Metallica

Too much praise, but thank you.

Hi, Both the detection profiles have been set to hidden. It may take a few minutes before they become unavailable, and you may have to clear your cache if you keep seeing them. Take care

The script is hosted on a site that is known to be involved in Tech Support Scams. So at the moment you can expect fake warnings about your computer security, but the hijackers can change the script at any moment.

What is Key Tag? The Malwarebytes research team has determined that Key Tag is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one changes your default search provider. How do I know if my computer is affected by Key Tag? You may see this entry in your list of installed Chrome extensions: and this setting: You may have noticed these warnings during install: How did Key Tag get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Key Tag? Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Key Tag? No, Malwarebytes removes Key Tag completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Key Tag hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://www.keysearchs.com/search.php?src=ktgg&type=ds&q={searchTerms} CHR DefaultSearchKeyword: Default -> key CHR DefaultSuggestURL: Default -> hxxps://www.keysearchs.com/suggest.php?q={searchTerms} CHR Extension: (Key Tag) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoddhgjaoadhpdlfaepfnbalbhbkicpb [2022-02-11] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoddhgjaoadhpdlfaepfnbalbhbkicpb\1.3.1_0 Adds the file bg.js"="12/15/2021 11:07 PM, 1183 bytes, A Adds the file manifest.json"="2/11/2022 1:02 PM, 1441 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoddhgjaoadhpdlfaepfnbalbhbkicpb\1.3.1_0\_metadata Adds the file computed_hashes.json"="2/11/2022 1:02 PM, 128 bytes, A Adds the file verified_contents.json"="1/19/2022 10:14 PM, 1640 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoddhgjaoadhpdlfaepfnbalbhbkicpb\1.3.1_0\icons Adds the file image128.png"="2/11/2022 1:02 PM, 3469 bytes, A Adds the file image16.png"="2/11/2022 1:02 PM, 412 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "eoddhgjaoadhpdlfaepfnbalbhbkicpb"="REG_SZ", "EF49889A4BFF3398968D680355469D4E81AC2A4983DC42E680C88E777C1EDB4D" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/15/22 Scan Time: 9:23 AM Log File: 82493662-8e38-11ec-b9bb-080027235d76.json -Software Information- Version: 4.5.4.168 Components Version: 1.0.1599 Update Package Version: 1.0.51145 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 239409 Threats Detected: 5 Threats Quarantined: 5 Time Elapsed: 1 min, 33 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 Adware.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|eoddhgjaoadhpdlfaepfnbalbhbkicpb, Quarantined, 15734, 1018877, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 1 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\EODDHGJAOADHPDLFAEPFNBALBHBKICPB, Quarantined, 15734, 1018877, 1.0.51145, , ame, , , File: 3 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15734, 1018877, , , , , 3C22B844FC36E83CF36B1C2881FFC294, F6F0FE2E7BD98A83709A893BE476C634863C47F9A6BD638C190CFA156830F268 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15734, 1018877, , , , , DFC8FEBDE62600979DBD07571ACDD08A, 610680AFDA4DAF317A1066F704427FF4DEE88F215D073A5D846FCC604D5219EC Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\EODDHGJAOADHPDLFAEPFNBALBHBKICPB\1.3.1_0\BG.JS, Quarantined, 15734, 1018877, 1.0.51145, , ame, , 694DC1146BF786367CBAB261D684BF35, A57D0D213B1B4A960E06C98379E6558BD006B151D37EDB1C280FEF18867FA7B4 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is Security Suite? The Malwarebytes research team has determined that Security Suite is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one redirects your searches to a different search provider. How do I know if my computer is affected by Security Suite? You may see this entry in your list of installed Chrome extensions: and this new menu bar drop-down: You may have noticed these warnings during install: How did Security Suite get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Security Suite? Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Security Suite? No, Malwarebytes removes Security Suite completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Security Suite hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (Security Suite) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnplmdfcbmjbmifhkchinnhbbpognci [2022-01-21] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnplmdfcbmjbmifhkchinnhbbpognci\1.0.0_0 Adds the file background.bundle.js"="12/23/2021 2:10 AM, 48459 bytes, A Adds the file browserAction.bundle.js"="12/23/2021 2:10 AM, 15321 bytes, A Adds the file browserAction.html"="12/23/2021 2:10 AM, 11629 bytes, A Adds the file content.bundle.js"="12/23/2021 2:10 AM, 6109 bytes, A Adds the file manifest.json"="1/21/2022 10:45 AM, 1627 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnplmdfcbmjbmifhkchinnhbbpognci\1.0.0_0\_locales\de Adds the file messages.json"="1/21/2022 10:45 AM, 2289 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnplmdfcbmjbmifhkchinnhbbpognci\1.0.0_0\_locales\en Adds the file messages.json"="1/21/2022 10:45 AM, 2148 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnplmdfcbmjbmifhkchinnhbbpognci\1.0.0_0\_locales\es Adds the file messages.json"="1/21/2022 10:45 AM, 2295 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnplmdfcbmjbmifhkchinnhbbpognci\1.0.0_0\_locales\fr Adds the file messages.json"="1/21/2022 10:45 AM, 2307 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnplmdfcbmjbmifhkchinnhbbpognci\1.0.0_0\_locales\it Adds the file messages.json"="1/21/2022 10:45 AM, 2321 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnplmdfcbmjbmifhkchinnhbbpognci\1.0.0_0\_locales\nl Adds the file messages.json"="1/21/2022 10:45 AM, 2351 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnplmdfcbmjbmifhkchinnhbbpognci\1.0.0_0\_locales\pt_PT Adds the file messages.json"="1/21/2022 10:45 AM, 2276 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnplmdfcbmjbmifhkchinnhbbpognci\1.0.0_0\_metadata Adds the file computed_hashes.json"="1/21/2022 10:45 AM, 2262 bytes, A Adds the file verified_contents.json"="12/23/2021 2:10 AM, 4188 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnplmdfcbmjbmifhkchinnhbbpognci\1.0.0_0\icons\default Adds the file Logo_128x128.png"="1/21/2022 10:45 AM, 3208 bytes, A Adds the file Logo_16x16.png"="1/21/2022 10:45 AM, 512 bytes, A Adds the file Logo_300x300.png"="12/23/2021 2:10 AM, 7468 bytes, A Adds the file Logo_32x32.png"="1/21/2022 10:45 AM, 921 bytes, A Adds the file Logo_48x48.png"="1/21/2022 10:45 AM, 1359 bytes, A Adds the file Logo_48x48_disabled.png"="12/23/2021 2:10 AM, 1344 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnplmdfcbmjbmifhkchinnhbbpognci\1.0.0_0\icons\ratings Adds the file A.png"="12/23/2021 2:10 AM, 1434 bytes, A Adds the file B.png"="12/23/2021 2:10 AM, 1490 bytes, A Adds the file C.png"="12/23/2021 2:10 AM, 1422 bytes, A Adds the file D.png"="12/23/2021 2:10 AM, 1410 bytes, A Adds the file E.png"="12/23/2021 2:10 AM, 1409 bytes, A Adds the file F.png"="12/23/2021 2:10 AM, 1379 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fgnplmdfcbmjbmifhkchinnhbbpognci Adds the file 000003.log"="1/21/2022 10:45 AM, 7868 bytes, A Adds the file CURRENT"="1/21/2022 10:45 AM, 16 bytes, A Adds the file LOCK"="1/21/2022 10:45 AM, 0 bytes, A Adds the file LOG"="1/21/2022 10:45 AM, 371 bytes, A Adds the file MANIFEST-000001"="1/21/2022 10:45 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "fgnplmdfcbmjbmifhkchinnhbbpognci"="REG_SZ", "10DAAE9BA4D7944CEB3CBF4D1F93E05C5426378A6C159309D815CACA411B8BA2" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/21/22 Scan Time: 10:58 AM Log File: b7951fda-7aa0-11ec-8736-080027235d76.json -Software Information- Version: 4.5.2.157 Components Version: 1.0.1562 Update Package Version: 1.0.50089 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 240473 Threats Detected: 10 Threats Quarantined: 10 Time Elapsed: 1 min, 9 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 Adware.SecuritySuite, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|fgnplmdfcbmjbmifhkchinnhbbpognci, Quarantined, 2231, 1018014, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 Adware.SecuritySuite, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\fgnplmdfcbmjbmifhkchinnhbbpognci, Quarantined, 2231, 1018014, , , , , , Adware.SecuritySuite, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\fgnplmdfcbmjbmifhkchinnhbbpognci, Quarantined, 2231, 1018014, 1.0.50089, , ame, , , File: 7 Adware.SecuritySuite, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 2231, 1018014, , , , , 84ECF2E6ADEB29C1639560F08559C008, 57E5149FE54A9F2AEB37B323331F526E4F90836EC1DD00A8D5DBD6DFB262E4BA Adware.SecuritySuite, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 2231, 1018014, , , , , 9FB64464C3102C7372A35D8EE34A8212, 196C699D241128600CAD2DF4A4D12141BF72D85278133705D983BB1A3E6D233C Adware.SecuritySuite, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fgnplmdfcbmjbmifhkchinnhbbpognci\000003.log, Quarantined, 2231, 1018014, , , , , F4376DD4A6BD43CD8222B4140457F716, 9811CA4E6A84B064023DF2AED386E450ED1EBF108E11979326E5911B8435DB3C Adware.SecuritySuite, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fgnplmdfcbmjbmifhkchinnhbbpognci\CURRENT, Quarantined, 2231, 1018014, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 Adware.SecuritySuite, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fgnplmdfcbmjbmifhkchinnhbbpognci\LOCK, Quarantined, 2231, 1018014, , , , , , Adware.SecuritySuite, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fgnplmdfcbmjbmifhkchinnhbbpognci\LOG, Quarantined, 2231, 1018014, , , , , 86DFE0E50C7E1A4EA121665359CC07F6, 6C3E004CA518D36BD3EFF11E141337B02500E55C2FF55E9090F764C5451EF0A1 Adware.SecuritySuite, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fgnplmdfcbmjbmifhkchinnhbbpognci\MANIFEST-000001, Quarantined, 2231, 1018014, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is Click Togo? The Malwarebytes research team has determined that Click Togo is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one changes your default search engine. How do I know if my computer is affected by Click Togo? You may see this entry in your list of installed Chrome extensions: and this changed setting: You may have noticed these warnings during install: How did Click Togo get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Click Togo? Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Click Togo? No, Malwarebytes removes Click Togo completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Click Togo hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://www.togosearching.com/webs?src=clktgg&type=ds&q={searchTerms} CHR DefaultSearchKeyword: Default -> Togo CHR DefaultSuggestURL: Default -> hxxps://www.togosearching.com/suggest?q={searchTerms} CHR Extension: (Click Togo) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\calcdbkiedkohechhbpbjnhibiaacooh [2022-01-03] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\calcdbkiedkohechhbpbjnhibiaacooh\1.3.22_0 Adds the file bg.js"="12/10/2021 3:23 PM, 2365 bytes, A Adds the file manifest.json"="1/3/2022 11:40 AM, 1803 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\calcdbkiedkohechhbpbjnhibiaacooh\1.3.22_0\_metadata Adds the file computed_hashes.json"="1/3/2022 11:40 AM, 128 bytes, A Adds the file verified_contents.json"="12/23/2021 10:58 PM, 1641 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\calcdbkiedkohechhbpbjnhibiaacooh\1.3.22_0\icons Adds the file image128.png"="1/3/2022 11:40 AM, 3061 bytes, A Adds the file image16.png"="1/3/2022 11:40 AM, 339 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "calcdbkiedkohechhbpbjnhibiaacooh"="REG_SZ", "0774A708AB7CB36021100C6D2FC45D78A578C2C5CA3033E26A4DE07C176107EC" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/6/22 Scan Time: 10:38 AM Log File: 73f565c8-6ed4-11ec-a052-080027235d76.json -Software Information- Version: 4.5.0.152 Components Version: 1.0.1538 Update Package Version: 1.0.49488 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 241273 Threats Detected: 4 Threats Quarantined: 4 Time Elapsed: 1 min, 42 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 Adware.SearchHijacker, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|calcdbkiedkohechhbpbjnhibiaacooh, Quarantined, 361, 1013276, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 1 Adware.SearchHijacker, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\calcdbkiedkohechhbpbjnhibiaacooh, Quarantined, 361, 1013276, 1.0.49488, , ame, , , File: 2 Adware.SearchHijacker, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 361, 1013276, , , , , 52EBCC26D2CC01E6A8AB03FF661D9011, 9430F76861AF749264E9B74E230D5CD3C2826898E431E584B7F89ABA9D9431F0 Adware.SearchHijacker, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 361, 1013276, , , , , C707C417C8725EBE1A3C5FF3D71C8E2E, 257183645ACAB7DD895C131548743FAAC485245810FF634CB23E5543E267FAF4 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is Best-Converter?The Malwarebytes research team has determined that Best-Converter is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.This particular one changes your default search provider.How do I know if my computer is affected by Best-Converter?You may see this entry in your list of installed Chrome extensions:and this changed setting:You may have noticed these warnings during install:How did Best-Converter get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove Best-Converter?Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Best-Converter? No, Malwarebytes removes Best-Converter completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Best-Converter hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://feed.best-converter.com/?q={searchTerms}&publisher=best-converter&barcodeid=594720000000000 CHR DefaultSearchKeyword: Default -> Best-Converter CHR DefaultSuggestURL: Default -> hxxps://api.best-converter.com/suggest/get?q={searchTerms} CHR Extension: (Best-Converter) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\falafkefhfgmcdaclmghpdimoohebecg [2021-12-15] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\falafkefhfgmcdaclmghpdimoohebecg\1.0.2_0 Adds the file background.js"="8/16/2021 3:33 PM, 9828 bytes, A Adds the file content-script.js"="7/14/2021 10:54 AM, 77 bytes, A Adds the file manifest.json"="12/15/2021 11:33 AM, 1845 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\falafkefhfgmcdaclmghpdimoohebecg\1.0.2_0\_metadata Adds the file computed_hashes.json"="12/15/2021 11:33 AM, 341 bytes, A Adds the file verified_contents.json"="8/18/2021 12:00 PM, 1904 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\falafkefhfgmcdaclmghpdimoohebecg\1.0.2_0\images\icons Adds the file 128x128.png"="12/15/2021 11:33 AM, 4101 bytes, A Adds the file 16x16.png"="12/15/2021 11:33 AM, 469 bytes, A Adds the file 64x64.png"="12/15/2021 11:33 AM, 1911 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\falafkefhfgmcdaclmghpdimoohebecg Adds the file 000003.log"="12/15/2021 11:33 AM, 525 bytes, A Adds the file CURRENT"="12/15/2021 11:33 AM, 16 bytes, A Adds the file LOCK"="12/15/2021 11:33 AM, 0 bytes, A Adds the file LOG"="12/15/2021 11:33 AM, 369 bytes, A Adds the file MANIFEST-000001"="12/15/2021 11:33 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "falafkefhfgmcdaclmghpdimoohebecg"="REG_SZ", "5C0D917B02DE8B40270310582C77660435F97A68F9773BA77F940F093EFD778B" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/15/21 Scan Time: 11:43 AM Log File: d034d708-5d93-11ec-884a-080027235d76.json -Software Information- Version: 4.5.0.152 Components Version: 1.0.1538 Update Package Version: 1.0.48630 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 242106 Threats Detected: 13 Threats Quarantined: 13 Time Elapsed: 1 min, 16 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 Adware.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|falafkefhfgmcdaclmghpdimoohebecg, Quarantined, 15729, 799722, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\falafkefhfgmcdaclmghpdimoohebecg, Quarantined, 15729, 799722, , , , , , Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FALAFKEFHFGMCDACLMGHPDIMOOHEBECG, Quarantined, 15729, 799722, 1.0.48630, , ame, , , File: 8 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15729, 799722, , , , , 0CDE36A0A89B6E0F260A966A2E04AD75, BDB961CCDF5AD5043BC30CBF132B228EDF4E36DB56D2A24EDC0FC4C35BF34A2B Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15729, 799722, , , , , 6F660D8D0FF90B732C2B248FECD18F4B, 9F1E555A510F9286B61CEA604FF88EC9B649F66B8135D8F2234310D3C6579A32 Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\falafkefhfgmcdaclmghpdimoohebecg\000003.log, Quarantined, 15729, 799722, , , , , 2C992068EAF8E515460CDD77D286FE2A, E7902417FED1BE7EC789023E38AE3F5431E0485A4504457F0D9267B105345574 Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\falafkefhfgmcdaclmghpdimoohebecg\CURRENT, Quarantined, 15729, 799722, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\falafkefhfgmcdaclmghpdimoohebecg\LOCK, Quarantined, 15729, 799722, , , , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\falafkefhfgmcdaclmghpdimoohebecg\LOG, Quarantined, 15729, 799722, , , , , 65BF91BF394206DBCF311EE0BA161D1F, D3F83593E0EED9491BE7A517A9A6F0431CD5A7FF74947EBEA2D4E227557D9763 Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\falafkefhfgmcdaclmghpdimoohebecg\MANIFEST-000001, Quarantined, 15729, 799722, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FALAFKEFHFGMCDACLMGHPDIMOOHEBECG\1.0.2_0\MANIFEST.JSON, Quarantined, 15729, 799722, 1.0.48630, , ame, , 09B19B9BF2C70560FAF1A1B34F9A42AC, 792BC79934A649F687DB7D523C6AB8D232BE9FD88796E6AA5DB01B822F6A0D76 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is Domain Trust Checker? The Malwarebytes research team has determined that Domain Trust Checker is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. How do I know if my computer is affected by Domain Trust Checker? You may see this entry in your list of installed Chrome extensions: and these warnings during install: How did Domain Trust Checker get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was promoted using fake alert sites. After a few redirects we ended up in the webstore. and is being promoted on their website: How do I remove Domain Trust Checker? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Domain Trust Checker? No, Malwarebytes removes Domain Trust Checker completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the Domain Trust Checker hijacker. It would have blocked the domains redirecting you to the webstore: Technical details for experts Possible signs in FRST logs: CHR Extension: (Domain Trust Checker) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\acpeimiplhoapnlpldgapfbhgfnblgdp [2021-11-29] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\acpeimiplhoapnlpldgapfbhgfnblgdp\1.0_0 Adds the file krakFianim.js"="9/24/2021 3:41 AM, 9254 bytes, A Adds the file manifest.json"="11/29/2021 12:58 PM, 994 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\acpeimiplhoapnlpldgapfbhgfnblgdp\1.0_0\_metadata Adds the file computed_hashes.json"="11/29/2021 12:58 PM, 230 bytes, A Adds the file verified_contents.json"="9/24/2021 3:21 AM, 1885 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\acpeimiplhoapnlpldgapfbhgfnblgdp\1.0_0\gotHas Adds the file image128.png"="11/29/2021 12:58 PM, 6713 bytes, A Adds the file image16.png"="11/29/2021 12:58 PM, 723 bytes, A Adds the file image32.png"="11/29/2021 12:58 PM, 1687 bytes, A Adds the file image64.png"="11/29/2021 12:58 PM, 3587 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acpeimiplhoapnlpldgapfbhgfnblgdp Adds the file 000003.log"="11/29/2021 1:00 PM, 385 bytes, A Adds the file CURRENT"="11/29/2021 12:58 PM, 16 bytes, A Adds the file LOCK"="11/29/2021 12:58 PM, 0 bytes, A Adds the file LOG"="11/29/2021 12:58 PM, 371 bytes, A Adds the file MANIFEST-000001"="11/29/2021 12:58 PM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "acpeimiplhoapnlpldgapfbhgfnblgdp"="REG_SZ", "D6082339746C7BF48534C47330FAB3067C47F68BDAABEA8129B9FCCF70508E15" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/29/21 Scan Time: 1:08 PM Log File: 01eac764-510d-11ec-8c73-080027235d76.json -Software Information- Version: 4.4.11.149 Components Version: 1.0.1513 Update Package Version: 1.0.47866 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 242865 Threats Detected: 10 Threats Quarantined: 10 Time Elapsed: 1 min, 56 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.ForcedExtension, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|acpeimiplhoapnlpldgapfbhgfnblgdp, Quarantined, 289, 1001449, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\acpeimiplhoapnlpldgapfbhgfnblgdp, Quarantined, 289, 1001449, , , , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\acpeimiplhoapnlpldgapfbhgfnblgdp, Quarantined, 289, 1001449, 1.0.47866, , ame, , , File: 7 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 289, 1001449, , , , , EBF61DB459A8C3448E3EE40D792C4968, EF7943B7E7D1FEDBABA2DD4079920C12AA0D86350F87E58626E91DBB13DEDB20 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 289, 1001449, , , , , 7422C33110DC853FDEFC2C9713541ED4, C4B0BAD9517DD4D8BB8F67D15B122341D719FD1D33579EC49CC4EB5D71189B02 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acpeimiplhoapnlpldgapfbhgfnblgdp\000003.log, Quarantined, 289, 1001449, , , , , EC3EAF184A10597C994518D791E5164C, C068D90251E31A17385073D885B371684E1479423EC285AADC0F6D0781EB8457 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acpeimiplhoapnlpldgapfbhgfnblgdp\CURRENT, Quarantined, 289, 1001449, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acpeimiplhoapnlpldgapfbhgfnblgdp\LOCK, Quarantined, 289, 1001449, , , , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acpeimiplhoapnlpldgapfbhgfnblgdp\LOG, Quarantined, 289, 1001449, , , , , 05470A1CFED9B73F3D0DE9C52F95D612, ADAFB2592060835F1A96CE4839A8533F293C6E8934A430A71D3D5013CC1EB63F PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acpeimiplhoapnlpldgapfbhgfnblgdp\MANIFEST-000001, Quarantined, 289, 1001449, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is Ad Avenger? The Malwarebytes research team has determined that Ad Avenger is a browser hijacker and forced Chrome extension. How do I know if my computer is affected by Ad Avenger? You may see these warnings during install: And this entry in your list of installed extensions: How did Ad Avenger get on my computer? Forced extensions use typical methods for distributing themselves. This particular one was promoted by a site mimicking a BSOD: and the extension was available in the webstore. How do I remove Ad Avenger? Our program Malwarebytes can detect and remove this unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Ad Avenger? No, Malwarebytes removes Ad Avenger completely. How would the full version of Malwarebytes help protect me? We protect our customers from these extensions by blocking the domains that spread them: Technical details for experts Possible signs in FRST logs: CHR Extension: (Ad Avenger) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp [2021-11-23] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0 Adds the file 52e286516679b6c2d008.svg"="9/21/2021 1:45 AM, 4463 bytes, A Adds the file 9dfe622de6dc7a5cdc2e.svg"="9/21/2021 1:45 AM, 2941 bytes, A Adds the file background.bundle.js"="9/24/2021 3:39 AM, 25398 bytes, A Adds the file db58c24b4bfbd18676af.svg"="9/21/2021 1:45 AM, 502 bytes, A Adds the file e3c2c7bee71bc670f6a5.svg"="9/21/2021 1:45 AM, 2804 bytes, A Adds the file e9879ccc8df45d3edffe.svg"="9/21/2021 1:45 AM, 502 bytes, A Adds the file f4e52e839adc286566c4.svg"="9/21/2021 1:45 AM, 7834 bytes, A Adds the file firstAdBlockedPopup.bundle.js"="9/22/2021 6:11 AM, 29717 bytes, A Adds the file manifest.json"="11/23/2021 10:43 AM, 1604 bytes, A Adds the file popup.bundle.js"="9/24/2021 3:39 AM, 3282 bytes, A Adds the file popup.css"="9/22/2021 6:11 AM, 2186 bytes, A Adds the file popup.html"="9/22/2021 6:11 AM, 3282 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\_locales\de Adds the file messages.json"="11/23/2021 10:43 AM, 1748 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\_locales\en Adds the file messages.json"="11/23/2021 10:43 AM, 1632 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\_locales\es Adds the file messages.json"="11/23/2021 10:43 AM, 1782 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\_locales\fr Adds the file messages.json"="11/23/2021 10:43 AM, 1866 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\_locales\it Adds the file messages.json"="11/23/2021 10:43 AM, 1753 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\_locales\nl Adds the file messages.json"="11/23/2021 10:43 AM, 1738 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\_locales\pt_PT Adds the file messages.json"="11/23/2021 10:43 AM, 1799 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\_metadata Adds the file computed_hashes.json"="11/23/2021 10:43 AM, 39269 bytes, A Adds the file verified_contents.json"="9/21/2021 1:45 AM, 6553 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\adguard Adds the file adguard-api.js"="9/21/2021 3:00 AM, 1432010 bytes, A Adds the file adguard-assistant.js"="9/21/2021 1:45 AM, 9951 bytes, A Adds the file adguard-content.js"="9/21/2021 1:45 AM, 235507 bytes, A Adds the file filters.json"="9/21/2021 1:45 AM, 52213 bytes, A Adds the file filters_i18n.json"="9/21/2021 1:45 AM, 786872 bytes, A Adds the file redirects.yml"="9/21/2021 1:45 AM, 69056 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\adguard\assistant Adds the file assistant.js"="9/22/2021 6:11 AM, 476881 bytes, A Adds the file assistant.js.LICENSE.txt"="9/22/2021 6:11 AM, 66 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\icons Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\icons\disabled Adds the file 128x128.png"="9/21/2021 1:45 AM, 2082 bytes, A Adds the file 16x16.png"="9/21/2021 1:45 AM, 386 bytes, A Adds the file 24x24.png"="9/21/2021 1:45 AM, 1320 bytes, A Adds the file 32x32.png"="9/21/2021 1:45 AM, 617 bytes, A Adds the file 48x48.png"="9/21/2021 1:45 AM, 910 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\icons\enabled Adds the file 128x128.png"="11/23/2021 10:43 AM, 2279 bytes, A Adds the file 16x16.png"="11/23/2021 10:43 AM, 394 bytes, A Adds the file 24x24.png"="11/23/2021 10:43 AM, 978 bytes, A Adds the file 300x300.png"="9/21/2021 1:45 AM, 5342 bytes, A Adds the file 32x32.png"="11/23/2021 10:43 AM, 657 bytes, A Adds the file 48x48.png"="11/23/2021 10:43 AM, 967 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\icons\paused Adds the file 128x128.png"="9/21/2021 1:45 AM, 2106 bytes, A Adds the file 16x16.png"="9/21/2021 1:45 AM, 411 bytes, A Adds the file 24x24.png"="9/21/2021 1:45 AM, 1514 bytes, A Adds the file 32x32.png"="9/21/2021 1:45 AM, 630 bytes, A Adds the file 48x48.png"="9/21/2021 1:45 AM, 915 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aabcnnmihfbpfblmeflmggaccdjlpfpp Adds the file 000004.log"="11/23/2021 10:43 AM, 47 bytes, A Adds the file 000005.ldb"="11/23/2021 10:43 AM, 3187284 bytes, A Adds the file CURRENT"="11/23/2021 10:43 AM, 16 bytes, A Adds the file LOCK"="11/23/2021 10:43 AM, 0 bytes, A Adds the file LOG"="11/23/2021 10:43 AM, 528 bytes, A Adds the file MANIFEST-000001"="11/23/2021 10:43 AM, 106 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "aabcnnmihfbpfblmeflmggaccdjlpfpp"="REG_SZ", "9BE250A1FB13FF810B53080319E2E28A2F7753C1BA7B85E32602EC3C6CD4D30B" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/23/21 Scan Time: 10:51 AM Log File: fcf03380-4c42-11ec-a06d-080027235d76.json -Software Information- Version: 4.4.11.149 Components Version: 1.0.1513 Update Package Version: 1.0.47539 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 243147 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 0 min, 57 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.ForcedExtension, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|aabcnnmihfbpfblmeflmggaccdjlpfpp, Quarantined, 290, 999753, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\aabcnnmihfbpfblmeflmggaccdjlpfpp, Quarantined, 290, 999753, , , , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\aabcnnmihfbpfblmeflmggaccdjlpfpp, Quarantined, 290, 999753, 1.0.47539, , ame, , , File: 8 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 290, 999753, , , , , F88F08FFCF4016B6F561F7BE6D69917D, 08F79CF373A3A0973CC3254B059DC7F442B4938B7EA054D320CA51D9974436F8 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 290, 999753, , , , , 5D97162A5404EFBFC1CB01305EDF7181, 51FB74C1F45AAFF2316DEFC3675851E30B2B7506C7CB30C0BC63D74DCE0564A3 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aabcnnmihfbpfblmeflmggaccdjlpfpp\000004.log, Quarantined, 290, 999753, , , , , 4282EA14DF01A55AB2687A81A9633D89, FED16FB5E294C1022BE4212041BA4CF5FCEEC73978B736EDD4ED4A4C312A0B66 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aabcnnmihfbpfblmeflmggaccdjlpfpp\000005.ldb, Quarantined, 290, 999753, , , , , 7F157FA006DDE4EB5AD43046E0C1753D, A0017BF6FC0B37A824E5AE19C379C60F50AB2D69DA09AF56B3994FD78BF263ED PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aabcnnmihfbpfblmeflmggaccdjlpfpp\CURRENT, Quarantined, 290, 999753, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aabcnnmihfbpfblmeflmggaccdjlpfpp\LOCK, Quarantined, 290, 999753, , , , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aabcnnmihfbpfblmeflmggaccdjlpfpp\LOG, Quarantined, 290, 999753, , , , , D9241EA5893EBD1A0E7AA5D565570510, 4CA77E3B669897F7F41A89AAEA908E585000682B125E1733B1F7DBD6C4D4D6A5 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aabcnnmihfbpfblmeflmggaccdjlpfpp\MANIFEST-000001, Quarantined, 290, 999753, , , , , A44370B5654C26C5F182A43733452105, 3406A540A4195A9FAE333C4946B98D81F1B1792E97392A33400974592F490408 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is Browser Guard?The Malwarebytes research team has determined that Browser Guard is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.This one uses the name of a legitimate extension to attrackt more users.How do I know if my computer is affected by Browser Guard?You may see this entry in your list of installed extensions:and these warnings during install:How did Browser Guard get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove Browser Guard?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Browser Guard? No, Malwarebytes removes Browser Guard completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes as well as the real Browser would have protected you against the Browser Guard hijacker. It would have blocked their domain, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR Extension: (Browser Guard) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijenmglnpmjhinahemfkokpomhbpjjn [2021-11-22] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijenmglnpmjhinahemfkokpomhbpjjn\1.0.10_0 Adds the file background.js"="9/20/2021 1:55 PM, 5226 bytes, A Adds the file content.js"="9/20/2021 1:06 PM, 2002 bytes, A Adds the file domain_list.js"="8/23/2021 1:11 PM, 560260 bytes, A Adds the file icon.png"="11/22/2021 2:18 PM, 3045 bytes, A Adds the file manifest.json"="11/22/2021 2:18 PM, 7818 bytes, A Adds the file protector.js"="9/20/2021 1:04 PM, 297 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijenmglnpmjhinahemfkokpomhbpjjn\1.0.10_0\_locales\de Adds the file messages.json"="11/22/2021 2:18 PM, 536 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijenmglnpmjhinahemfkokpomhbpjjn\1.0.10_0\_locales\en Adds the file messages.json"="11/22/2021 2:18 PM, 529 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijenmglnpmjhinahemfkokpomhbpjjn\1.0.10_0\_locales\es Adds the file messages.json"="11/22/2021 2:18 PM, 552 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijenmglnpmjhinahemfkokpomhbpjjn\1.0.10_0\_locales\fr Adds the file messages.json"="11/22/2021 2:18 PM, 555 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijenmglnpmjhinahemfkokpomhbpjjn\1.0.10_0\_locales\it Adds the file messages.json"="11/22/2021 2:18 PM, 526 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijenmglnpmjhinahemfkokpomhbpjjn\1.0.10_0\_locales\pt_BR Adds the file messages.json"="11/22/2021 2:18 PM, 543 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijenmglnpmjhinahemfkokpomhbpjjn\1.0.10_0\_metadata Adds the file computed_hashes.json"="11/22/2021 2:18 PM, 95677 bytes, A Adds the file verified_contents.json"="9/20/2021 1:22 PM, 3893 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijenmglnpmjhinahemfkokpomhbpjjn\1.0.10_0\_metadata\generated_indexed_rulesets Adds the file _ruleset1"="11/22/2021 2:18 PM, 357699 bytes, A Adds the file _ruleset2"="11/22/2021 2:18 PM, 360019 bytes, A Adds the file _ruleset3"="11/22/2021 2:18 PM, 359163 bytes, A Adds the file _ruleset4"="11/22/2021 2:18 PM, 357011 bytes, A Adds the file _ruleset5"="11/22/2021 2:18 PM, 358931 bytes, A Adds the file _ruleset6"="11/22/2021 2:18 PM, 360043 bytes, A Adds the file _ruleset7"="11/22/2021 2:18 PM, 359339 bytes, A Adds the file _ruleset8"="11/22/2021 2:18 PM, 272395 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijenmglnpmjhinahemfkokpomhbpjjn\1.0.10_0\rules Adds the file rules_1.json"="8/23/2021 1:11 PM, 985439 bytes, A Adds the file rules_2.json"="8/23/2021 1:11 PM, 988187 bytes, A Adds the file rules_3.json"="8/23/2021 1:11 PM, 987562 bytes, A Adds the file rules_4.json"="8/23/2021 1:11 PM, 987225 bytes, A Adds the file rules_5.json"="8/23/2021 1:11 PM, 990138 bytes, A Adds the file rules_6.json"="8/23/2021 1:11 PM, 991247 bytes, A Adds the file rules_7.json"="8/23/2021 1:11 PM, 990344 bytes, A Adds the file rules_8.json"="8/23/2021 1:11 PM, 721757 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijenmglnpmjhinahemfkokpomhbpjjn\1.0.10_0\web Adds the file background.svg"="8/23/2021 1:11 PM, 1666 bytes, A Adds the file block.html"="8/23/2021 1:11 PM, 1510 bytes, A Adds the file script.js"="8/23/2021 1:11 PM, 806 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eijenmglnpmjhinahemfkokpomhbpjjn Adds the file 000003.log"="11/22/2021 2:20 PM, 122 bytes, A Adds the file CURRENT"="11/22/2021 2:18 PM, 16 bytes, A Adds the file LOCK"="11/22/2021 2:18 PM, 0 bytes, A Adds the file LOG"="11/22/2021 2:18 PM, 371 bytes, A Adds the file MANIFEST-000001"="11/22/2021 2:18 PM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "eijenmglnpmjhinahemfkokpomhbpjjn"="REG_SZ", "BD32B9AC1E4CF87ACEE56CA822046B94522D61CF21DF00773D7D582C53648CA7" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/22/21 Scan Time: 2:27 PM Log File: f2c10246-4b97-11ec-a4c6-080027235d76.json -Software Information- Version: 4.4.10.144 Components Version: 1.0.1499 Update Package Version: 1.0.47505 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 243090 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 2 min, 1 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.Cardinaldata, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|eijenmglnpmjhinahemfkokpomhbpjjn, Quarantined, 15730, 635567, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.Cardinaldata, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\eijenmglnpmjhinahemfkokpomhbpjjn, Quarantined, 15730, 635567, , , , , , PUP.Optional.Cardinaldata, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\EIJENMGLNPMJHINAHEMFKOKPOMHBPJJN, Quarantined, 15730, 635567, 1.0.47505, , ame, , , File: 8 PUP.Optional.Cardinaldata, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15730, 635567, , , , , 81F50C28EC7EE70E65BDFE1D3353829E, 5A1D28154A96A774AE053E9A83692AAEFDD75F6AFA42242A066F28AE4D5D8293 PUP.Optional.Cardinaldata, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15730, 635567, , , , , AC42984995712BF29C561F5F9DE90418, 13B857F0720A158546786F78A3417D053AB05A33FAB1284A5C51FD430BE46EFA PUP.Optional.Cardinaldata, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eijenmglnpmjhinahemfkokpomhbpjjn\000003.log, Quarantined, 15730, 635567, , , , , 2F23D9B1A95BC7E77A09E4474AD0634E, 05984D9F1F10326B725733D6A71B39CB0EDFF73FF43F60F3ED6B1D89457E9892 PUP.Optional.Cardinaldata, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eijenmglnpmjhinahemfkokpomhbpjjn\CURRENT, Quarantined, 15730, 635567, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.Cardinaldata, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eijenmglnpmjhinahemfkokpomhbpjjn\LOCK, Quarantined, 15730, 635567, , , , , , PUP.Optional.Cardinaldata, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eijenmglnpmjhinahemfkokpomhbpjjn\LOG, Quarantined, 15730, 635567, , , , , 84707930E55536E2751D9B0847FD9C67, 5FC9BB3B6D1D43FD78A73A93769A72483140170A16137B05AA6B7DA905601147 PUP.Optional.Cardinaldata, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eijenmglnpmjhinahemfkokpomhbpjjn\MANIFEST-000001, Quarantined, 15730, 635567, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.Cardinaldata, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\EIJENMGLNPMJHINAHEMFKOKPOMHBPJJN\1.0.10_0\DOMAIN_LIST.JS, Quarantined, 15730, 635567, 1.0.47505, , ame, , BBE86324A14A1D61A59B803A5A72CE65, E7FDC839D4043AD9562312A9C358C506E6B748D7221C8FF0A5DCA35BF4CCE0E0 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is GoCouponSearch? The Malwarebytes research team has determined that GoCouponSearch is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one changes your default search engine and also uses browser push notifications. How do I know if my computer is affected by GoCouponSearch? You may see this entry in your list of installed Chrome extensions: and these warnings during install: and this changed setting: How did GoCouponSearch get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove GoCouponSearch? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of GoCouponSearch? No, Malwarebytes removes GoCouponSearch completely. If you have allowed the notifications you can read here how to disable them. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the GoCouponSearch hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Notifications: Default -> hxxps://install.gocouponsearch.com CHR DefaultSearchURL: Default -> hxxps://feed.gocouponsearch.com/?q={searchTerms}&publisher=gocouponsearch&barcodeid=598040000000000 CHR DefaultSearchKeyword: Default -> GoCouponSearch CHR DefaultSuggestURL: Default -> hxxps://api.gocouponsearch.com/suggest/get?q={searchTerms} CHR Extension: (GoCouponSearch) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bidpobjoffokopphiihehcdnbkgnhcek [2021-11-10] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bidpobjoffokopphiihehcdnbkgnhcek\1.0.0_0 Adds the file background.js"="11/2/2021 10:13 AM, 9855 bytes, A Adds the file content-script.js"="7/19/2021 2:11 PM, 77 bytes, A Adds the file manifest.json"="11/10/2021 3:33 PM, 1844 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bidpobjoffokopphiihehcdnbkgnhcek\1.0.0_0\_metadata Adds the file computed_hashes.json"="11/10/2021 3:33 PM, 461 bytes, A Adds the file verified_contents.json"="11/2/2021 10:13 AM, 2032 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bidpobjoffokopphiihehcdnbkgnhcek\1.0.0_0\images Adds the file logo-white-text.png"="11/2/2021 10:13 AM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bidpobjoffokopphiihehcdnbkgnhcek\1.0.0_0\images\icons Adds the file 128x128.png"="11/10/2021 3:33 PM, 3547 bytes, A Adds the file 16x16.png"="11/10/2021 3:33 PM, 658 bytes, A Adds the file 64x64.png"="11/10/2021 3:33 PM, 1934 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bidpobjoffokopphiihehcdnbkgnhcek Adds the file 000003.log"="11/10/2021 3:33 PM, 1183 bytes, A Adds the file CURRENT"="11/10/2021 3:33 PM, 16 bytes, A Adds the file LOCK"="11/10/2021 3:33 PM, 0 bytes, A Adds the file LOG"="11/10/2021 3:33 PM, 369 bytes, A Adds the file MANIFEST-000001"="11/10/2021 3:33 PM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "bidpobjoffokopphiihehcdnbkgnhcek"="REG_SZ", "E43FE9FF9178C51B17B4E21C8DEB26A9E9122203DE321B8449916E684B8E3508" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/10/21 Scan Time: 3:43 PM Log File: 969b04ec-4234-11ec-9765-080027235d76.json -Software Information- Version: 4.4.10.144 Components Version: 1.0.1499 Update Package Version: 1.0.47046 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 247044 Threats Detected: 12 Threats Quarantined: 12 Time Elapsed: 1 min, 6 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 Adware.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|bidpobjoffokopphiihehcdnbkgnhcek, Quarantined, 16027, 799722, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\bidpobjoffokopphiihehcdnbkgnhcek, Quarantined, 16027, 799722, , , , , , Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BIDPOBJOFFOKOPPHIIHEHCDNBKGNHCEK, Quarantined, 16027, 799722, 1.0.47046, , ame, , , File: 9 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 16027, 799722, , , , , 32449F51B81CFF1B7D736C3917F219BE, 9AD86B9D378C3F96E8D6729D7DBA4FCF2D9315CB1944D4DF99F41278316C21D7 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 16027, 799722, , , , , 7DBC88CE3AB2D33ADCA9CD338EA82551, C07DE02416B82045EFE3CFDD79375A8E32B53CF2394201DBCDEEE247BC4E8D02 Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bidpobjoffokopphiihehcdnbkgnhcek\000003.log, Quarantined, 16027, 799722, , , , , CDB167F2FC2ABF221A10AF4980B4797B, 63D51C1DE6174655DB46F8740AD931DDE6F5B2FE1C3224C1C543E0AE719B3E71 Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bidpobjoffokopphiihehcdnbkgnhcek\CURRENT, Quarantined, 16027, 799722, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bidpobjoffokopphiihehcdnbkgnhcek\LOCK, Quarantined, 16027, 799722, , , , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bidpobjoffokopphiihehcdnbkgnhcek\LOG, Quarantined, 16027, 799722, , , , , 343A04C118092FC11253CFFD269896F0, B3F6E8181E4FE14A6F074F013AE8381DDFE8EDF72FE04A516440B68AC181EA84 Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bidpobjoffokopphiihehcdnbkgnhcek\MANIFEST-000001, Quarantined, 16027, 799722, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BIDPOBJOFFOKOPPHIIHEHCDNBKGNHCEK\1.0.0_0\MANIFEST.JSON, Quarantined, 16027, 799722, 1.0.47046, , ame, , 3D033C530C0968CEE232BBFDD81E96B7, 35A2B69A80A96D6A350F2E604EDDA49CF89E0BA4D81D8505BFC9A72A6A7948F8 PUP.Optional.PushNotifications.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 197, 832955, 1.0.47046, , ame, , 7DBC88CE3AB2D33ADCA9CD338EA82551, C07DE02416B82045EFE3CFDD79375A8E32B53CF2394201DBCDEEE247BC4E8D02 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is Anywhere Search? The Malwarebytes research team has determined that Anywhere Search is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one is also a browser NewTab. How do I know if my computer is affected by Anywhere Search? You may see this entry in your list of installed Chrome extensions: these changed settings: You may have noticed these warnings during install: How did Anywhere Search get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: How do I remove Anywhere Search? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Anywhere Search? No, Malwarebytes removes Anywhere Search completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. Technical details for experts Possible signs in FRST logs: CHR NewTab: Default -> Active:"chrome-extension://hboldpniicbdhlfcejjlkdgnbppiaajn/my.html" CHR DefaultSearchURL: Default -> hxxps://anywheresearch.com/?id=26&keyword={searchTerms} CHR DefaultSearchKeyword: Default -> Anywhere Search CHR Extension: (Anywhere Search) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hboldpniicbdhlfcejjlkdgnbppiaajn [2021-11-08] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hboldpniicbdhlfcejjlkdgnbppiaajn\1.0.7_0 Adds the file code.js"="4/30/2021 6:43 PM, 51 bytes, A Adds the file manifest.json"="11/8/2021 12:48 PM, 1516 bytes, A Adds the file my.html"="4/30/2021 6:43 PM, 174 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hboldpniicbdhlfcejjlkdgnbppiaajn\1.0.7_0\_metadata Adds the file computed_hashes.json"="11/8/2021 12:48 PM, 918 bytes, A Adds the file verified_contents.json"="7/14/2021 8:47 PM, 2173 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hboldpniicbdhlfcejjlkdgnbppiaajn\1.0.7_0\image Adds the file 128.png"="11/8/2021 12:48 PM, 1121 bytes, A Adds the file 16.png"="11/8/2021 12:48 PM, 270 bytes, A Adds the file 32.png"="11/8/2021 12:48 PM, 488 bytes, A Adds the file 48.png"="11/8/2021 12:48 PM, 837 bytes, A Adds the file 64.png"="11/8/2021 12:48 PM, 913 bytes, A Adds the file Thumbs.db"="3/14/2021 12:26 AM, 7168 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "hboldpniicbdhlfcejjlkdgnbppiaajn"="REG_SZ", "6C7DAF8E4E4BDD906F7FD4D631CBE2D8A268517B32591ECEEF707A15EC8F82A5" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/8/21 Scan Time: 12:58 PM Log File: 25c0309e-408b-11ec-919d-080027235d76.json -Software Information- Version: 4.4.10.144 Components Version: 1.0.1499 Update Package Version: 1.0.46966 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 246956 Threats Detected: 5 Threats Quarantined: 5 Time Elapsed: 1 min, 17 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|hboldpniicbdhlfcejjlkdgnbppiaajn, Quarantined, 332, 995470, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 1 PUP.Optional.SearchEngineHijack, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HBOLDPNIICBDHLFCEJJLKDGNBPPIAAJN, Quarantined, 332, 995470, 1.0.46966, , ame, , , File: 3 PUP.Optional.SearchEngineHijack, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 332, 995470, , , , , CC5D7431C68DDF152F02C9FADA5FECCE, BE4F69166992EF75FD2E7A1B6B7E9BF6399DDB538E916C9D3B21F9B83BB95498 PUP.Optional.SearchEngineHijack, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 332, 995470, , , , , E1CBD9E419132BB8B32D36F5C2441FEF, F622574A998ABAF11FA196E8BC03FF15D0651839502180CF3C680E7BECE063B4 PUP.Optional.SearchEngineHijack, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HBOLDPNIICBDHLFCEJJLKDGNBPPIAAJN\1.0.7_0\MANIFEST.JSON, Quarantined, 332, 995470, 1.0.46966, , ame, , BAF2CA3429120FE175C1A3184C14FFF1, 92A0242553775B2A6FD93D950116805915A90DC26849FDBFA4BACA6456015677 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is Speed Check? The Malwarebytes research team has determined that Speed Check is a browser hijacker and forced Edge extension. This extension was available for Chrome and Firefox according tho their website, but those have been removed from the webstores. How do I know if my computer is affected by Speed Check? You may see these warnings during install: You may see this entry in your list of installed Edge extensions: and this icon in the browser's menu-bar: How did Speed Check get on my computer? Forced extensions use a typical method for distributing themselves. This particular one was also available in the webstore. and is being promoted on their website: How do I remove Speed Check? Our program Malwarebytes can detect and remove this unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Speed Check? No, Malwarebytes removes Speed Check completely. Technical details for experts Possible signs in FRST logs: Edge Extension: (Speed Check) - C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kncjaipolcjphijglhbalgdpigdeldll [2021-11-04] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kncjaipolcjphijglhbalgdpigdeldll\1.0_0 Adds the file manifest.json"="11/4/2021 11:21 AM, 987 bytes, A Adds the file ttrag.js"="9/9/2021 5:17 PM, 8869 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kncjaipolcjphijglhbalgdpigdeldll\1.0_0\__MACOSX Adds the file ._ics"="9/9/2021 3:37 PM, 211 bytes, A Adds the file ._manifest.json"="9/9/2021 3:37 PM, 211 bytes, A Adds the file ._ttrag.js"="9/9/2021 5:17 PM, 211 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kncjaipolcjphijglhbalgdpigdeldll\1.0_0\__MACOSX\ics Adds the file ._image128.png"="9/9/2021 3:37 PM, 211 bytes, A Adds the file ._image16.png"="9/9/2021 3:37 PM, 211 bytes, A Adds the file ._image32.png"="9/9/2021 3:37 PM, 211 bytes, A Adds the file ._image64.png"="9/9/2021 3:37 PM, 211 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kncjaipolcjphijglhbalgdpigdeldll\1.0_0\_metadata Adds the file computed_hashes.json"="11/4/2021 11:21 AM, 1045 bytes, A Adds the file verified_contents.json"="9/13/2021 11:54 AM, 2960 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kncjaipolcjphijglhbalgdpigdeldll\1.0_0\ics Adds the file image128.png"="11/4/2021 11:21 AM, 8193 bytes, A Adds the file image16.png"="11/4/2021 11:21 AM, 818 bytes, A Adds the file image32.png"="11/4/2021 11:21 AM, 1934 bytes, A Adds the file image64.png"="11/4/2021 11:21 AM, 3940 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\kncjaipolcjphijglhbalgdpigdeldll Adds the file 000003.log"="11/4/2021 11:21 AM, 317 bytes, A Adds the file CURRENT"="11/4/2021 11:21 AM, 16 bytes, A Adds the file LOCK"="11/4/2021 11:21 AM, 0 bytes, A Adds the file LOG"="11/4/2021 11:21 AM, 371 bytes, A Adds the file MANIFEST-000001"="11/4/2021 11:21 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Microsoft\Edge\PreferenceMACs\Default\extensions.settings] "kncjaipolcjphijglhbalgdpigdeldll"="REG_SZ", "A89589C024F1C7CAC3B15D3C54D86230006D5604BC18FE9E533C5BAC1769E25B" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/4/21 Scan Time: 11:31 AM Log File: 53ebb40e-3d5a-11ec-9ba9-080027235d76.json -Software Information- Version: 4.4.9.142 Components Version: 1.0.1486 Update Package Version: 1.0.46768 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 259693 Threats Detected: 9 Threats Quarantined: 9 Time Elapsed: 2 min, 15 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.ForcedExtension, HKCU\SOFTWARE\MICROSOFT\EDGE\PREFERENCEMACS\Default\extensions.settings|kncjaipolcjphijglhbalgdpigdeldll, Quarantined, 298, 994286, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Local Extension Settings\kncjaipolcjphijglhbalgdpigdeldll, Quarantined, 298, 994286, , , , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\EXTENSIONS\kncjaipolcjphijglhbalgdpigdeldll, Quarantined, 298, 994286, 1.0.46768, , ame, , , File: 6 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Secure Preferences, Replaced, 298, 994286, , , , , 184C32B404CEF12D2EB4B502A4DACEF2, F5861FF291C9F1E30C06C9A89910FCDF1ED5995F3BCCAF561EE77C44389B9CC2 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\kncjaipolcjphijglhbalgdpigdeldll\000003.log, Quarantined, 298, 994286, , , , , 92BFC1ADD9549F52AF3C696DCC36A681, D0662BBB6AB0A62566195D19F7688E9CB51838899ECDF08ADC3D62F4FDE1EBEA PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\kncjaipolcjphijglhbalgdpigdeldll\CURRENT, Quarantined, 298, 994286, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\kncjaipolcjphijglhbalgdpigdeldll\LOCK, Quarantined, 298, 994286, , , , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\kncjaipolcjphijglhbalgdpigdeldll\LOG, Quarantined, 298, 994286, , , , , BD55481E29F5E906466345224A6E8F9A, 45F3940977E658510C3DF1D39D5C52F5172957B5A586FB6FE11337C960C0282C PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\kncjaipolcjphijglhbalgdpigdeldll\MANIFEST-000001, Quarantined, 298, 994286, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is Domain Quality? The Malwarebytes research team has determined that Domain Quality is a browser hijacker and forced Edge extension. This extension was available for Chrome and Firefox according tho their website, but those have been removed from the webstores. How do I know if my computer is affected by Domain Quality? You may see these warnings during install: You may see this entry in your list of installed Edge extensions: How did Domain Quality get on my computer? Forced extensions use a typical method for distributing themselves. This particular one was also available in the webstore. and is being promoted on their website: How do I remove Domain Quality? Our program Malwarebytes can detect and remove this unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Domain Quality? No, Malwarebytes removes Domain Quality completely. Technical details for experts Possible signs in FRST logs: Edge Extension: (Domain Quality) - C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mibdbcmijlhpfbghdpgecafbaimbihll [2021-11-03] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mibdbcmijlhpfbghdpgecafbaimbihll\1.0_0 Adds the file fundPas.js"="9/3/2021 12:34 PM, 8682 bytes, A Adds the file manifest.json"="11/3/2021 10:54 AM, 1013 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mibdbcmijlhpfbghdpgecafbaimbihll\1.0_0\_metadata Adds the file computed_hashes.json"="11/3/2021 10:54 AM, 227 bytes, A Adds the file verified_contents.json"="9/3/2021 3:29 PM, 2109 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mibdbcmijlhpfbghdpgecafbaimbihll\1.0_0\conesF Adds the file image128.png"="11/3/2021 10:54 AM, 6078 bytes, A Adds the file image16.png"="11/3/2021 10:54 AM, 727 bytes, A Adds the file image32.png"="11/3/2021 10:54 AM, 1611 bytes, A Adds the file image64.png"="11/3/2021 10:54 AM, 2842 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Microsoft\Edge\PreferenceMACs\Default\extensions.settings] "mibdbcmijlhpfbghdpgecafbaimbihll"="REG_SZ", "C7DFADA31CA78AA91900A543871A060BDA90795836EECC8A86933D15E3C86A03" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/3/21 Scan Time: 11:14 AM Log File: e297b5f8-3c8e-11ec-beef-080027235d76.json -Software Information- Version: 4.4.9.142 Components Version: 1.0.1486 Update Package Version: 1.0.46718 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 259683 Threats Detected: 10 Threats Quarantined: 10 Time Elapsed: 2 min, 7 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.ForcedExtension, HKCU\SOFTWARE\MICROSOFT\EDGE\PREFERENCEMACS\Default\extensions.settings|mibdbcmijlhpfbghdpgecafbaimbihll, Quarantined, 298, 980942, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Local Extension Settings\mibdbcmijlhpfbghdpgecafbaimbihll, Quarantined, 298, 980942, , , , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\EXTENSIONS\MIBDBCMIJLHPFBGHDPGECAFBAIMBIHLL, Quarantined, 298, 980942, 1.0.46718, , ame, , , File: 7 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Secure Preferences, Replaced, 298, 980942, , , , , 89A9F853B5164E3CC514B36F1AD2CC4C, 17056E84BC27F3F42D8A8F432D59A452D2C66C1E80A349CA021C22589784C139 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\mibdbcmijlhpfbghdpgecafbaimbihll\000003.log, Quarantined, 298, 980942, , , , , 04745E4090E6D2D6FCC2DD53D80F8CFD, 8D7DB095B372D95503CABD522A82B49EEE66678C2F13D5EE16CC678836B2D103 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\mibdbcmijlhpfbghdpgecafbaimbihll\CURRENT, Quarantined, 298, 980942, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\mibdbcmijlhpfbghdpgecafbaimbihll\LOCK, Quarantined, 298, 980942, , , , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\mibdbcmijlhpfbghdpgecafbaimbihll\LOG, Quarantined, 298, 980942, , , , , 33033261C3A3EBB2DD072A322D6033EE, B749B33F8434E616F021485E5665F2FE4E518883CD9A02134BD4F35699DBC7E1 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\mibdbcmijlhpfbghdpgecafbaimbihll\MANIFEST-000001, Quarantined, 298, 980942, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\EXTENSIONS\MIBDBCMIJLHPFBGHDPGECAFBAIMBIHLL\1.0_0\FUNDPAS.JS, Quarantined, 298, 980942, 1.0.46718, , ame, , 1A123AD0900F3197034142AE00887421, C1759C6FC33983A3C021FE36636A812EF9D9A394DE94736833DB624C9BE6686D Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is Search-Streamly? The Malwarebytes research team has determined that Search-Streamly is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular changes the default search engine to their own and pushes notifications. How do I know if my computer is affected by Search-Streamly? You may see this entry in your list of installed Chrome extensions: and this changed setting: You may have noticed these warnings during install: How did Search-Streamly get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Search-Streamly? Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Search-Streamly? No, Malwarebytes removes Search-Streamly completely. If you have allowed the notifications you can read here how to disable them. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Search-Streamly hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps//feed.search-streamly.com/?q={searchTerms}&publisher=search-streamly&barcodeid=579280000000000 CHR DefaultSearchKeyword: Default -> Search-Streamly CHR DefaultSuggestURL: Default -> hxxps//api.search-streamly.com/suggest/get?q={searchTerms} CHR Extension: (Search-Streamly) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkgimecfbbbcgaalhpfgjappihanfid [2021-10-26] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkgimecfbbbcgaalhpfgjappihanfid\1.1.0_0 Adds the file manifest.json"="10/26/2021 2:36 PM, 2120 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkgimecfbbbcgaalhpfgjappihanfid\1.1.0_0\_metadata Adds the file computed_hashes.json"="10/26/2021 2:36 PM, 6255 bytes, A Adds the file verified_contents.json"="8/6/2020 1:56 PM, 2049 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkgimecfbbbcgaalhpfgjappihanfid\1.1.0_0\images Adds the file logo-white-text.png"="8/6/2020 1:56 PM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkgimecfbbbcgaalhpfgjappihanfid\1.1.0_0\images\icons Adds the file 128x128.png"="10/26/2021 2:36 PM, 4496 bytes, A Adds the file 16x16.png"="10/26/2021 2:36 PM, 515 bytes, A Adds the file 64x64.png"="10/26/2021 2:36 PM, 2196 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkgimecfbbbcgaalhpfgjappihanfid\1.1.0_0\scripts Adds the file background.js"="8/6/2020 1:56 PM, 514520 bytes, A Adds the file sitecontent.js"="8/6/2020 1:56 PM, 77 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bkkgimecfbbbcgaalhpfgjappihanfid Adds the file 000003.log"="10/26/2021 2:38 PM, 788 bytes, A Adds the file CURRENT"="10/26/2021 2:36 PM, 16 bytes, A Adds the file LOCK"="10/26/2021 2:36 PM, 0 bytes, A Adds the file LOG"="10/26/2021 2:36 PM, 367 bytes, A Adds the file MANIFEST-000001"="10/26/2021 2:36 PM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_bkkgimecfbbbcgaalhpfgjappihanfid Adds the file Search-Streamly.ico"="10/26/2021 2:36 PM, 176434 bytes, A Adds the file Search-Streamly.ico.md5"="10/26/2021 2:36 PM, 16 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "bkkgimecfbbbcgaalhpfgjappihanfid"="REG_SZ", "48773173CF76D75BA80335A7D39E1210203D388CB68F8431F250307D2EE43071" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/26/21 Scan Time: 4:12 PM Log File: b214b8aa-3666-11ec-819a-080027235d76.json -Software Information- Version: 4.4.9.142 Components Version: 1.0.1486 Update Package Version: 1.0.46402 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 259583 Threats Detected: 12 Threats Quarantined: 12 Time Elapsed: 2 min, 29 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 Adware.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|bkkgimecfbbbcgaalhpfgjappihanfid, Quarantined, 17004, 799722, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\bkkgimecfbbbcgaalhpfgjappihanfid, Quarantined, 17004, 799722, , , , , , Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BKKGIMECFBBBCGAALHPFGJAPPIHANFID, Quarantined, 17004, 799722, 1.0.46402, , ame, , , File: 9 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 17004, 799722, , , , , 9F2FFA09BD1B52ABDC2908FB887D15FB, 5014C31E43414FE0B273660B2FF27F4634EAF592B2182C16A26CD6713EEB1E9D Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 17004, 799722, , , , , 9957C864E6F6D49863794ED9847FDDB3, 940E2DC3C43819E1A7B20D95C590B8405656ED352DAEF6DA3AA35359B2FB5F20 Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bkkgimecfbbbcgaalhpfgjappihanfid\000003.log, Quarantined, 17004, 799722, , , , , 3304073DFEF2BCD3F98519F129E5386D, 46ED7ED6B8CB0E8ABB6F44C279505D0C5A893C1A5F68C4E16A9101BFD68EA5D2 Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bkkgimecfbbbcgaalhpfgjappihanfid\CURRENT, Quarantined, 17004, 799722, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bkkgimecfbbbcgaalhpfgjappihanfid\LOCK, Quarantined, 17004, 799722, , , , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bkkgimecfbbbcgaalhpfgjappihanfid\LOG, Quarantined, 17004, 799722, , , , , 95E1CD941E558255782414987CA9D9D8, D2E630676E4C121D2F0003F1CE9F7D4F682D928505841DF5E6E7B466EF5B5E58 Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bkkgimecfbbbcgaalhpfgjappihanfid\MANIFEST-000001, Quarantined, 17004, 799722, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BKKGIMECFBBBCGAALHPFGJAPPIHANFID\1.1.0_0\MANIFEST.JSON, Quarantined, 17004, 799722, 1.0.46402, , ame, , B40D207A04049A901B1EF9CC3358A407, B257CAB973493C61D5BFACBB27D209208E6D1E4632061137F1E89465668BC0E7 PUP.Optional.PushNotifications, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 203, 839078, 1.0.46402, , ame, , 9957C864E6F6D49863794ED9847FDDB3, 940E2DC3C43819E1A7B20D95C590B8405656ED352DAEF6DA3AA35359B2FB5F20 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is color ssc? The Malwarebytes research team has determined that color ssc is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one redirects searches to their own search engine. How do I know if my computer is affected by color ssc? You may see this entry in your list of installed Chrome extensions: and this additional menu: You may have noticed these warnings during install: How did color ssc get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove color ssc? Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of color ssc? No, Malwarebytes removes color ssc completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the color ssc hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (color ssc) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plolkgdlfpkjjacjghoeeondfalilcld [2021-10-21] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plolkgdlfpkjjacjghoeeondfalilcld\0.2_0 Adds the file Background.js"="10/12/2021 12:58 AM, 195914 bytes, A Adds the file Content.js"="10/11/2021 6:41 AM, 691 bytes, A Adds the file icon.png"="10/21/2021 10:38 AM, 6854 bytes, A Adds the file manifest.json"="10/21/2021 10:38 AM, 1034 bytes, A Adds the file popup.html"="9/26/2021 8:32 PM, 1081 bytes, A Adds the file popup.js"="10/10/2021 8:23 AM, 1479 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plolkgdlfpkjjacjghoeeondfalilcld\0.2_0\_metadata Adds the file computed_hashes.json"="10/21/2021 10:38 AM, 2655 bytes, A Adds the file verified_contents.json"="10/12/2021 12:58 AM, 1836 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "plolkgdlfpkjjacjghoeeondfalilcld"="REG_SZ", "77AA82B69C7B7A6B956B82F56EECCFAEB8505EE0D6A186D35BE5BCDAEBBAF74E" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/21/21 Scan Time: 4:37 PM Log File: 761e7e64-327c-11ec-b948-080027235d76.json -Software Information- Version: 4.4.8.137 Components Version: 1.0.1474 Update Package Version: 1.0.46214 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 259560 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 2 min, 20 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.ForcedExtension, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|plolkgdlfpkjjacjghoeeondfalilcld, Quarantined, 298, 990128, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\plolkgdlfpkjjacjghoeeondfalilcld, Quarantined, 298, 990128, , , , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\plolkgdlfpkjjacjghoeeondfalilcld, Quarantined, 298, 990128, 1.0.46214, , ame, , , File: 8 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 298, 990128, , , , , FA8EBC8A9FF4991D01D6D119DBC3779D, A5EDA45371860843CCA03356FBE36144023776C4341E6496BAFAE6EE7F93AD20 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 298, 990128, , , , , AF673518CA0111B36EA98E766FE18572, B430DB08ADB7E132160C7C26D5E0CDD575089333F5A7F6F2BFC0A4B42936AB1A PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plolkgdlfpkjjacjghoeeondfalilcld\000003.log, Quarantined, 298, 990128, , , , , E76C1270CAE9687913807D4400F1C56E, D4A5B8C0A2F83904837E5F72AD92CB26B7BA993E8A8977004510122BA5AD980D PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plolkgdlfpkjjacjghoeeondfalilcld\CURRENT, Quarantined, 298, 990128, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plolkgdlfpkjjacjghoeeondfalilcld\LOCK, Quarantined, 298, 990128, , , , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plolkgdlfpkjjacjghoeeondfalilcld\LOG, Quarantined, 298, 990128, , , , , 5576B19660268375F6D212255975AFC9, 157F558DD461BC1AB41D14EA8971EAFF0AB0DF683F04F1CF3327A7F6A16BB04A PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plolkgdlfpkjjacjghoeeondfalilcld\LOG.old, Quarantined, 298, 990128, , , , , 3EE75E39DF31AFAA50CCF06DFBFC7175, E7989EC3E0C8B7A610A64D5FD6B20DB7F2AC8F20ABDFE1459F5465B650A06E1F PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plolkgdlfpkjjacjghoeeondfalilcld\MANIFEST-000001, Quarantined, 298, 990128, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is FlowAds? The Malwarebytes research team has determined that FlowAds is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particualr one adds advertisements to Google search results. How do I know if my computer is affected by FlowAds? You may see this entry in your list of installed Chrome extensions: You may have noticed these warnings during install: How did FlowAds get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove FlowAds? Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of FlowAds? No, Malwarebytes removes FlowAds completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the FlowAds hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (FlowAds) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\manpibbmfnlgdidpnmejijggbgmaidoi [2021-10-19] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\manpibbmfnlgdidpnmejijggbgmaidoi\3.5.14_0 Adds the file 128.png"="10/19/2021 10:29 AM, 2214 bytes, A Adds the file background.js"="10/13/2021 3:39 PM, 3026 bytes, A Adds the file features.js"="10/13/2021 4:16 PM, 9239 bytes, A Adds the file manifest.json"="10/19/2021 10:29 AM, 11794 bytes, A Adds the file purify.min.js"="12/18/2020 6:12 PM, 17834 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\manpibbmfnlgdidpnmejijggbgmaidoi\3.5.14_0\_locales\da Adds the file messages.json"="10/19/2021 10:29 AM, 204 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\manpibbmfnlgdidpnmejijggbgmaidoi\3.5.14_0\_locales\de Adds the file messages.json"="10/19/2021 10:29 AM, 211 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\manpibbmfnlgdidpnmejijggbgmaidoi\3.5.14_0\_locales\en Adds the file messages.json"="10/19/2021 10:29 AM, 204 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\manpibbmfnlgdidpnmejijggbgmaidoi\3.5.14_0\_locales\es Adds the file messages.json"="10/19/2021 10:29 AM, 230 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\manpibbmfnlgdidpnmejijggbgmaidoi\3.5.14_0\_locales\fi Adds the file messages.json"="10/19/2021 10:29 AM, 204 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\manpibbmfnlgdidpnmejijggbgmaidoi\3.5.14_0\_locales\fr Adds the file messages.json"="10/19/2021 10:29 AM, 204 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\manpibbmfnlgdidpnmejijggbgmaidoi\3.5.14_0\_locales\it Adds the file messages.json"="10/19/2021 10:29 AM, 212 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\manpibbmfnlgdidpnmejijggbgmaidoi\3.5.14_0\_locales\nl Adds the file messages.json"="10/19/2021 10:29 AM, 213 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\manpibbmfnlgdidpnmejijggbgmaidoi\3.5.14_0\_locales\no Adds the file messages.json"="10/19/2021 10:29 AM, 204 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\manpibbmfnlgdidpnmejijggbgmaidoi\3.5.14_0\_locales\pt_BR Adds the file messages.json"="10/19/2021 10:29 AM, 224 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\manpibbmfnlgdidpnmejijggbgmaidoi\3.5.14_0\_locales\sv Adds the file messages.json"="10/19/2021 10:29 AM, 204 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\manpibbmfnlgdidpnmejijggbgmaidoi\3.5.14_0\_locales\zh_TW Adds the file messages.json"="10/19/2021 10:29 AM, 204 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\manpibbmfnlgdidpnmejijggbgmaidoi\3.5.14_0\_metadata Adds the file computed_hashes.json"="10/19/2021 10:29 AM, 630 bytes, A Adds the file verified_contents.json"="10/13/2021 4:28 PM, 3268 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\manpibbmfnlgdidpnmejijggbgmaidoi Adds the file 000003.log"="10/19/2021 10:29 AM, 108 bytes, A Adds the file CURRENT"="10/19/2021 10:29 AM, 16 bytes, A Adds the file LOCK"="10/19/2021 10:29 AM, 0 bytes, A Adds the file LOG"="10/19/2021 10:29 AM, 369 bytes, A Adds the file MANIFEST-000001"="10/19/2021 10:29 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "manpibbmfnlgdidpnmejijggbgmaidoi"="REG_SZ", "AF9BF8A2AE1909679B210907BBAFB9666E5BC1C3F68A2A3F4AA74D90C93E342B" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/19/21 Scan Time: 10:38 AM Log File: e8c9d2c2-30b7-11ec-bf5c-080027235d76.json -Software Information- Version: 4.4.8.137 Components Version: 1.0.1474 Update Package Version: 1.0.46108 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 259427 Threats Detected: 10 Threats Quarantined: 10 Time Elapsed: 2 min, 14 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.FlowAds, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|manpibbmfnlgdidpnmejijggbgmaidoi, Quarantined, 2395, 989076, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.FlowAds, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\manpibbmfnlgdidpnmejijggbgmaidoi, Quarantined, 2395, 989076, , , , , , PUP.Optional.FlowAds, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\manpibbmfnlgdidpnmejijggbgmaidoi, Quarantined, 2395, 989076, 1.0.46108, , ame, , , File: 7 PUP.Optional.FlowAds, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 2395, 989076, , , , , 8CA0B8FC9DD4F12FABEB42323F0C57D6, 4A1435263D679FD3E7FD2A8ECBCEF4D952330EF28523425C9078D6EE1E0D9631 PUP.Optional.FlowAds, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 2395, 989076, , , , , EA8E99EDE483038C75D5C72F9AAB3BF1, 8FE187BE82B8D73801CECC54600C3214E43BC0F5621A61320A490B1EF3B75452 PUP.Optional.FlowAds, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\manpibbmfnlgdidpnmejijggbgmaidoi\000003.log, Quarantined, 2395, 989076, , , , , 0E7F5CB8169C919511AEB5DAA81D3322, D7970DB92FD0886E5B1B81D1A5879BB23F10D551E47DF2F995C951F056363C1C PUP.Optional.FlowAds, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\manpibbmfnlgdidpnmejijggbgmaidoi\CURRENT, Quarantined, 2395, 989076, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.FlowAds, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\manpibbmfnlgdidpnmejijggbgmaidoi\LOCK, Quarantined, 2395, 989076, , , , , , PUP.Optional.FlowAds, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\manpibbmfnlgdidpnmejijggbgmaidoi\LOG, Quarantined, 2395, 989076, , , , , 256CE859141CB9DB4188A3C234FA8BB1, 8058F13B210FEBC17F3186175BB421C4AEBF2E0950E5E6D7B2ADAB171777DF7E PUP.Optional.FlowAds, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\manpibbmfnlgdidpnmejijggbgmaidoi\MANIFEST-000001, Quarantined, 2395, 989076, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is Key Omni?The Malwarebytes research team has determined that Key Omni is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.This particular one changes your default search engine.How do I know if my computer is affected by Key Omni?You may see this entry in your list of installed Chrome extensions:You may have noticed these warnings during install:and this changed setting:How did Key Omni get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove Key Omni?Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Key Omni? No, Malwarebytes removes Key Omni completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below Malwarebytes Browser Guard, as well as the full version of Malwarebytes would have protected you against the Key Omni hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://www.keysearchs.com/search.php?src=kyom&type=ds&q={searchTerms} CHR DefaultSearchKeyword: Default -> Key CHR DefaultSuggestURL: Default -> hxxps://www.keysearchs.com/suggest.php?q={searchTerms} CHR Extension: (Key Omni) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgbbekaglmmmfjghmkafebboajchblj [2021-10-11] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgbbekaglmmmfjghmkafebboajchblj\1.0.6_0 Adds the file bg.js"="9/17/2021 6:49 PM, 2392 bytes, A Adds the file manifest.json"="10/11/2021 12:17 PM, 1388 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgbbekaglmmmfjghmkafebboajchblj\1.0.6_0\_metadata Adds the file computed_hashes.json"="10/11/2021 12:17 PM, 128 bytes, A Adds the file verified_contents.json"="9/14/2021 11:57 PM, 1640 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgbbekaglmmmfjghmkafebboajchblj\1.0.6_0\icons Adds the file image128.png"="10/11/2021 12:17 PM, 3469 bytes, A Adds the file image16.png"="10/11/2021 12:17 PM, 412 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "hdgbbekaglmmmfjghmkafebboajchblj"="REG_SZ", "B693E44580BC1A531F8061BEFAFCA9B13947E89B46D702D363A53B022361E42F" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/12/21 Scan Time: 10:11 AM Log File: 11754b36-2b34-11ec-9f78-080027235d76.json -Software Information- Version: 4.4.8.137 Components Version: 1.0.1474 Update Package Version: 1.0.45812 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 259310 Threats Detected: 5 Threats Quarantined: 5 Time Elapsed: 1 min, 44 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 Adware.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|hdgbbekaglmmmfjghmkafebboajchblj, Quarantined, 16932, 987269, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 1 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HDGBBEKAGLMMMFJGHMKAFEBBOAJCHBLJ, Quarantined, 16932, 987269, 1.0.45812, , ame, , , File: 3 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 16932, 987269, , , , , 759A5846EADA308E933BFC4502BD0CEE, D67AB3B8C764195EF7990D9EFB1C340C926EEB6F88930F913BF81A2D46B01069 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 16932, 987269, , , , , BDF36708C13A5DBC766EE7D9AE15C607, A4EE5AEDDB41FCCD603E3F99F52172B4A289AC9226235516337C2DBC53D12DB1 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HDGBBEKAGLMMMFJGHMKAFEBBOAJCHBLJ\1.0.6_0\BG.JS, Quarantined, 16932, 987269, 1.0.45812, , ame, , C22F4312B6FDF96E3A3D3D198DC129D6, 541D4B42382133DF08CD8888B0E19D8244F2844D82CB14B4A021F12D56553C0A Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is Win 10 Tweaker? The Malwarebytes research team has determined that Win 10 Tweaker is a "system optimizer". This so-called "system optimizers" requires users to disable their anti-malware software. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with Win 10 Tweaker? This is how the main screen of the system optimizer looks: and see this warning before you can use the program: How did Win 10 Tweaker get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was made available on a questionable website. How do I remove Win 10 Tweaker? Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Win 10 Tweaker? No, Malwarebytes removes Win 10 Tweaker completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this system optimizer. As you can see below the full version of Malwarebytes would have protected you against the Win 10 Tweaker installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. And it would have blocked the website where the program was available for download. Technical details for experts You may see these entries in FRST logs: (XpucT) [File not signed] C:\Downloads\win 10 tweaker.exe Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the file C:\Downloads\win 10 tweaker.exe Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\w10t] "URL protocol"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\w10t\shell\open\command] "(Default)"="REG_SZ", ""C:\Downloads\win 10 tweaker.exe" buyknow" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/6/21 Scan Time: 1:35 PM Log File: 84d29178-2699-11ec-bd4a-080027235d76.json -Software Information- Version: 4.4.7.134 Components Version: 1.0.1464 Update Package Version: 1.0.45600 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 259385 Threats Detected: 3 Threats Quarantined: 3 Time Elapsed: 2 min, 2 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.Win10Tweak, C:\DOWNLOADS\WIN 10 TWEAKER.EXE, Quarantined, 14629, 977683, , , , , 12AC631DDCE30527B221CE2647026C55, C9D7CA6E47124B6B22A43986D6F21EC70C0173A2D72553595F87C6450D103E2A Module: 1 PUP.Optional.Win10Tweak, C:\DOWNLOADS\WIN 10 TWEAKER.EXE, Quarantined, 14629, 977683, , , , , 12AC631DDCE30527B221CE2647026C55, C9D7CA6E47124B6B22A43986D6F21EC70C0173A2D72553595F87C6450D103E2A Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 PUP.Optional.Win10Tweak, C:\DOWNLOADS\WIN 10 TWEAKER.EXE, Quarantined, 14629, 977683, 1.0.45600, 57232C5A866F4990FEAABFCB, dds, 01453504, 12AC631DDCE30527B221CE2647026C55, C9D7CA6E47124B6B22A43986D6F21EC70C0173A2D72553595F87C6450D103E2A Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is Still Sherpa? The Malwarebytes research team has determined that Still Sherpa is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particualr one is offered under false pretences. How do I know if my computer is affected by Still Sherpa? You may see this entry in your list of installed Chrome extensions: You may have noticed these warnings during install: How did Still Sherpa get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Still Sherpa? Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Still Sherpa? No, Malwarebytes removes Still Sherpa completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Still Sherpa hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (Still Sherpa) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlanljjlfdfgojmidpepjhnlppaojggh [2021-09-27] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlanljjlfdfgojmidpepjhnlppaojggh\1.0_0 Adds the file background.js"="7/6/2021 10:31 AM, 2149 bytes, A Adds the file inject.js"="7/6/2021 10:31 AM, 6861 bytes, A Adds the file logo-128.png"="9/27/2021 2:13 PM, 8457 bytes, A Adds the file manifest.json"="9/27/2021 2:13 PM, 997 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlanljjlfdfgojmidpepjhnlppaojggh\1.0_0\_metadata Adds the file computed_hashes.json"="9/27/2021 2:13 PM, 286 bytes, A Adds the file verified_contents.json"="7/6/2021 10:31 AM, 1629 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "hlanljjlfdfgojmidpepjhnlppaojggh"="REG_SZ", "EE070591401FA0FBD117ADD50F15D7F636C7B4308766212293229F1E46DF3DD3" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/27/21 Scan Time: 2:31 PM Log File: df875cc8-1f8e-11ec-954f-080027235d76.json -Software Information- Version: 4.4.7.134 Components Version: 1.0.1464 Update Package Version: 1.0.45404 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 259206 Threats Detected: 5 Threats Quarantined: 5 Time Elapsed: 2 min, 18 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchHijacker.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|hlanljjlfdfgojmidpepjhnlppaojggh, Quarantined, 269, 982677, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 1 PUP.Optional.SearchHijacker.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HLANLJJLFDFGOJMIDPEPJHNLPPAOJGGH, Quarantined, 269, 982677, 1.0.45404, , ame, , , File: 3 PUP.Optional.SearchHijacker.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 269, 982677, , , , , 5346FBE90BC2B8E0DB5E71E8451D35DC, 8CAA303D8203A37FB529FD80D1CC61169D845A0A5919D2E0410DB1D87B45E10F PUP.Optional.SearchHijacker.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 269, 982677, , , , , 429D0FA7116214026B4FF7E2DEA588E8, 2E5FAE43D3E839758DCAECB9C65114CB4A7CDE9A882F02DF8BCA3E954CA1C12E PUP.Optional.SearchHijacker.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HLANLJJLFDFGOJMIDPEPJHNLPPAOJGGH\1.0_0\MANIFEST.JSON, Quarantined, 269, 982677, 1.0.45404, , ame, , 9EEF7220836BCB8998EB80EC06AEBB67, 3E0CDA704B95190A51EDD0B4E5AF75E03F9BAB4F40A5C29F4513D330AC1DD54E Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is PDFConverterSearchOnline? The Malwarebytes research team has determined that PDFConverterSearchOnline is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one changes your default search engine. How do I know if my computer is affected by PDFConverterSearchOnline? You may see this entry in your list of installed Chrome extensions: and this changed setting: You may have noticed these warnings during install: How did PDFConverterSearchOnline get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove PDFConverterSearchOnline? Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of PDFConverterSearchOnline? No, Malwarebytes removes PDFConverterSearchOnline completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the PDFConverterSearchOnline hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://feed.pdfconvertersearchonline.com/?q={searchTerms}&publisher=pdfconvertersearchonline&barcodeid=590490000000000 CHR DefaultSearchKeyword: Default -> PDFConverterSearchOnline CHR DefaultSuggestURL: Default -> hxxps://api.pdfconvertersearchonline.com/suggest/get?q={searchTerms} CHR Extension: (PDFConverterSearchOnline) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmcpfkfangfafgammpgkhbiogchfegd [2021-09-08] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmcpfkfangfafgammpgkhbiogchfegd\1.1.0_0 Adds the file manifest.json"="9/8/2021 12:58 PM, 2228 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmcpfkfangfafgammpgkhbiogchfegd\1.1.0_0\_metadata Adds the file computed_hashes.json"="9/8/2021 12:58 PM, 6725 bytes, A Adds the file verified_contents.json"="2/10/2021 3:27 PM, 2049 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmcpfkfangfafgammpgkhbiogchfegd\1.1.0_0\images Adds the file logo-white-text.png"="2/10/2021 3:27 PM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmcpfkfangfafgammpgkhbiogchfegd\1.1.0_0\images\icons Adds the file 128x128.png"="9/8/2021 12:58 PM, 2289 bytes, A Adds the file 16x16.png"="9/8/2021 12:58 PM, 418 bytes, A Adds the file 64x64.png"="9/8/2021 12:58 PM, 1202 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmcpfkfangfafgammpgkhbiogchfegd\1.1.0_0\scripts Adds the file background.js"="2/10/2021 3:27 PM, 553547 bytes, A Adds the file sitecontent.js"="2/10/2021 3:27 PM, 77 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hcmcpfkfangfafgammpgkhbiogchfegd Adds the file 000003.log"="9/8/2021 1:01 PM, 507 bytes, A Adds the file CURRENT"="9/8/2021 12:58 PM, 16 bytes, A Adds the file LOCK"="9/8/2021 12:58 PM, 0 bytes, A Adds the file LOG"="9/8/2021 12:58 PM, 369 bytes, A Adds the file MANIFEST-000001"="9/8/2021 12:58 PM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_hcmcpfkfangfafgammpgkhbiogchfegd Adds the file PDFConverterSearchOnline.ico"="9/8/2021 12:58 PM, 165607 bytes, A Adds the file PDFConverterSearchOnline.ico.md5"="9/8/2021 12:58 PM, 16 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "hcmcpfkfangfafgammpgkhbiogchfegd"="REG_SZ", "E16CAB2C4450E57C2B5666D3830FE5EBE10A60858113219B868925EC8CAC5428" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/8/21 Scan Time: 1:04 PM Log File: 980d4c58-1094-11ec-b450-080027235d76.json -Software Information- Version: 4.4.6.132 Components Version: 1.0.1453 Update Package Version: 1.0.44750 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 259060 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 2 min, 21 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 Adware.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|hcmcpfkfangfafgammpgkhbiogchfegd, Quarantined, 16899, 799722, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\hcmcpfkfangfafgammpgkhbiogchfegd, Quarantined, 16899, 799722, , , , , , Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HCMCPFKFANGFAFGAMMPGKHBIOGCHFEGD, Quarantined, 16899, 799722, 1.0.44750, , ame, , , File: 8 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 16899, 799722, , , , , E4C9E3ADEEF6EA16E55E4DEEE539029C, 963FEF36AB93DFA4707757D1D07E8F9CB80200A1E0F22C0A884CDB22E91B0108 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 16899, 799722, , , , , 225CF683484EFA82ABBCF43173FC3C60, 9A41E446E47999F972A902CA76B8B42473F00317CBCF69CF9DF1E4F7A83FD9B8 Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hcmcpfkfangfafgammpgkhbiogchfegd\000003.log, Quarantined, 16899, 799722, , , , , A5B672FC1DCAD9AAEA77DA00492295DF, 9C5B1D058484CC233ED04A9B0EBC070C086802BCB4310987615245564D5F8F59 Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hcmcpfkfangfafgammpgkhbiogchfegd\CURRENT, Quarantined, 16899, 799722, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hcmcpfkfangfafgammpgkhbiogchfegd\LOCK, Quarantined, 16899, 799722, , , , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hcmcpfkfangfafgammpgkhbiogchfegd\LOG, Quarantined, 16899, 799722, , , , , 266A18F4AB3BC632C5EA58F9226042D6, 1A412839B580209D7F55600A1677603F026ABF8FBADF981EB2C69AC92954EE8D Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hcmcpfkfangfafgammpgkhbiogchfegd\MANIFEST-000001, Quarantined, 16899, 799722, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HCMCPFKFANGFAFGAMMPGKHBIOGCHFEGD\1.1.0_0\MANIFEST.JSON, Quarantined, 16899, 799722, 1.0.44750, , ame, , B631F44B28FED52C4F7BCC29D1903019, D6B296187432CF661E1114E8CEF787C75790D44C2FF354D95A2D7ED1D061A268 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is Togo Quick Search? The Malwarebytes research team has determined that Togo Quick Search is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one changes your default search provider. How do I know if my computer is affected by Togo Quick Search? You may see this entry in your list of installed Chrome extensions: You may have noticed these warnings during install: How did Togo Quick Search get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Togo Quick Search? Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Togo Quick Search? No, Malwarebytes removes Togo Quick Search completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Togo Quick Search hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://www.togosearching.com/webs?src=togqks&type=ds&q={searchTerms} CHR DefaultSearchKeyword: Default -> Togo CHR DefaultSuggestURL: Default -> hxxps://www.togosearching.com/suggest?q={searchTerms} CHR Extension: (Togo Quick Search) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdnmkpbhlfaahdkpcgkmkejilfigfkhd [2021-09-07] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdnmkpbhlfaahdkpcgkmkejilfigfkhd\1.0.16_0 Adds the file bg.js"="7/19/2021 4:36 PM, 2307 bytes, A Adds the file manifest.json"="9/7/2021 11:07 AM, 1745 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdnmkpbhlfaahdkpcgkmkejilfigfkhd\1.0.16_0\_metadata Adds the file computed_hashes.json"="9/7/2021 11:07 AM, 351 bytes, A Adds the file verified_contents.json"="8/13/2021 5:06 PM, 1641 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdnmkpbhlfaahdkpcgkmkejilfigfkhd\1.0.16_0\icons Adds the file image128.png"="9/7/2021 11:07 AM, 3894 bytes, A Adds the file image16.png"="9/7/2021 11:07 AM, 409 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "hdnmkpbhlfaahdkpcgkmkejilfigfkhd"="REG_SZ", "7CD5B9163F641D3365A3670403C7EE10F172FE97CFA7FB6036AA9C1699463618" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/7/21 Scan Time: 2:50 PM Log File: 30d3fb50-0fda-11ec-b086-080027235d76.json -Software Information- Version: 4.4.5.130 Components Version: 1.0.1430 Update Package Version: 1.0.44732 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 258523 Threats Detected: 5 Threats Quarantined: 5 Time Elapsed: 2 min, 9 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 Adware.SearchEngineHijack, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|hdnmkpbhlfaahdkpcgkmkejilfigfkhd, Quarantined, 423, 976729, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 1 Adware.SearchEngineHijack, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HDNMKPBHLFAAHDKPCGKMKEJILFIGFKHD, Quarantined, 423, 976729, 1.0.44732, , ame, , , File: 3 Adware.SearchEngineHijack, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 423, 976729, , , , , B3350C9EF6F11FFE6E1A56102F3E8D5E, 368FB794EC7A3995C67C31582D7EEFDE6138B3755B225244BCDD07E38DE2BBDF Adware.SearchEngineHijack, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 423, 976729, , , , , FC63C93B90952A3C29FC1D19FD0FD515, 51D1D87ABB79EC94BDB7E17579499828E7EC95B581D7473C5C6D3E7BC7F5E2D9 Adware.SearchEngineHijack, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HDNMKPBHLFAAHDKPCGKMKEJILFIGFKHD\1.0.16_0\BG.JS, Quarantined, 423, 976729, 1.0.44732, , ame, , F869211D7C01C963590D2D14B634D414, 79DFE124D2E00063517CDC7AABAB7F3D5354F3EA8A019E66DF653A9EB9818010 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is StreamingSearch? The Malwarebytes research team has determined that StreamingSearch is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one also uses browser push notifications and adds advertisements to your search results in the form of Search Recommendations. How do I know if my computer is affected by StreamingSearch? You may see this entry in your list of installed Chrome extensions: and these warnings during install: and this changed setting: How did StreamingSearch get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove StreamingSearch? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of StreamingSearch? No, Malwarebytes removes StreamingSearch completely. If you have allowed the notifications you can read here how to disable them. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the StreamingSearch hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Notifications: Default -> hxxps://get.streaming-search.com CHR DefaultSearchURL: Default -> hxxps://feed.streaming-search.com/?q={searchTerms}&publisher=streamingsearch&barcodeid=573420000000000 CHR DefaultSearchKeyword: Default -> StreamingSearch CHR DefaultSuggestURL: Default -> hxxps://api.streaming-search.com/suggest/get?q={searchTerms} CHR Extension: (StreamingSearch) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\padhfaokfofocbnmcfpfcffbbklbijam [2021-09-06] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\padhfaokfofocbnmcfpfcffbbklbijam\1.1.0_0 Adds the file manifest.json"="9/6/2021 1:00 PM, 2126 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\padhfaokfofocbnmcfpfcffbbklbijam\1.1.0_0\_metadata Adds the file computed_hashes.json"="9/6/2021 1:00 PM, 6255 bytes, A Adds the file verified_contents.json"="5/25/2020 4:45 PM, 2049 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\padhfaokfofocbnmcfpfcffbbklbijam\1.1.0_0\images Adds the file logo-white-text.png"="5/25/2020 4:45 PM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\padhfaokfofocbnmcfpfcffbbklbijam\1.1.0_0\images\icons Adds the file 128x128.png"="9/6/2021 1:00 PM, 11193 bytes, A Adds the file 16x16.png"="9/6/2021 1:00 PM, 734 bytes, A Adds the file 64x64.png"="9/6/2021 1:00 PM, 4913 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\padhfaokfofocbnmcfpfcffbbklbijam\1.1.0_0\scripts Adds the file background.js"="5/25/2020 4:45 PM, 514627 bytes, A Adds the file sitecontent.js"="5/25/2020 4:45 PM, 77 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\padhfaokfofocbnmcfpfcffbbklbijam Adds the file 000003.log"="9/6/2021 1:05 PM, 127 bytes, A Adds the file CURRENT"="9/6/2021 1:00 PM, 16 bytes, A Adds the file LOCK"="9/6/2021 1:00 PM, 0 bytes, A Adds the file LOG"="9/6/2021 1:05 PM, 410 bytes, A Adds the file LOG.old"="9/6/2021 1:04 PM, 410 bytes, A Adds the file MANIFEST-000001"="9/6/2021 1:00 PM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "padhfaokfofocbnmcfpfcffbbklbijam"="REG_SZ", "19F3A6DEF73B6B8777EE012D93D444178BD40340C4034B3CFB623F2D6244341F" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/6/21 Scan Time: 12:51 PM Log File: 567acabc-0f00-11ec-aa4c-080027235d76.json -Software Information- Version: 4.4.5.130 Components Version: 1.0.1430 Update Package Version: 1.0.44692 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 258463 Threats Detected: 12 Threats Quarantined: 12 Time Elapsed: 1 min, 58 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 Adware.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|padhfaokfofocbnmcfpfcffbbklbijam, Quarantined, 16894, 799722, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\padhfaokfofocbnmcfpfcffbbklbijam, Quarantined, 16894, 799722, , , , , , Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PADHFAOKFOFOCBNMCFPFCFFBBKLBIJAM, Quarantined, 16894, 799722, 1.0.44692, , ame, , , File: 9 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 16894, 799722, , , , , 91BBC73D5E6E230DEB9B28F177BA9D2D, EC54C2D9453F9C68575318B4A2A143E381855F0B5AB07402782337C5378B5E8B Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 16894, 799722, , , , , F3947B9E7697D861F0B2A8B88E183821, 387EC9E3000E76BEDC18E64C24725D65182974AF2378909FDA5336A2D4FBC0A6 Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\padhfaokfofocbnmcfpfcffbbklbijam\000003.log, Quarantined, 16894, 799722, , , , , BA3269F98BFAD8DA631A9FD695906019, E73A67671CE078449855AA39ACF5ED2C3C69524F39A980A53F6A17A22D5F008E Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\padhfaokfofocbnmcfpfcffbbklbijam\CURRENT, Quarantined, 16894, 799722, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\padhfaokfofocbnmcfpfcffbbklbijam\LOCK, Quarantined, 16894, 799722, , , , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\padhfaokfofocbnmcfpfcffbbklbijam\LOG, Quarantined, 16894, 799722, , , , , 14F7290833E2C65FE84E3C6A502437DB, 2BEE29AB97656ACD370D4909FE7A2FA0DEE4301FB634819B4E0AC324F32DBD92 Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\padhfaokfofocbnmcfpfcffbbklbijam\MANIFEST-000001, Quarantined, 16894, 799722, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PADHFAOKFOFOCBNMCFPFCFFBBKLBIJAM\1.1.0_0\MANIFEST.JSON, Quarantined, 16894, 799722, 1.0.44692, , ame, , F58BB45A52CE4F0B754EFF96D911879E, 841A0BD46F063DED0E3DF1E51F02F659EEE12E08F7886357C42EC572E08DD013 PUP.Optional.PushNotifications.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 201, 832182, 1.0.44692, , ame, , F3947B9E7697D861F0B2A8B88E183821, 387EC9E3000E76BEDC18E64C24725D65182974AF2378909FDA5336A2D4FBC0A6 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is NetflixHub?The Malwarebytes research team has determined that NetflixHub is a potentially unwanted program that behaves like adware. These adware applications display advertisements not originating from the sites you are browsing.How do I know if my computer is affected by NetflixHub?You may see this entry in your list of installed programs:this icon in the taskbar, and the startmenu.and this is the main window of the program.All it does is liunk you to the actual Netflix website.You may have noticed these warnings during install:How did NetflixHub get on my computer?Adware applications use different methods for distributing themselves. This particular program was installed from their website.How do I remove NetflixHub?Our program Malwarebytes can detect and remove this adware program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of NetflixHub? No, Malwarebytes removes NetflixHub completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this adware.As you can see below the full version of Malwarebytes would have protected you against the NetflixHub adware. It would have blocked the installer before it became too late. Technical details for expertsPossible signs in FRST logs: (NetflixHub -> NetflixHub) [File not signed] C:\Users\{username}\AppData\Roaming\NetflixHub\NetflixHub.exe <6> HKLM-x32\...\Run: [NetflixHub] => C:\Users\{username}\AppData\Roaming\NetflixHub\NetflixHub.exe [5044928 2021-06-29] (NetflixHub -> NetflixHub) [File not signed] C:\Users\{username}\AppData\Local\NetflixHub C:\Users\{username}\AppData\Roaming\NetflixHub C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetflixHub (NetflixHub) C:\Users\{username}\Downloads\NetflixHub.17.2106.1acwk.exe NetflixHub - NetflixHub for Desktop (HKLM-x32\...\NetflixHub) (Version: 17.2106.1acwk - NetflixHub) () [File not signed] C:\Users\{username}\AppData\Roaming\NetflixHub\swiftshader\libegl.dll () [File not signed] C:\Users\{username}\AppData\Roaming\NetflixHub\swiftshader\libglesv2.dll (NetflixHub -> Microsoft Corporation) [File not signed] C:\Users\{username}\AppData\Roaming\NetflixHub\D3DCompiler_47.dll (NetflixHub -> The NW.js Community) [File not signed] C:\Users\{username}\AppData\Roaming\NetflixHub\node.dll (NetflixHub -> The NW.js Community) [File not signed] C:\Users\{username}\AppData\Roaming\NetflixHub\nw.dll (NetflixHub -> The NW.js Community) [File not signed] C:\Users\{username}\AppData\Roaming\NetflixHub\nw_elf.dll Significant changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\NetflixHub\User Data Adds the file CrashpadMetrics-active.pma"="9/3/2021 10:48 AM, 1048576 bytes, A Adds the file First Run"="9/3/2021 10:48 AM, 0 bytes, A Adds the file Local State"="9/3/2021 10:48 AM, 1958 bytes, A Adds the file lockfile"="9/3/2021 10:48 AM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\NetflixHub\User Data\BrowserMetrics Adds the file BrowserMetrics-6131E154-B24.pma"="9/3/2021 10:48 AM, 4194304 bytes, A Adds the folder C:\Users\{username}\AppData\Local\NetflixHub\User Data\Crashpad Adds the file metadata"="9/3/2021 10:48 AM, 0 bytes, A Adds the file settings.dat"="9/3/2021 10:48 AM, 40 bytes, A Adds the folder C:\Users\{username}\AppData\Local\NetflixHub\User Data\Crashpad\reports Adds the folder C:\Users\{username}\AppData\Local\NetflixHub\User Data\Default Adds the file 000003.log"="9/3/2021 10:48 AM, 0 bytes, A Adds the file Cookies"="9/3/2021 10:48 AM, 20480 bytes, A Adds the file Cookies-journal"="9/3/2021 10:48 AM, 0 bytes, A Adds the file CURRENT"="9/3/2021 10:48 AM, 16 bytes, A Adds the file Favicons"="9/3/2021 10:48 AM, 20480 bytes, A Adds the file Favicons-journal"="9/3/2021 10:48 AM, 0 bytes, A Adds the file Google Profile.ico"="9/3/2021 10:48 AM, 151668 bytes, A Adds the file History"="9/3/2021 10:48 AM, 118784 bytes, A Adds the file History-journal"="9/3/2021 10:48 AM, 0 bytes, A Adds the file LOCK"="9/3/2021 10:48 AM, 0 bytes, A Adds the file LOG"="9/3/2021 10:48 AM, 0 bytes, A Adds the file Login Data"="9/3/2021 10:48 AM, 18432 bytes, A Adds the file Login Data-journal"="9/3/2021 10:48 AM, 0 bytes, A Adds the file MANIFEST-000002"="9/3/2021 10:48 AM, 50 bytes, A Adds the file Network Action Predictor"="9/3/2021 10:48 AM, 36864 bytes, A Adds the file Network Action Predictor-journal"="9/3/2021 10:48 AM, 0 bytes, A Adds the file page_load_capping_opt_out.db"="9/3/2021 10:48 AM, 16384 bytes, A Adds the file page_load_capping_opt_out.db-journal"="9/3/2021 10:48 AM, 0 bytes, A Adds the file Preferences"="9/3/2021 10:48 AM, 2189 bytes, A Adds the file previews_opt_out.db"="9/3/2021 10:48 AM, 16384 bytes, A Adds the file previews_opt_out.db-journal"="9/3/2021 10:48 AM, 0 bytes, A Adds the file QuotaManager"="9/3/2021 10:48 AM, 53248 bytes, A Adds the file QuotaManager-journal"="9/3/2021 10:48 AM, 0 bytes, A Adds the file README"="9/3/2021 10:48 AM, 162 bytes, A Adds the file Secure Preferences"="9/3/2021 10:48 AM, 4725 bytes, A Adds the file Top Sites"="9/3/2021 10:48 AM, 20480 bytes, A Adds the file Top Sites-journal"="9/3/2021 10:48 AM, 0 bytes, A Adds the file Visited Links"="9/3/2021 10:48 AM, 0 bytes, A Adds the file Web Data"="9/3/2021 10:48 AM, 65536 bytes, A Adds the file Web Data-journal"="9/3/2021 10:48 AM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\NetflixHub\User Data\Default\blob_storage\88e496af-d910-41cf-a698-419d14b0b1e2 Adds the folder C:\Users\{username}\AppData\Local\NetflixHub\User Data\Default\Cache Adds the folder C:\Users\{username}\AppData\Local\NetflixHub\User Data\Default\data_reduction_proxy_leveldb Adds the folder C:\Users\{username}\AppData\Local\NetflixHub\User Data\Default\databases Adds the file Databases.db"="9/3/2021 10:48 AM, 28672 bytes, A Adds the file Databases.db-journal"="9/3/2021 10:48 AM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\NetflixHub\User Data\Default\databases\chrome-extension_jaddibjanbcjcedhmmobigacaabefjhm_0 Adds the file 1"="9/3/2021 10:48 AM, 16384 bytes, A Adds the folder C:\Users\{username}\AppData\Local\NetflixHub\User Data\Default\Extension Rules Adds the folder C:\Users\{username}\AppData\Local\NetflixHub\User Data\Default\Extension State Adds the folder C:\Users\{username}\AppData\Local\NetflixHub\User Data\Default\GPUCache Adds the folder C:\Users\{username}\AppData\Local\NetflixHub\User Data\Default\Local Storage\leveldb Adds the folder C:\Users\{username}\AppData\Local\NetflixHub\User Data\Default\Site Characteristics Database Adds the folder C:\Users\{username}\AppData\Local\NetflixHub\User Data\Default\Sync Data\LevelDB Adds the folder C:\Users\{username}\AppData\Local\NetflixHub\User Data\Default\Thumbnails Adds the folder C:\Users\{username}\AppData\Local\NetflixHub\User Data\Default\Web Applications\_nwjs_jaddibjanbcjcedhmmobigacaabefjhm Adds the file NetflixHub.ico"="9/3/2021 10:48 AM, 173897 bytes, A Adds the file NetflixHub.ico.md5"="9/3/2021 10:48 AM, 16 bytes, A Adds the folder C:\Users\{username}\AppData\Local\NetflixHub\User Data\ShaderCache\GPUCache Adds the folder C:\Users\{username}\AppData\Local\NetflixHub\User Data\Stability Adds the file 2852-1630658899779560.pma"="9/3/2021 10:48 AM, 1048576 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetflixHub Adds the file NetflixHub.lnk"="9/3/2021 10:47 AM, 1873 bytes, A Adds the file Uninstall.lnk"="9/3/2021 10:47 AM, 1866 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\NetflixHub Adds the file d3dcompiler_47.dll"="6/29/2021 8:30 PM, 3710768 bytes, A Adds the file ffmpeg.dll"="6/29/2021 8:30 PM, 1488176 bytes, A Adds the file icudtl.dat"="2/22/2021 9:30 AM, 10245952 bytes, A Adds the file libEGL.dll"="6/29/2021 8:30 PM, 96560 bytes, A Adds the file libGLESv2.dll"="6/29/2021 8:30 PM, 4434736 bytes, A Adds the file natives_blob.bin"="2/22/2021 9:30 AM, 92247 bytes, A Adds the file NetflixHub.exe"="6/29/2021 8:30 PM, 5044928 bytes, A Adds the file node.dll"="6/29/2021 8:30 PM, 12371760 bytes, A Adds the file notification_helper.exe"="6/29/2021 8:30 PM, 493360 bytes, A Adds the file nw.dll"="6/29/2021 8:30 PM, 94750512 bytes, A Adds the file nw_100_percent.pak"="2/22/2021 9:30 AM, 1021430 bytes, A Adds the file nw_200_percent.pak"="2/22/2021 9:30 AM, 1341563 bytes, A Adds the file nw_elf.dll"="6/29/2021 8:30 PM, 493872 bytes, A Adds the file resources.pak"="2/22/2021 9:30 AM, 5550400 bytes, A Adds the file snapshot_blob.bin"="2/22/2021 9:30 AM, 1283220 bytes, A Adds the file storage.json"="9/3/2021 10:47 AM, 80 bytes, A Adds the file Uninstall.exe"="9/3/2021 10:47 AM, 225231 bytes, A Adds the file v8_context_snapshot.bin"="2/22/2021 9:30 AM, 1607648 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\NetflixHub\locales Adds the folder C:\Users\{username}\AppData\Roaming\NetflixHub\swiftshader Adds the file libEGL.dll"="2/22/2021 9:30 AM, 122368 bytes, A Adds the file libGLESv2.dll"="2/22/2021 9:30 AM, 2256896 bytes, A In the existing folder C:\Users\{username}\Downloads Adds the file NetflixHub.17.2106.1acwk.exe"="9/3/2021 10:46 AM, 72776072 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NetflixHub"="REG_SZ", "C:\Users\{username}\AppData\Roaming\NetflixHub\NetflixHub.exe --su" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NetflixHub] "DisplayIcon"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\NetflixHub\Uninstall.exe"" "DisplayName"="REG_SZ", "NetflixHub - NetflixHub for Desktop" "DisplayVersion"="REG_SZ", "17.2106.1acwk" "EstimatedSize"="REG_DWORD", 179544 "Publisher"="REG_SZ", "NetflixHub" "UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\NetflixHub\Uninstall.exe"" [HKEY_CURRENT_USER\Software\AppDataLow\Software\NetflixHub] "uid"="REG_SZ", "1E9B50D5-DBB1-49C7-8097-2BE1C2056113" [HKEY_CURRENT_USER\Software\nwjs] "FirstNotDefault"="REG_QWORD, .../ "metricsid"="REG_SZ", "1dc7ba7a-d40e-42c6-b0b3-36c39dd0a0d2" "metricsid_enableddate"="REG_SZ", "1630658900" "metricsid_installdate"="REG_SZ", "1630658900" [HKEY_CURRENT_USER\Software\nwjs\BLBeacon] "failed_count"="REG_DWORD", 0 "state"="REG_DWORD", 1 "version"="REG_SZ", "71.0.3578.98" [HKEY_CURRENT_USER\Software\nwjs\PreferenceMACs\Default] "browser.show_home_button"="REG_SZ", "D4AE6B748030C65B37203BF504F4BAB6B7189D30A8068E933D27D272B9825121" "default_search_provider_data.template_url_data"="REG_SZ", "577902E48778C2084EA38A666D6F118AC7A10E564E6D2C614157FE4553B1CDF1" "google.services.account_id"="REG_SZ", "6FD09700B4A149D948B55F3C0AB72673D5C367B9E751454C6202DC1D3DFA6802" "google.services.last_account_id"="REG_SZ", "6AF24852E27EDB5DFA7E36D3AC87D5EBDB6B1A2ACB4AF4E651C22798B2394A67" "google.services.last_username"="REG_SZ", "BF235C9F83153EC2D71D60021ED0AA56728D62A5264E811DCEBFF589EA33BE81" "google.services.username"="REG_SZ", "A70B5C736433139A005D3E49D73AB8574672434936A4FA21F55757B0E4882F3C" "homepage"="REG_SZ", "6BEC350ECF8125372A826D71D2DB258A636A08AF0C652D9E774072EFB372A346" "homepage_is_newtabpage"="REG_SZ", "71E415DF84698054516E68295FA7E443543243920785F715BF71F2641FD03239" "media.storage_id_salt"="REG_SZ", "7CB55C624C43F9AF857E83B87E0E531816C28E8B247C5FBF4E6515960AD67692" "pinned_tabs"="REG_SZ", "988BA7AF49CBEED46002524FB1DC5972CCCEE6DF03B77A755B3E322D74E33697" "prefs.preference_reset_time"="REG_SZ", "3BB6D1CF1E2266580804D7B343EB3D436157898CC157308C74F704B5D85BFEB3" "safebrowsing.incidents_sent"="REG_SZ", "749D4F2A5067553DBA6E47E7C37A086D83F1623F54420951FD2646E8E8E27C80" "search_provider_overrides"="REG_SZ", "D868509C983E4D4868450576F8A3D3E7E05C68568CF8D7DF91589972AEF37E93" "session.restore_on_startup"="REG_SZ", "43A753CE09B9BF0DC9660872B81B90FD2A0D9B708609FE84D2B964F6828053EA" "session.startup_urls"="REG_SZ", "5622145A2429114A31AC87D39A6757FFC8802A76D4158BC08DC268C76568D401" "settings_reset_prompt.last_triggered_for_default_search"="REG_SZ", "1B7549747E6FD7C37E6D498A93AB6980CF3A2002D339CFD5D09C6997B37FA7E3" "settings_reset_prompt.last_triggered_for_homepage"="REG_SZ", "3937DC165E7432A408A1AEAC832766F0C8D5A7C7ADB070399FE60CB887003332" "settings_reset_prompt.last_triggered_for_startup_urls"="REG_SZ", "9CA5289F21296A288C9A358716171FDF673C04D4A30D443BB97A408B83B08135" "settings_reset_prompt.prompt_wave"="REG_SZ", "8E49A1A3D2AA3456F777518FDCC2BA30722E089ECFD7B7265C2EE8BB90D3EF15" "software_reporter.prompt_seed"="REG_SZ", "CC15095EDB89D7530910B1296F1D27AF2AC038D4F6B627A0668381488E697535" "software_reporter.prompt_version"="REG_SZ", "04FFA133961EA613587BC3C40EBACF2A6F42BCECBCEAE1CE4312993E3A3E752E" [HKEY_CURRENT_USER\Software\nwjs\PreferenceMACs\Default\extensions.settings] "jaddibjanbcjcedhmmobigacaabefjhm"="REG_SZ", "DF82EFCC87BCC813125D9589D1D9D6566479A9C53F7D3641C95E88E2AD204871" "mhjfbmdgcfjbbpaeojofohoefgiehjai"="REG_SZ", "9283025618D56E198F2EC5269105C65934AD459BB002BC6D1273E89647DE9646" [HKEY_CURRENT_USER\Software\nwjs\StabilityMetrics] "user_experience_metrics.stability.exited_cleanly"="REG_DWORD", 0 Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/3/21 Scan Time: 7:41 PM Log File: 2513dde8-0cde-11ec-993c-080027235d76.json -Software Information- Version: 4.4.5.130 Components Version: 1.0.1430 Update Package Version: 1.0.44562 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 258740 Threats Detected: 31 Threats Quarantined: 30 Time Elapsed: 1 min, 52 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 5 PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB\NETFLIXHUB.EXE, Quarantined, 792, 975780, , , , , EC6530AA5B51515FA9DA561F166B5734, 56196038F9F1FD0482794E35F4C0B9213DEFE450E75F05B0147779805996F9F5 PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB\NETFLIXHUB.EXE, Quarantined, 792, 975780, , , , , EC6530AA5B51515FA9DA561F166B5734, 56196038F9F1FD0482794E35F4C0B9213DEFE450E75F05B0147779805996F9F5 PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB\NETFLIXHUB.EXE, Quarantined, 792, 975780, , , , , EC6530AA5B51515FA9DA561F166B5734, 56196038F9F1FD0482794E35F4C0B9213DEFE450E75F05B0147779805996F9F5 PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB\NETFLIXHUB.EXE, Quarantined, 792, 975780, , , , , EC6530AA5B51515FA9DA561F166B5734, 56196038F9F1FD0482794E35F4C0B9213DEFE450E75F05B0147779805996F9F5 PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB\NETFLIXHUB.EXE, Quarantined, 792, 975780, , , , , EC6530AA5B51515FA9DA561F166B5734, 56196038F9F1FD0482794E35F4C0B9213DEFE450E75F05B0147779805996F9F5 Module: 13 PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB\NETFLIXHUB.EXE, Quarantined, 792, 975780, , , , , EC6530AA5B51515FA9DA561F166B5734, 56196038F9F1FD0482794E35F4C0B9213DEFE450E75F05B0147779805996F9F5 PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB\NETFLIXHUB.EXE, Quarantined, 792, 975780, , , , , EC6530AA5B51515FA9DA561F166B5734, 56196038F9F1FD0482794E35F4C0B9213DEFE450E75F05B0147779805996F9F5 PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB\NETFLIXHUB.EXE, Quarantined, 792, 975780, , , , , EC6530AA5B51515FA9DA561F166B5734, 56196038F9F1FD0482794E35F4C0B9213DEFE450E75F05B0147779805996F9F5 PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB\NETFLIXHUB.EXE, Quarantined, 792, 975780, , , , , EC6530AA5B51515FA9DA561F166B5734, 56196038F9F1FD0482794E35F4C0B9213DEFE450E75F05B0147779805996F9F5 PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB\NETFLIXHUB.EXE, Quarantined, 792, 975780, , , , , EC6530AA5B51515FA9DA561F166B5734, 56196038F9F1FD0482794E35F4C0B9213DEFE450E75F05B0147779805996F9F5 PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB\SWIFTSHADER\LIBEGL.DLL, Quarantined, 792, 975783, , , , , 1C85AE3C2CD01A0FA35306E4A79AB09D, E73AEE1DF92CC5ED40F38097310F98C58C41E729C05FE554877B42B620C7D658 PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB\SWIFTSHADER\LIBGLESV2.DLL, Quarantined, 792, 975783, , , , , DC0A1C2539D26524AADF8AA8937CEF0B, 6C3F9D4062A383983716C6956DEE35C6832E6C7D5DE82D60220D3BF6BEB74A56 PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB\NW_ELF.DLL, Quarantined, 792, 975788, , , , , 598B6D1C008EB2F8B0647045AACE01ED, C18EE1E6613662F1C4DF0483D4446FC859C12A5A4CA87BCE93BFFD9480840D25 PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB\NW_ELF.DLL, Quarantined, 792, 975788, , , , , 598B6D1C008EB2F8B0647045AACE01ED, C18EE1E6613662F1C4DF0483D4446FC859C12A5A4CA87BCE93BFFD9480840D25 PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB\NW_ELF.DLL, Quarantined, 792, 975788, , , , , 598B6D1C008EB2F8B0647045AACE01ED, C18EE1E6613662F1C4DF0483D4446FC859C12A5A4CA87BCE93BFFD9480840D25 PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB\NW_ELF.DLL, Quarantined, 792, 975788, , , , , 598B6D1C008EB2F8B0647045AACE01ED, C18EE1E6613662F1C4DF0483D4446FC859C12A5A4CA87BCE93BFFD9480840D25 PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB\NW_ELF.DLL, Quarantined, 792, 975788, , , , , 598B6D1C008EB2F8B0647045AACE01ED, C18EE1E6613662F1C4DF0483D4446FC859C12A5A4CA87BCE93BFFD9480840D25 PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB\D3DCOMPILER_47.DLL, Quarantined, 792, 975788, , , , , 0DCEB1A935E0A2CFF664FEF7827DD785, 9CF9A517CFA14025DBDCF522C1BBC86F88E8B69455E3D05AF21698EACC1E93AD Registry Key: 2 PUP.Optional.NetflixHub, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\NetflixHub, Quarantined, 792, 975779, 1.0.44562, , ame, , , PUP.Optional.NetflixHub, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\NetflixHub, Quarantined, 792, 975781, 1.0.44562, , ame, , , Registry Value: 1 PUP.Optional.NetflixHub, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NETFLIXHUB, Quarantined, 792, 975780, 1.0.44562, , ame, , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\NETFLIXHUB, Quarantined, 792, 975782, 1.0.44562, , ame, , , PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB, Quarantined, 792, 975783, 1.0.44562, , ame, , , PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\LOCAL\NETFLIXHUB, Removal Failed, 792, 975784, 1.0.44562, , ame, , , File: 7 PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB\NETFLIXHUB.EXE, Quarantined, 792, 975780, , , , , EC6530AA5B51515FA9DA561F166B5734, 56196038F9F1FD0482794E35F4C0B9213DEFE450E75F05B0147779805996F9F5 PUP.Optional.NetflixHub, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetflixHub\NetflixHub.lnk, Quarantined, 792, 975782, , , , , 47D3723347A11424005BBD74AED9557F, 70D486368F87AF97E8240A306835A60B40383DFBC41A6F30CE9F139FE52DA913 PUP.Optional.NetflixHub, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetflixHub\Uninstall.lnk, Quarantined, 792, 975782, , , , , F1F1C96F839D1E45C953700313756C4A, 04906421C4F3B872A3B774298148AE7A027E58310DF3FC7C5F328C403551C0FB PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB\SWIFTSHADER\LIBEGL.DLL, Quarantined, 792, 975783, 1.0.44562, , ame, , 1C85AE3C2CD01A0FA35306E4A79AB09D, E73AEE1DF92CC5ED40F38097310F98C58C41E729C05FE554877B42B620C7D658 PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB\SWIFTSHADER\LIBGLESV2.DLL, Quarantined, 792, 975783, 1.0.44562, , ame, , DC0A1C2539D26524AADF8AA8937CEF0B, 6C3F9D4062A383983716C6956DEE35C6832E6C7D5DE82D60220D3BF6BEB74A56 PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB\NW_ELF.DLL, Quarantined, 792, 975788, 1.0.44562, , ame, , 598B6D1C008EB2F8B0647045AACE01ED, C18EE1E6613662F1C4DF0483D4446FC859C12A5A4CA87BCE93BFFD9480840D25 PUP.Optional.NetflixHub, C:\USERS\{username}\APPDATA\ROAMING\NETFLIXHUB\D3DCOMPILER_47.DLL, Quarantined, 792, 975788, 1.0.44562, , ame, , 0DCEB1A935E0A2CFF664FEF7827DD785, 9CF9A517CFA14025DBDCF522C1BBC86F88E8B69455E3D05AF21698EACC1E93AD Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is SocialSearchConverter? The Malwarebytes research team has determined that SocialSearchConverter is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one also uses browser push notifications and adds advertisements to your search results in the form of Search Recommendations. How do I know if my computer is affected by SocialSearchConverter? You may see this entry in your list of installed Chrome extensions: and these warnings during install: and this changed setting: How did SocialSearchConverter get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove SocialSearchConverter? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of SocialSearchConverter? No, Malwarebytes removes SocialSearchConverter completely. If you have allowed the notifications you can read here how to disable them. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the SocialSearchConverter hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Notifications: Default -> hxxps://install.socialsearchconverter.com CHR DefaultSearchURL: Default -> hxxps://feed.socialsearchconverter.com/?q={searchTerms}&publisher=socialsearchconverter&barcodeid=588650000000000 CHR DefaultSearchKeyword: Default -> SocialSearchConverter CHR DefaultSuggestURL: Default -> hxxps://api.socialsearchconverter.com/suggest/get?q={searchTerms} CHR Extension: (SocialSearchConverter) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcndmofmdngdkicgmpeajdjeidcenkbf [2021-08-30] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcndmofmdngdkicgmpeajdjeidcenkbf\1.1.0_0 Adds the file manifest.json"="8/30/2021 12:08 PM, 2192 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcndmofmdngdkicgmpeajdjeidcenkbf\1.1.0_0\_metadata Adds the file computed_hashes.json"="8/30/2021 12:08 PM, 6725 bytes, A Adds the file verified_contents.json"="12/23/2020 12:12 PM, 2049 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcndmofmdngdkicgmpeajdjeidcenkbf\1.1.0_0\images Adds the file logo-white-text.png"="12/23/2020 12:12 PM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcndmofmdngdkicgmpeajdjeidcenkbf\1.1.0_0\images\icons Adds the file 128x128.png"="8/30/2021 12:08 PM, 7644 bytes, A Adds the file 16x16.png"="8/30/2021 12:08 PM, 700 bytes, A Adds the file 64x64.png"="8/30/2021 12:08 PM, 3504 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcndmofmdngdkicgmpeajdjeidcenkbf\1.1.0_0\scripts Adds the file background.js"="12/23/2020 12:12 PM, 553520 bytes, A Adds the file sitecontent.js"="12/23/2020 12:12 PM, 77 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mcndmofmdngdkicgmpeajdjeidcenkbf Adds the file 000003.log"="8/30/2021 12:11 PM, 804 bytes, A Adds the file CURRENT"="8/30/2021 12:08 PM, 16 bytes, A Adds the file LOCK"="8/30/2021 12:08 PM, 0 bytes, A Adds the file LOG"="8/30/2021 12:08 PM, 367 bytes, A Adds the file MANIFEST-000001"="8/30/2021 12:08 PM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mcndmofmdngdkicgmpeajdjeidcenkbf Adds the file SocialSearchConverter.ico"="8/30/2021 12:08 PM, 192392 bytes, A Adds the file SocialSearchConverter.ico.md5"="8/30/2021 12:08 PM, 16 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "mcndmofmdngdkicgmpeajdjeidcenkbf"="REG_SZ", "FEFE8F3BC7AAE8C6DB11D3F940E4ACB977997781432A712B3B74F630F1F8C75A" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/30/21 Scan Time: 12:18 PM Log File: a4161324-097b-11ec-b7f9-080027235d76.json -Software Information- Version: 4.4.5.130 Components Version: 1.0.1430 Update Package Version: 1.0.44475 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 258400 Threats Detected: 13 Threats Quarantined: 13 Time Elapsed: 2 min, 15 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 Adware.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|mcndmofmdngdkicgmpeajdjeidcenkbf, Quarantined, 16862, 799722, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\mcndmofmdngdkicgmpeajdjeidcenkbf, Quarantined, 16862, 799722, , , , , , Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MCNDMOFMDNGDKICGMPEAJDJEIDCENKBF, Quarantined, 16862, 799722, 1.0.44475, , ame, , , File: 9 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 16862, 799722, , , , , 2C0F6DB8586C8713CA8F4A29B6A717D2, 8198F70092B10636F9878D60036F1E766DAE958367E211EAE369A18FA34189EA Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 16862, 799722, , , , , D9FF4B1B523EB23834FCE661EC8A4A0A, 9B77F994288701BA6FBB6C4374E6F5F1312407D808A796FC1EB546685565DE4D Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mcndmofmdngdkicgmpeajdjeidcenkbf\000003.log, Quarantined, 16862, 799722, , , , , C2A11A894597EC39C5D922F5555CD06F, 691A736FBC3FA5D81BCA1866889BE5A0147C9F823B36F4ED63061D944F74455F Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mcndmofmdngdkicgmpeajdjeidcenkbf\CURRENT, Quarantined, 16862, 799722, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mcndmofmdngdkicgmpeajdjeidcenkbf\LOCK, Quarantined, 16862, 799722, , , , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mcndmofmdngdkicgmpeajdjeidcenkbf\LOG, Quarantined, 16862, 799722, , , , , 1DE1FF15E220DF1F36ED6C6015374DC5, 762F3A96EB5497C55065A6894F8B6FA91ABC1EE436CDBC94F70C86C532E61753 Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mcndmofmdngdkicgmpeajdjeidcenkbf\MANIFEST-000001, Quarantined, 16862, 799722, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MCNDMOFMDNGDKICGMPEAJDJEIDCENKBF\1.1.0_0\MANIFEST.JSON, Quarantined, 16862, 799722, 1.0.44475, , ame, , 7181724A7E0DD015F5604A3473FEFA26, EC6D261ADAAA8CDFEB5B8D0F850196F25AF5164014C26D20B90EFF3F7AF5209C PUP.Optional.PushNotifications.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 201, 832955, 1.0.44475, , ame, , D9FF4B1B523EB23834FCE661EC8A4A0A, 9B77F994288701BA6FBB6C4374E6F5F1312407D808A796FC1EB546685565DE4D Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.