Solved I keep getting redirected.

April 26, 2015 at 18:45:55
Specs: Windows Vista
It always redirects to this page
http://wpkg.org/
I've tried many things, it's fine on some websites but not all. I didn't install anything.

See More: I keep getting redirected.

Report •


✔ Best Answer
April 27, 2015 at 19:13:43
It's not malware of any kind. It will happen with any web page with a facebook connect link on any Chinese IP.

https://discussions.apple.com/messa...



#1
April 26, 2015 at 19:07:46
Here are the first 2 steps, there will be more steps needed, after I see the results of these logs.

Run them in this order.

Step 1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.org/
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#2
April 26, 2015 at 19:14:02
Is there another way? Will rebooting delete files? This is the only laptop I have, I need to be very, very careful. It doesn't happen on all sites, only some. For example, http://www.kongregate.com/ doesn't work.

Report •

#3
April 26, 2015 at 19:20:59
"Is there another way?"
This is the safest way, other than taking out the hard drive, slaving it to another comp & checking it for malware.

Report •

Related Solutions

#4
April 26, 2015 at 20:52:42
You can trust what John is explaining is the most thorough and most likely to get it completely clean. Just take it one step at a time and follow instructions carefully. The longer malware is on your machine, the deeper it gets and before you even realize it is there, it has worked deep in and may even be downloading other junk to either make things worse or give you easy things to find so you may ignore the original problem too long. (I am not assigning thought to the software, just the programmer)

You have to be a little bit crazy to keep you from going insane.


Report •

#5
April 26, 2015 at 21:38:00
I have very important documents and I do not have a place to store it on.

Report •

#6
April 26, 2015 at 21:47:55
How big to you think the total of the files is?

message edited by Johnw


Report •

#7
April 27, 2015 at 01:43:30
"I have very important documents and I do not have a place to store it on"

33 Free Cloud Storage Services
http://freebies.about.com/od/comput...
Top 10 Free Cloud Storage Services
http://www.1mtb.com/top-10-best-fre...
JustCloud
http://www.justcloud.com/


Report •

#8
April 27, 2015 at 02:08:35
If your laptop had a cd/dvd burner (and most do), then you can copy data/files to dvd. Ideally make two sets, keep them safe - and regularly check/update them.

There is free burning software available if you don't have any installed for that purpose.


Report •

#9
April 27, 2015 at 05:22:20
Your system is infected. You need to run an anti-malware program such as Malwarebytes Anti-malware to remove the infection. Download the Free version for home use. After it's installed, update it & then run a full scan.

http://www.malwarebytes.org/2/

And you should be backing up your important files to external media - CDs, DVDs, or an external hard drive. USB flash drives are OK for temporary storage but are unreliable & can be easily lost or damaged.


Report •

#10
April 27, 2015 at 11:47:10
The two free programs suggested in #1 are very small and used widely on this forum and others, as is MalwareBytes in #9. They are perfectly safe. The alternative is to wait until the malware really digs in and starts wrecking things. There is no magic wand that can be waived to fix malware.

Always pop back and let us know the outcome - thanks


Report •

#11
April 27, 2015 at 13:24:40
Spybot 1.62 may help root out the malware. Emsisoft has a 30day trial version you can run awhile. Malwarebytes Anti-Malware is pretty good. Your data files for the most part should be safe from the security sniffing and rooting. However, it IS a great idea to have a consistent regular image and/or folder/file backup routine in place.

Report •

#12
April 27, 2015 at 13:49:52
Better add that the downloads for the two programs given in #1 are only around 2M each. If you are that tight for space then your computer wouldn't work. They can both be removed later. Just those two alone might easily cure the reported symptom (although not anywhere enough to properly clean the computer).

Always pop back and let us know the outcome - thanks


Report •

#13
April 27, 2015 at 14:02:37
A simple/standard disk clean up routine might release a little more usable space; pending further actions in that direction...

Try this routine as per M$-land:

http://windows.microsoft.com/en-gb/...


Report •

#14
April 27, 2015 at 18:28:36
Hello, I happen to be having the same problem here (keep getting redirected to wpkg.org when I try to load certain websites). I've completed the actions, as you've said. I ran ADW twice. The first time 3 files were removed (laptop shut down before I could post results), but I did clean them. Here is the log from the JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.5 (04.27.2015:1)
OS: Windows 8.1 x64
Ran by Max on Tue 04/28/2015 at 9:04:29.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1402008833-2902985947-851822487-1002

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1402008833-2902985947-851822487-1002\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C9C7334B-5657-41e1-8F79-F6AACECA05F4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DDD362CF-523B-4BC9-8FDC-58F93B6BC945}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C7334B-5657-41e1-8F79-F6AACECA05F4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DDD362CF-523B-4BC9-8FDC-58F93B6BC945}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{C9C7334B-5657-41e1-8F79-F6AACECA05F4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DDD362CF-523B-4BC9-8FDC-58F93B6BC945}

~~~ Files

Successfully deleted: [File] C:\WINDOWS\wininit.ini
Successfully deleted: [File] C:\WINDOWS\prefetch\BAIDUSDTRAY.EXE-FAE373DA.pf

~~~ Folders

Failed to delete: [Folder] C:\Program Files (x86)\tencent
Successfully deleted: [Folder] C:\ProgramData\tencent
Successfully deleted: [Folder] C:\Users\Max\appdata\local\tencent
Successfully deleted: [Folder] C:\Users\Max\appdata\locallow\tencent
Successfully deleted: [Folder] C:\Users\Max\AppData\Roaming\tencent
Successfully deleted: [Folder] C:\WINDOWS\syswow64\ai_recyclebin

~~~ FireFox

Successfully deleted the following from C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\f4ricsck.default-1430130075902\prefs.js

user_pref(extensions.xpiState, {\app-profile\:{\iobitascsurfingprotection@iobit.com\:{\d\:\C:\\\\Users\\\\Max\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/28/2015 at 9:10:57.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Any help is appreciated to get this problem taken care of. Thanks!!

Also, I've had the problem since yesterday and ran malware bytes several times, avg several times, but they show nothing is coming up. I've just downloaded the latest version thanks to the poster a few posts up (the actual website is banned here in China so I was previously unable to update my database). Waiting on my mwb to finish scanning, but I have a feeling it will still come back empty.

message edited by Gingervitis


Report •

#15
April 27, 2015 at 18:30:21
I'm online Gingervitis, give me a few minutes & I can help.

Report •

#16
April 27, 2015 at 18:33:21
Lets see if Malwarebytes will run.

Update & Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan ( now called Threat Scan )
Malwarebytes' Anti-Malware
http://www.softpedia.com/get/Antivi...
http://www.malwarebytes.org/free/
Make sure you uncheck > Enable free trial < at the END of the install.
http://i.imgur.com/tUFCbYz.gif
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif
Copy and Paste the contents of the log, in your reply please.
Log locations
http://i.imgur.com/s05hsP9.gif
http://i.imgur.com/qZ5dybV.gif
http://i.imgur.com/wOHlluy.gif
http://i.imgur.com/pYQQLah.gif

If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
If your MBAM log indicates "No action taken". That's usually a result of NOT clicking the Apply Actions button after the scan. In most cases, a restart will be required.


Report •

#17
April 27, 2015 at 18:54:36
"here in China"
I'm here.
http://www.timeanddate.com/worldclo...

"Waiting on my mwb to finish scanning, but I have a feeling it will still come back empty"
I see you edited your post.

After mwb.

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Anything that is not checked, leave it unchecked.
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed, make sure to re-enable your antivirus.

message edited by Johnw


Report •

#18
April 27, 2015 at 19:01:01
Sorry for the late response, I had to let it run a while. I also am teaching a few classes today. Anyway, here are the results (still comes up showing nothing, and I made sure it searched for root kits):

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/28/2015
Scan Time: 9:43:12 AM
Logfile: logs.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.04.27.05
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Max

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 370037
Time Elapsed: 15 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#19
April 27, 2015 at 19:06:18
"(still comes up showing nothing, and I made sure it searched for root kits)"
Yep, that's par for course, the malware is doing it's job & stopping mwb getting to it, we are in the process of outsmarting the nasties & will dismantle them bit by bit.

Report •

#20
April 27, 2015 at 19:08:53
I appreciate your help thus far. Keep me updated :) I'm currently running a Chinese anti-malware/anti-virus/anti-spyware program that a colleague told me about. I'll let you guys know if it works (although everything is in Chinese Mandarin)

Report •

#21
April 27, 2015 at 19:11:22
"Keep me updated"
Did you see my post #17?

Report •

#22
April 27, 2015 at 19:13:43
✔ Best Answer
It's not malware of any kind. It will happen with any web page with a facebook connect link on any Chinese IP.

https://discussions.apple.com/messa...


Report •

#23
April 27, 2015 at 19:16:44
I did not, but I def. will try that as soon as I get back from my next two classes!

Report •

#24
April 27, 2015 at 19:35:01
After posting the RougeKiller log.

Next step, try AdwCleaner again please.

After posting the AdwCleaner log.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#25
April 27, 2015 at 21:02:32
Here's what I got after running roguekiller:

RogueKiller V10.6.1.0 [Apr 24 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Max [Administrator]
Started from : C:\Users\Max\Desktop\RogueKiller.exe
Mode : Delete -- Date : 04/28/2015 12:01:22

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 7 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BAPIDRV (system32\DRIVERS\BAPIDRV64.sys) -> Not selected
[VT.Unknown|PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8BFF132C-8413-4760-A3E6-254256E9D126} | DhcpNameServer : 61.134.1.5 211.137.130.3 [CHINA (CN)][CHINA (CN)] -> Not selected
[VT.Unknown|PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8BFF132C-8413-4760-A3E6-254256E9D126} | DhcpNameServer : 61.134.1.5 211.137.130.3 [CHINA (CN)][CHINA (CN)] -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] f4ricsck.default-1430130075902 : user_pref("browser.startup.homepage", "http://bing.com/"); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 452f1063821a9da017b29dc4281a65ae
[BSP] daf0f34305b3c3b6c4c987776e6a77c5 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 300 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 616448 | Size: 900 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2459648 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2721792 | Size: 931600 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1910638592 | Size: 450 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1911560192 | Size: 20490 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_04282015_111407.log - RKreport_DEL_04282015_120106.log


Report •

#26
April 27, 2015 at 21:08:29
from adw:

# AdwCleaner v4.202 - Logfile created 28/04/2015 at 12:06:55
# Updated 23/04/2015 by Xplode
# Database : 2015-04-27.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Max - GINGERVITIS
# Running from : C:\Users\Max\Downloads\adwcleaner_4.202.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v37.0.2 (x86 en-US)


-\\ Google Chrome v42.0.2311.90


*************************

AdwCleaner[R0].txt - [6476 bytes] - [28/04/2015 08:56:11]
AdwCleaner[R1].txt - [6535 bytes] - [28/04/2015 08:57:28]
AdwCleaner[R2].txt - [949 bytes] - [28/04/2015 09:24:32]
AdwCleaner[R3].txt - [812 bytes] - [28/04/2015 12:06:55]
AdwCleaner[S0].txt - [6716 bytes] - [28/04/2015 08:58:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [929 bytes] ##########


Report •

#27
April 27, 2015 at 21:16:36
I live in China. The McAfee I have says that it is a safe site. I'll wait for further responses. Thanks for the help so far. ;]

message edited by MrTomato


Report •

#28
Report •

#29
April 27, 2015 at 21:20:11
Mr. Tomato, I've noticed that this is largely affecting foreigners in China. Perhaps the virus came from something out here? My friend downloaded a movie or something and put it on his flashdrive. Then, I used his flashdrive for one of my classes and that same day (yesterday) I happened to have a ton of websites get redirected from websites, like Dictionary.com, to wpkg.org.

Report •

#30
April 27, 2015 at 21:37:01
Thank you, Wiser2001, I have read the article and it does seem to make sense that this is not adware, it's simply Chinese internet being, well, Chinese internet. For anyone who may have glossed over, Wiser2001 said:

It's not malware of any kind. It will happen with any web page with a facebook connect link on any Chinese IP.

https://discussions.apple.com/messa...


Here's information from the thread:
-It's affecting people in China
-Webpages with a facebook redirect will experience this redirect to wpkg.org
-Quoted from MVPlus "It looks like adding custom filter to Adblock, "connect.facebook.net/en_US/all.js" and "connect.facebook.net/en_US/sdk.js" solve the issue until the wave is over, for Safari too."

I'm not the most tech savvy person, but I'm not sure if this is something in my laptop or if it's something that Chinese internet users are experiencing. Either way, I look forward to new responses here. All help is appreciated. Thanks!


Report •

#31
April 28, 2015 at 01:32:49
Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: 电脑管家网页防�墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\TSWebMon64.dat No File
FF Homepage: hxxp://bing.com/
FF Plugin-x32: @baidu.com/BaiduExpert-npplugin -> C:\Program Files (x86)\Common Files\Baidu\BDWebAdapter\2.0.175.0\npBDExNP.dll No File
FF Plugin-x32: @baidu.com/BaiduRJDownloaderPlugin -> C:\Users\Max\AppData\Roaming\baidu\BaiduRJDownloader1.3\1.3.0.377\npBDSoftHelperPlug.dll No File
FF Plugin-x32: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files (x86)\BaiduSd2.1\BaiduSd\2.1.0.3086\explugin\npBaiduSDDetectPlug.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\npQMExtensionsMozilla.dll No File
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll No File
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QzoneMusic\npQzoneMusic.dll No File
S3 TAOFrame; "C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\TAOFrame.exe" [X]
R1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\QMUdisk64.sys [X]
R2 QQSysMonX64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\QQSysMonX64.sys [X]
S3 TS888x64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\TS888x64.sys [X]
R1 TSCPM; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\tscpm64.sys [X]
S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\TSDefenseBT64.sys [X]
R1 TSSysKit; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\TSSysKit64.sys [X]
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#32
April 28, 2015 at 07:20:05
Just to say that whether or not your reported problem turns out to be malware related there are certainly some dubious items being removed. This can only be a good thing.

Always pop back and let us know the outcome - thanks


Report •

#33
April 29, 2015 at 20:11:14
I doesn't redirect anymore, thanks for the help, though. ;]

Report •


Ask Question