[6stringer]

I use Duck 95% of the time as my browser. Lately it's been freezing up frequently. Then a few days ago I started getting these annoying popups saying I had viruses, trojans, and other nasties. I ran Windows defender both the full scan and offline scan and it found nothing. Same with Malwarebytes, Adwcleaner, and Spyware super cleaner. Interestingly, the popups do not appear when using Edge, only when using Google and Duck. Any help would be greatly appreciated.

 

 

Attached Thumbnails

• 

Edited by 6stringer, Yesterday, 01:24 PM.

[Advertisements]

Hello.

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

• Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach the content of these two logs in your next reply.

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)

[DR M]

Hello.

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

• Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach the content of these two logs in your next reply.

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)

[6stringer]

Files attached-thank you!

Attached Files

•  FRST.txt   43.01KB   3 downloads
•  Addition.txt   45.91KB   2 downloads

[DR M]

Hi, 6stringer.
 
Thanks for the logs.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

 

 

====================

 

A couple of questions:

 

1. Did you intentionally set these notifications in Chrome?

hxxps://cold448hubcc73bg38eg.junctionspeedforum.co.in; 
hxxps://gm1zoca6.natilboast.com; 
hxxps://qz64kz59j6ck2e.junctionspeedforum.co.in

2. Did you intentionally set the following modifications?

HKU\S-1-5-21-1462896035-2068427216-4135266462-1001\Software\Classes\regfile:  <==== ATTENTION
HKU\S-1-5-21-1462896035-2068427216-4135266462-1001\Software\Classes\.reg:  =>  <==== ATTENTION
HKU\S-1-5-21-1462896035-2068427216-4135266462-1001\Software\Classes\.bat:  =>  <==== ATTENTION
HKU\S-1-5-21-1462896035-2068427216-4135266462-1001\Software\Classes\.cmd:  =>  <==== ATTENTION

[6stringer]

No, I did not set those notifications in Chrome. I wouldn't know how to do so. Thank you

[DR M]

OK. Moving on.

 

1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {63EF8051-BF1D-4F35-9C96-30D99E1B6D03} - \Lenovo\REACHit Agent Update -> No File <==== ATTENTION
Task: {65315F9B-7549-4939-B427-0C152B456D1A} - \PDVDServ12 Task -> No File <==== ATTENTION
Task: {7A003965-A297-4DC6-B15B-852D798391E0} - \Microsoft\Windows\UpdateOrchestrator\Reboot -> No File <==== ATTENTION
Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {8DA55BDA-160C-4AEA-AB1B-BECB3F84F534} - \Lenovo\REACHit Agent Startup -> No File <==== ATTENTION
Task: {A364E297-00AD-490D-900E-22AC34598C71} - \Microsoft\Windows\UpdateOrchestrator\Maintenance Install -> No File <==== ATTENTION
Task: {C33F4607-C279-4257-9039-34FF9FE1F21A} - \Microsoft\Windows\AppID\SmartScreenSpecific -> No File <==== ATTENTION
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - \Microsoft\Windows\WindowsUpdate\sih -> No File <==== ATTENTION
Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {E98AFDFB-4B5D-4DC1-9DCF-5DD16ED4B901} - \Microsoft\Windows\Plug and Play\Plug and Play Cleanup -> No File <==== ATTENTION
Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {F5FFECD7-533C-4821-8D57-95DC017F7757} - \Microsoft\Windows\PLA\LSC Memory -> No File <==== ATTENTION
Task: {F8A644C4-D0C4-4361-BDAA-1B31CA51871E} - \Lenovo\Lenovo Customer Feedback Program 64 35 -> No File <==== ATTENTION
Task: {F0DC6434-5E4D-422B-BD9C-DD976FE48401} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBoostAddin.Prompt => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe  LenovoBoostAddin.Prompt (No File)
Task: {BF8A6110-36A7-4EE4-8955-930ECE7365BD} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe  NotificationCenter (No File)
Task: {A2F2C18F-0178-4CE0-B5B2-F75C39E6E408} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe  /repair (No File)
CHR Notifications: Default -> hxxps://cold448hubcc73bg38eg.junctionspeedforum.co.in; hxxps://gm1zoca6.natilboast.com; hxxps://qz64kz59j6ck2e.junctionspeedforum.co.in
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKU\S-1-5-21-1462896035-2068427216-4135266462-1001\Software\Classes\regfile:  <==== ATTENTION
HKU\S-1-5-21-1462896035-2068427216-4135266462-1001\Software\Classes\.reg:  =>  <==== ATTENTION
HKU\S-1-5-21-1462896035-2068427216-4135266462-1001\Software\Classes\.bat:  =>  <==== ATTENTION
HKU\S-1-5-21-1462896035-2068427216-4135266462-1001\Software\Classes\.cmd:  =>  <==== ATTENTION
SearchScopes: HKU\S-1-5-21-1462896035-2068427216-4135266462-1001 -> DefaultScope {CA5ED461-02C4-4B98-BD42-10AD2BF8D868} URL = 
SearchScopes: HKU\S-1-5-21-1462896035-2068427216-4135266462-1001 -> {CA5ED461-02C4-4B98-BD42-10AD2BF8D868} URL = 
cmd: type "C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat"
EmptyTemp:
End::

• Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Post the log in your next reply.

 

2. Eset Online Scan

 

Download ESET Online Scanner and save it to your desktop.

• Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
• When the tool opens, click Get Started.
• Read and accept the license agreement.
• At the Welcome to ESET Online Scanner window, click Get Started.
• Select whether you would like to send anonymous data to ESET.
• Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
• Click on the Full Scan option.
• Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
• ESET will now begin scanning your computer. This may take some time.
• When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
• ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
• On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
• Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

 

In your next reply, please post:

1. The fixlog.txt
2. The eset.txt