[INACTIVE] NetUtils2016: PC badly affected after installing program

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart of your computer, please make sure you let the system restart normally. After that let the tool complete its run.
  
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Make sure that Addition option is checked.
  
• Press Scan button and wait.
  
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
  

• Double-click mb3-setup-consumer-3.x.x.xxxx and follow the prompts to install the program.
  
• Click Finish.
  
• On the Dashboard, click the 'Check for Updates' button.
  
• After the update completes, then, on the Dashboard, select Settings.
  
• Click on Protection.
  
• Ensure that Scan for rootkits is checked. If not, check it.
  
• Return to the Dashboard and click the 'Scan Now' button.
  
• A Threat Scan will begin. Please allow it to progress through the scanning process.
  
• When the scan is complete, if there have been detections, click Quarantines Selected button to allow the program to clean what was detected.
  
• In most cases, a restart will be required.
  
• Wait for the prompt to restart the computer to appear, then click on Yes.
  

• After the restart once you are back at your desktop, open Malwarebytes once more.
  
• Click on the Reports tab > Scan Report. (if you have done more than one scan in the past, select the most recent that shows the Date and time of the scan just performed. Press View Report button.
  
• Click 'Export'.
  
• Click 'Text file (*.txt)'
  
• In the Save File dialog box which appears, click on Desktop.
  
• In the File name: box type a name for your scan log.
  
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  
• Click Ok
  
• Find the log on your Desktop and Attach that saved log to your next reply.
  

• Download TDSSKiller and save it to your Desktop.
  
• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents the report here.
  

• After the download completes please double click the program to run it.
  
• Accept the terms of the license agreement and click Next
  
• Let the scan run. It will not take long
  
• When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
  
• Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
  
• Upload log.xml here for review please
  

• Double click the icon and select Run
  
• Click Next
  
• Select I accept the terms in this license agreement, then click Next twice
  
• Click Install
  
• Click Finish to launch the program
  
• Once the virus database has been updated click Start Scanning
  
• If any threats are found click Details, then View log file... (bottom left hand corner)
  
• Copy and paste the results in your reply
  
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
  
• Click Exit to close the program
  

• Right-click on the HerdProtect icon and select Run as Administrator to install the scanner.
  
• It will ask for the location - leave the default one (%ProgramFiles%) or select another, convenient one.
  
• Agree to the terms, select Launch herdProtect and click Finish.
  
• Click Scan. It may take a while, depending on your system and connection specs. Please be patient.
  
• When it finishes click on Save Results.
  
• A Notepad with a report should open.
  

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart of your computer, please make sure you let the system restart normally. After that let the tool complete its run.
  
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

• Download RogueKiller from the following link and save it on your desktop:
  TechSpot
  Official Site (alternative)
  
• Quit all programs
  
• Start RogueKiller.exe.
  
• Wait until Prescan has finished ...
  
• Click on Scan
  

• Wait for the end of the scan.
  
• The report has been created on the desktop.
  
• Click on the Delete button.
  

• The report has been created on the desktop.
  

• Next click on the ShortcutsFix
  
  
  
• The report has been created on the desktop.
  

• Doubleclick CKScanner.exe and click Search For Files.
  
• After a very short time, when the cursor hourglass disappears, click Save List To File.
  
• A message box will verify that the file is saved.
  
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
  

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

• Please close all open programs and internet browsers.
  
• Double click on adwcleaner_xxxx.exe to run the tool.
  
• Press Scan, wait for it to finish.
  
• Ensure to only check the following items (uncheck all others):
  Chrome pref Found:  [C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Web data] - uk.ask.com
  Chrome pref Found:  [C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://uk.search.yahoo.com?type=512435&fr=spigot-yhp-ch.
  
• Then hit the Clean button.
  
• Your computer will be rebooted automatically. If it does not, please reboot the computer manually.
  
• Re-run AdwCleaner as before and post a new log please.
  

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Make sure that Addition option is checked.
  
• Press Scan button and wait.
  
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
  

• Once it is restarted and you're back in Windows, double-click adwcleaner_xxxx.exe, hit "Logfile." On the Cleaning tab, double-click the latest logfile, copy the contents, and paste it into your next reply.
  
• You can find the logfile at C:\AdwCleaner[Sx].txt as well.
  

1. Fixlog.txt from FRST
   
2. Fresh AdwCleaner log
   
3. Fresh FRST scan log
   
4. Also, let me know how your device is doing. Thanks for your patience also, this has been a challenge worth my youth!
   

• Double-click the CCleaner shortcut on the desktop to start the program.
  
• A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
  
• On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
  
• Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).
  

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
*netutils*

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

Also, please run SystemLook as we did above, and let's see a new log.

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

1. Please download this free tool and save it to your desktop.
   
2. Install the program by double-clicking on avast-browser-cleanup-sfx.exe.
   
3. This cleanup tool will search and list if unwanted entries were found. If found, it will display a button ‘Remove all add-ons listed below and cleanup browser.’ You may remove all or delete one entry at a time.
   
4. Avast Browser Cleanup will confirm before it permanently deletes the add-on. Please click Yes to proceed with removal of bad add-ons on the affected browser.
   

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Make sure that Addition option is checked.
  
• Press Scan button and wait.
  
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
  

• Fixlog.txt for FRST fix
  
• MBRDUMP.txt
  
• FRST.txt and Addition.txt for the re-run of FRST.
  

GroupPolicy: Restriction - Chrome <======= ATTENTION
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2138326613-2610238322-1334748225-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2138326613-2610238322-1334748225-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2138326613-2610238322-1334748225-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

CHR Extension: (Google Translate) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-02-09]
CHR Extension: (Nimbus Screenshot App) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecjogkncpbkjfobfnoaiepipllcadhe [2017-02-09]
CHR Extension: (File Converter) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\alblmaecejifbilchdofkdanifpmnmfk [2017-02-09]
CHR Extension: (BeFunky Photo Editor) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2017-02-09]
CHR Extension: (TV) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2017-02-09]
CHR Extension: (Nimbus Screenshot and Screencast) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2017-02-09]
CHR Extension: (Replace New Tab Page) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkhddihkmmiiclaipbaaelfojkmlkja [2017-02-09]
CHR Extension: (Pixlr-o-matic) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2017-02-09]
CHR Extension: (Tetriz Challenge) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\emidddocikgklceeeifefomdnbkldhng [2017-02-09]
CHR Extension: (AudioRecorder) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhfkjkjfhhdibpgjmiamdcdgmcjpplk [2017-02-09]
CHR Extension: (Audio Downloader Prime) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\flainkeonkoanoijnkojmiiihnfdhipd [2017-02-09]
CHR Extension: (Trevx - Music Downloader) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmaepaboafhefdejcbiciklgjogoghf [2017-02-09]
CHR Extension: (AdBlock) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-09]
CHR Extension: (A Journey through Middle-earth) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni [2017-02-09]
CHR Extension: (Where Am I? - VPN Checker) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbgdaefcalonegdjkhfaeabgodpahimo [2017-02-09]
CHR Extension: (Blocky Minecraft Sniper 3D) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgbbaloijjnkpigapgmocdpoblnlec [2017-02-09]
CHR Extension: (Tate Art Slideshow) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgfbniacchiboaeoaoaejhggfepbbmkj [2017-02-09]
CHR Extension: (New Tab Redirect) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2017-02-11]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2017-02-09]
CHR Extension: (90`s Games) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\illbbfoihflomkbpcaaakhijinbnejom [2017-02-09]
CHR Extension: (iPiccy Photo Editor) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2017-02-09]
CHR Extension: (Pixect) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgdeoagndhabdnoenpdcagbkkmjeibmh [2017-02-09]
CHR Extension: (Webcam Toy) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2017-02-09]
CHR Extension: (Google Maps) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-02-09]
CHR Extension: (Screencastify (Screen Video Recorder)) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2017-02-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-07]
CHR Extension: (New Tab Changer) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\occbjkhimchkolibngmcefpjlbknggfh [2017-02-09]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2017-02-08]
CHR Extension: (Rollip - Photo Effects) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooikhmcdpofogemaldinihdhidaokcmp [2017-02-09]
CHR Extension: (Pop Art Studio Online) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\oompiimecpnflklhlnmdpddcjdmiibkf [2017-02-09]
CHR Extension: (Chrome Media Router) - C:\Users\paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]

• This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
  
• This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
  
• No matter what is in the log, please post all the information/contents of the log.
  
• These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT"
  

• Click NO
  
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
  
• Click OK.
  
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  
• Save it where you can easily find it, such as your desktop.
  

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Make sure that Addition option is checked.
  
• Press Scan button and wait.
  
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

• On the Dashboard, select Settings.
  
• Click on Protection.
  
• Ensure that Scan for rootkits is checked. If not, check it.
  
• If you are notified the Database is out of date, click Update Now.
  
• Click Scan now.
  
• When completed, click the down arrow on Export Log and select Text file (*.txt).
  
• Save the file to your desktop as MBAM.txt.
  
• Click Apply Actions, then restart your computer, if requested.
  
• Please copy and paste the contents of MBAM.txt into your next reply. Also, indicate if it was successful.
  

• Please download Emsisoft Emergency Kit and save it to your desktop.
  
  Double click on Emsisoft Emergency Kit file on your desktop. 
  
  When the installation starts you see a image like the one below, click on Install.
  
  
  
  The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  
  When the update is complete, click on MALWARE SCAN under Scan.  When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes.
  
  
  
  Emsisoft Emergency Kit will start scanning.
  
  When the scan is completed click on Quarantine.
  
  When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.  Copy the log and paste it in your topic.
  
  Please save the log in Notepad on your desktop, and post the contents in your next reply.
  
• When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
  

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Make sure that every checkbox has a checkmark beside it! <<< NEW INSTRUCTIONS
  
• Press Scan button and wait.
  
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
  

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  :filefind
*Avg*
*McAfee*
*NetUtils*
*NetUtils2016*
*dot4*
*smw*
*smp*
*startgo123*

:folderfind
*Avg*
*McAfee*
*NetUtils*
*NetUtils2016*
*sstmp*
*dot4*
*smw*
*smp*
*startgo123*

:Regfind
NetUtils
NetUtils2016
startgo123
  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

• Double click WVCheck.exe. (If you downloaded the zipped version you will need to extract it.)
  
• As indicated by the prompt, This program can take a while depending on your hard drive space.
  
• Once the program is done, copy the contents of the notepad file and send me a private message with the information. This is important since much of the information is unique to you as an individual.
  

• Save it to your Desktop.
  
• Double click the RKill desktop icon.
  
• It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  
• Please post its log in your next reply.
  
• After it has run successfully, delete RKill.
  

• Double click on ZHPCleaner to run the tool.
  
• If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  
• Please click
  
• Then press ''Repair'' button.
  
• Browsers will automatically shut down.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the contents of that logfile with your next reply.
  

• Shortcut Cleaner Log.
  

• When the scan is complete, if there have been detections, click Quarantines Selected button to allow the program to clean what was detected.
  
• In most cases, a restart will be required.
  
• Wait for the prompt to restart the computer to appear, then click on Yes.
  

• After the restart once you are back at your desktop, open Malwarebytes once more.
  
• Click on the Reports tab > Scan Report. (if you have done more than one scan in the past, select the most recent that shows the Date and time of the scan just performed. Press View Report button.
  
• Click 'Export'.
  
• Click 'Text file (*.txt)'
  
• In the Save File dialog box which appears, click on Desktop.
  
• In the File name: box type a name for your scan log.
  
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  
• Click Ok
  
• Find the log on your Desktop and Attach that saved log to your next reply.
  

1. Double click on the file you just downloaded and let it install.
   
2. It will install to your desktop.
   
3. After that leave what is selected and put a check next to My Computer.
   
4. Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails.
   
5. Then click on Start Scan.
   
6. Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
   
7. When the scan is done no log will be produced.
   
8. Click on the bottom where it says Report to open the report.
   
9. Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
   
10. This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
    
11. You can save this on the desktop.
    
12. Post the contents of the document in your next reply.
    

• Please close all other applications running on your system.
  
• Right click GetSystemInfo.zip and hit Extract all. Then double click on getsysteminfo.exe to run the program.
  
• Click the Settings button.
  
• Set it to Maximum
  
• IMPORTANT! Then please click Customize - choose Driver / Ports tab and
  
• Uncheck Scan Ports.
  
• Click Create Report to run it.
  
• It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.