Page 1 of 3 123 LastLast

  1. Joined : Aug 2016
    Posts : 11
    Windows 10
       11 Aug 2016 #1

    Bitsjobs cmd prompt random pop ups


    Hi all,

    After an attack of intrusive software which I have now resolved I keep getting command prompt popping up for a split second. I managed to capture the command with a screen recorder and slow motion play back..

    After reading a thread from 2014 on here I followed the advice given and tried to list the jobs but it reads listed jobs 0.

    Any advice. this pop up is driving me crazy!

    Click image for larger version. 

Name:	cmdpromptpopup.JPG 
Views:	35 
Size:	19.1 KB 
ID:	95610Click image for larger version. 

Name:	bitsadminnojob.JPG 
Views:	3 
Size:	21.4 KB 
ID:	95611
      My System SpecsSystem Spec


  2. Joined : Aug 2016
    Posts : 11
    Windows 10
       11 Aug 2016 #2

    I have also checked task scheduler and it doesn't register.

    It happens every hour 04:02 05:02 etc.

    Thanks
      My System SpecsSystem Spec


  3. Joined : Apr 2015
    Posts : 9,178
    W10Prox64
       12 Aug 2016 #3

    nicpo said: View Post
    I have also checked task scheduler and it doesn't register.

    It happens every hour 04:02 05:02 etc.

    Thanks
    Hi nicpo and welcome to Tenforums.

    We've got a few threads on this problem. Basically you need to see what, if anything it's downloading. Then if there are errors, we would need to troubleshoot for infection.

    Here are the threads:
    Solved Bitsadmin pops up randomly and immediately disappears. - Page 2 - Windows 10 Forums
    (see post #17)

    Bitsadmin pops up randomly and immediately disappears. - Windows 10 Forums

    Bitsadmin pops up for just a second and vanishes. - Windows 10 Forums
    @Superfly is the one to help with the BITS information. I can help with cleaning.

    It would help to know if you identified exactly what infection you had on the system as well.
      My System SpecsSystem Spec

  4.    12 Aug 2016 #4

    Yup, as @simrick suggested - check those threads out - one of the methods should rid you of the remnants of whatever infection was there.
      My System SpecsSystem Spec


  5. Joined : Aug 2016
    Posts : 11
    Windows 10
       12 Aug 2016 #5

    I ran ADWcleaner this is the log

    Code:
    # AdwCleaner v5.201 - Logfile created 12/08/2016 at 17:15:03
    # Updated 30/06/2016 by ToolsLib
    # Database : 2016-08-12.1 [Server]
    # Operating system : Windows 10 Home  (X64)
    # Username : Alex - ALEX
    # Running from : C:\Users\Alex\Downloads\adwcleaner_5.201.exe
    # Option : Scan
    # Support : ToolsLib - Forum: Ask for help or share your experience.
    
    
    ***** [ Services ] *****
    
    
    Service Found : SMUpd
    
    
    ***** [ Folders ] *****
    
    
    Folder Found : C:\Program Files (x86)\elansurfer
    Folder Found : C:\Program Files (x86)\35444335-1470682019-4E35-5433-D0BF9C9BFD0A
    Folder Found : C:\Users\Alex\AppData\Local\Temp\MPC
    Folder Found : C:\Users\Alex\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    Folder Found : C:\Users\Alex\AppData\Roaming\MCorp
    Folder Found : C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YSPackage
    Folder Found : C:\Program Files\Common Files\Noobzo
    Folder Found : C:\Users\Alex\AppData\Roaming\MCorp
    Folder Found : C:\uninst
    Folder Found : C:\Program Files (x86)\host
    
    
    ***** [ Files ] *****
    
    
    File Found : C:\END
    File Found : C:\Users\Alex\AppData\Local\Temp\zdengine.log
    File Found : C:\Users\Alex\AppData\Local\Temp\ziengine.ini.log
    
    
    ***** [ DLL ] *****
    
    
    
    
    ***** [ WMI ] *****
    
    
    
    
    ***** [ Shortcuts ] *****
    
    
    
    
    ***** [ Scheduled tasks ] *****
    
    
    
    
    ***** [ Registry ] *****
    
    
    Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
    Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
    Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
    Key Found : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp
    Key Found : HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
    Key Found : HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
    Key Found : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
    Key Found : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
    Key Found : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
    Key Found : HKCU\Software\powerpack
    Key Found : HKCU\Software\PRODUCTSETUP
    Key Found : HKCU\Software\MICROSOFT\OTUT
    Key Found : HKCU\Software\Wizzlabs
    Key Found : HKCU\Software\MICROSOFT\IDSC
    Key Found : HKCU\Software\INSTALLPATH\STATUS
    Key Found : HKCU\Software\AppDataLow\Software\adawarebp
    Key Found : HKLM\SOFTWARE\SearchModule
    Key Found : HKLM\SOFTWARE\OtherSearch
    Key Found : [x64] HKLM\SOFTWARE\SearchModule
    Key Found : HKU\S-1-5-21-3941189269-3556359273-2650678083-1001\Software\powerpack
    Key Found : HKU\S-1-5-21-3941189269-3556359273-2650678083-1001\Software\PRODUCTSETUP
    Key Found : HKU\S-1-5-21-3941189269-3556359273-2650678083-1001\Software\MICROSOFT\OTUT
    Key Found : HKU\S-1-5-21-3941189269-3556359273-2650678083-1001\Software\Wizzlabs
    Key Found : HKU\S-1-5-21-3941189269-3556359273-2650678083-1001\Software\MICROSOFT\IDSC
    Key Found : HKU\S-1-5-21-3941189269-3556359273-2650678083-1001\Software\INSTALLPATH\STATUS
    Key Found : HKU\S-1-5-21-3941189269-3556359273-2650678083-1001\Software\AppDataLow\Software\adawarebp
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Found : HKU\S-1-5-21-3941189269-3556359273-2650678083-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Data Found : HKU\S-1-5-21-3941189269-3556359273-2650678083-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mpc.am
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\search.mpc.am
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mpc.am
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\search.mpc.am
    
    
    ***** [ Web browsers ] *****
    
    
    [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://www1.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId=F82F5E95AE021070
    [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN68053831623824720&UM=2
    [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_09&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtB0C0D0AyB0F0D0E0A0CyCtN0D0Tzu0StCyDtBtDtN1L2XzutAtFtCzztFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtDyBtCtD0F0E0DtGtC0FzyyDtGyB0D0EtAtGyBzz0CtCtGyB0ByB0EyBtAyC0C0EyDyB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0Azy0DtByE0C0BtGyDtCtD0AtGyEzyyBtCtGzz0FtDtBtGzy0DyEtBtAtBtAyE0FyBtCyD2QtN0A0LzuyE%26cr%3D784703646%26a%3Dwncy_freaudedtr_16_09%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : jlcgehabolcakkjhgmgpkagpolbjlhfa
    [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : khnpeclbnipcdacdkhejifenadikeghk
    [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : lfmhcpmkbdkbgbmkjoiopeeegenkdikp
    [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Found : hxxp://www1.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId=F82F5E95AE021070
    
    
    *************************
    
    
    C:\AdwCleaner\AdwCleaner[S1].txt - [7570 bytes] - [12/08/2016 17:15:03]
    
    
    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7643 bytes] ##########
    Last edited by Brink; 12 Aug 2016 at 11:21. Reason: code box
      My System SpecsSystem Spec


  6. Joined : Aug 2016
    Posts : 11
    Windows 10
       12 Aug 2016 #6

    I ran powershell with the command code listed. It does nothing, maybe i am trying it wrong as this is new to me sorry.

    Click image for larger version. 

Name:	powershell.JPG 
Views:	2 
Size:	28.4 KB 
ID:	95702
      My System SpecsSystem Spec

  7.    12 Aug 2016 #7

    nicpo said: View Post
    I ran powershell with the command code listed. It does nothing, maybe i am trying it wrong as this is new to me sorry.

    Click image for larger version. 

Name:	powershell.JPG 
Views:	2 
Size:	28.4 KB 
ID:	95702
    No, you are not doing anything wrong... it just means there is nothing being transferred via BITS and thus does not display anything. If you are still getting that error go to services and disable bits - if it goes away there is still malware trying download stuff on your PC.
      My System SpecsSystem Spec


  8. Joined : Aug 2016
    Posts : 11
    Windows 10
       12 Aug 2016 #8

    Superfly said: View Post
    No, you are not doing anything wrong... it just means there is nothing being transferred via BITS and thus does not display anything. If you are still getting that error go to services and disable bits - if it goes away there is still malware trying download stuff on your PC.
    I do not see BITS listed within services, maybe it is listed as something else?
      My System SpecsSystem Spec

  9.    12 Aug 2016 #9

    nicpo said: View Post
    I do not see BITS listed within services, maybe it is listed as something else?
    It's here...

    Click image for larger version. 

Name:	Screenshot from 2016-08-12 20:48:59.png 
Views:	26 
Size:	113.4 KB 
ID:	95728
      My System SpecsSystem Spec


  10. Joined : Apr 2015
    Posts : 9,178
    W10Prox64
       12 Aug 2016 #10

    Just looking at your ADWCleaner log:

    adawarebp was removed
    Ad-Aware Browsing Protection - adawarebp.exe - Program Information
    That's your Lavasoft toolbar. I don't think I'd bother with that.

    Lots of search redirectors/hijackers/spyware/adware-operated search functions like SearchScopes, Conduit, Wizzlabs (Hostify), delta-search, yahoo, etc.

    You'll want to run the following as well, in this order:

    RKILL
    JRT
    MBAR or TDSSKiller
    Ccleaner Free - run on all browsers to clean all temp files, history, cache, etc., then run on registry.
    (if you're not familiar with this program, let me know)
    Flush DNS cache
    Then run ADWCleaner one more time.

    If at any point in time you need to reboot from one of the tools, please run RKILL again before proceeding, as everything RKILL does is undone by a reboot.

    Posting the logs will help determine what was cleaned, what infections were present, and course of action necessary. I'm not seeing anything terribly alarming at this point.

    Once finished, an online ESET scan will give the all-clear. Please see detailed instructions here:
    BSOD after boot up, during login or right after, (bad spool header?) Solved - Page 3 - Windows 7 Help Forums

    Thanks.
      My System SpecsSystem Spec


 
Page 1 of 3 123 LastLast


Similar Threads
Thread Forum
Lots of random BSOD's from doing random activities.
Hello, I recently bought a new pre-built PC and since day 1 it randomly keeps getting BSOD's and restarting. It's happened during random times whilst doing different things e.g. whilst I've been browsing, or playing a game, or running virus scans...
BSOD Crashes and Debugging
BSOD at random times doing random things.
Hi, I am getting BSODs at random times, while doing different things each time. Been getting them for 5 days trying to narrow down what could be causing it. Searching lead me here. I did the posting instructions. Also did sfc/scannow 2 times that...
BSOD Crashes and Debugging
Random interrupts, while holding any keyboard button down.
Hello, I'm a laptop user, but i'm using outside keyboard, because laptop inbuilt one broke (long time ago though). Since about three-two weeks, i'm getting random (each second-two), quarter second input breaks, while holding down any button or...
Drivers and Hardware
Command Prompt?
Guys, I'm going to try one last time. The error code I received told to me to empty files and then "Run the command prompt as an administrator"?? Then, type wuauclt.exe/update now??......I don't know what run the command prompt means. I have no...
General Support
Solved CMD prompt opens to X:
Hi all. Just upgraded to Windows 10 and for some reason, my cmd prompt opens to X:. I'm not sure why it does that, but if I launch in Admin mode, it usually opens to C:. I'm not sure if this is the cause of many problems I am having with Python,...
General Support
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:13.
Find Us
Twitter Facebook Google+



Windows 10 Forums