Multiple Clientmon.exe in Task Manager

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:

• Back up any important data before we continue.
  • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
• Do not install any new software or run any fixes/tools on your system unless I request that you do so.
  • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
• Please read all instructions carefully, and complete them in the order listed.
  • Items that are especially important will be highlighted in bold or red.
• If your computer seems to start working normally, please don't abandon the topic.
  • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
• If you have pirated or illegal software on your computer, uninstall it now before proceeding.
  • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
• If you don't respond to your topic in 5 days, it will be closed.
  • If your topic is closed and you still need assistance, send me or any Moderator a Personal Message with a link to your topic.
• If you have questions at any time during the cleanup, feel free to ask.

---------------------------------------------------

Please note that the anti-malware tools used as part of the cleanup may detect and remove/break cracked software.
If you are not okay with this, please let me know and the topic will be closed. Continuing with the topic implies that you have read and agreed to the above.

---------------------------------------------------
Farbar Recovery Scan Tool - Fix

• Highlight the contents of the below code box and press Ctrl + C on your keyboard:

  Start::
  CreateRestorePoint:
  CloseProcesses:
  HKLM...Winlogon: [Userinit] userinit.exe,"C:Windowssystem32clientmon.exe" < ==== ATTENTION
  HKUS-1-5-21-4205132978-1109032811-372321067-1000...Winlogon: [Shell] explorer.exe,"C:UserswindowsAppDataRoamingclientmon.exe"  C:Windowssystem32pcalua.exe -a C:UserswindowsDownloadsmoto_gp2_demo.exe -d C:UserswindowsDownloads
  Task: {2ACEE505-0F88-49AA-BF66-CDA952450865} - System32TasksSystem Monitor => C:ProgramData428764sysmon.exe [324608 2016-10-13] () [File not signed]
  Task: {33BEE5E4-9BBC-4EA1-AA21-0CEB6F3D3F85} - System32Tasks{1808906B-05D7-4E23-BF38-B1DA9EB3688C} => C:Windowssystem32pcalua.exe -a F:Need.For.Speed.Pro.StreetJPN-NFSPS.exe -d F:Need.For.Speed.Pro.Street
  Task: {45BDDE06-FC96-4E68-98CC-19C5AE191B12} - System32Tasks{2E3EB7CB-C769-4CBB-9857-C09925570E9F} => C:Windowssystem32pcalua.exe -a "C:Program FilesLenovoUsbDriverdevcon.exe" -d "C:Program FilesLenovoUsbDriver"
  Task: {4E5F5941-7A8E-4AEA-AFE3-C4EC33962BC3} - System32Tasks{CA1FE6D5-FA09-49D2-B555-9D8FA95084F7} => C:Windowssystem32pcalua.exe -a C:WindowsTurtixuninstall.exe -c "/U:C:Program FilesTurtixUninstalluninstall.xml"
  Task: {7DD04701-11D5-48F6-9C4A-4B9D93A4E69F} - System32Tasks{5C43F533-270B-4F0F-95F6-4170810FDD3F} => C:Windowssystem32pcalua.exe -a "F:mk vs strt.exe" -d F:
  Task: {C026798E-DA4B-4DF1-B5C4-6BA321E0F598} - System32Tasks{62FFBF70-91E8-4419-8D3E-539EC3F22615} => C:Windowssystem32pcalua.exe -a C:UserswindowsDownloadsvcs_diamond.exe -d C:UserswindowsDownloads
  Task: {D01DE3C9-FFC7-4ECB-8659-F4BB134C73AC} - System32TasksAutoKMS => C:WindowsAutoKMSAutoKMS.exe [5046784 2018-12-19] () [File not signed]
  C:WindowsAutoKMS
  Task: {D3DB6BED-B2BD-4F81-BD40-A290C5AEE19A} - System32Tasks{114DB44E-8106-4882-BCC3-506E3B131F77} => C:Windowssystem32pcalua.exe -a "C:Program FilesWinRARWinRAR.exe" -d "C:ProgramDataMicrosoftWindowsStart MenuProgramsWinRAR"
  Task: {F00DD774-757B-46A5-ADBA-61F37D333E86} - System32Tasks{63F4B059-C149-42F8-AE40-77C3E2C640A5} => C:Windowssystem32pcalua.exe -a C:WindowsTurtixuninstall.exe -c "/U:C:Program FilesTurtixUninstalluninstall.xml"
  S2 hshld; "C:Program FilesHotspot Shieldbincmw_srv.exe" [X]
  S3 catchme; ??C:UserswindowsAppDataLocalTempcatchme.sys [X] < ==== ATTENTION
  S3 cpuz138; ??C:UserswindowsAppDataLocalTempcpuz138cpuz138_x32.sys [X]  C:UserswindowsAppDataLocalGoToMeeting8953G2MOutlookAddin.dll => No File
  ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => C:Program FilesNotepad++NppShell_06.dll -> No File
  Shortcut: C:UserswindowsAppDataRoamingMicrosoftWindowsStart MenuProgramsIntеrnеt Ехрlоrеr.lnk -> C:UserswindowsAppDataRoamingHPReyosReyosStarter3.exe (No File)  C:UserswindowsAppDataRoamingHPReyosReyosStarter3.exe (No File)  C:UserswindowsAppDataRoamingHPReyosReyosStarter3.exe (No File)  (Allow) C:Program FilesmHotspotmHotspot.exe No File
  FirewallRules: [{17729270-1C1A-4FD5-9FBE-250DA35C9BEB}] => (Allow) C:Program FilesmHotspotmHotspot.exe No File
  FirewallRules: [{92B684D7-AAAE-4D01-A94E-B6A48F5E5B3C}] => (Allow) C:Program FilesDll-Files.com FixerDLLFixer.exe No File
  FirewallRules: [{CB419000-C089-47A1-B6AD-E66800F4A20F}] => (Allow) C:Program FilesDll-Files.com FixerDLLFixer.exe No File
  FirewallRules: [{11008FAA-C3A5-47E1-ABBD-B6D865E4C45B}] => (Allow) C:Program FilesDll-Files.com FixerDLLFixer.exe No File
  FirewallRules: [{AF719FD4-575F-40A5-993A-EE9BB7352794}] => (Allow) C:Program FilesmHotspotmHotspot.exe No File
  FirewallRules: [{1D7A38C8-1DBE-4450-B88C-79502A6A4FE2}] => (Allow) C:Program FilesmHotspotmHotspot.exe No File
  FirewallRules: [{30C426CC-A197-47E4-994A-627C25528BE7}] => (Allow) C:Program FilesDll-Files.com FixerDLLFixer.exe No File
  FirewallRules: [TCP Query User{206A5DB9-266A-4D76-9FD8-A5B8EF36521D}C:program filescheat engine 6.4cheatengine-i386.exe] => (Block) C:program filescheat engine 6.4cheatengine-i386.exe No File
  FirewallRules: [UDP Query User{F740721A-386D-44B7-84C1-B633AC4F02D8}C:program filescheat engine 6.4cheatengine-i386.exe] => (Block) C:program filescheat engine 6.4cheatengine-i386.exe No File
  FirewallRules: [{6657F7F3-A169-424B-B82E-8B4397609CED}] => (Allow) C:Program FilesRelevantKnowledgerlvknlg.exe No File
  FirewallRules: [{D853057A-35F0-4A80-A8A7-BA36C333D9D9}] => (Allow) C:Program FilesRelevantKnowledgerlvknlg.exe No File
  FirewallRules: [{BC4C4E55-8DC5-4E41-846D-97F88066EE92}] => (Allow) C:Program FilesTurbo Internetiturbo.exe No File
  FirewallRules: [{B384F67B-31CE-407F-B1FB-47E9FB78A6CB}] => (Allow) C:Program FilesTurbo Internetiturbo.exe No File
  FirewallRules: [{D7F1AD31-0575-42D0-85D2-73BF2C3B5D94}] => (Allow) C:UserswindowsAppDataRoamingexplorer.exe No File
  FirewallRules: [{96E2A155-A229-46C0-BB21-D57D4E6BD5D8}] => (Allow) C:UserswindowsAppDataRoamingexplorer.exe No File
  FirewallRules: [TCP Query User{E257DC60-EEBC-44A9-AC77-1FAF703DCD80}C:program filesrelevantknowledgerlvknlg.exe] => (Allow) C:program filesrelevantknowledgerlvknlg.exe No File
  FirewallRules: [UDP Query User{BC30A199-11FB-4E76-9FBE-2A7F50CEB646}C:program filesrelevantknowledgerlvknlg.exe] => (Allow) C:program filesrelevantknowledgerlvknlg.exe No File
  FirewallRules: [{D7D19D68-D16A-4332-A18C-E6914778550E}] => (Allow) C:UserswindowsAppDataLocalTempandy-x86Setup.exe No File
  FirewallRules: [{29032695-DCEE-41A7-9965-5CDAC66E5CEC}] => (Allow) C:UserswindowsAppDataLocalTempandy-x86Setup.exe No File
  FirewallRules: [{2F1E21B6-D113-40D0-AE1F-34C25901E452}] => (Allow) C:Program FilesAndyandy.exe No File
  FirewallRules: [{0323EA92-8D58-46AE-89BC-0A4BB67D20A2}] => (Allow) C:Program FilesAndyandy.exe No File
  FirewallRules: [{C3275E17-5DEA-43A6-8E2D-B4E09C933073}] => (Allow) C:Program FilesAndyAndyConsole.exe No File
  FirewallRules: [{B58E23F6-0D48-4073-A728-48064341B521}] => (Allow) C:Program FilesAndyAndyConsole.exe No File
  FirewallRules: [{24FD6095-114C-4CC2-97B7-AE166D8308FF}] => (Allow) C:Program FilesAndyHandyAndy.exe No File
  FirewallRules: [{905861B9-56B8-4979-AC82-645E2C5A6BD7}] => (Allow) C:Program FilesAndyHandyAndy.exe No File
  FirewallRules: [{EABAE8CD-01AA-4814-8EC4-0E97538DBACA}] => (Allow) C:Program FilesAndySetupFilesUninstall.exe No File
  FirewallRules: [{E40E4C3A-E8EE-456F-BD11-D5158215EFE6}] => (Allow) C:Program FilesAndySetupFilesUninstall.exe No File
  FirewallRules: [{BFECD435-69E2-40E5-9E86-F42FC33B0FCF}] => (Allow) C:UserswindowsAppDataLocalTempRemoveTemp.exe No File
  FirewallRules: [{A0C200BF-5341-4F95-9BCA-4C90BC505C2C}] => (Allow) C:UserswindowsAppDataLocalTempRemoveTemp.exe No File
  FirewallRules: [{F70CB61A-D7EF-4F94-9362-276356A65718}] => (Allow) C:Program FilesAndySetupFilesVMwareCheck.exe No File
  FirewallRules: [{F13978B8-D8F6-416F-A817-286AD7B63B28}] => (Allow) C:Program FilesAndySetupFilesVMwareCheck.exe No File
  FirewallRules: [{53B2092A-A4BE-4814-BDBE-D04AD0E9420E}] => (Allow) C:Program FilesAndySetupFilesAndyDoctor.exe No File
  FirewallRules: [{7975B0F5-EC12-441F-865A-25EA11D91417}] => (Allow) C:Program FilesAndySetupFilesAndyDoctor.exe No File
  FirewallRules: [{2777507D-2252-413C-A059-39E1B622CDA5}] => (Allow) C:Program FilesDll-Files.com FixerDLLFixer.exe No File
  FirewallRules: [{BDC54EB7-A0F1-4344-BF3C-9BF8D3204B74}] => (Allow) C:Program FilesDll-Files.com FixerDLLFixer.exe No File
  FirewallRules: [{8337153E-994F-49DD-ADF5-6C6DA6C95605}] => (Allow) C:Program FilesDll-Files.com FixerDLLFixer.exe No File
  FirewallRules: [{074A5C66-566B-4450-9BB8-0FBEFBB354B4}] => (Allow) C:Program FilesDll-Files.com FixerDLLFixer.exe No File
  FirewallRules: [{BF90B681-0630-4088-801E-50A6FBD5C682}] => (Allow) C:Program FilesDll-Files.com FixerDLLFixer.exe No File
  FirewallRules: [{89A5FF9B-6C97-4869-AE83-AC8672AC2344}] => (Allow) C:Program FilesDll-Files.com FixerDLLFixer.exe No File
  FirewallRules: [{8475392D-02EA-4B9A-8008-77C9546BF9D7}] => (Allow) C:Program FilesDll-Files.com FixerDLLFixer.exe No File
  FirewallRules: [{05486D5F-8326-4952-B886-2933A64EA9D5}] => (Allow) C:Program FilesDll-Files.com FixerDLLFixer.exe No File
  FirewallRules: [{79E827B8-5EC5-4A53-9F1B-929A8CEB5644}] => (Allow) C:Program FilesDll-Files.com FixerDLLFixer.exe No File
  FirewallRules: [{1917868E-D839-4A1B-B6F5-9C0408D4F31B}] => (Allow) C:Program FilesDll-Files.com FixerDLLFixer.exe No File
  FirewallRules: [{9566729E-8186-41C1-BD22-3AF19D757E91}] => (Allow) C:Program FilesDll-Files.com FixerDLLFixer.exe No File
  FirewallRules: [{08AE0669-0A51-4A30-8DFF-87277D516D2F}] => (Allow) C:Program FilesDll-Files.com FixerDLLFixer.exe No File
  FirewallRules: [{9E7241F4-2C20-46FD-A35E-B36189D0321A}] => (Allow) C:UserswindowsAppDataLocalTempchrome.exe No File
  FirewallRules: [{54AF93F3-C1B8-472B-813A-C0C9714424BD}] => (Allow) C:UserswindowsAppDataLocalTempchrome.exe No File
  FirewallRules: [{E1BC2BF2-B9BB-4854-8E24-0ECABEBC1A9B}] => (Allow) C:Program FilesApowersoftVideo Editor ProVideo Editor Pro.exe No File
  FirewallRules: [{D2C61641-56BD-4526-A92A-9BF871908B1A}] => (Allow) C:Program FilesApowersoftVideo Editor ProVideo Editor Pro.exe No File
  FirewallRules: [{24C4B813-E9EF-4FC5-848A-B16554C72487}] => (Allow) C:Program FilesCyberLinkPowerDirector15PDR10.EXE No File
  FirewallRules: [{8C4BF5CF-30F2-4DE6-86F3-C8FEDBDAD350}] => (Block) C:Program Files (x86)MirillisAction!Action.exe No File
  FirewallRules: [{D02BA521-621B-4481-9834-8A506E1B41C6}] => (Block) C:Program Files (x86)MirillisAction!action_svc.exe No File
  FirewallRules: [{3E0A9915-DBB1-4B24-9D2E-6C918B55EAB8}] => (Allow) C:Program FilesApowersoftVideo Editor ProVideo Editor Pro.exe No File
  FirewallRules: [{E280F952-EB64-4D0E-9E11-F74AEADA665F}] => (Allow) C:Program FilesDll-Files.com FixerDLLFixer.exe No File
  FirewallRules: [{7FD7805E-82F3-49F6-B724-C8820E6A4C36}] => (Allow) C:Program FilesDll-Files.com FixerDLLFixer.exe No File
  FirewallRules: [{C81300BA-2961-43AD-8EC8-8D6914BFA74F}] => (Allow) C:Program FilesDll-Files.com FixerDLLFixer.exe No File
  FirewallRules: [TCP Query User{1CC6D31A-77F4-4305-B08B-C347EFBB1950}C:userswindowsdownloadscompressedmoto gp 2 2003 pc game {highly compress}moto gp 2 2003 pc game {highly compress} {uploaded} @igimotogp2.exe] => (Block) C:userswindowsdownloadscompressedmoto gp 2 2003 pc game {highly compress}moto gp 2 2003 pc game {highly compress} {uploaded} @igimotogp2.exe No File
  FirewallRules: [UDP Query User{1CED54D2-66A1-4C24-A0FC-A46ED2C22CB9}C:userswindowsdownloadscompressedmoto gp 2 2003 pc game {highly compress}moto gp 2 2003 pc game {highly compress} {uploaded} @igimotogp2.exe] => (Block) C:userswindowsdownloadscompressedmoto gp 2 2003 pc game {highly compress}moto gp 2 2003 pc game {highly compress} {uploaded} @igimotogp2.exe No File
  FirewallRules: [TCP Query User{0E0DF27C-9B8B-4CA1-A3FB-179821EB9F45}C:userswindowsappdatalocalprogramsmicrosoft vs codecode.exe] => (Allow) C:userswindowsappdatalocalprogramsmicrosoft vs codecode.exe No File
  FirewallRules: [UDP Query User{D2A8B9A3-05F7-4893-BBB8-A034FA4B3833}C:userswindowsappdatalocalprogramsmicrosoft vs codecode.exe] => (Allow) C:userswindowsappdatalocalprogramsmicrosoft vs codecode.exe No File
  Folder: C:UserswindowsAppDataRoamingADBDriverInstaller
  VirusTotal: C:UserswindowsALLEG40.DLL;C:Userswindowszlib.dll
  Hosts:
  End::
  

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

• Double-click FRST.exe/FRST64.exe to run it.
• Press the Fix button just once and wait.
  Note: No need to paste the script into FRST.
• Restart the computer if prompted.
• When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
• Please copy and paste its contents into your reply.

---------------------------------------------------

In your next reply, please include:

Comments are closed.