Bitsjobs cmd prompt random pop ups

Page 1 of 3 123 LastLast

  1. Posts : 11
    Windows 10
       #1

    Bitsjobs cmd prompt random pop ups


    Hi all,

    After an attack of intrusive software which I have now resolved I keep getting command prompt popping up for a split second. I managed to capture the command with a screen recorder and slow motion play back..

    After reading a thread from 2014 on here I followed the advice given and tried to list the jobs but it reads listed jobs 0.

    Any advice. this pop up is driving me crazy!

    Bitsjobs cmd prompt random pop ups-cmdpromptpopup.jpgBitsjobs cmd prompt random pop ups-bitsadminnojob.jpg
      My Computer


  2. Posts : 11
    Windows 10
    Thread Starter
       #2

    I have also checked task scheduler and it doesn't register.

    It happens every hour 04:02 05:02 etc.

    Thanks
      My Computer


  3. Posts : 16,325
    W10Prox64
       #3

    nicpo said:
    I have also checked task scheduler and it doesn't register.

    It happens every hour 04:02 05:02 etc.

    Thanks
    Hi nicpo and welcome to Tenforums.

    We've got a few threads on this problem. Basically you need to see what, if anything it's downloading. Then if there are errors, we would need to troubleshoot for infection.

    Here are the threads:
    Solved Bitsadmin pops up randomly and immediately disappears. - Page 2 - Windows 10 Forums
    (see post #17)

    Bitsadmin pops up randomly and immediately disappears. - Windows 10 Forums

    Bitsadmin pops up for just a second and vanishes. - Windows 10 Forums
    @Superfly is the one to help with the BITS information. I can help with cleaning.

    It would help to know if you identified exactly what infection you had on the system as well.
      My Computer


  4. Posts : 3,453
       #4

    Yup, as @simrick suggested - check those threads out - one of the methods should rid you of the remnants of whatever infection was there.
      My Computer


  5. Posts : 11
    Windows 10
    Thread Starter
       #5

    I ran ADWcleaner this is the log

    Code:
    # AdwCleaner v5.201 - Logfile created 12/08/2016 at 17:15:03
    # Updated 30/06/2016 by ToolsLib
    # Database : 2016-08-12.1 [Server]
    # Operating system : Windows 10 Home  (X64)
    # Username : Alex - ALEX
    # Running from : C:\Users\Alex\Downloads\adwcleaner_5.201.exe
    # Option : Scan
    # Support : ToolsLib - Forum: Ask for help or share your experience.
    
    
    ***** [ Services ] *****
    
    
    Service Found : SMUpd
    
    
    ***** [ Folders ] *****
    
    
    Folder Found : C:\Program Files (x86)\elansurfer
    Folder Found : C:\Program Files (x86)\35444335-1470682019-4E35-5433-D0BF9C9BFD0A
    Folder Found : C:\Users\Alex\AppData\Local\Temp\MPC
    Folder Found : C:\Users\Alex\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    Folder Found : C:\Users\Alex\AppData\Roaming\MCorp
    Folder Found : C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YSPackage
    Folder Found : C:\Program Files\Common Files\Noobzo
    Folder Found : C:\Users\Alex\AppData\Roaming\MCorp
    Folder Found : C:\uninst
    Folder Found : C:\Program Files (x86)\host
    
    
    ***** [ Files ] *****
    
    
    File Found : C:\END
    File Found : C:\Users\Alex\AppData\Local\Temp\zdengine.log
    File Found : C:\Users\Alex\AppData\Local\Temp\ziengine.ini.log
    
    
    ***** [ DLL ] *****
    
    
    
    
    ***** [ WMI ] *****
    
    
    
    
    ***** [ Shortcuts ] *****
    
    
    
    
    ***** [ Scheduled tasks ] *****
    
    
    
    
    ***** [ Registry ] *****
    
    
    Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
    Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
    Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
    Key Found : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp
    Key Found : HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
    Key Found : HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
    Key Found : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
    Key Found : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
    Key Found : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
    Key Found : HKCU\Software\powerpack
    Key Found : HKCU\Software\PRODUCTSETUP
    Key Found : HKCU\Software\MICROSOFT\OTUT
    Key Found : HKCU\Software\Wizzlabs
    Key Found : HKCU\Software\MICROSOFT\IDSC
    Key Found : HKCU\Software\INSTALLPATH\STATUS
    Key Found : HKCU\Software\AppDataLow\Software\adawarebp
    Key Found : HKLM\SOFTWARE\SearchModule
    Key Found : HKLM\SOFTWARE\OtherSearch
    Key Found : [x64] HKLM\SOFTWARE\SearchModule
    Key Found : HKU\S-1-5-21-3941189269-3556359273-2650678083-1001\Software\powerpack
    Key Found : HKU\S-1-5-21-3941189269-3556359273-2650678083-1001\Software\PRODUCTSETUP
    Key Found : HKU\S-1-5-21-3941189269-3556359273-2650678083-1001\Software\MICROSOFT\OTUT
    Key Found : HKU\S-1-5-21-3941189269-3556359273-2650678083-1001\Software\Wizzlabs
    Key Found : HKU\S-1-5-21-3941189269-3556359273-2650678083-1001\Software\MICROSOFT\IDSC
    Key Found : HKU\S-1-5-21-3941189269-3556359273-2650678083-1001\Software\INSTALLPATH\STATUS
    Key Found : HKU\S-1-5-21-3941189269-3556359273-2650678083-1001\Software\AppDataLow\Software\adawarebp
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Found : HKU\S-1-5-21-3941189269-3556359273-2650678083-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Data Found : HKU\S-1-5-21-3941189269-3556359273-2650678083-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mpc.am
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\search.mpc.am
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mpc.am
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\search.mpc.am
    
    
    ***** [ Web browsers ] *****
    
    
    [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://www1.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId=F82F5E95AE021070
    [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN68053831623824720&UM=2
    [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_09&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtB0C0D0AyB0F0D0E0A0CyCtN0D0Tzu0StCyDtBtDtN1L2XzutAtFtCzztFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtDyBtCtD0F0E0DtGtC0FzyyDtGyB0D0EtAtGyBzz0CtCtGyB0ByB0EyBtAyC0C0EyDyB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0Azy0DtByE0C0BtGyDtCtD0AtGyEzyyBtCtGzz0FtDtBtGzy0DyEtBtAtBtAyE0FyBtCyD2QtN0A0LzuyE%26cr%3D784703646%26a%3Dwncy_freaudedtr_16_09%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : jlcgehabolcakkjhgmgpkagpolbjlhfa
    [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : khnpeclbnipcdacdkhejifenadikeghk
    [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : lfmhcpmkbdkbgbmkjoiopeeegenkdikp
    [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Found : hxxp://www1.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId=F82F5E95AE021070
    
    
    *************************
    
    
    C:\AdwCleaner\AdwCleaner[S1].txt - [7570 bytes] - [12/08/2016 17:15:03]
    
    
    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7643 bytes] ##########
    Last edited by Brink; 12 Aug 2016 at 11:21. Reason: code box
      My Computer


  6. Posts : 11
    Windows 10
    Thread Starter
       #6

    I ran powershell with the command code listed. It does nothing, maybe i am trying it wrong as this is new to me sorry.

    Bitsjobs cmd prompt random pop ups-powershell.jpg
      My Computer


  7. Posts : 3,453
       #7

    nicpo said:
    I ran powershell with the command code listed. It does nothing, maybe i am trying it wrong as this is new to me sorry.

    Bitsjobs cmd prompt random pop ups-powershell.jpg
    No, you are not doing anything wrong... it just means there is nothing being transferred via BITS and thus does not display anything. If you are still getting that error go to services and disable bits - if it goes away there is still malware trying download stuff on your PC.
      My Computer


  8. Posts : 11
    Windows 10
    Thread Starter
       #8

    Superfly said:
    No, you are not doing anything wrong... it just means there is nothing being transferred via BITS and thus does not display anything. If you are still getting that error go to services and disable bits - if it goes away there is still malware trying download stuff on your PC.
    I do not see BITS listed within services, maybe it is listed as something else?
      My Computer


  9. Posts : 3,453
       #9

    nicpo said:
    I do not see BITS listed within services, maybe it is listed as something else?
    It's here...

    Bitsjobs cmd prompt random pop ups-screenshot-2016-08-12-20-48-59.png
      My Computer


  10. Posts : 16,325
    W10Prox64
       #10

    Just looking at your ADWCleaner log:

    adawarebp was removed
    Ad-Aware Browsing Protection - adawarebp.exe - Program Information
    That's your Lavasoft toolbar. I don't think I'd bother with that.

    Lots of search redirectors/hijackers/spyware/adware-operated search functions like SearchScopes, Conduit, Wizzlabs (Hostify), delta-search, yahoo, etc.

    You'll want to run the following as well, in this order:

    RKILL
    JRT
    MBAR or TDSSKiller
    Ccleaner Free - run on all browsers to clean all temp files, history, cache, etc., then run on registry.
    (if you're not familiar with this program, let me know)
    Flush DNS cache
    Then run ADWCleaner one more time.

    If at any point in time you need to reboot from one of the tools, please run RKILL again before proceeding, as everything RKILL does is undone by a reboot.

    Posting the logs will help determine what was cleaned, what infections were present, and course of action necessary. I'm not seeing anything terribly alarming at this point.

    Once finished, an online ESET scan will give the all-clear. Please see detailed instructions here:
    BSOD after boot up, during login or right after, (bad spool header?) Solved - Page 3 - Windows 7 Help Forums

    Thanks.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 02:14.
Find Us




Windows 10 Forums