Surf and Keep/AllCheapPrice/Tuvaro/WatchitNoAds

[Polyphase Avatron]

I have had serious problems since a few months ago when I downloaded a file, it installed the "Surf and Keep" adware, which I sort of got rid off, but this browser extension "aalchheapprice" or something kept popping up, then after a while another one called "WatcheItNoeAds2.7" appeared. I could remove the first one every time I booted Chrome but it kept coming back, the second one, however, is "installed by enterprise policy" and undeleteable, I eventually got rid of the first one by deleting something in program data and it hasn't yet reappeared, but I can't get rid of the second one. In addition, ever since the problem started, any random search (i.e. opening a new tab and typing something) will take me to the Tuvaro search instead of Google search. The "WatcheItNoeAds2.7" seems to create random links in website text.

 

[TwinHeadedEagle]

Hi,


Uninstall following from Control Panel:
- GS.Supporter 1.80
- GS-Enabler
- GS-Supporter 1.80
- Speed Streamer
- YoutubeAdblocker


Restart your PC.



Then:



Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

Open FRST, and click Fix. Attach me that report after it is finished.

 

[Polyphase Avatron]

GS-Enabler and YoutubeAdBlocker aren't appearing on the control panel programs list, also when I try to uninstall the others I get an error, saying it can't find a dll or ena file and "the specified module could not be found".

 

[TwinHeadedEagle]

Then skip it and jump to the other step.



Then...



Please download zoek.zip or zoek.rar by smeenk (

) from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:
  
  

  createsrpoint; 
  StandardSearch; 
  emptyfolderscheck; 
  installer-list; 
  installedprogs; 
  uninstall-list;

• Click on
  
  button.
  Please wait until a logreport will open (this can be after reboot)
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

[Polyphase Avatron]

I try to upload it but it says it has an invalid file extension (.log)

 

[Polyphase Avatron]

Okay I changed the extensinon

 

[TwinHeadedEagle]

Run Zoek again, but now with this script

emptyclsid;
emptyfolderscheck;delete
shortcutfix;
resetIEproxy;
netsh int ip reset >> %temp%\log.txt;b
ipconfig /flushdns >> %temp%\log.txt;b
resethosts;
emptyalltemp;
autoclean;

 

[Polyphase Avatron]

That didn't solve the problem, WatcheItNoeAds2.7 is still there, as well as the Tuvaro redirect. Should I delete the files/folders in the zoek log that show where those extensions are? (Comodo and whatnot)?

EDIT: Speed Streamer also still appears in the control panel list of installed programs.

 

[TwinHeadedEagle]

Follow my last instruction and attach requested report...

 

[Polyphase Avatron]

Here's the log produced by running the zoek program with your latest instruction.

I'm unclear as to what you want me to do next.

 

[TwinHeadedEagle]

Run Zoek again with this script

QuickScan;

 

[Polyphase Avatron]

Okay, I did, here is the result.

 

[TwinHeadedEagle]

Re-run Zoek with this script

ffmenu@savevid.com;ff
surfu anD keepp;chr
surf and keep;chr
Closed tabs;chr
grEAtseavieRR;chr
YTBiookMark;chr
SNT;chr
suRF and keep;chr
YoutubeAdblocker;chr
suurf and kueepp;chr
autoclean;
emptyclsid;
emptyalltemp;

 

[Polyphase Avatron]

Okay, I ran it, but WatchItNoAds and the Tuvaro redirect are still there after I rebooted and started Chrome again. Here's the newest log.

 

[TwinHeadedEagle]

Run zoek again with this script

Quickscan;

 

[Polyphase Avatron]

Ok, here is the result.

What next?

 

[TwinHeadedEagle]

We need to investigate further.


Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.

• Press Start Scan
• If Suspicious object is detected, the default action will be Skip, click on Continue.
• If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.



Then re-run FRST and attach both reports...

 

[Polyphase Avatron]

Here it is. It says it didn't find anything.

Now what?

 

[TwinHeadedEagle]

You're missing FRST reports...

 

[Polyphase Avatron]

I'm confused, it only created one report.

Is there anything else I need to do?