I Suspect Malware.

Greetings and welcome to the Major Geeks Malware Forum.

Please do this

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------

• Download FRST64 and save the file on your Desktop
• If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
• Right click on the icon and select Run as administrator
• Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
• Click Yes to the disclaimer
• Click Scan and allow the program to run
• When completed, FRST.txt and Addition.txt reports will be saved on the Desktop
• Please attach the reports to your reply

===================================================

Things I would like to see in your next reply.

• Attached reports

 

My pleasure.

This indicates there is a significant logjam within your system. We will attempt to clear it out and see if it helps.

Rerun AdwCleaner and Quarantine any items found. I would encourage you to consider removing the Preinstalled software as well, unless you are actively using any of them. Post the report in your reply.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

• Right click on the FRST64 icon and select Run as administrator
• Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
• There is no need to paste the information anywhere, FRST64 will do it for you

Code:

Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:

SearchScopes: HKU\S-1-5-21-2792362106-3680290374-1240497735-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://pandasecurity.mystart.com/results.php?pr=vmn&gen=ms&id=pandasecuritytb&v=4_3&idate=2017-05-20&ent=ch_675&q={searchTerms}
Task: {5F10DA12-DF1A-420E-AA9B-03A5326616BF} - System32\Tasks\{82011E2E-51C3-443C-B026-5307A650C8B0} => C:\Windows\System32\pcalua.exe [91136 2025-02-11] (Microsoft Windows -> Microsoft Corporation) -> -a C:\Users\cabbi\AppData\Local\Temp\Temp1_InputDirector.v1.3.zip\InputDirector.v1.3.build101.Setup.exe
Task: {EA152572-524A-44B1-B11A-87B71F49D963} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
C:\Users\cabbi\AppData\Local\Temp
Task: {07288EB0-787E-47A3-9D32-86B49B7E1E38} - System32\Tasks\{ECF8F7BA-F2C5-4330-A3C3-9C7DFEBA8862} => C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe  {ECF8F7BA-F2C5-4330-A3C3-9C7DFEBA8862} (No File) 
Task: {F87CA169-DD36-4B1D-A123-6A0A9562C24A} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-cabbiinc@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe  -mode=scheduled (No File) 
Task: {5A561849-B095-4232-9896-9F88C647C313} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2792362106-3680290374-1240497735-1001Core => C:\Users\cabbi\AppData\Local\Google\Update\GoogleUpdate.exe  /c (No File) 
Task: {054D4793-A1FC-4F57-B866-279A697D9670} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2792362106-3680290374-1240497735-1001UA => C:\Users\cabbi\AppData\Local\Google\Update\GoogleUpdate.exe  /ua /installsource scheduler (No File) 
Task: {71B36B36-DD8A-47D3-8A45-2C5036A04DAF} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBoostAddin.Prompt => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe  LenovoBoostAddin.Prompt (No File) 
Task: {793E0981-2392-42AE-98C3-D4423C5BD458} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe  NotificationCenter (No File) 
Task: {993566DF-12E8-4F2F-A804-A997C3D0508F} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe  /repair (No File) 
Task: {07DEA290-874A-4621-91A6-3ED2797E3BF9} - System32\Tasks\Microsoft\Windows\rempl\shell => %ProgramFiles%\rempl\sedlauncher.exe  (No File) 
Task: {B42B9834-18C0-4DF8-8BD4-61C939D21AE2} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe  (No File) 
Task: {14A7D542-FD2F-41AE-A765-9861AD6662A3} - System32\Tasks\Wub_task => "C:\Program Files (x86)\WUMT Wrapper Script\Wub.exe"  /d /p (No File) 
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File 
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File 
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File 
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File 
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File 
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File 
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File 
BHO: No Name -> {4ABAD3B1-3A5E-45B8-B654-AC33E1407919}' -> No File 
BHO: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll => No File 
BHO-x32: No Name -> {4ABAD3B1-3A5E-45B8-B654-AC33E1407919}' -> No File 
Toolbar: HKLM - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll No File 
Task: {7A8B216A-D89B-43E0-8DD7-04959E528605} - no filepath. <==== ATTENTION 
Task: {A46B9983-125B-42F3-88D1-1F81B1AE376C} - no filepath. <==== ATTENTION 
Task: {B87C24A1-5E69-4466-BE0F-92B9E6A57D31} - no filepath. <==== ATTENTION 
Task: {ECB33E10-7D7A-4D94-9337-C81E81448756} - no filepath. <==== ATTENTION 
Powershell: bitsadmin /list /allusers /verbose
cmd: net stop bits
Move: C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db.old
cmd: net start bits 
cmd:  bitsadmin /list /allusers
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Powershell: Get-MpThreatDetection
Emptytemp:
End::

• Click Fix
• When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
• Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
• Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

• AdwCleaner report
• Fixlog

 

There were some corrupt system files that were identified and repaired. The BITS issue was related to Firefox. Hopefully it is now resolved.

It does not look like the items detected by AdwCleaner were Quarantined or Deleted. Let's run it one more time as laid out below.

===================================================

Malwarebytes AdwCleaner

-------------------

• If necessary, download AdwCleaner and save it to your Desktop
• Close all open programs and browsers
• Right click on the icon and select Run as administrator
• Click Scan now
• Uncheck any detected items you would to keep then click Next
• If a Preinstalled software was found! screen appears review it if you'd like then click OK
• Review the list of Preinstalled software and place a check mark in those you do not wish to keep
• Click Quarantine, then Continue
• When completed click View Log File
• Copy and paste the contents in your reply
• Close the AdwCleaner window

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

• AdwCleaner report
• How is your system running?

 

Thank you.

Can you update me regarding your computer performance?

 

Are you still with me?

 

Excellent, thank you for the update.

Here is our final step and some additional information to consider.

===================================================

KpRm by Kernel-panik

--------------

• Download KpRm and save it to your Desktop (see here if you must use Chrome)
• Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.
• Right click on the icon and select Run as administrator
• Click Yes on the Disclaimer
• Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
• Click Run
• Click OK on All operations are completed
• KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
• You are free to remove any other tools/reports still remaining

===================================================

All Clean!

--------------

Your computer is now clean. Please consider this going forward.

===================================================

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean.

• Have you Been Hacked? 10 Indicators That Say Yes
• So How did I get infected?
• How to Spot the Real Download Button on Websites
• Pirated Software is All Fun and Games Until Your Data is Stolen
• Do You Need Anti-Ransomware Software for Your PC?
• How Browser Extensions Turn Into Malware
• Why You Should Update All Your Software
• How Safe Are Password Managers?
• Whats the Best Way to Back Up My Computer?
• Why Is My Internet So Slow?

Thank you for placing your trust in Major Geeks. It was a pleasure serving you.

 

My pleasure. Glad we sorted things out.

You are always welcome here,

Gary