Friend Fall For Pop Up Threat Scam, Called # And Allow Remote Access

Welcome to Major Geeks!

Run Hitman Pro again and enable the 30 day free trial license. Than run a scan and have Hitman cleanup all the Malware remnants and Potential Unwanted Programs that it finds. Then immediately reboot and run a new scan. Attach the new log.

Now please download AdwCleaner by Xplode and save to your Desktop.

• Right click onAdwCleaner.exe and select Run As Administrator unless running Windows XP where you should just double click to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• Accept any prompts for permission to run and then click the I agree button to accept the Terms of Use
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, you may just see a popup stating that no malicious programs were found. Just click OK to continue.
• Now click the LogFile button and the report will open in Notepad.
  (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Attach the logfile to your next next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

That looks much better but a couple items were not removed by Hitman. Can you try to remove the below again:

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{9D717F81-9148-4F12-8568-69135F087DB0} (SearchQU)
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Approved Extensions\{9D717F81-9148-4F12-8568-69135F087DB0} (SearchQU)

Are you having any remaining issues?

 

You're welcome.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
7. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
   • Refer to the instructions for your Windows version in this link: Disable And Enable System Restore​
   • For Windows 8 and 8.1 system restore see this link: Win 8 System Restore - How to enable/disable​
   • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
   • Then we want you to Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!