[INACTIVE] NetUtils2016: PC badly affected after installing program

1. Please download DeFogger to your desktop.
   
2. Once downloaded, double-click on the DeFogger icon to start the tool.
   
3. The application window will now appear.  You should now click on the Disable button to disable your CD Emulation drivers
   
4. When it prompts you whether or not you want to continue, please click on the Yes button to continue
   
5. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
   
6. If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine.  Please allow it to do so by clicking on the OK button.

• Right-click on the JRT.exe or Junkware Removal Tool icon and select Run as Administrator to start the tool.
  
• Follow the prompts and let this process run uninterrupted.
  
• This scan can take a while, depending on your System specs.
  
• Upon completion, a log (JRT.txt) will open on your desktop.

• Double click on AdwCleaner_xxxx.exe to run the tool.
  
• Click on Scan.
  
• After done scanning, please hit Logfile. Locate the logfile in the Scan tab, double-click on it, copy the information inside of it, and paste it into your next reply.
  
• You can find the logfile at C:\AdwCleaner[Sx].txt as well.

• Double-click mb3-setup-consumer-3.x.x.xxxx and follow the prompts to install the program.
  
• Click Finish.
  
• On the Dashboard, click the 'Check for Updates' button.
  
• After the update completes, click the 'Scan Now' button.
  
• A Threat Scan will begin. Please allow it to progress through the scanning process.
  
• When the scan is complete, if there have been detections, click Quarantines Selected button to allow the program to clean what was detected.
  
• In most cases, a restart will be required.
  
• Wait for the prompt to restart the computer to appear, then click on Yes.
  

• After the restart once you are back at your desktop, open Malwarebytes once more.
  
• Click on the Reports tab > Scan Report. (if you have done more than one scan in the past, select the most recent that shows the Date and time of the scan just performed. Press View Report button.
  
• Click 'Export'.
  
• Click 'Text file (*.txt)'
  
• In the Save File dialog box which appears, click on Desktop.
  
• In the File name: box type a name for your scan log.
  
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  
• Click Ok
  
• Find the log on your Desktop and Attach that saved log to your next reply.
  

• Log from Junkware Removal Tool
  
• Log from AdwCleaner tool
  
• Log from Malwarebytes Scanner

• Log from Junkware Removal Tool log
  
  
• Log from AdwCleaner tool log ( both logs)
  
  
• The Malwarebytes log is not available as it has failed to finish.
  
  

• Close any open browsers.
  
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
  

• Double click on ComboFix.exe & follow the prompts.
  
• When ComboFix finishes, it will produce a report for you.
  
• Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
  

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• When the tool opens click Yes to disclaimer.
  
• Make sure that Addition option is checked.
  
• Press Scan button and wait.
  
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
  

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart of your computer, please make sure you let the system restart normally. After that let the tool complete its run.
  
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Make sure that Addition option is checked.
  
• Press Scan button and wait.
  
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
  

• Double-click mb3-setup-consumer-3.x.x.xxxx and follow the prompts to install the program.
  
• Click Finish.
  
• On the Dashboard, click the 'Check for Updates' button.
  
• After the update completes, then, on the Dashboard, select Settings.
  
• Click on Protection.
  
• Ensure that Scan for rootkits is checked. If not, check it.
  
• Return to the Dashboard and click the 'Scan Now' button.
  
• A Threat Scan will begin. Please allow it to progress through the scanning process.
  
• When the scan is complete, if there have been detections, click Quarantines Selected button to allow the program to clean what was detected.
  
• In most cases, a restart will be required.
  
• Wait for the prompt to restart the computer to appear, then click on Yes.
  

• After the restart once you are back at your desktop, open Malwarebytes once more.
  
• Click on the Reports tab > Scan Report. (if you have done more than one scan in the past, select the most recent that shows the Date and time of the scan just performed. Press View Report button.
  
• Click 'Export'.
  
• Click 'Text file (*.txt)'
  
• In the Save File dialog box which appears, click on Desktop.
  
• In the File name: box type a name for your scan log.
  
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  
• Click Ok
  
• Find the log on your Desktop and Attach that saved log to your next reply.
  

• Download TDSSKiller and save it to your Desktop.
  
• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents the report here.
  

• After the download completes please double click the program to run it.
  
• Accept the terms of the license agreement and click Next
  
• Let the scan run. It will not take long
  
• When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
  
• Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
  
• Upload log.xml here for review please
  

• Double click the icon and select Run
  
• Click Next
  
• Select I accept the terms in this license agreement, then click Next twice
  
• Click Install
  
• Click Finish to launch the program
  
• Once the virus database has been updated click Start Scanning
  
• If any threats are found click Details, then View log file... (bottom left hand corner)
  
• Copy and paste the results in your reply
  
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
  
• Click Exit to close the program
  

• Right-click on the HerdProtect icon and select Run as Administrator to install the scanner.
  
• It will ask for the location - leave the default one (%ProgramFiles%) or select another, convenient one.
  
• Agree to the terms, select Launch herdProtect and click Finish.
  
• Click Scan. It may take a while, depending on your system and connection specs. Please be patient.
  
• When it finishes click on Save Results.
  
• A Notepad with a report should open.
  

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart of your computer, please make sure you let the system restart normally. After that let the tool complete its run.
  
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

• Download RogueKiller from the following link and save it on your desktop:
  TechSpot
  Official Site (alternative)
  
• Quit all programs
  
• Start RogueKiller.exe.
  
• Wait until Prescan has finished ...
  
• Click on Scan
  

• Wait for the end of the scan.
  
• The report has been created on the desktop.
  
• Click on the Delete button.
  

• The report has been created on the desktop.
  

• Next click on the ShortcutsFix
  
  
  
• The report has been created on the desktop.
  

• Doubleclick CKScanner.exe and click Search For Files.
  
• After a very short time, when the cursor hourglass disappears, click Save List To File.
  
• A message box will verify that the file is saved.
  
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
  

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

• Please close all open programs and internet browsers.
  
• Double click on adwcleaner_xxxx.exe to run the tool.
  
• Press Scan, wait for it to finish.
  
• Ensure to only check the following items (uncheck all others):
  Chrome pref Found:  [C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Web data] - uk.ask.com
  Chrome pref Found:  [C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://uk.search.yahoo.com?type=512435&fr=spigot-yhp-ch.
  
• Then hit the Clean button.
  
• Your computer will be rebooted automatically. If it does not, please reboot the computer manually.
  
• Re-run AdwCleaner as before and post a new log please.
  

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Make sure that Addition option is checked.
  
• Press Scan button and wait.
  
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
  

• Once it is restarted and you're back in Windows, double-click adwcleaner_xxxx.exe, hit "Logfile." On the Cleaning tab, double-click the latest logfile, copy the contents, and paste it into your next reply.
  
• You can find the logfile at C:\AdwCleaner[Sx].txt as well.
  

1. Fixlog.txt from FRST
   
2. Fresh AdwCleaner log
   
3. Fresh FRST scan log
   
4. Also, let me know how your device is doing. Thanks for your patience also, this has been a challenge worth my youth!
   

• Double-click the CCleaner shortcut on the desktop to start the program.
  
• A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
  
• On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
  
• Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).
  

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
*netutils*

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

Also, please run SystemLook as we did above, and let's see a new log.

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

1. Please download this free tool and save it to your desktop.
   
2. Install the program by double-clicking on avast-browser-cleanup-sfx.exe.
   
3. This cleanup tool will search and list if unwanted entries were found. If found, it will display a button ‘Remove all add-ons listed below and cleanup browser.’ You may remove all or delete one entry at a time.
   
4. Avast Browser Cleanup will confirm before it permanently deletes the add-on. Please click Yes to proceed with removal of bad add-ons on the affected browser.
   

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Make sure that Addition option is checked.
  
• Press Scan button and wait.
  
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
  

• Fixlog.txt for FRST fix
  
• MBRDUMP.txt
  
• FRST.txt and Addition.txt for the re-run of FRST.
  

GroupPolicy: Restriction - Chrome <======= ATTENTION
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2138326613-2610238322-1334748225-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2138326613-2610238322-1334748225-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2138326613-2610238322-1334748225-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

CHR Extension: (Google Translate) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-02-09]
CHR Extension: (Nimbus Screenshot App) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecjogkncpbkjfobfnoaiepipllcadhe [2017-02-09]
CHR Extension: (File Converter) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\alblmaecejifbilchdofkdanifpmnmfk [2017-02-09]
CHR Extension: (BeFunky Photo Editor) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2017-02-09]
CHR Extension: (TV) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2017-02-09]
CHR Extension: (Nimbus Screenshot and Screencast) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2017-02-09]
CHR Extension: (Replace New Tab Page) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkhddihkmmiiclaipbaaelfojkmlkja [2017-02-09]
CHR Extension: (Pixlr-o-matic) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2017-02-09]
CHR Extension: (Tetriz Challenge) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\emidddocikgklceeeifefomdnbkldhng [2017-02-09]
CHR Extension: (AudioRecorder) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhfkjkjfhhdibpgjmiamdcdgmcjpplk [2017-02-09]
CHR Extension: (Audio Downloader Prime) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\flainkeonkoanoijnkojmiiihnfdhipd [2017-02-09]
CHR Extension: (Trevx - Music Downloader) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmaepaboafhefdejcbiciklgjogoghf [2017-02-09]
CHR Extension: (AdBlock) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-09]
CHR Extension: (A Journey through Middle-earth) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni [2017-02-09]
CHR Extension: (Where Am I? - VPN Checker) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbgdaefcalonegdjkhfaeabgodpahimo [2017-02-09]
CHR Extension: (Blocky Minecraft Sniper 3D) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgbbaloijjnkpigapgmocdpoblnlec [2017-02-09]
CHR Extension: (Tate Art Slideshow) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgfbniacchiboaeoaoaejhggfepbbmkj [2017-02-09]
CHR Extension: (New Tab Redirect) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2017-02-11]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2017-02-09]
CHR Extension: (90`s Games) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\illbbfoihflomkbpcaaakhijinbnejom [2017-02-09]
CHR Extension: (iPiccy Photo Editor) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2017-02-09]
CHR Extension: (Pixect) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgdeoagndhabdnoenpdcagbkkmjeibmh [2017-02-09]
CHR Extension: (Webcam Toy) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2017-02-09]
CHR Extension: (Google Maps) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-02-09]
CHR Extension: (Screencastify (Screen Video Recorder)) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2017-02-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-07]
CHR Extension: (New Tab Changer) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\occbjkhimchkolibngmcefpjlbknggfh [2017-02-09]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2017-02-08]
CHR Extension: (Rollip - Photo Effects) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooikhmcdpofogemaldinihdhidaokcmp [2017-02-09]
CHR Extension: (Pop Art Studio Online) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\oompiimecpnflklhlnmdpddcjdmiibkf [2017-02-09]
CHR Extension: (Chrome Media Router) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]

• This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
  
• This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
  
• No matter what is in the log, please post all the information/contents of the log.
  
• These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT"
  

• Click NO
  
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
  
• Click OK.
  
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  
• Save it where you can easily find it, such as your desktop.
  

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Make sure that Addition option is checked.
  
• Press Scan button and wait.
  
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

• On the Dashboard, select Settings.
  
• Click on Protection.
  
• Ensure that Scan for rootkits is checked. If not, check it.
  
• If you are notified the Database is out of date, click Update Now.
  
• Click Scan now.
  
• When completed, click the down arrow on Export Log and select Text file (*.txt).
  
• Save the file to your desktop as MBAM.txt.
  
• Click Apply Actions, then restart your computer, if requested.
  
• Please copy and paste the contents of MBAM.txt into your next reply. Also, indicate if it was successful.
  

• Please download Emsisoft Emergency Kit and save it to your desktop.
  
  Double click on Emsisoft Emergency Kit file on your desktop. 
  
  When the installation starts you see a image like the one below, click on Install.
  
  
  
  The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  
  When the update is complete, click on MALWARE SCAN under Scan.  When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes.
  
  
  
  Emsisoft Emergency Kit will start scanning.
  
  When the scan is completed click on Quarantine.
  
  When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.  Copy the log and paste it in your topic.
  
  Please save the log in Notepad on your desktop, and post the contents in your next reply.
  
• When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.