I'm having issues with my Google browser. When I click on a news post or anything else it redirects me to a different page. When I go to a shopping site I get little pop ups by "deal peak." I'm trying the instructions to remove and I have downloaded "Erunt" and backed up my registry. The next step is dl OTM but when I try this my AVG blocks it as a virus. I'm not very computer savy and would feel better if I had someone to help me with this. I have now dl'd OTM and have ran a scan. Now just waiting on the next step.
trying to remove redirects [Solved]
#1
Posted 09 August 2014 - 09:11 AM
#2
Posted 09 August 2014 - 09:22 AM
OK lets see what we need to clean
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Select additions at the bottom
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please attach both logs generated.
#3
Posted 09 August 2014 - 09:30 AM
ok trying it now
#4
Posted 09 August 2014 - 09:39 AM
ok here ya go
Attached Files
#5
Posted 09 August 2014 - 09:46 AM
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\ProgramData\Fast And Safe\FastAndSafe_x64.dll [4302848 2014-07-19] ()
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-07-19 20:57 - 2014-08-04 18:33 - 00000000 ____D () C:\ProgramData\64ba89ba46506d37
2014-07-19 20:57 - 2014-07-24 12:15 - 00000000 ____D () C:\ProgramData\PrioShoppEr
2014-07-19 20:17 - 2014-07-24 18:06 - 00000000 ____D () C:\ProgramData\Fast And Safe
2014-08-05 06:23 - 2014-08-04 18:33 - 00000000 ____D () C:\ProgramData\dEalpeiak
2014-08-04 18:33 - 2014-07-19 20:57 - 00000000 ____D () C:\ProgramData\64ba89ba46506d37
2014-07-24 12:15 - 2014-07-19 20:57 - 00000000 ____D () C:\ProgramData\PrioShoppEr
2014-07-24 06:04 - 2014-07-24 06:04 - 00000000 ____D () C:\Program Files (x86)\PrioShoppEr
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
#6
Posted 09 August 2014 - 10:05 AM
ok here's the fixlist
#7
Posted 09 August 2014 - 10:06 AM
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-08-2014 01
Ran by Weezie's at 2014-08-09 09:02:37 Run:1
Running from C:\Users\Weezie's\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\ProgramData\Fast And Safe\FastAndSafe_x64.dll [4302848 2014-07-19] ()
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com....rchTerms}=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com....rchTerms}=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-07-19 20:57 - 2014-08-04 18:33 - 00000000 ____D () C:\ProgramData\64ba89ba46506d37
2014-07-19 20:57 - 2014-07-24 12:15 - 00000000 ____D () C:\ProgramData\PrioShoppEr
2014-07-19 20:17 - 2014-07-24 18:06 - 00000000 ____D () C:\ProgramData\Fast And Safe
2014-08-05 06:23 - 2014-08-04 18:33 - 00000000 ____D () C:\ProgramData\dEalpeiak
2014-08-04 18:33 - 2014-07-19 20:57 - 00000000 ____D () C:\ProgramData\64ba89ba46506d37
2014-07-24 12:15 - 2014-07-19 20:57 - 00000000 ____D () C:\ProgramData\PrioShoppEr
2014-07-24 06:04 - 2014-07-24 06:04 - 00000000 ____D () C:\Program Files (x86)\PrioShoppEr
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:
*****************
"C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL" => Value Data removed successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\ProgramData\64ba89ba46506d37 => Moved successfully.
C:\ProgramData\PrioShoppEr => Moved successfully.
C:\ProgramData\Fast And Safe => Moved successfully.
C:\ProgramData\dEalpeiak => Moved successfully.
"C:\ProgramData\64ba89ba46506d37" => File/Directory not found.
"C:\ProgramData\PrioShoppEr" => File/Directory not found.
C:\Program Files (x86)\PrioShoppEr => Moved successfully.
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
{2BBC5574-A344-4468-9A59-BEAE68EF20EE} canceled.
1 out of 1 jobs canceled.
========= End of CMD: =========
========= DEL %TEMP%\*.* /F /S /Q =========
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\1FB9.tmp
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\5C7D.tmp
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\7E6A.tmp
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\B799.tmp
C:\Users\Weezie's\AppData\Local\Temp\FXSAPIDebugLogFile.txt
The process cannot access the file because it is being used by another process.
C:\Users\Weezie's\AppData\Local\Temp\qtlocalpeer-Amazon-4678-1-lockfile
The process cannot access the file because it is being used by another process.
C:\Users\Weezie's\AppData\Local\Temp\qtlocalpeer-Amazon-bdab-1-lockfile
The process cannot access the file because it is being used by another process.
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\~DF542456A50A9A4E58.TMP
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\~DF8D430BBD8D0C62B5.TMP
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\~DFDAE12B4CF91D1D18.TMP
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\clear.fiClient\cabarc.exe
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\clear.fiClient\computer.ico
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\clear.fiClient\DeviceInfo.xml
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\clear.fiClient\PackageInfo.xml
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\clear.fiClient\WindowsInfo.xml
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\HP\AtStatus\hpinksts8811lm.log
C:\Users\Weezie's\AppData\Local\Temp\{39CB0A02-A0B2-49C9-965C-FCDD39047234}\fpb.tmp
Access is denied.
========= End of CMD: =========
========= RD /S /Q %TEMP% =========
C:\Users\Weezie's\AppData\Local\Temp\FXSAPIDebugLogFile.txt - The process cannot access the file because it is being used by another process.
C:\Users\Weezie's\AppData\Local\Temp\qtlocalpeer-Amazon-4678-1-lockfile - The process cannot access the file because it is being used by another process.
C:\Users\Weezie's\AppData\Local\Temp\qtlocalpeer-Amazon-bdab-1-lockfile - The process cannot access the file because it is being used by another process.
C:\Users\Weezie's\AppData\Local\Temp\{39CB0~1\fpb.tmp - Access is denied.
C:\Users\Weezie's\AppData\Local\Temp\~DF542456A50A9A4E58.TMP - Access is denied.
C:\Users\Weezie's\AppData\Local\Temp\~DF8D430BBD8D0C62B5.TMP - Access is denied.
C:\Users\Weezie's\AppData\Local\Temp\~DFDAE12B4CF91D1D18.TMP - Access is denied.
========= End of CMD: =========
The system needed a reboot.
==== End of Fixlog ====
#8
Posted 09 August 2014 - 10:20 AM
#9
Posted 09 August 2014 - 10:22 AM
I'm still getting the dealpeak ads
Attached Files
#10
Posted 09 August 2014 - 10:26 AM
Run FRST and in the search box type the following :
deal peak
Then press search registry
Once done a search.txt file will appear please post that
#11
Posted 09 August 2014 - 10:36 AM
Farbar Recovery Scan Tool (x64) Version: 09-08-2014 01
Ran by Weezie's at 2014-08-09 09:35:42
Running from C:\Users\Weezie's\Desktop
Boot Mode: Normal
================== Search Registry: "deal peak" ===========
====== End Of Search ======
#12
Posted 09 August 2014 - 10:41 AM
Farbar Recovery Scan Tool (x64) Version: 09-08-2014 01
Ran by Weezie's at 2014-08-09 09:40:13
Running from C:\Users\Weezie's\Desktop
Boot Mode: Normal
================== Search Registry: "dealpeak®" ===========
====== End Of Search ======
on this one I copied the name exactly how it comes up on my browser
#13
Posted 09 August 2014 - 10:41 AM
Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
- Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- It will close all programs when run, so make sure you have saved all your work before you begin.
- Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
- Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
#14
Posted 09 August 2014 - 10:43 AM
could it be hiding on an external hd and running on my computer? I have 2 externals connected to my computer
#15
Posted 09 August 2014 - 10:48 AM
Download Shortcut cleaner from here http://www.bleepingc...ortcut-cleaner/ to your desktop
Run the programme
On completion it will generate a log please post that
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users