Am I Able To Get Help From A Specialist? Re Malware

Welcome to MajorGeeks, Newellsfc39

You've upload two MGlogs.zip files, rather than including the HitmanPro log.... please do so. Also, did you have Malwarebytes delete its detections? If so include that updated log, as well as the AdwCleaner log.

 

You're welcome.

Your uploaded "mb.txt" log is identical to the "threatScan" log from this morning, and still shows that you took no action on the detections. Please run Malwarebytes' again and quarantine the findings, upload that new log.

Also - please click Start/ run and type in

%temp%​

When the window opens .. click on Edit select all and delete.

 

You're welcome

It's okay to delete the temp files as I instructed and also Malwarebytes' quarantined contents.

Please download ZHPCleaner to your desktop.

• Close all applications (including your web browsers and antivirus)
• Double-click on ZHPCleaner to run the tool.
• If you are using Windows Vista, 7/8/10; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
• Please click the "J'accepte/I agree" button.
• First press the "Scanner" button. Be patient, the scan may take some time.
• Do NOT fix/repair anything yet! Please upload that logfile also with your next reply.

 

Correct

 

Re-run ZHPCleaner per previous instructions

• After the scan has completed - choose to Repair these items:
  
  
  Registry
  FOUND key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pinetreecreative.com [] =>PUP.Optional.PineTree
  FOUND key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sp.pinetreecreative.com [] =>PUP.Optional.PineTree
  FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\OracleMTSRecoveryService [] =>Hijacker.Browser
  FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{24796009-73D5-4A8E-8C98-AB5BB9D22511}\\DhcpNameServer [Bad : 68.87.71.226 68.87.73.242] =>Hijacker.Browser
  FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D2BDE7EB-67BE-4A5B-96AB-111301F1E5FB}\\DhcpNameServer [Bad : 132.183.181.173 8.8.4.4] =>Hijacker.Browser
  FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 68.87.71.226 68.87.73.242] =>Hijacker.Browser
  FOUND key: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A303BBA2F90DF5F230AA200542CC36A [C:\Program Files (x86)\Windows Kits\10\Source\10.0.10240.0\ucrt\stdlib\lsearch.cpp] =>PUP.Optional.LinkiDoo​
• Browsers will automatically shut down.
• A logfile will automatically open after the scan has finished.
• Please upload that logfile with your next reply.

Tell me how your PC is running now!

 

I don't think any harm was really done.

BSOD's would be an issue for our Software forum. Otherwise, I think we're finished with the Windows OS cleaning.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase it, it provide no protection. It do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
3. If running Vista, Win 7/8/10 - it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
5. Go to the C:\MGtools folder and find the MGclean.bat file. Double-click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
6. After doing the above, you should work through the below link:
   • How to Protect yourself from malware!

Safe surfing!