Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trying to remove redirects [Solved]


  • This topic is locked This topic is locked

#1
WezVillag

WezVillag

    Member

  • Member
  • PipPip
  • 33 posts

I'm having issues with my Google browser. When I click on a news post or anything else it redirects me to a different page. When I go to a shopping site I get little pop ups by "deal peak." I'm trying the instructions to remove and I have downloaded "Erunt" and backed up my registry. The next step is dl OTM but when I try this my AVG blocks it as a virus. I'm not very computer savy and would feel better if I had someone to help me with this. I have now dl'd OTM and have ran a scan. Now just waiting on the next step.  


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi, antiviruses will tag some of our tools as suspicious due to their nature. However, we will never ask you to download anything unsafe

OK lets see what we need to clean

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
WezVillag

WezVillag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

ok trying it now


  • 0

#4
WezVillag

WezVillag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

ok here ya go

Attached Files


  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know how the computer is behaving after these runs

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\ProgramData\Fast And Safe\FastAndSafe_x64.dll [4302848 2014-07-19] ()
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-07-19 20:57 - 2014-08-04 18:33 - 00000000 ____D () C:\ProgramData\64ba89ba46506d37
2014-07-19 20:57 - 2014-07-24 12:15 - 00000000 ____D () C:\ProgramData\PrioShoppEr
2014-07-19 20:17 - 2014-07-24 18:06 - 00000000 ____D () C:\ProgramData\Fast And Safe
2014-08-05 06:23 - 2014-08-04 18:33 - 00000000 ____D () C:\ProgramData\dEalpeiak
2014-08-04 18:33 - 2014-07-19 20:57 - 00000000 ____D () C:\ProgramData\64ba89ba46506d37
2014-07-24 12:15 - 2014-07-19 20:57 - 00000000 ____D () C:\ProgramData\PrioShoppEr
2014-07-24 06:04 - 2014-07-24 06:04 - 00000000 ____D () C:\Program Files (x86)\PrioShoppEr
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#6
WezVillag

WezVillag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

ok here's the fixlist


  • 0

#7
WezVillag

WezVillag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-08-2014 01
Ran by Weezie's at 2014-08-09 09:02:37 Run:1
Running from C:\Users\Weezie's\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\ProgramData\Fast And Safe\FastAndSafe_x64.dll [4302848 2014-07-19] ()
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com....rchTerms}=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com....rchTerms}=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-07-19 20:57 - 2014-08-04 18:33 - 00000000 ____D () C:\ProgramData\64ba89ba46506d37
2014-07-19 20:57 - 2014-07-24 12:15 - 00000000 ____D () C:\ProgramData\PrioShoppEr
2014-07-19 20:17 - 2014-07-24 18:06 - 00000000 ____D () C:\ProgramData\Fast And Safe
2014-08-05 06:23 - 2014-08-04 18:33 - 00000000 ____D () C:\ProgramData\dEalpeiak
2014-08-04 18:33 - 2014-07-19 20:57 - 00000000 ____D () C:\ProgramData\64ba89ba46506d37
2014-07-24 12:15 - 2014-07-19 20:57 - 00000000 ____D () C:\ProgramData\PrioShoppEr
2014-07-24 06:04 - 2014-07-24 06:04 - 00000000 ____D () C:\Program Files (x86)\PrioShoppEr
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:

*****************

"C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL" => Value Data removed successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\ProgramData\64ba89ba46506d37 => Moved successfully.
C:\ProgramData\PrioShoppEr => Moved successfully.
C:\ProgramData\Fast And Safe => Moved successfully.
C:\ProgramData\dEalpeiak => Moved successfully.
"C:\ProgramData\64ba89ba46506d37" => File/Directory not found.
"C:\ProgramData\PrioShoppEr" => File/Directory not found.
C:\Program Files (x86)\PrioShoppEr => Moved successfully.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{2BBC5574-A344-4468-9A59-BEAE68EF20EE} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========

=========  DEL %TEMP%\*.* /F /S /Q =========

Deleted file - C:\Users\Weezie's\AppData\Local\Temp\1FB9.tmp
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\5C7D.tmp
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\7E6A.tmp
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\B799.tmp
C:\Users\Weezie's\AppData\Local\Temp\FXSAPIDebugLogFile.txt
The process cannot access the file because it is being used by another process.
C:\Users\Weezie's\AppData\Local\Temp\qtlocalpeer-Amazon-4678-1-lockfile
The process cannot access the file because it is being used by another process.
C:\Users\Weezie's\AppData\Local\Temp\qtlocalpeer-Amazon-bdab-1-lockfile
The process cannot access the file because it is being used by another process.
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\~DF542456A50A9A4E58.TMP
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\~DF8D430BBD8D0C62B5.TMP
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\~DFDAE12B4CF91D1D18.TMP
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\clear.fiClient\cabarc.exe
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\clear.fiClient\computer.ico
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\clear.fiClient\DeviceInfo.xml
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\clear.fiClient\PackageInfo.xml
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\clear.fiClient\WindowsInfo.xml
Deleted file - C:\Users\Weezie's\AppData\Local\Temp\HP\AtStatus\hpinksts8811lm.log
C:\Users\Weezie's\AppData\Local\Temp\{39CB0A02-A0B2-49C9-965C-FCDD39047234}\fpb.tmp
Access is denied.

========= End of CMD: =========

=========  RD /S /Q %TEMP% =========

C:\Users\Weezie's\AppData\Local\Temp\FXSAPIDebugLogFile.txt - The process cannot access the file because it is being used by another process.
C:\Users\Weezie's\AppData\Local\Temp\qtlocalpeer-Amazon-4678-1-lockfile - The process cannot access the file because it is being used by another process.
C:\Users\Weezie's\AppData\Local\Temp\qtlocalpeer-Amazon-bdab-1-lockfile - The process cannot access the file because it is being used by another process.
C:\Users\Weezie's\AppData\Local\Temp\{39CB0~1\fpb.tmp - Access is denied.
C:\Users\Weezie's\AppData\Local\Temp\~DF542456A50A9A4E58.TMP - Access is denied.
C:\Users\Weezie's\AppData\Local\Temp\~DF8D430BBD8D0C62B5.TMP - Access is denied.
C:\Users\Weezie's\AppData\Local\Temp\~DFDAE12B4CF91D1D18.TMP - Access is denied.

========= End of CMD: =========

 

The system needed a reboot.

==== End of Fixlog ====


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That's some of the rubbish gone, lets see what AdwCleaner finds :)
  • 0

#9
WezVillag

WezVillag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

I'm still getting the dealpeak ads

Attached Files


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see where it is hiding

Run FRST and in the search box type the following :

deal peak

Then press search registry
frst.JPG

Once done a search.txt file will appear please post that
  • 0

Advertisements


#11
WezVillag

WezVillag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Farbar Recovery Scan Tool (x64) Version: 09-08-2014 01
Ran by Weezie's at 2014-08-09 09:35:42
Running from C:\Users\Weezie's\Desktop
Boot Mode: Normal

================== Search Registry: "deal peak" ===========

====== End Of Search ======


  • 0

#12
WezVillag

WezVillag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Farbar Recovery Scan Tool (x64) Version: 09-08-2014 01
Ran by Weezie's at 2014-08-09 09:40:13
Running from C:\Users\Weezie's\Desktop
Boot Mode: Normal

================== Search Registry: "dealpeak®" ===========

====== End Of Search ======

 

on this one I copied the name exactly how it comes up on my browser


  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK do the ads appear on a specific site ?

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

  • 0

#14
WezVillag

WezVillag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

could it be hiding on an external hd and running on my computer? I have 2 externals connected to my computer


  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It is very doubtful it is on a slave hard drive

Download Shortcut cleaner from here http://www.bleepingc...ortcut-cleaner/ to your desktop
Run the programme
On completion it will generate a log please post that
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP