Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hi.fo Virus Removal


  • Please log in to reply
4 replies to this topic

#1 babymable

babymable

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 23 July 2017 - 11:43 AM

Ok so I just got a new (used) laptop and I started downloading my usual programs I use. I'm not sure what program I downloaded that this came with but I can't seem to get rid if it. All my browsers are opening with http://hi.fo/?44  I'm guessing it's a new form of hi.ru that had been going around for ages. I have tried using Malwarebytes and Super Anti Spyware they found some stuff which I deleted but I still have the problem. I checked if there was any extensions or add ons on my browsers but there is nothing. I found another thread on this forum that seemed to help the guy so I'm going to try mu luck here if anyone can help me :)

 

Here is the thread I was referring to

 

https://www.bleepingcomputer.com/forums/t/563450/hiru-chrome-redirect-all-attemps-to-remove-failed/

 

I will try my best to do the same scans as he has but I'm not a expert at computers. I will post the results as I go along with the scans, if someone can tell me what to delete that would be great.

 

Thanks to anyone that can help me :)


Edited by babymable, 23 July 2017 - 11:45 AM.


BC AdBot (Login to Remove)

 


#2 babymable

babymable
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 23 July 2017 - 11:44 AM

MiniToolBox by Farbar  Version: 17-06-2016
Ran by User (administrator) on 23-07-2017 at 17:31:06
Running from "C:\Users\User\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: SATELLITE C855-1J1 Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : User-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Home
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 20-68-9D-11-ED-10
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2a02:c7f:860a:a200:7825:1ee9:6c09:c73(Preferred) 
   IPv6 Address. . . . . . . . . . . : fd4b:4210:1b93:0:7825:1ee9:6c09:c73(Preferred) 
   Temporary IPv6 Address. . . . . . : 2a02:c7f:860a:a200:352b:88b6:95b6:c247(Preferred) 
   Temporary IPv6 Address. . . . . . : fd4b:4210:1b93:0:352b:88b6:95b6:c247(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::7825:1ee9:6c09:c73%14(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.14(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 23 July 2017 17:18:20
   Lease Expires . . . . . . . . . . : 24 July 2017 17:18:19
   Default Gateway . . . . . . . . . : fe80::7e4c:a5ff:fe8d:281c%14
                                       192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 354445469
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-F8-F7-4C-4C-72-B9-8D-0B-4A
   DNS Servers . . . . . . . . . . . : fd4b:4210:1b93:0:7e4c:a5ff:fe8d:281c
                                       192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 4C-72-B9-8D-0B-4A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 20-68-9D-12-24-D8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.Home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:305c:1c1f:fabc:465d(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::305c:1c1f:fabc:465d%15(Preferred) 
   Default Gateway . . . . . . . . . : 
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  fd4b:4210:1b93:0:7e4c:a5ff:fe8d:281c
 
Name:    google.com
Addresses:  2a00:1450:4009:813::200e
 216.58.198.238
 
 
Pinging google.com [2a00:1450:4009:813::200e] with 32 bytes of data:
Request timed out.
Reply from 2a00:1450:4009:813::200e: time=31ms 
 
Ping statistics for 2a00:1450:4009:813::200e:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 31ms, Maximum = 31ms, Average = 31ms
Server:  UnKnown
Address:  fd4b:4210:1b93:0:7e4c:a5ff:fe8d:281c
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 2001:4998:58:c02::a9
 98.139.180.149
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [2001:4998:c:a06::2:4008] with 32 bytes of data:
Request timed out.
Reply from 2001:4998:c:a06::2:4008: time=162ms 
 
Ping statistics for 2001:4998:c:a06::2:4008:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 162ms, Maximum = 162ms, Average = 162ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=14ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 14ms, Average = 7ms
===========================================================================
Interface List
 14...20 68 9d 11 ed 10 ......Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC
 13...4c 72 b9 8d 0b 4a ......Realtek PCIe FE Family Controller
 12...20 68 9d 12 24 d8 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.14     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.14    281
     192.168.0.14  255.255.255.255         On-link      192.168.0.14    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.14    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.14    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.14    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 14    281 ::/0                     fe80::7e4c:a5ff:fe8d:281c
  1    306 ::1/128                  On-link
 15     58 2001::/32                On-link
 15    306 2001:0:4137:9e76:305c:1c1f:fabc:465d/128
                                    On-link
 14     33 2a02:c7f:860a:a200::/64  On-link
 14    281 2a02:c7f:860a:a200:352b:88b6:95b6:c247/128
                                    On-link
 14    281 2a02:c7f:860a:a200:7825:1ee9:6c09:c73/128
                                    On-link
 14     33 fd4b:4210:1b93::/64      On-link
 14    281 fd4b:4210:1b93:0:352b:88b6:95b6:c247/128
                                    On-link
 14    281 fd4b:4210:1b93:0:7825:1ee9:6c09:c73/128
                                    On-link
 14    281 fe80::/64                On-link
 15    306 fe80::/64                On-link
 15    306 fe80::305c:1c1f:fabc:465d/128
                                    On-link
 14    281 fe80::7825:1ee9:6c09:c73/128
                                    On-link
  1    306 ff00::/8                 On-link
 15    306 ff00::/8                 On-link
 14    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/23/2017 05:19:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/23/2017 06:01:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/23/2017 04:50:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/23/2017 04:23:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/23/2017 03:53:38 AM) (Source: Application Error) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.479, time stamp: 0x58f6af02
Faulting module name: mbae-api-na.dll, version: 1.9.4.228, time stamp: 0x59271dee
Exception code: 0xc0000417
Fault offset: 0x0000000000124c85
Faulting process id: 0x1900
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
 
Error: (07/23/2017 03:05:36 AM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe_appraiser.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0x40000015
Fault offset: 0x000000000002a84e
Faulting process id: 0x1320
Faulting application start time: 0xrundll32.exe_appraiser.dll0
Faulting application path: rundll32.exe_appraiser.dll1
Faulting module path: rundll32.exe_appraiser.dll2
Report Id: rundll32.exe_appraiser.dll3
 
Error: (07/22/2017 03:48:17 AM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe_appraiser.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0x40000015
Fault offset: 0x000000000002a84e
Faulting process id: 0x1798
Faulting application start time: 0xrundll32.exe_appraiser.dll0
Faulting application path: rundll32.exe_appraiser.dll1
Faulting module path: rundll32.exe_appraiser.dll2
Report Id: rundll32.exe_appraiser.dll3
 
Error: (07/22/2017 03:35:11 AM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe_invagent.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0x40000015
Fault offset: 0x000000000002a84e
Faulting process id: 0x7f8
Faulting application start time: 0xrundll32.exe_invagent.dll0
Faulting application path: rundll32.exe_invagent.dll1
Faulting module path: rundll32.exe_invagent.dll2
Report Id: rundll32.exe_invagent.dll3
 
Error: (07/21/2017 03:41:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe_appraiser.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0x40000015
Fault offset: 0x000000000002a84e
Faulting process id: 0xd64
Faulting application start time: 0xrundll32.exe_appraiser.dll0
Faulting application path: rundll32.exe_appraiser.dll1
Faulting module path: rundll32.exe_appraiser.dll2
Report Id: rundll32.exe_appraiser.dll3
 
Error: (07/21/2017 03:34:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (07/23/2017 04:22:30 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 03:54:23 on ‎23/‎07/‎2017 was unexpected.
 
Error: (07/23/2017 03:54:51 AM) (Source: Service Control Manager) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (07/22/2017 11:09:27 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (07/22/2017 10:55:16 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (07/22/2017 10:55:16 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (07/21/2017 05:54:46 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)
Description: CBS failed to remove the language pack for uk-UA. Returned CBS error code 0x800736b3.
 
Error: (07/21/2017 05:54:46 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)
Description: CBS error 0x800736b3 '' reported while operating on UI Language Pack for uk-UA
 
Error: (07/21/2017 05:51:39 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)
Description: CBS failed to remove the language pack for es-ES. Returned CBS error code 0x800736b3.
 
Error: (07/21/2017 05:51:39 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)
Description: CBS error 0x800736b3 '' reported while operating on UI Language Pack for es-ES
 
Error: (07/21/2017 05:48:28 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)
Description: CBS failed to remove the language pack for ru-RU. Returned CBS error code 0x800736b3.
 
 
Microsoft Office Sessions:
=========================
Error: (07/23/2017 05:19:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/23/2017 06:01:49 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/23/2017 04:50:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/23/2017 04:23:27 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/23/2017 03:53:38 AM) (Source: Application Error)(User: )
Description: mbamservice.exe3.1.0.47958f6af02mbae-api-na.dll1.9.4.22859271deec00004170000000000124c85190001d3035e35b109eeC:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exeC:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbae-api-na.dll1d67f6da-6f52-11e7-8eab-20689d1224d8
 
Error: (07/23/2017 03:05:36 AM) (Source: Application Error)(User: )
Description: rundll32.exe_appraiser.dll6.1.7600.163854a5bc9e0msvcrt.dll7.0.7601.177444eeb033f40000015000000000002a84e132001d30357eb50fa2cC:\Windows\system32\rundll32.exeC:\Windows\system32\msvcrt.dll6a0eb8fc-6f4b-11e7-8eab-20689d1224d8
 
Error: (07/22/2017 03:48:17 AM) (Source: Application Error)(User: )
Description: rundll32.exe_appraiser.dll6.1.7600.163854a5bc9e0msvcrt.dll7.0.7601.177444eeb033f40000015000000000002a84e179801d30294e2ccf67fC:\Windows\system32\rundll32.exeC:\Windows\system32\msvcrt.dll368448c8-6e88-11e7-8eab-20689d1224d8
 
Error: (07/22/2017 03:35:11 AM) (Source: Application Error)(User: )
Description: rundll32.exe_invagent.dll6.1.7600.163854a5bc9e0msvcrt.dll7.0.7601.177444eeb033f40000015000000000002a84e7f801d3029314ff7ae0C:\Windows\system32\rundll32.exeC:\Windows\system32\msvcrt.dll620460de-6e86-11e7-8eab-20689d1224d8
 
Error: (07/21/2017 03:41:19 PM) (Source: Application Error)(User: )
Description: rundll32.exe_appraiser.dll6.1.7600.163854a5bc9e0msvcrt.dll7.0.7601.177444eeb033f40000015000000000002a84ed6401d3022f13eb1c50C:\Windows\system32\rundll32.exeC:\Windows\system32\msvcrt.dlla7dd8f94-6e22-11e7-8eab-20689d1224d8
 
Error: (07/21/2017 03:34:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
=========================== Installed Programs ============================
 
Adobe Photoshop Elements 14 (HKLM-x32\...\{49F8D229-3E0E-4F43-8429-EB8F2583DB19}) (Version: 14.0 - Adobe Systems Incorporated)
AVG (HKLM\...\{434FBA38-0562-4F98-9436-4B45C0C0EF0B}) (Version: 1.201.2 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.5.3022 - AVG Technologies)
FMW 1 (HKLM\...\{8DF0D8D9-0C24-47EB-9738-376DD2705133}) (Version: 1.214.2 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.5.2 Hotfix Rollup (KB3035805) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.52290 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 52.2.1 ESR (x64 en-GB) (HKLM\...\Mozilla Firefox 52.2.1 ESR (x64 en-GB)) (Version: 52.2.1 - Mozilla)
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconduct Corp.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.24.9 - Synaptics Incorporated)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.5.0 - Azureus Software, Inc.)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 38%
Total physical RAM: 6033.8 MB
Available physical RAM: 3681.61 MB
Total Virtual: 12065.8 MB
Available Virtual: 9813.07 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:698.29 GB) (Free:649.08 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\USER-PC
 
Administrator            Guest                    User                     
 
 
**** End of log ****


#3 babymable

babymable
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 23 July 2017 - 11:50 AM

I ran the Junkware Removal Tool but no log saved to my desktop or opened ? 



#4 babymable

babymable
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 23 July 2017 - 12:08 PM

After running MiniToolBox I noticed that the hi.fo is gone from all my browsers but www.duckduckgo.com opened on google chrome. I did a search and it looks like it's not a virus. I went into chrome settings and unchecked it so it doesn't open again. Should I continue with the rest of the scans or am I good.

 

The scan log for AdwCleaner is here 

 

# AdwCleaner 7.0.0.0 - Logfile created on Sun Jul 23 16:55:37 2017
# Updated on 2017/17/07 by Malwarebytes 
# Running on Windows 7 Home Premium (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\Users\User\AppData\Roaming\Enigma Software Group
Deleted: C:\sh4ldr
Deleted: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\spyhunter
Deleted: C:\Users\User\AppData\Roaming\DRPSu
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
Cleaned: C:/Users/Public/Desktop/Google Chrome.lnk[http://hi.ru/?44]
Cleaned: C:/Users/Public/Desktop/Mozilla Firefox.lnk[http://hi.ru/?44]
Cleaned: C:/Users/User/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Internet Explorer.lnk[http://hi.ru/?44]
Cleaned: C:/Users/User/AppData/Roaming/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Google Chrome.lnk[http://hi.ru/?44]
Cleaned: C:/Users/User/AppData/Roaming/Microsoft/Internet Explorer/Quick Launch/User Pinned/TaskBar/Internet Explorer.lnk[http://hi.ru/?44]
 
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKLM\SOFTWARE\EnigmaSoftwareGroup


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:42 AM

Posted 25 July 2017 - 10:41 AM

Clean your browser's add ons / plug ins and see
Disabling Plugins in Google Chrome


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users