Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser redirecting virus, i don't know if my PC is infected.. Help


  • Please log in to reply
15 replies to this topic

#1 jlsnslt

jlsnslt

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 27 December 2016 - 10:25 PM

Hello guys, it's my first time posting here. The issue I am facing now is that every time i tried to open Google Chrome there is this error thing that always pops out that says "failed to load from chrome ....kemgadeojglibflomicgnfeopkdfflnk" i forgot the exact words and then it redirect me to kipuu.cn website. Same with Internet Explorer, it also redirect me to that site. All of these started yesterday when I tried to install a new game. I've read some info about the error in google and found out that it maybe a virus. I'm not good at fixing any of computer issues so I hope that you guys can help me.



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:42 PM

Posted 27 December 2016 - 10:36 PM

Zemana Deep Scan.
 

  • Right click on Zemana and run as admin.
  • Click the Cog/Sproket Wheel, at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then hit your start button at the lower left hand corner of your desktop.
  • Then left click on Computer.
  • Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.
  • oHw0QqX.png
  • Once the scan has completed click graph icon on the top right of the programs User interface.
  • Double click to open the latest log-file.
  • Copy it to your clipboard.
  • Post the log here in your next reply.

 

 

Security Check Scan.

 

  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.

 

MiniToolBox Scan.

 

Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go post the result.



#3 jlsnslt

jlsnslt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 27 December 2016 - 11:10 PM

Here are the results

 

Zemana AntiMalware 2.70.2.244 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/12/28
Operating System       : Windows 7 64-bit
Processor              : 2X AMD A4-7300 APU with Radeon HD Graphics
BIOS Mode              : Legacy
CUID                   : 12D5009B0D017B7EAD3C7C
Scan Type              : Custom Scan
Duration               : 19m 0s
Scanned Objects        : 101713
Detected Objects       : 8
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
safiplayer
Status             : Scanned
Object             : NE->c:\program files\safiplayer
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/SaFiPlayer.A!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
windowsmsg
Status             : Scanned
Object             : NE->c:\programdata\windowsmsg
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/ADClick.A!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
ucbrowser
Status             : Scanned
Object             : NE->c:\users\windows7\appdata\local\ucbrowser
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/UCBrowser.C!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
kuaizip
Status             : Scanned
Object             : NE->c:\users\windows7\appdata\roaming\kuaizip
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/KuaiZip.B!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
Browser_V6.0.1121.13_r_4634_(Build1612191708).exe
Status             : Scanned
Object             : %temp%\00002449\browser_v6.0.1121.13_r_4634_(build1612191708).exe
MD5                : A0C060CEF59275DA22F9551DF9FDD163
Publisher          : TAOBAO (CHINA) SOFTWARE CO.,LTD.
Size               : 51183616
Version            : 6.0.1121.13
Detection          : Adware:Win32/UCBrowser-DJ!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\00002449\browser_v6.0.1121.13_r_4634_(build1612191708).exe
 
MaoHaWiFiSetup_269.exe
Status             : Scanned
Object             : %temp%\00002087\maohawifisetup_269.exe
MD5                : BFAE8CDE6902549029FA33B95983778D
Publisher          : 深圳市猫哈网络科技发展有限公司
Size               : 5223968
Version            : 1.0.8.10
Detection          : Adware:Win32/OutBrowse!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\00002087\maohawifisetup_269.exe
 
visic_coupon.dll
Status             : Scanned
Object             : %programfiles%\yahoo!\companion\installs\cpn0\visic_coupon.dll
MD5                : 044A218B9767F58851889C0F22B5FAA4
Publisher          : Visicom Media Inc.
Size               : 370240
Version            : 1.0.0.33
Detection          : Adware:Win32/VisicomToolbar!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\yahoo!\companion\installs\cpn0\visic_coupon.dll
 
visic_coupon.dll
Status             : Scanned
Object             : %programfiles%\yahoo!\companion\installs\cpn1\visic_coupon.dll
MD5                : 531464F3CC6FC95249FCB70CBD68E332
Publisher          : Visicom Media Inc.
Size               : 436304
Version            : 2.0.0.27
Detection          : Adware:Win32/VisicomToolbar!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\yahoo!\companion\installs\cpn1\visic_coupon.dll
 
 

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 28.12.2016 12:06:24
Path starting: C:\Users\Windows7\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Windows7
VersionXML: 3.67is-25.12.2016
___________________________________________________________________________
 
Windows 7(6.1.7600) (x64) Ultimate Lang: English(0409)
Installation date OS: 27.06.2016 07:10:55
LicenseStatus: Windows® 7, Ultimate edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Users\Windows7\AppData\Local\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [244 Gb] Used: [28.9 Gb] Free: [215.1 Gb]
------------------------------- [ Windows ] -------------------------------
Service Pack not Installed Warning! Download Update
Possible re-activation of Windows will be needed.
Internet Explorer 8.0.7600.16385 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
Never check for updates
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service has stopped
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
Account guest is enabled. Not require a password.
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2010 x86 v.14.0.4734.1000
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
Zemana AntiMalware v.2.70.244
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.40 (64-bit) v.5.40.0
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 11 ActiveX v.11.2.202.235 Warning! Download Update
Adobe Reader 8 v.8.0.0 Warning! This software is no longer supported. Please uninstall it and use Adobe Reader XI or Adobe Acrobat Reader DC.
------------------------------- [ Browser ] -------------------------------
Google Chrome v.55.0.2883.87
--------------------------- [ RunningProcess ] ----------------------------
C:\Users\Windows7\AppData\Local\Google\Chrome\Application\chrome.exe v.55.0.2883.87
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe v.2.3.173.0
MBAMScheduler (MBAMScheduler) - The service is running
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe v.3.1.7.0
MBAMService (MBAMService) - The service is running
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe v.3.2.21.0
Windows Defender (WinDefend) - The service is running
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
---------------------------- [ UnwantedApps ] -----------------------------
Yahoo! Toolbar Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
----------------------------- [ End of Log ] ------------------------------
 
 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Windows7 (administrator) on 28-12-2016 at 12:09:10
Running from "C:\Users\Windows7\Downloads"
Microsoft Windows 7 Ultimate   (X64)
Model: To be filled by O.E.M. Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Windows7-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : FC-AA-14-BD-75-D0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::bd56:4637:e1af:50e3%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.2.100(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, December 28, 2016 11:04:56 AM
   Lease Expires . . . . . . . . . . : Wednesday, December 28, 2016 2:04:56 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 251439636
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-02-91-20-FC-AA-14-BD-75-D0
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{0D407E2B-0755-4AC0-AAA3-39BFFEC4B888}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.2.1
 
Name:    google.com
Addresses:  2404:6800:4004:80f::200e
 216.58.197.238
 
 
Pinging google.com [216.58.197.238] with 32 bytes of data:
Reply from 216.58.197.238: bytes=32 time=67ms TTL=54
Reply from 216.58.197.238: bytes=32 time=67ms TTL=54
 
Ping statistics for 216.58.197.238:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 67ms, Maximum = 67ms, Average = 67ms
Server:  UnKnown
Address:  192.168.2.1
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 2001:4998:58:c02::a9
 98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=294ms TTL=47
Reply from 98.138.253.109: bytes=32 time=293ms TTL=47
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 293ms, Maximum = 294ms, Average = 293ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...fc aa 14 bd 75 d0 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.100     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link     192.168.2.100    276
    192.168.2.100  255.255.255.255         On-link     192.168.2.100    276
    192.168.2.255  255.255.255.255         On-link     192.168.2.100    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.2.100    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.2.100    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    276 fe80::/64                On-link
 11    276 fe80::bd56:4637:e1af:50e3/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/27/2016 11:22:23 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3694b061-5acb-487e-be47-465d582aab6c}
 
Error: (12/27/2016 11:10:19 AM) (Source: Application Error) (User: )
Description: Faulting application name: kpzip.exe, version: 0.0.0.0, time stamp: 0x5860c1b4
Faulting module name: kpzip.exe, version: 0.0.0.0, time stamp: 0x5860c1b4
Exception code: 0x40000015
Fault offset: 0x000ca15c
Faulting process id: 0x8cc
Faulting application start time: 0xkpzip.exe0
Faulting application path: kpzip.exe1
Faulting module path: kpzip.exe2
Report Id: kpzip.exe3
 
Error: (06/29/2016 06:17:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.08"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.08" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/28/2016 06:00:37 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -546.
 
Error: (06/28/2016 06:00:37 AM) (Source: ESENT) (User: )
Description: Catalog Database (312) Catalog Database: Unable to read the header of logfile C:\Windows\system32\CatRoot2\edb.log. Error -546.
 
Error: (06/28/2016 06:00:37 AM) (Source: ESENT) (User: )
Description: Catalog Database (312) Catalog Database: Unable to read the header of logfile C:\Windows\system32\CatRoot2\edb.log. Error -546.
 
 
System errors:
=============
Error: (12/27/2016 01:21:32 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402.
 
Error: (12/27/2016 12:44:05 PM) (Source: Service Control Manager) (User: )
Description: The MaohaWiFiService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/27/2016 12:23:31 PM) (Source: Service Control Manager) (User: )
Description: The dtldrvhelp service failed to start due to the following error: 
%%577 = Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
Error: (12/27/2016 12:23:28 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ucdrv
 
Error: (12/27/2016 11:16:32 AM) (Source: Service Control Manager) (User: )
Description: The dtldrvhelp service failed to start due to the following error: 
%%577 = Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
Error: (12/27/2016 11:10:53 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the KuaizipUpdateChecker service to connect.
 
Error: (12/27/2016 11:10:46 AM) (Source: Service Control Manager) (User: )
Description: The MaohaWiFiService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/27/2016 11:10:46 AM) (Source: Service Control Manager) (User: )
Description: The dtldrvhelp service failed to start due to the following error: 
%%577 = Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
Error: (12/27/2016 11:10:23 AM) (Source: Service Control Manager) (User: )
Description: The GoogleChromeUpService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/05/2016 09:06:04 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
 
Microsoft Office Sessions:
=========================
Error: (12/27/2016 11:22:23 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3694b061-5acb-487e-be47-465d582aab6c}
 
Error: (12/27/2016 11:10:19 AM) (Source: Application Error)(User: )
Description: kpzip.exe0.0.0.05860c1b4kpzip.exe0.0.0.05860c1b440000015000ca15c8cc01d25feebc63944eC:\Users\Windows7\AppData\Local\Temp\00002051\kpzip.exeC:\Users\Windows7\AppData\Local\Temp\00002051\kpzip.exefeb7f66a-cbe1-11e6-92e9-fcaa14bd75d0
 
Error: (06/29/2016 06:17:52 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.08"C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
 
Error: (06/28/2016 06:00:37 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: -546
 
Error: (06/28/2016 06:00:37 AM) (Source: ESENT)(User: )
Description: Catalog Database312Catalog Database: C:\Windows\system32\CatRoot2\edb.log-546
 
Error: (06/28/2016 06:00:37 AM) (Source: ESENT)(User: )
Description: Catalog Database312Catalog Database: C:\Windows\system32\CatRoot2\edb.log-546
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-12-27 12:23:31.818
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SaFiPlayer\dtldrvhelp64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-27 12:23:31.802
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SaFiPlayer\dtldrvhelp64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-27 12:01:18.499
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-27 12:01:18.468
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-27 11:16:32.671
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SaFiPlayer\dtldrvhelp64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-27 11:16:32.671
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SaFiPlayer\dtldrvhelp64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-27 11:10:46.321
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SaFiPlayer\dtldrvhelp64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-27 11:10:46.290
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SaFiPlayer\dtldrvhelp64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Reader 8 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A80000000002}) (Version: 8.0.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{82F9EC2D-0230-EA2E-71DC-DF9CEB458187}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
eBIRForms version v6.1 (HKLM-x32\...\eBIRForms_is1) (Version: v6.1 - )
Epson Easy Photo Print 2 (HKLM-x32\...\{71E90740-5E5F-4D43-AB8F-CAC1D93DBB5B}) (Version: 2.5.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{747C2710-1D8F-46DD-ADF0-6EE0D980F13C}) (Version: 3.10.0039 - Seiko Epson Corporation)
EPSON L220 Series Printer Uninstall (HKLM\...\EPSON L220 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.40.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Google Chrome (HKCU\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{FCCF4B77-432F-EA83-4289-40C1DFA14C85}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
QuickBooks Pro 2002 (HKLM-x32\...\{809987B2-F964-11D4-A1A5-00104BD190B1}) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Software Updater (HKLM-x32\...\{C465AB7A-CF61-4648-86E4-7A29BFF2F3A9}) (Version: 4.3.5 - SEIKO EPSON CORPORATION)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.244 - Zemana Ltd.)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 57%
Total physical RAM: 3272.45 MB
Available physical RAM: 1375.91 MB
Total Virtual: 6543.04 MB
Available Virtual: 4412.89 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:244.04 GB) (Free:215.08 GB) NTFS
2 Drive d: () (Fixed) (Total:221.62 GB) (Free:221.25 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\WINDOWS7-PC
 
Administrator            Guest                    Windows7                 
 
 
**** End of log ****
 


#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:42 PM

Posted 27 December 2016 - 11:13 PM

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.

 

 

 

 

 

 

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

 

Scan & Clean With Ads Fix

 

  • Disable Windows Defender & Antivirus Prior To Running This Tool!!
  • Save Ads Fix to your desktop.
  • Right Click & Run As Administrator.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
  • Click Options then select Unlock the deletion.
  • Then click on clean.
  • A log file will appear after a reboot, post that in your next reply.


#5 jlsnslt

jlsnslt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 28 December 2016 - 01:19 AM

Im already done with 9-lab scan and Adware removal Tool. Cleaning with adsfix takes to long, an error also suddenly pops out at 65% then it closes adsfix. I rerun the Adsfix app and now at 22%. Should I still continue with adsfix cleaning? Im worried that the error might harm my system

Edited by jlsnslt, 28 December 2016 - 01:21 AM.


#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:42 PM

Posted 28 December 2016 - 01:23 AM

Should I still continue with adsfix cleaning?

 

Close it, reboot and post the logs and then tell me how your machine is running.



#7 jlsnslt

jlsnslt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 28 December 2016 - 01:26 AM

Here is the result for 9-Lab:

 

9-lab Removal Tool 1.0.0.39 BETA
9-lab.com
 
Database version: 151.45749
 
Windows 7 (Version 6.1, Build 7600, 64-bit Edition)
Internet Explorer 8.0.7600.16385
Windows7 :: WINDOWS7-PC
 
12/28/2016 12:26:10 PM
9lab-log-2016-12-28 (12-26-10).txt
 
Scan type: Full
Objects scanned: 28497
Time Elapsed: 9 m 52 s
 
Registry Keys detected: 4
Adware.RPL.Gen.rc [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Adware.RPL.Gen.rc [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
Adware.RPL.Gen.rc [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
Adware.RPL.Agent.dd [HKEY_CURRENT_USER\Software\AutoTime]
 
 
Files detected: 3
[8FF874D56BD07200101ACB4772474B3D] PUP.FPL.Gen.vl [C:\ProgramData\Yahoo! Companion\bootstrap.ini]
[F754C981820CE1C69A8C696BF3EF7F40] Malware.Win32.Gen.vb [C:\Users\Windows7\AppData\Local\Temp\00002080\51504.top.exe]
[B25314EBF29C0FB027012CD423C6A09F] Adware.Win32.ELEX.vl!n [C:\Users\Windows7\AppData\Local\Temp\GM$D.113.4015\Ruixin2.exe]
 
Here is for Adware Removal Tool:
 
PUP.unknown ->> Registry Key ->> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\ <RegKey:> {02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.unknown ->> Registry Key ->> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ <RegKey:> {02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.unknown ->> Registry Key ->> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ <RegKey:> {02478D38-C3F9-4efb-9B51-7695ECA05670}
PUP.unknown ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\classes\CLSID\ <RegKey:> {02478D38-C3F9-4efb-9B51-7695ECA05670}
PUP.unknown ->> Registry Key ->> HKEY_CLASSES_ROOT\CLSID\ <RegKey:> {02478D38-C3F9-4efb-9B51-7695ECA05670}
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670}
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}
[-] Deleted ->> Registry Key ->> HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}
 


#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:42 PM

Posted 28 December 2016 - 01:30 AM

So how is your machine running....



#9 jlsnslt

jlsnslt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 28 December 2016 - 01:38 AM

It is working fine but the issue with google chrome and internet explorer still redirecting to kipuu.cn site is still there

#10 jlsnslt

jlsnslt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 28 December 2016 - 01:44 AM

Ok I think its fixed now, I reset to default setting google chrome and internet explorer then reboot the PC and the issue is gone now.

#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:42 PM

Posted 28 December 2016 - 01:45 AM

Alright, lets do this....

 

 

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.
 

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

JRT Scan.


Please download Junkware Removal Tool and save it on your desktop.





  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

 

Reset Host File

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.

 

 

 

Download ResetBrowser To your desktop.
Now close all open browsers.
Right click and run as administrator.

eeNwtsc.png

Click on Reset Chrome-- Allow completion.
Now reboot your machine.

 

 

After the reboot repeat the process for internet explorer.



#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:42 PM

Posted 28 December 2016 - 01:47 AM

Also, you need to update your service pack....

 

Then update your programs with PatchMyPC

 

Post a fresh minitoolbox log when you have completed the above steps.



#13 jlsnslt

jlsnslt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 28 December 2016 - 01:56 AM

I think it's ok now. I will just regularly check my browsers and if ever the issue occurs again I will try your next suggestions. Thank you so much InadequateInfirmity

#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:42 PM

Posted 28 December 2016 - 02:07 AM

The last set of instructions about updating is really important. You should not skip these....



#15 jlsnslt

jlsnslt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 28 December 2016 - 02:09 AM

I will do that. Thanks again




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users