Search the Community

What is File Conversion Now? The Malwarebytes research team has determined that File Conversion Now is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one is a newtab hijacker and uses web push notifications. How do I know if my computer is affected by File Conversion Now? You may see this browser extension: this warning during install: You may see this icon in your browsers menu-bar: this new startpage: and these new settings: How did File Conversion Now get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove File Conversion Now? Our program Malwarebytes can detect and remove this potentially unwanted program. You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of File Conversion Now? No, Malwarebytes' Anti-Malware removes File Conversion Now completely. If you have allowed the notifications you can read here how to disable them. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the File Conversion Now hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Notifications: Default -> hxxps://hp.hfileconversionnow.com; hxxps://pdfconverterguru.com CHR NewTab: Default -> Active:"chrome-extension://ocemooeilogfefcknbhnjlofcfnhohcb/newtabhtml/newtabpage.html" CHR Extension: (File Conversion Now) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocemooeilogfefcknbhnjlofcfnhohcb [2020-06-25] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocemooeilogfefcknbhnjlofcfnhohcb\2.0_0 Adds the file central.js"="4/14/2020 1:50 PM, 2344 bytes, A Adds the file icon.png"="6/25/2020 8:50 AM, 3456 bytes, A Adds the file manifest.json"="6/25/2020 8:50 AM, 1333 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocemooeilogfefcknbhnjlofcfnhohcb\2.0_0\_locales\en Adds the file messages.json"="6/25/2020 8:50 AM, 210 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocemooeilogfefcknbhnjlofcfnhohcb\2.0_0\_metadata Adds the file computed_hashes.json"="6/25/2020 8:50 AM, 1350 bytes, A Adds the file verified_contents.json"="4/14/2020 1:50 PM, 2912 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocemooeilogfefcknbhnjlofcfnhohcb\2.0_0\html\bAction Adds the file about.html"="4/14/2020 1:50 PM, 3742 bytes, A Adds the file newtabpage.html"="4/14/2020 1:50 PM, 214 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocemooeilogfefcknbhnjlofcfnhohcb\2.0_0\js Adds the file browseraction.js"="4/14/2020 1:50 PM, 1004 bytes, A Adds the file config.js"="4/14/2020 1:50 PM, 1018 bytes, A Adds the file dailyFeature.js"="4/14/2020 1:50 PM, 3487 bytes, A Adds the file log.js"="4/14/2020 1:50 PM, 896 bytes, A Adds the file newTab.js"="4/14/2020 1:50 PM, 1523 bytes, A Adds the file search.js"="4/14/2020 1:50 PM, 1027 bytes, A Adds the file store.js"="4/14/2020 1:50 PM, 235 bytes, A Adds the file utility.js"="4/14/2020 1:50 PM, 2546 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocemooeilogfefcknbhnjlofcfnhohcb\2.0_0\newtabhtml Adds the file newtabpage.html"="4/14/2020 1:50 PM, 207 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ocemooeilogfefcknbhnjlofcfnhohcb Adds the file 000003.log"="6/25/2020 8:50 AM, 488 bytes, A Adds the file CURRENT"="6/25/2020 8:50 AM, 16 bytes, A Adds the file LOCK"="6/25/2020 8:50 AM, 0 bytes, A Adds the file LOG"="6/25/2020 9:07 AM, 183 bytes, A Adds the file MANIFEST-000001"="6/25/2020 8:50 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "ocemooeilogfefcknbhnjlofcfnhohcb"="REG_SZ", "F0884C4E76A1BBDCF08F189A10AD3EE0B891E4C36E135C5510A80D0CC7D6D3A4" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/25/20 Scan Time: 9:18 AM Log File: 1ea2335a-b6b4-11ea-9d88-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.955 Update Package Version: 1.0.25999 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232200 Threats Detected: 12 Threats Quarantined: 12 Time Elapsed: 2 min, 10 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|ocemooeilogfefcknbhnjlofcfnhohcb, Quarantined, 200, 752296, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\ocemooeilogfefcknbhnjlofcfnhohcb, Quarantined, 200, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\ocemooeilogfefcknbhnjlofcfnhohcb, Quarantined, 200, 752296, , , , File: 9 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 200, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 200, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ocemooeilogfefcknbhnjlofcfnhohcb\000003.log, Quarantined, 200, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ocemooeilogfefcknbhnjlofcfnhohcb\CURRENT, Quarantined, 200, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ocemooeilogfefcknbhnjlofcfnhohcb\LOCK, Quarantined, 200, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ocemooeilogfefcknbhnjlofcfnhohcb\LOG, Quarantined, 200, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ocemooeilogfefcknbhnjlofcfnhohcb\MANIFEST-000001, Quarantined, 200, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OCEMOOEILOGFEFCKNBHNJLOFCFNHOHCB\2.0_0\JS\DAILYFEATURE.JS, Quarantined, 200, 752296, 1.0.25999, , ame, PUP.Optional.PushNotifications, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 203, 834481, 1.0.25999, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is Email Search Tools? The Malwarebytes research team has determined that Email Search Tools is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. How do I know if my computer is affected by Email Search Tools? You may see this entry in your list of installed Chrome extensions: this icon in the Chrome menu-bar: this changed setting: and these warnings during install: How did Email Search Tools get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Email Search Tools? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Email Search Tools? No, Malwarebytes removes Email Search Tools completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, as well as the full version of Malwarebytes would have protected you against the Email Search Tools hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://search.emailsearchtools.com/s?query={searchTerms} CHR DefaultSearchKeyword: Default -> qs CHR Extension: (EmailSearchTools) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb [2020-02-18] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.3_0 Adds the file background.js"="9/18/2019 1:42 PM, 14032 bytes, A Adds the file icon.png"="2/18/2020 9:27 AM, 5491 bytes, A Adds the file manifest.json"="2/18/2020 9:27 AM, 1540 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.3_0\_locales\en Adds the file messages.json"="2/18/2020 9:27 AM, 266 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.3_0\_metadata Adds the file computed_hashes.json"="2/18/2020 9:27 AM, 630 bytes, A Adds the file verified_contents.json"="1/8/2020 4:17 PM, 1893 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.3_0\css Adds the file description.css"="5/3/2018 4:42 PM, 1008 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.3_0\html\popup Adds the file description.html"="9/5/2019 2:07 PM, 240 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb Adds the file 000003.log"="2/18/2020 9:27 AM, 141 bytes, A Adds the file CURRENT"="2/18/2020 9:27 AM, 16 bytes, A Adds the file LOCK"="2/18/2020 9:27 AM, 0 bytes, A Adds the file LOG"="2/18/2020 9:30 AM, 183 bytes, A Adds the file MANIFEST-000001"="2/18/2020 9:27 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "jghejomglpmejfcphjbfeplpdndfccbb"="REG_SZ", "97E0F3A7AB704677C53A02393F770EDAD534C32F242AD71AAE6161493AF5A4A7" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/18/20 Scan Time: 9:49 AM Log File: a112250e-522b-11ea-b7ee-00ffdcc6fdfc.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.823 Update Package Version: 1.0.19396 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 235882 Threats Detected: 12 Threats Quarantined: 12 Time Elapsed: 33 min, 22 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|jghejomglpmejfcphjbfeplpdndfccbb, Quarantined, 205, 774169, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb, Quarantined, 205, 774169, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JGHEJOMGLPMEJFCPHJBFEPLPDNDFCCBB, Quarantined, 205, 774169, 1.0.19396, , ame, File: 9 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 205, 774169, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 205, 774169, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\000003.log, Quarantined, 205, 774169, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\CURRENT, Quarantined, 205, 774169, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\LOCK, Quarantined, 205, 774169, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\LOG, Quarantined, 205, 774169, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\MANIFEST-000001, Quarantined, 205, 774169, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JGHEJOMGLPMEJFCPHJBFEPLPDNDFCCBB\1.3_0\BACKGROUND.JS, Quarantined, 205, 774169, 1.0.19396, , ame, PUP.Optional.Spigot.PN, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 220, 786325, 1.0.19396, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is Access Gov Docs Tab? The Malwarebytes research team has determined that Access Gov Docs Tab is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one is a newtab hijacker and uses web push notifications. How do I know if my computer is affected by Access Gov Docs Tab? You may see this browser extension: these warnings during install: You may see this new startpage: and this new setting: How did Access Gov Docs Tab get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website. How do I remove Access Gov Docs Tab? Our program Malwarebytes can detect and remove this potentially unwanted program. You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Access Gov Docs Tab? No, Malwarebytes' Anti-Malware removes Access Gov Docs Tab completely. If you have allowed the notifications you can read here how to disable them. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes, as well as Browser Guard, would have protected you against the Access Gov Docs Tab hijacker. It blocks their domains: Technical details for experts Possible signs in FRST logs: CHR Notifications: Default -> hxxps://accessgovdocs.net CHR NewTab: Default -> Active:"chrome-extension://pkcbnkckeahemigpmionfaiclhdeellf/newtabhtml/newtabpage.html" CHR Extension: (Access Gov Docs Tab) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcbnkckeahemigpmionfaiclhdeellf [2020-02-12] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcbnkckeahemigpmionfaiclhdeellf\1.0_0 Adds the file central.js"="11/4/2019 4:54 PM, 2612 bytes, A Adds the file icon.png"="2/12/2020 8:57 AM, 5222 bytes, A Adds the file manifest.json"="2/12/2020 8:57 AM, 1363 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcbnkckeahemigpmionfaiclhdeellf\1.0_0\_locales\en Adds the file messages.json"="2/12/2020 8:57 AM, 206 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcbnkckeahemigpmionfaiclhdeellf\1.0_0\_metadata Adds the file computed_hashes.json"="2/12/2020 8:57 AM, 1609 bytes, A Adds the file verified_contents.json"="11/4/2019 4:54 PM, 3027 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcbnkckeahemigpmionfaiclhdeellf\1.0_0\html\bAction Adds the file about.html"="11/4/2019 4:54 PM, 4050 bytes, A Adds the file newtabpage.html"="11/4/2019 4:54 PM, 214 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcbnkckeahemigpmionfaiclhdeellf\1.0_0\js Adds the file browseraction.js"="11/4/2019 4:54 PM, 992 bytes, A Adds the file config.js"="11/4/2019 4:54 PM, 1014 bytes, A Adds the file dailyFeature.js"="11/4/2019 4:54 PM, 3479 bytes, A Adds the file diagnostic.js"="11/4/2019 4:54 PM, 874 bytes, A Adds the file log.js"="11/4/2019 4:54 PM, 880 bytes, A Adds the file newTab.js"="11/4/2019 4:54 PM, 2418 bytes, A Adds the file search.js"="11/4/2019 4:54 PM, 857 bytes, A Adds the file store.js"="11/4/2019 4:54 PM, 235 bytes, A Adds the file utility.js"="11/4/2019 4:54 PM, 2534 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcbnkckeahemigpmionfaiclhdeellf\1.0_0\newtabhtml Adds the file newtabpage.html"="11/4/2019 4:54 PM, 207 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkcbnkckeahemigpmionfaiclhdeellf Adds the file 000003.log"="2/12/2020 8:57 AM, 436 bytes, A Adds the file CURRENT"="2/12/2020 8:57 AM, 16 bytes, A Adds the file LOCK"="2/12/2020 8:57 AM, 0 bytes, A Adds the file LOG"="2/12/2020 9:03 AM, 184 bytes, A Adds the file MANIFEST-000001"="2/12/2020 8:57 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "pkcbnkckeahemigpmionfaiclhdeellf"="REG_SZ", "1EC6E39BCCAD8954D53C75484C0712E68018C6906F0131AD4AEEA10CD5CC19FC" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/12/20 Scan Time: 9:08 AM Log File: e61a4dbe-4d6e-11ea-9609-00ffdcc6fdfc.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.823 Update Package Version: 1.0.19088 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 235857 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 11 min, 31 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|pkcbnkckeahemigpmionfaiclhdeellf, Quarantined, 205, 752296, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\pkcbnkckeahemigpmionfaiclhdeellf, Quarantined, 205, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\pkcbnkckeahemigpmionfaiclhdeellf, Quarantined, 205, 752296, , , , File: 8 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 205, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 205, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkcbnkckeahemigpmionfaiclhdeellf\000003.log, Quarantined, 205, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkcbnkckeahemigpmionfaiclhdeellf\CURRENT, Quarantined, 205, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkcbnkckeahemigpmionfaiclhdeellf\LOCK, Quarantined, 205, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkcbnkckeahemigpmionfaiclhdeellf\LOG, Quarantined, 205, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkcbnkckeahemigpmionfaiclhdeellf\MANIFEST-000001, Quarantined, 205, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PKCBNKCKEAHEMIGPMIONFAICLHDEELLF\1.0_0\JS\DAILYFEATURE.JS, Quarantined, 205, 752296, 1.0.19088, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is My Login Hub?The Malwarebytes research team has determined that My Login Hub is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.This particular one is a newtab hijacker and uses web push notifications.How do I know if my computer is affected by My Login Hub?You may see this browser extension:these warnings during install:Despite this last notification you may see this icon in your browsers menu-bar:and this new setting:How did My Login Hub get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove My Login Hub?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of My Login Hub? No, Malwarebytes' Anti-Malware removes My Login Hub completely. If you have allowed the notifications you can read here how to disable them. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the My Login Hub hijacker. Both Malwarebytes Premium and Browser Guard would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR NewTab: Default -> Active:"chrome-extension://cgbimlhbabmglaamekacddnjhdloknme/newtabhtml/newtabpage.html" CHR Extension: (My Login Hub) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme [2019-12-17] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0 Adds the file central.js"="10/28/2019 3:45 PM, 2612 bytes, A Adds the file icon.png"="12/17/2019 8:57 AM, 17075 bytes, A Adds the file manifest.json"="12/17/2019 8:57 AM, 1359 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_locales\en Adds the file messages.json"="12/17/2019 8:57 AM, 199 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_metadata Adds the file computed_hashes.json"="12/17/2019 8:57 AM, 1507 bytes, A Adds the file verified_contents.json"="10/28/2019 3:45 PM, 3027 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\html\bAction Adds the file about.html"="10/28/2019 3:45 PM, 4176 bytes, A Adds the file newtabpage.html"="10/28/2019 3:45 PM, 214 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js Adds the file browseraction.js"="10/28/2019 3:45 PM, 988 bytes, A Adds the file config.js"="10/28/2019 3:45 PM, 1014 bytes, A Adds the file dailyFeature.js"="10/28/2019 3:45 PM, 3475 bytes, A Adds the file diagnostic.js"="10/28/2019 3:45 PM, 874 bytes, A Adds the file log.js"="10/28/2019 3:45 PM, 872 bytes, A Adds the file newTab.js"="10/28/2019 3:45 PM, 2443 bytes, A Adds the file search.js"="10/28/2019 3:45 PM, 857 bytes, A Adds the file store.js"="10/28/2019 3:45 PM, 235 bytes, A Adds the file utility.js"="10/28/2019 3:45 PM, 2522 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\newtabhtml Adds the file newtabpage.html"="10/28/2019 3:45 PM, 207 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cgbimlhbabmglaamekacddnjhdloknme Adds the file 000003.log"="12/17/2019 8:58 AM, 466 bytes, A Adds the file CURRENT"="12/17/2019 8:58 AM, 16 bytes, A Adds the file LOCK"="12/17/2019 8:58 AM, 0 bytes, A Adds the file LOG"="12/17/2019 8:58 AM, 183 bytes, A Adds the file MANIFEST-000001"="12/17/2019 8:58 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "cgbimlhbabmglaamekacddnjhdloknme"="REG_SZ", "2EAD79FF084CC24A86786571101318B6CD4AE6C55AF35246677687F872564595" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/17/19 Scan Time: 9:09 AM Log File: 862853c0-20a4-11ea-9e94-00ffdcc6fdfc.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.770 Update Package Version: 1.0.16308 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236141 Threats Detected: 36 Threats Quarantined: 36 Time Elapsed: 18 min, 13 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|cgbimlhbabmglaamekacddnjhdloknme, Quarantined, 206, 752296, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 10 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\cgbimlhbabmglaamekacddnjhdloknme, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\html\bAction, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_locales\en, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\newtabhtml, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_metadata, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_locales, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\html, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CGBIMLHBABMGLAAMEKACDDNJHDLOKNME\1.0_0, Quarantined, 206, 752296, 1.0.16308, , ame, File: 25 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cgbimlhbabmglaamekacddnjhdloknme\000003.log, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cgbimlhbabmglaamekacddnjhdloknme\CURRENT, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cgbimlhbabmglaamekacddnjhdloknme\LOCK, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cgbimlhbabmglaamekacddnjhdloknme\LOG, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cgbimlhbabmglaamekacddnjhdloknme\MANIFEST-000001, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CGBIMLHBABMGLAAMEKACDDNJHDLOKNME\1.0_0\JS\DAILYFEATURE.JS, Quarantined, 206, 752296, 1.0.16308, , ame, PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\html\bAction\about.html, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\html\bAction\newtabpage.html, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\browseraction.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\config.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\diagnostic.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\log.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\newTab.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\search.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\store.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\utility.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\newtabhtml\newtabpage.html, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_locales\en\messages.json, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_metadata\computed_hashes.json, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_metadata\verified_contents.json, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\central.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\icon.png, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\manifest.json, Quarantined, 206, 752296, , , , Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is Email Search Tools?The Malwarebytes research team has determined that Email Search Tools is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by Email Search Tools?You may see this entry in your list of installed Chrome extensions:and these warnings during install:You will see this icon in your Chrome menu-bar:and this changed setting:How did Email Search Tools get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove Email Search Tools?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Email Search Tools? No, Malwarebytes removes Email Search Tools completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Email Search Tools hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://search.emailsearchtools.com/s?query={searchTerms} CHR DefaultSearchKeyword: Default -> email CHR Extension: (EmailSearchTools) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb [2019-11-15] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0 Adds the file background.js"="9/18/2019 1:42 PM, 14032 bytes, A Adds the file icon.png"="11/15/2019 9:12 AM, 5491 bytes, A Adds the file manifest.json"="11/15/2019 9:12 AM, 1554 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_locales\en Adds the file messages.json"="11/15/2019 9:12 AM, 266 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_metadata Adds the file computed_hashes.json"="11/15/2019 9:12 AM, 630 bytes, A Adds the file verified_contents.json"="9/18/2019 11:23 AM, 1893 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\css Adds the file description.css"="5/3/2018 4:42 PM, 1008 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\html\popup Adds the file description.html"="9/5/2019 2:07 PM, 240 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb Adds the file 000003.log"="11/15/2019 9:12 AM, 168 bytes, A Adds the file CURRENT"="11/15/2019 9:12 AM, 16 bytes, A Adds the file LOCK"="11/15/2019 9:12 AM, 0 bytes, A Adds the file LOG"="11/15/2019 9:12 AM, 183 bytes, A Adds the file MANIFEST-000001"="11/15/2019 9:12 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "jghejomglpmejfcphjbfeplpdndfccbb"="REG_SZ", "A9322B76617230A96887AEEB8993C10B62005A0728B26F171B4E0708000AC09C" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/15/19 Scan Time: 9:22 AM Log File: 20bbffdc-0781-11ea-8ad9-00ffdcc6fdfc.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.718 Update Package Version: 1.0.14948 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 233906 Threats Detected: 25 Threats Quarantined: 25 Time Elapsed: 4 min, 53 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|jghejomglpmejfcphjbfeplpdndfccbb, Quarantined, 208, 575422, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 9 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_locales\en, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\html\popup, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_metadata, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_locales, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\html, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\css, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JGHEJOMGLPMEJFCPHJBFEPLPDNDFCCBB, Quarantined, 208, 575422, 1.0.14948, , ame, File: 15 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\000003.log, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\CURRENT, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\LOCK, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\LOG, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\MANIFEST-000001, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JGHEJOMGLPMEJFCPHJBFEPLPDNDFCCBB\1.1_0\BACKGROUND.JS, Quarantined, 208, 575422, 1.0.14948, , ame, PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\css\description.css, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\html\popup\description.html, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_locales\en\messages.json, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_metadata\computed_hashes.json, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_metadata\verified_contents.json, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\icon.png, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\manifest.json, Quarantined, 208, 575422, , , , Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.

What is Free Live Radio?The Malwarebytes research team has determined that Free Live Radio is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by Free Live Radio?You may see this browser extension:these warnings during install:You may see this icon in your browsers menu-bar:this new startpage:and this new setting:How did Free Live Radio get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:How do I remove Free Live Radio?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Free Live Radio? No, Malwarebytes' Anti-Malware removes Free Live Radio completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes and Malwarebytes Browser Guard would have protected you against the Free Live Radio hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR NewTab: Default -> Active:"chrome-extension://pacogkibldhicojmklpbapiilaleilbp/newtabfile/fastesttab.html" CHR Extension: (Free Live Radio) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp [2019-10-31] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0 Adds the file after.js"="7/16/2019 3:49 PM, 1264 bytes, A Adds the file bg.js"="7/16/2019 3:49 PM, 15172 bytes, A Adds the file contentscript.js"="7/16/2019 3:49 PM, 1247 bytes, A Adds the file icon.png"="10/31/2019 8:28 AM, 2449 bytes, A Adds the file manifest.json"="10/31/2019 8:28 AM, 1442 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_locales\en Adds the file messages.json"="10/31/2019 8:28 AM, 274 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_metadata Adds the file computed_hashes.json"="10/31/2019 8:28 AM, 1195 bytes, A Adds the file verified_contents.json"="7/16/2019 3:49 PM, 2613 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\css Adds the file browserAction.css"="7/16/2019 3:49 PM, 95 bytes, A Adds the file description.css"="7/16/2019 3:49 PM, 1008 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\html\browserAction Adds the file browserAction.html"="7/16/2019 3:49 PM, 230 bytes, A Adds the file description.html"="7/16/2019 3:49 PM, 264 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\js Adds the file newTab.js"="7/16/2019 3:49 PM, 1720 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\newtabfile Adds the file fastesttab.html"="7/16/2019 3:49 PM, 208 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pacogkibldhicojmklpbapiilaleilbp Adds the file 000003.log"="10/31/2019 8:28 AM, 234 bytes, A Adds the file CURRENT"="10/31/2019 8:28 AM, 16 bytes, A Adds the file LOCK"="10/31/2019 8:28 AM, 0 bytes, A Adds the file LOG"="10/31/2019 8:28 AM, 183 bytes, A Adds the file MANIFEST-000001"="10/31/2019 8:28 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "pacogkibldhicojmklpbapiilaleilbp"="REG_SZ", "4D051C639B48ED7E29B08E2845AB4CC7F2AA46F4775F75186BC4F68E5DF81F71" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/31/19 Scan Time: 8:40 AM Log File: bf66dd55-fbb1-11e9-9600-00ffdcc6fdfc.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.13123 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 234128 Threats Detected: 33 Threats Quarantined: 33 Time Elapsed: 7 min, 29 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|pacogkibldhicojmklpbapiilaleilbp, Quarantined, [209], [754439],1.0.13123 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 11 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\pacogkibldhicojmklpbapiilaleilbp, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\html\browserAction, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_locales\en, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\newtabfile, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_metadata, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_locales, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\html, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\css, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\js, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PACOGKIBLDHICOJMKLPBAPIILALEILBP, Quarantined, [209], [754439],1.0.13123 File: 21 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pacogkibldhicojmklpbapiilaleilbp\000003.log, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pacogkibldhicojmklpbapiilaleilbp\CURRENT, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pacogkibldhicojmklpbapiilaleilbp\LOCK, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pacogkibldhicojmklpbapiilaleilbp\LOG, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pacogkibldhicojmklpbapiilaleilbp\MANIFEST-000001, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PACOGKIBLDHICOJMKLPBAPIILALEILBP\4.1_0\BG.JS, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\css\browserAction.css, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\css\description.css, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\html\browserAction\browserAction.html, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\html\browserAction\description.html, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\js\newTab.js, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\newtabfile\fastesttab.html, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_locales\en\messages.json, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_metadata\computed_hashes.json, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_metadata\verified_contents.json, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\after.js, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\contentscript.js, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\icon.png, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\manifest.json, Quarantined, [209], [754439],1.0.13123 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.