Content is republished with permission from Malwarebytes.
What is Plus-HighD?
The Malwarebytes research team has determined that Plus-HighD is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also displays advertisements.
How do I know if my computer is affected by Plus-HighD?
You may see these browser extensions/add-ons:
and this entry in your list of installed programs:
How did Plus-HighD get on my computer?
Browser hijackers use different methods for distributing themselves. This particular one was offered as a video enhancing browser extension.
How do I remove Plus-HighD?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.
Is there anything else I need to do to get rid of Plus-HighD?
How would the full version of Malwarebytes Anti-Malware help protect me?
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Plus-HighD browser hijacker. It would have warned you before the potentially unwanted program could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
Signs in a HijackThis log:
O2 - BHO: CrossriderApp0053098 - {11111111-1111-1111-1111-110511301198} - C:\Program Files\Plus-HighD-ver9.3\Plus-HighD-ver9.3-bho.dll
Alterations made by the installer:
File system details --------------------------------------------- Adds the folder C:\Program Files\Plus-HighD-ver9.3 Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-2.exe"="4/9/2014 7:11 AM, 333824 bytes, A Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-3.exe"="4/9/2014 7:11 AM, 1861120 bytes, A Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-4.exe"="4/9/2014 7:11 AM, 796672 bytes, A Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-5.exe"="4/9/2014 7:11 AM, 321536 bytes, A Adds the file 53098.crx"="4/9/2014 7:11 AM, 273078 bytes, A Adds the file 53098.xpi"="4/9/2014 7:11 AM, 309823 bytes, A Adds the file background.html"="4/3/2014 4:47 PM, 729 bytes, A Adds the file Plus-HighD-ver9.3.ico"="4/3/2014 4:47 PM, 9662 bytes, A Adds the file Plus-HighD-ver9.3-bg.exe"="4/9/2014 7:11 AM, 519168 bytes, A Adds the file Plus-HighD-ver9.3-bho.dll"="4/9/2014 7:11 AM, 495104 bytes, A Adds the file Plus-HighD-ver9.3-codedownloader.exe"="4/9/2014 7:11 AM, 477696 bytes, A Adds the file Uninstall.exe"="4/9/2014 7:11 AM, 78336 bytes, A Adds the file utils.exe"="4/9/2014 7:11 AM, 2141693 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0 Adds the file background.html"="4/9/2014 7:11 AM, 1705 bytes, A Adds the file chromeCoreFilesIndex.txt"="4/9/2014 7:11 AM, 853 bytes, A Adds the file crossriderManifest.json"="4/9/2014 7:11 AM, 528 bytes, A Adds the file manifest.json"="4/9/2014 7:11 AM, 1123 bytes, A Adds the file popup.html"="4/9/2014 7:11 AM, 139 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\extensionData Adds the file manifest.xml"="4/9/2014 7:11 AM, 1739 bytes, A Adds the file plugins.json"="4/9/2014 7:11 AM, 11735 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\extensionData\plugins Adds the file 1.js"="4/9/2014 7:11 AM, 6794 bytes, A Adds the file 102.js"="4/9/2014 7:11 AM, 2048 bytes, A Adds the file 103.js"="4/9/2014 7:11 AM, 2296 bytes, A Adds the file 104.js"="4/9/2014 7:11 AM, 1289 bytes, A Adds the file 119.js"="4/9/2014 7:11 AM, 5012 bytes, A Adds the file 123.js"="4/9/2014 7:11 AM, 697 bytes, A Adds the file 13.js"="4/9/2014 7:11 AM, 6993 bytes, A Adds the file 14.js"="4/9/2014 7:11 AM, 20752 bytes, A Adds the file 155.js"="4/9/2014 7:11 AM, 449 bytes, A Adds the file 17.js"="4/9/2014 7:11 AM, 79864 bytes, A Adds the file 177.js"="4/9/2014 7:11 AM, 31088 bytes, A Adds the file 179.js"="4/9/2014 7:11 AM, 704 bytes, A Adds the file 180.js"="4/9/2014 7:11 AM, 804 bytes, A Adds the file 182.js"="4/9/2014 7:11 AM, 14181 bytes, A Adds the file 183.js"="4/9/2014 7:11 AM, 2427 bytes, A Adds the file 184.js"="4/9/2014 7:11 AM, 1273 bytes, A Adds the file 19.js"="4/9/2014 7:11 AM, 7001 bytes, A Adds the file 190.js"="4/9/2014 7:11 AM, 2294 bytes, A Adds the file 191.js"="4/9/2014 7:11 AM, 1153 bytes, A Adds the file 195.js"="4/9/2014 7:11 AM, 378 bytes, A Adds the file 207.js"="4/9/2014 7:11 AM, 1537 bytes, A Adds the file 21.js"="4/9/2014 7:11 AM, 3560 bytes, A Adds the file 22.js"="4/9/2014 7:11 AM, 8958 bytes, A Adds the file 220.js"="4/9/2014 7:11 AM, 47120 bytes, A Adds the file 221.js"="4/9/2014 7:11 AM, 383 bytes, A Adds the file 223.js"="4/9/2014 7:11 AM, 453 bytes, A Adds the file 231.js"="4/9/2014 7:11 AM, 706 bytes, A Adds the file 232.js"="4/9/2014 7:11 AM, 703 bytes, A Adds the file 236.js"="4/9/2014 7:11 AM, 416 bytes, A Adds the file 242.js"="4/9/2014 7:11 AM, 1057 bytes, A Adds the file 244.js"="4/9/2014 7:11 AM, 470 bytes, A Adds the file 246.js"="4/9/2014 7:11 AM, 2049 bytes, A Adds the file 28.js"="4/9/2014 7:11 AM, 536 bytes, A Adds the file 4.js"="4/9/2014 7:11 AM, 94050 bytes, A Adds the file 47.js"="4/9/2014 7:11 AM, 7574 bytes, A Adds the file 64.js"="4/9/2014 7:11 AM, 2200 bytes, A Adds the file 7.js"="4/9/2014 7:11 AM, 685 bytes, A Adds the file 72.js"="4/9/2014 7:11 AM, 46062 bytes, A Adds the file 78.js"="4/9/2014 7:11 AM, 3187 bytes, A Adds the file 80.js"="4/9/2014 7:11 AM, 62 bytes, A Adds the file 9.js"="4/9/2014 7:11 AM, 2143 bytes, A Adds the file 91.js"="4/9/2014 7:11 AM, 151095 bytes, A Adds the file 93.js"="4/9/2014 7:11 AM, 560 bytes, A Adds the file 97.js"="4/9/2014 7:11 AM, 3157 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\extensionData\userCode Adds the file background.js"="4/9/2014 7:11 AM, 814 bytes, A Adds the file extension.js"="4/9/2014 7:11 AM, 737 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\icons Adds the file icon128.png"="4/9/2014 7:11 AM, 3997 bytes, A Adds the file icon16.png"="4/9/2014 7:11 AM, 1137 bytes, A Adds the file icon48.png"="4/9/2014 7:11 AM, 2245 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\icons\actions Adds the file 1.png"="4/9/2014 7:11 AM, 1223 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js Adds the file background.js"="4/9/2014 7:11 AM, 34941 bytes, A Adds the file main.js"="4/9/2014 7:11 AM, 8491 bytes, A Adds the file platformVersion.js"="4/9/2014 7:11 AM, 409 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js\api Adds the file chrome.js"="4/9/2014 7:11 AM, 11499 bytes, A Adds the file cookie.js"="4/9/2014 7:11 AM, 11743 bytes, A Adds the file message.js"="4/9/2014 7:11 AM, 3346 bytes, A Adds the file monitor.js"="4/9/2014 7:11 AM, 2039 bytes, A Adds the file pageAction.js"="4/9/2014 7:11 AM, 1737 bytes, A Adds the file pageActionBG.js"="4/9/2014 7:11 AM, 2519 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js\lib Adds the file app_api.js"="4/9/2014 7:11 AM, 6697 bytes, A Adds the file bg_app_api.js"="4/9/2014 7:11 AM, 4729 bytes, A Adds the file consts.js"="4/9/2014 7:11 AM, 429 bytes, A Adds the file cookie_store.js"="4/9/2014 7:11 AM, 5905 bytes, A Adds the file crossriderAPI.js"="4/9/2014 7:11 AM, 11366 bytes, A Adds the file delegate.js"="4/9/2014 7:11 AM, 2002 bytes, A Adds the file events.js"="4/9/2014 7:11 AM, 5757 bytes, A Adds the file extensionDataStore.js"="4/9/2014 7:11 AM, 6817 bytes, A Adds the file installer.js"="4/9/2014 7:11 AM, 780 bytes, A Adds the file logFile.js"="4/9/2014 7:11 AM, 775 bytes, A Adds the file logging.js"="4/9/2014 7:11 AM, 944 bytes, A Adds the file onBGDocumentLoad.js"="4/9/2014 7:11 AM, 480 bytes, A Adds the file reports.js"="4/9/2014 7:11 AM, 4949 bytes, A Adds the file storageWrapper.js"="4/9/2014 7:11 AM, 903 bytes, A Adds the file updateManager.js"="4/9/2014 7:11 AM, 8324 bytes, A Adds the file util.js"="4/9/2014 7:11 AM, 5142 bytes, A Adds the file xhr.js"="4/9/2014 7:11 AM, 2699 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js\lib\popupResource Adds the file newPopup.js"="4/9/2014 7:11 AM, 40 bytes, A Adds the file popup.js"="4/9/2014 7:11 AM, 45 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com Adds the file chrome.manifest"="4/9/2014 7:11 AM, 732 bytes, A Adds the file install.rdf"="4/9/2014 7:11 AM, 1375 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com\chrome\content Adds the file api.js"="4/9/2014 7:11 AM, 18796 bytes, A Adds the file background.html"="4/9/2014 7:11 AM, 2001 bytes, A Adds the file baseObject.js"="4/9/2014 7:11 AM, 19 bytes, A Adds the file browser.xul"="4/9/2014 7:11 AM, 4825 bytes, A Adds the file dialog.js"="4/9/2014 7:11 AM, 1343 bytes, A Adds the file ffCoreFilesIndex.txt"="4/9/2014 7:11 AM, 1052 bytes, A Adds the file main.js"="4/9/2014 7:11 AM, 18708 bytes, A Adds the file options.js"="4/9/2014 7:11 AM, 1931 bytes, A Adds the file options.xul"="4/9/2014 7:11 AM, 1913 bytes, A Adds the file platformVersion.js"="4/9/2014 7:11 AM, 614 bytes, A Adds the file search_dialog.xul"="4/9/2014 7:11 AM, 2457 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com\chrome\content\api Adds the file asyncDB.js"="4/9/2014 7:11 AM, 4805 bytes, A Adds the file background.js"="4/9/2014 7:11 AM, 1336 bytes, A Adds the file browserAction.js"="4/9/2014 7:11 AM, 8906 bytes, A Adds the file contextMenu.js"="4/9/2014 7:11 AM, 5359 bytes, A Adds the file dbManager.js"="4/9/2014 7:11 AM, 10097 bytes, A Adds the file dom_bg.js"="4/9/2014 7:11 AM, 2505 bytes, A Adds the file fileManager.js"="4/9/2014 7:11 AM, 943 bytes, A Adds the file firefox.js"="4/9/2014 7:11 AM, 353 bytes, A Adds the file firefoxNotifications.js"="4/9/2014 7:11 AM, 1116 bytes, A Adds the file firefoxOmnibox.js"="4/9/2014 7:11 AM, 1515 bytes, A Adds the file message.js"="4/9/2014 7:11 AM, 5210 bytes, A Adds the file pageAction.js"="4/9/2014 7:11 AM, 11257 bytes, A Adds the file request.js"="4/9/2014 7:11 AM, 2314 bytes, A Adds the file tabs.js"="4/9/2014 7:11 AM, 3628 bytes, A Adds the file webRequest.js"="4/9/2014 7:11 AM, 5638 bytes, A Adds the file windowsMessagingHandler.js"="4/9/2014 7:11 AM, 960 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com\chrome\content\core Adds the file addressBarChangeObserver.js"="4/9/2014 7:11 AM, 130 bytes, A Adds the file console.js"="4/9/2014 7:11 AM, 1753 bytes, A Adds the file consts.js"="4/9/2014 7:11 AM, 2421 bytes, A Adds the file delegate.js"="4/9/2014 7:11 AM, 2180 bytes, A Adds the file extensionDataStore.js"="4/9/2014 7:11 AM, 10314 bytes, A Adds the file folderIOWrapper.js"="4/9/2014 7:11 AM, 3526 bytes, A Adds the file httpObserver.js"="4/9/2014 7:11 AM, 2561 bytes, A Adds the file IDBWrapper.js"="4/9/2014 7:11 AM, 4692 bytes, A Adds the file installer.js"="4/9/2014 7:11 AM, 1320 bytes, A Adds the file logFile.js"="4/9/2014 7:11 AM, 1562 bytes, A Adds the file prefs.js"="4/9/2014 7:11 AM, 1649 bytes, A Adds the file progressListenerObserver.js"="4/9/2014 7:11 AM, 1368 bytes, A Adds the file registry.js"="4/9/2014 7:11 AM, 1158 bytes, A Adds the file reloadObserver.js"="4/9/2014 7:11 AM, 1527 bytes, A Adds the file reports.js"="4/9/2014 7:11 AM, 3975 bytes, A Adds the file requestObject.js"="4/9/2014 7:11 AM, 1261 bytes, A Adds the file searchSettings.js"="4/9/2014 7:11 AM, 3426 bytes, A Adds the file uninstallObserver.js"="4/9/2014 7:11 AM, 2372 bytes, A Adds the file updateManager.js"="4/9/2014 7:11 AM, 11480 bytes, A Adds the file utils.js"="4/9/2014 7:11 AM, 18746 bytes, A Adds the file xhr.js"="4/9/2014 7:11 AM, 2852 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com\defaults\preferences Adds the file prefs.js"="4/9/2014 7:11 AM, 3989 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com\extensionData Adds the file manifest.xml"="4/9/2014 7:11 AM, 1736 bytes, A Adds the file plugins.json"="4/9/2014 7:11 AM, 11520 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com\extensionData\plugins Adds the file 1.js"="4/9/2014 7:11 AM, 6794 bytes, A Adds the file 102.js"="4/9/2014 7:11 AM, 2048 bytes, A Adds the file 103.js"="4/9/2014 7:11 AM, 2296 bytes, A Adds the file 104.js"="4/9/2014 7:11 AM, 1289 bytes, A Adds the file 119.js"="4/9/2014 7:11 AM, 5012 bytes, A Adds the file 123.js"="4/9/2014 7:11 AM, 697 bytes, A Adds the file 13.js"="4/9/2014 7:11 AM, 6993 bytes, A Adds the file 14.js"="4/9/2014 7:11 AM, 20752 bytes, A Adds the file 155.js"="4/9/2014 7:11 AM, 449 bytes, A Adds the file 16.js"="4/9/2014 7:11 AM, 16022 bytes, A Adds the file 17.js"="4/9/2014 7:11 AM, 79864 bytes, A Adds the file 177.js"="4/9/2014 7:11 AM, 31088 bytes, A Adds the file 179.js"="4/9/2014 7:11 AM, 704 bytes, A Adds the file 180.js"="4/9/2014 7:11 AM, 804 bytes, A Adds the file 182.js"="4/9/2014 7:11 AM, 14181 bytes, A Adds the file 183.js"="4/9/2014 7:11 AM, 2427 bytes, A Adds the file 184.js"="4/9/2014 7:11 AM, 1273 bytes, A Adds the file 190.js"="4/9/2014 7:11 AM, 2294 bytes, A Adds the file 191.js"="4/9/2014 7:11 AM, 1153 bytes, A Adds the file 195.js"="4/9/2014 7:11 AM, 378 bytes, A Adds the file 207.js"="4/9/2014 7:11 AM, 1537 bytes, A Adds the file 21.js"="4/9/2014 7:11 AM, 3560 bytes, A Adds the file 22.js"="4/9/2014 7:11 AM, 8958 bytes, A Adds the file 220.js"="4/9/2014 7:11 AM, 47120 bytes, A Adds the file 221.js"="4/9/2014 7:11 AM, 383 bytes, A Adds the file 223.js"="4/9/2014 7:11 AM, 453 bytes, A Adds the file 231.js"="4/9/2014 7:11 AM, 706 bytes, A Adds the file 232.js"="4/9/2014 7:11 AM, 703 bytes, A Adds the file 236.js"="4/9/2014 7:11 AM, 416 bytes, A Adds the file 242.js"="4/9/2014 7:11 AM, 1057 bytes, A Adds the file 244.js"="4/9/2014 7:11 AM, 470 bytes, A Adds the file 246.js"="4/9/2014 7:11 AM, 2049 bytes, A Adds the file 28.js"="4/9/2014 7:11 AM, 536 bytes, A Adds the file 4.js"="4/9/2014 7:11 AM, 94050 bytes, A Adds the file 47.js"="4/9/2014 7:11 AM, 7574 bytes, A Adds the file 64.js"="4/9/2014 7:11 AM, 2200 bytes, A Adds the file 7.js"="4/9/2014 7:11 AM, 685 bytes, A Adds the file 72.js"="4/9/2014 7:11 AM, 46062 bytes, A Adds the file 78.js"="4/9/2014 7:11 AM, 3187 bytes, A Adds the file 9.js"="4/9/2014 7:11 AM, 2143 bytes, A Adds the file 91.js"="4/9/2014 7:11 AM, 151095 bytes, A Adds the file 93.js"="4/9/2014 7:11 AM, 560 bytes, A Adds the file 98.js"="4/9/2014 7:11 AM, 1806 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com\extensionData\userCode Adds the file background.js"="4/9/2014 7:11 AM, 814 bytes, A Adds the file extension.js"="4/9/2014 7:11 AM, 737 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com\locale\en-US Adds the file translations.dtd"="4/9/2014 7:11 AM, 425 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com\skin Adds the file button1.png"="4/9/2014 7:11 AM, 1361 bytes, A Adds the file button2.png"="4/9/2014 7:11 AM, 1361 bytes, A Adds the file button3.png"="4/9/2014 7:11 AM, 1361 bytes, A Adds the file button4.png"="4/9/2014 7:11 AM, 1361 bytes, A Adds the file button5.png"="4/9/2014 7:11 AM, 1361 bytes, A Adds the file crossrider_statusbar.png"="4/9/2014 7:11 AM, 1361 bytes, A Adds the file icon128.png"="4/9/2014 7:11 AM, 3997 bytes, A Adds the file icon16.png"="4/9/2014 7:11 AM, 1137 bytes, A Adds the file icon24.png"="4/9/2014 7:11 AM, 1502 bytes, A Adds the file icon48.png"="4/9/2014 7:11 AM, 2245 bytes, A Adds the file panelarrow-up.png"="4/9/2014 7:11 AM, 917 bytes, A Adds the file popup.html"="4/9/2014 7:11 AM, 349 bytes, A Adds the file skin.css"="4/9/2014 7:11 AM, 990 bytes, A Adds the file update.css"="4/9/2014 7:11 AM, 140 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-1"="4/9/2014 7:11 AM, 4408 bytes, A Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-2"="4/9/2014 7:11 AM, 4390 bytes, A Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-3"="4/9/2014 7:11 AM, 5818 bytes, A Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-4"="4/9/2014 7:11 AM, 5206 bytes, A Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-5"="4/9/2014 7:11 AM, 4494 bytes, A In the existing folder C:\Windows\Tasks Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-1.job"="4/9/2014 7:11 AM, 1378 bytes, A Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-2.job"="4/9/2014 7:11 AM, 1360 bytes, A Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-3.job"="4/9/2014 7:11 AM, 2788 bytes, A Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-4.job"="4/9/2014 7:11 AM, 2176 bytes, A Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-5.job"="4/9/2014 7:11 AM, 1464 bytes, A Registry details ------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}] "(Default)"="REG_SZ", "Plus-HighD-ver9.3" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}\Implemented Categories] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}\InprocServer32] "(Default)"="REG_SZ", "C:\Program Files\Plus-HighD-ver9.3\Plus-HighD-ver9.3-bho.dll" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}\ProgID] "(Default)"="REG_SZ", "CrossriderApp0053098.BHO.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440544304498}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}\VersionIndependentProgID] "(Default)"="REG_SZ", "CrossriderApp0053098" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298}] "(Default)"="REG_SZ", "CrossriderApp0053098.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298}\InprocServer32] "(Default)"="REG_SZ", "C:\Program Files\Plus-HighD-ver9.3\Plus-HighD-ver9.3-bho.dll" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298}\ProgID] "(Default)"="REG_SZ", "CrossriderApp0053098.Sandbox.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440544304498}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298}\VersionIndependentProgID] "(Default)"="REG_SZ", "CrossriderApp0053098.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.BHO] "(Default)"="REG_SZ", "CrossriderApp0053098" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.BHO\CLSID] "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110511301198}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.BHO\CurVer] "(Default)"="REG_SZ", "CrossriderApp0053098" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.BHO.1] "(Default)"="REG_SZ", "CrossriderApp0053098" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.BHO.1\CLSID] "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110511301198}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.Sandbox] "(Default)"="REG_SZ", "CrossriderApp0053098.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.Sandbox\CLSID] "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220522302298}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.Sandbox\CurVer] "(Default)"="REG_SZ", "CrossriderApp0053098.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.Sandbox.1] "(Default)"="REG_SZ", "CrossriderApp0053098.Sandbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.Sandbox.1\CLSID] "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220522302298}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555305598}] "(Default)"="REG_SZ", "ICrossriderBHO" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555305598}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555305598}\ProxyStubClsid32] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555305598}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440544304498}" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566306698}] "(Default)"="REG_SZ", "ISandBox" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566306698}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566306698}\ProxyStubClsid32] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566306698}\TypeLib] "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440544304498}" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544304498}\1.0] "(Default)"="REG_SZ", "CrossriderApp0053098 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544304498}\1.0\0\win32] "(Default)"="REG_SZ", "C:\Program Files\Plus-HighD-ver9.3\Plus-HighD-ver9.3-bho.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544304498}\1.0\FLAGS] "(Default)"="REG_SZ", "0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544304498}\1.0\HELPDIR] "(Default)"="REG_SZ", "C:\Program Files\Plus-HighD-ver9.3" [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\19979] "53098"="REG_SZ", "Plus-HighD-ver9.3" [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\19979\Status] "Installed"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511301198}] "(Default)"="REG_SZ", "CrossriderApp0053098" "NoExplorer"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110511301198}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID] "{11111111-1111-1111-1111-110511301198}"="REG_SZ", "1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HighD-ver9.3] "CrAppId"="REG_SZ", "53098" "CrPublisherId"="REG_SZ", "19979" "DisplayIcon"="REG_SZ", "C:\Program Files\Plus-HighD-ver9.3\utils.exe" "DisplayName"="REG_SZ", "Plus-HighD-ver9.3" "DisplayVersion"="REG_SZ", "1.34.3.28" "Publisher"="REG_SZ", "Plus HDv3" "UninstallString"="REG_SZ", "C:\Program Files\Plus-HighD-ver9.3\Uninstall.exe /fromcontrolpanel=1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "15bd27b4-73d3-425d-ab82-8d0da491c1c2-1.job"="REG_BINARY, ................................ "15bd27b4-73d3-425d-ab82-8d0da491c1c2-1.job.fp"="REG_DWORD", 675488049 "15bd27b4-73d3-425d-ab82-8d0da491c1c2-2.job"="REG_BINARY, ................................ "15bd27b4-73d3-425d-ab82-8d0da491c1c2-2.job.fp"="REG_DWORD", -1287326301 "15bd27b4-73d3-425d-ab82-8d0da491c1c2-3.job"="REG_BINARY, ................................ "15bd27b4-73d3-425d-ab82-8d0da491c1c2-3.job.fp"="REG_DWORD", 1194776903 "15bd27b4-73d3-425d-ab82-8d0da491c1c2-4.job"="REG_BINARY, ................................ "15bd27b4-73d3-425d-ab82-8d0da491c1c2-4.job.fp"="REG_DWORD", -537664697 "15bd27b4-73d3-425d-ab82-8d0da491c1c2-5.job"="REG_BINARY, ................................ "15bd27b4-73d3-425d-ab82-8d0da491c1c2-5.job.fp"="REG_DWORD", 1117103314 [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\Chrome] "TotalProfiles"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\Chrome-Profiles] "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\ErrorLists-crchromeinstaller] "post_for_sign_Invalid HTTP(S) status code"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\Firefox] "TotalProfiles"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\Firefox\Profiles] "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\IE] "TotalProfiles"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\IE\Profiles] "S-1-5-21-4016700205-1717049133-1125222536-1001"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\Installer] "BundledChrome"="REG_DWORD", 1 "BundledFirefox"="REG_DWORD", 1 "BundledIe"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110511301198}] [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider] "Bic"="REG_SZ", "861DB0D3D5DD44D3B36096C78F4EB724IE" "Verifier"="REG_SZ", "05a5218048819c815c9068372549acbd" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onBeforeNavigate] "53098"="REG_SZ", "" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onRequest] "53098"="REG_SZ", "" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HighD-ver9.3] "ActiveAppId"="REG_SZ", "53098" "BhoRunningVersion"="REG_SZ", "153" "IsBhoEnabled"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HighD-ver9.3\Background] "__onDocumentStart_script__"="REG_SZ", "" "__onDocumentStart_script_store__"="REG_SZ", "" "IsEnabled"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HighD-ver9.3\Code] "AppJavaScript"="REG_SZ", " { javascript removed, full log available on request}" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HighD-ver9.3\Update] "LastCheck"="REG_DWORD", 1397020301 [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\19979] "53098"="REG_SZ", "Plus-HighD-ver9.3" [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\19979\Status] "Installed"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\Plus HDv3] "53098"="REG_SZ", "Plus-HighD-ver9.3" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Approved Extensions] "{11111111-1111-1111-1111-110511301198}"="REG_BINARY, ............ [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] "{11111111-1111-1111-1111-110511301198}"="REG_SZ", "" "Timestamp REG_BINARY, .... ==> REG_BINARY, ....
Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4/9/2014 Scan Time: 7:45:37 AM Logfile: Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.04.08.09 Rootkit Database: v2014.03.27.01 License: Trial Malware Protection: Disabled Malicious Website Protection: Disabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Malwarebytes Scan Type: Threat Scan Result: Completed Objects Scanned: 208335 Time Elapsed: 7 min, 3 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 12 PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\extensionData, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\extensionData\plugins, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\extensionData\userCode, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\icons, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\icons\actions, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js\api, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js\lib, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js\lib\popupResource, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], PUP.Optional.PlusHD.A, C:\Program Files\Plus-HighD-ver9.3, Quarantined, [c02967c0f88357dfd3bfd9875ba78779], Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
Save yourself the hassle and get protected.