quarantined, [a1ff6c734139b77fd3c44a38877b926e],
Registry Key, PUP.Optional.Ligtning.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [e2bea43bcfab112566770382b84ace32],
Registry Key, PUP.Optional.VeeHD.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VEEHD Plugin V9.0, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 15
Folder, PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, Quarantined, [524ead323f3b05316e8bb0d5976b16ea],
Folder, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [aff1ae315921300619c52060e51d2cd4],
Folder, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0, Quarantined, [aff1ae315921300619c52060e51d2cd4],
Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi, Quarantined, [4f51667989f1152198d583ff47bb01ff],
Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0, Quarantined, [4f51667989f1152198d583ff47bb01ff],
Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData, Quarantined, [4f51667989f1152198d583ff47bb01ff],
Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins, Quarantined, [4f51667989f1152198d583ff47bb01ff],
Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\userCode, Quarantined, [4f51667989f1152198d583ff47bb01ff],
Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\icons, Quarantined, [4f51667989f1152198d583ff47bb01ff],
Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\icons\actions, Quarantined, [4f51667989f1152198d583ff47bb01ff],
Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\api, Quarantined, [4f51667989f1152198d583ff47bb01ff],
Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib, Quarantined, [4f51667989f1152198d583ff47bb01ff],
Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\popupResource, Quarantined, [4f51667989f1152198d583ff47bb01ff],
Folder, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],

Files: 95
File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-bho.dll, Quarantined, [c1dfbb24d8a25fd7b0bf17862cd5c23e],
File, PUP.Optional.VeeHD.A, C:\Users\{username}\Desktop\Wgwhmaftvahadh.exe, Quarantined, [b2ee22bd81f983b30d64fba2669bc838],
File, PUP.Optional.VeeHD.A, C:\Windows\Tasks\VEEHD Plugin V9.0-chromeinstaller.job, Quarantined, [8f11ca15d9a151e5eda9ff8361a12bd5],
File, PUP.Optional.VeeHD.A, C:\Windows\Tasks\VEEHD Plugin V9.0-codedownloader.job, Quarantined, [fba534ab106ac373811595ed4ab83fc1],
File, PUP.Optional.VeeHD.A, C:\Windows\Tasks\VEEHD Plugin V9.0-enabler.job, Quarantined, [5848f7e8c0baa98dfb9b265c10f29c64],
File, PUP.Optional.VeeHD.A, C:\Windows\Tasks\VEEHD Plugin V9.0-firefoxinstaller.job, Quarantined, [465ae4fb87f3290db9dd750d69999a66],
File, PUP.Optional.VeeHD.A, C:\Windows\Tasks\VEEHD Plugin V9.0-updater.job, Quarantined, [9c049b44c2b86dc98511f290887a58a8],
File, PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log\eGdpSvc.LOG, Quarantined, [524ead323f3b05316e8bb0d5976b16ea],
File, PUP.Optional.NewTab.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx, Quarantined, [6937b12e6e0c87af165ef78f758d05fb],
File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.html, Quarantined, [aff1ae315921300619c52060e51d2cd4],
File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.js, Quarantined, [aff1ae315921300619c52060e51d2cd4],
File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\data.json, Quarantined, [aff1ae315921300619c52060e51d2cd4],
File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\icon128.png, Quarantined, [aff1ae315921300619c52060e51d2cd4],
File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\jquery.js, Quarantined, [aff1ae315921300619c52060e51d2cd4],
File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\manifest.json, Quarantined, [aff1ae315921300619c52060e51d2cd4],
File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xa.js, Quarantined, [aff1ae315921300619c52060e51d2cd4],
File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xagainit.js, Quarantined, [aff1ae315921300619c52060e51d2cd4],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\background.html, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\chromeCoreFilesIndex.txt, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\crossriderManifest.json, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\manifest.json, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\popup.html, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\manifest.xml, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins.json, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\28_initializer.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\13_CrossriderAppUtils.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\14_CrossriderUtils.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\177_crossriderDashboard.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\17_jQuery.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\180_bpo_serp_m.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\182_openUrl.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\183_tabsWrapper.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\19_CHAppAPIWrapper.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\1_base.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\207_dbWrapper.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\21_debug.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\22_resources.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\47_resources_background.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\4_jquery_1_7_1.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\64_appApiMessage.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\72_appApiValidation.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\78_CrossriderInfo.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\80_CHPopupAppAPI.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\91_monetizationLoader.js.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\plugins\97_resourceApiWrapper.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\userCode\background.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\extensionData\userCode\extension.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\icons\icon128.png, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\icons\icon16.png, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\icons\icon48.png, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\icons\actions\1.png, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\background.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\main.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\platformVersion.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\api\chrome.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\api\cookie.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\api\message.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\api\monitor.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\api\pageAction.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\api\pageActionBG.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\app_api.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\bg_app_api.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\consts.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\cookie_store.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\crossriderAPI.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\delegate.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\events.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\extensionDataStore.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\installer.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\logFile.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\logging.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\onBGDocumentLoad.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\reports.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\storageWrapper.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\updateManager.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\util.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\xhr.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\popupResource\newPopup.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbgpaofhgpahgbjfbkgdgoebndmnmi\1.26.10_0\js\lib\popupResource\popup.js, Quarantined, [4f51667989f1152198d583ff47bb01ff],
File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\51384.crx, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],
File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\51384.xpi, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],
File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\background.html, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],
File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\Installer.log, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],
File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\Uninstall.exe, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],
File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\utils.exe, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],
File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-bg.exe, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],
File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-buttonutil.dll, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],
File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-buttonutil.exe, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],
File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-chromeinstaller.exe, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],
File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-codedownloader.exe, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],
File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-enabler.exe, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],
File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-firefoxinstaller.exe, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],
File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-helper.exe, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],
File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-updater.exe, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],
File, PUP.Optional.VeeHD.A, C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0.ico, Quarantined, [7d23f0ef0b6fef472c44a1e18c766a96],

Physical Sectors: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements

Back to Malware Removal Guides and Tutorials


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Malware Removal Guides and Tutorials

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.