Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Are WiFi Network Names Protected by the First Amendment?

Featured Deal: Get 96% off the MCSA SQL Server Training Deal

BitDefender: 2 files could not be disinfected

Started by buyaobingdu , Jun 25 2016 06:14 AM

Please log in to reply

10 replies to this topic

#1 buyaobingdu

Members
6 posts
OFFLINE

Local time:02:36 PM

Posted 25 June 2016 - 06:14 AM

I'm running Opera on Windows 10.

I keep getting messaged from Bit Defender telling me that 2 files have found to be infected and can't be disinfected because they're in use; therefore requiring me to restart my computer.

When I do restart, the message about the infected files goes away however it comes back again several hours later.

I ran a scan with Malware Bytes but it came back as clean.

The two files that are infected are:

C://windows/temp/tmp000042d1/tmp0005d7c

C://windows/temp/tmp0000b401/tmp0001599

I'd appreciate any help fixing this, thanks.

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 buddy215

BC Advisor
12,882 posts
OFFLINE

Gender:Male
Location:West Tennessee
Local time:12:36 AM

Posted 25 June 2016 - 06:53 AM

Welcome to BC...

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

Download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”― Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 buyaobingdu

Topic Starter

Members
6 posts
OFFLINE

Local time:02:36 PM

Posted 25 June 2016 - 09:49 AM

All done. Here are the logs:

AdwCleaner

# AdwCleaner v5.200 - Logfile created 25/06/2016 at 23:40:01

# Updated 14/06/2016 by ToolsLib

# Database : 2016-06-25.2 [Server]

# Operating system : Windows 10 Home (X64)

# Username : Sun Wukong - LENOVO

# Running from : C:\Users\Sun Wukong\Downloads\AdwCleaner.exe

# Option : Scan

# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Users\Public\Documents\tencent

Folder Found : C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam

***** [ Files ] *****

File Found : C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE

Key Found : HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO

Key Found : HKCU\Software\Classes\Tencent

Key Found : HKLM\SOFTWARE\Classes\metnsd

Key Found : HKLM\SOFTWARE\Classes\Tencent

Key Found : HKU\S-1-5-21-1902430429-670318691-634964578-1001\Software\Classes\Tencent

Key Found : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}

Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{C2FABF6C-33A4-448D-BFDA-8C92C1E439B3}C:\program files (x86)\tencent\wechat\wechat.exe]

Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{3CA99A7B-8FA0-4E07-8895-757A22C1DE1A}C:\program files (x86)\tencent\wechat\wechat.exe]

Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{73516401-5C19-4D87-818A-B0D58ED54C01}]

Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{FC57BE04-BA92-44BD-97E0-FEFA99CF55F4}]

Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{9F8A92C2-0D22-4066-AE0E-D03A36D01D3A}]

Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{93343EEA-B08E-419F-A044-4F7A31D482AA}]

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Wechat]

Value Found : HKU\S-1-5-21-1902430429-670318691-634964578-1001\Software\Microsoft\Windows\CurrentVersion\Run [Wechat]

Value Found : HKU\S-1-5-21-1902430429-670318691-634964578-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Wechat]

***** [ Web browsers ] *****

[C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com

[C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com

[C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : pbjikboenpfhbbejgkoklgkhjpfogcam

[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com

[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [3402 bytes] - [25/06/2016 23:40:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3475 bytes] ##########

Junkware

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.6 (04.25.2016)

Operating System: Windows 10 Home x64

Ran by Sun Wukong (Administrator) on Sat 06/25/2016 at 23:30:11.09

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 12

Successfully deleted: C:\ProgramData\1430656606.bdinstall.bin (File)

Successfully deleted: C:\Users\Sun Wukong\AppData\Local\crashrpt (Folder)

Successfully deleted: C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam (Folder)

Successfully deleted: C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage-journal (File)

Successfully deleted: C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage (File)

Successfully deleted: C:\Users\Sun Wukong\AppData\Local\kakao (Folder)

Successfully deleted: C:\Users\Sun Wukong\AppData\Roaming\tencent (Folder)

Successfully deleted: C:\WINDOWS\wininit.ini (File)

Successfully deleted: C:\Program Files (x86)\Common Files\tencent (Folder)

Successfully deleted: C:\Program Files (x86)\kakao (Folder)

Successfully deleted: C:\Program Files (x86)\tencent (Folder)

Successfully deleted: C:\WINDOWS\prefetch\AFREECATVPACKAGE.EXE-12E0A80D.pf (File)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 06/25/2016 at 23:33:10.47

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#4 buddy215

BC Advisor
12,882 posts
OFFLINE

Gender:Male
Location:West Tennessee
Local time:12:36 AM

Posted 25 June 2016 - 10:10 AM

Please rerun AdwCleaner and be sure to choose Clean when scan finishes. Post the new log.

Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.

After posting the results of the two scans above, Please do this:

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 buddy215

BC Advisor
12,882 posts
OFFLINE

Gender:Male
Location:West Tennessee
Local time:12:36 AM

Posted 25 June 2016 - 10:22 AM

If you do a Google Search for your screen name you will see it is associated with a site that Google warns THIS SITE MAY HARM YOUR COMPUTER.

Possibly the site is pjhku.com....I did not click on the link provided in the search. Nor do I know if that is you or not. Just wanted to alert you if you have

visited or intend to visit that site again.

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 buyaobingdu

Topic Starter

Members
6 posts
OFFLINE

Local time:02:36 PM

Posted 25 June 2016 - 06:16 PM

The user name popping up on that site is a coincidence. The forum name I'm using means ''Don't Want Viruses" in Chinese :lol: so I guess either someone else is using that name or phrase there so it popped up on Google.

I ran a scan with ESET but it didn't find anything so there was no log made.

AdwCleaner:

# AdwCleaner v5.200 - Logfile created 26/06/2016 at 07:51:08

# Updated 14/06/2016 by ToolsLib

# Database : 2016-06-25.3 [Server]

# Operating system : Windows 10 Home (X64)

# Username : Sun Wukong - LENOVO

# Running from : C:\Users\Sun Wukong\Downloads\AdwCleaner.exe

# Option : Clean

# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Public\Documents\tencent

[-] Folder Deleted : C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam

***** [ Files ] *****

[-] File Deleted : C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE

[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO

[-] Key Deleted : HKCU\Software\Classes\Tencent

[-] Key Deleted : HKLM\SOFTWARE\Classes\metnsd

[-] Key Deleted : HKLM\SOFTWARE\Classes\Tencent

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}

[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{C2FABF6C-33A4-448D-BFDA-8C92C1E439B3}C:\program files (x86)\tencent\wechat\wechat.exe]

[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{3CA99A7B-8FA0-4E07-8895-757A22C1DE1A}C:\program files (x86)\tencent\wechat\wechat.exe]

[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{73516401-5C19-4D87-818A-B0D58ED54C01}]

[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{FC57BE04-BA92-44BD-97E0-FEFA99CF55F4}]

[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{9F8A92C2-0D22-4066-AE0E-D03A36D01D3A}]

[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{93343EEA-B08E-419F-A044-4F7A31D482AA}]

[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Wechat]

[#] Value Deleted : HKU\S-1-5-21-1902430429-670318691-634964578-1001\Software\Microsoft\Windows\CurrentVersion\Run [Wechat]

[-] Value Deleted : HKU\S-1-5-21-1902430429-670318691-634964578-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Wechat]

***** [ Web browsers ] *****

[-] [C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com

[-] [C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

[-] [C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pbjikboenpfhbbejgkoklgkhjpfogcam

[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com

[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys deleted

:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3548 bytes] - [26/06/2016 07:51:08]

C:\AdwCleaner\AdwCleaner[S1].txt - [3554 bytes] - [25/06/2016 23:40:01]

C:\AdwCleaner\AdwCleaner[S2].txt - [3627 bytes] - [26/06/2016 07:49:46]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3767 bytes] ##########

#7 buddy215

BC Advisor
12,882 posts
OFFLINE

Gender:Male
Location:West Tennessee
Local time:12:36 AM

Posted 25 June 2016 - 06:29 PM

I'll have further comments after you post the Three lists from CCleaner Tools.

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 buyaobingdu

Topic Starter

Members
6 posts
OFFLINE

Local time:02:36 PM

Posted 25 June 2016 - 06:50 PM

Whoops. I apologize, I forgot about those.

Windows Startups:

Yes HKCU:Run afreecatvpackage AfreecaTV co., Ltd C:\Program Files (x86)\afreeca\afreecatvpackage.exe

No HKCU:Run Amazon Music Amazon Services LLC "C:\Users\Sun Wukong\AppData\Local\Amazon Music\Amazon Music Helper.exe"

Yes HKCU:Run AudialsNotifier Audials AG C:\Program Files (x86)\Audials\Audials 2016\AudialsNotifier.exe

Yes HKCU:Run avichannel Evaer Technology "C:\Program Files (x86)\Evaer\videochannel.exe"

No HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKCU:Run CrashPlanService C:\Users\Sun Wukong\AppData\Local\Programs\CrashPlan\CrashPlanService.vbs

Yes HKCU:Run CrashPlanTray Code 42 Software, Inc. C:\Users\Sun Wukong\AppData\Local\Programs\CrashPlan\CrashPlanTray.exe

No HKCU:Run KakaoTalk "C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe" -bystartup

No HKCU:Run OneDrive Microsoft Corporation "C:\Users\Sun Wukong\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background

Yes HKCU:Run SandboxieControl Sandboxie Holdings, LLC "C:\Program Files\Sandboxie\SbieCtrl.exe"

No HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

No HKCU:Run Spotify Spotify Ltd "C:\Users\Sun Wukong\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized

No HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\Sun Wukong\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

No HKCU:Run Steam Valve Corporation "C:\Program Files (x86)\Steam\steam.exe" -silent

Yes HKCU:Run TouchpadBlocker.exe KARPOLAN "C:\Program Files (x86)\Touchpad Blocker\TouchpadBlocker.exe" -startup

Yes HKCU:RunOnce Uninstall C:\Users\Sun Wukong\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sun Wukong\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1"

Yes HKCU:RunOnce Uninstall C:\Users\Sun Wukong\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sun Wukong\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"

Yes HKCU:RunOnce Uninstall C:\Users\Sun Wukong\AppData\Local\Microsoft\OneDrive\17.3.6301.0127 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sun Wukong\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"

Yes HKCU:RunOnce Uninstall C:\Users\Sun Wukong\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sun Wukong\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"

No HKLM:Run Agile1pAgent AgileBits C:\Program Files (x86)\1Password 4\Agile1pAgent.exe

Yes HKLM:Run AhnLab Safe Transaction Application AhnLab, Inc. "C:\Program Files\AhnLab\Safe Transaction\stsess.exe" /tray

Yes HKLM:Run Dropbox Dropbox, Inc. "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup

Yes HKLM:Run ETDCtrl ELAN Microelectronics Corp. %ProgramFiles%\Elantech\ETDCtrl.exe

No HKLM:Run HncUpdate90 한글과컴퓨터 C:\Program Files (x86)\Hnc\HncUtils\Update\HncCheck.exe

No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"

Yes HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

Yes HKLM:Run RtHDVBg_Dolby Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4

Yes HKLM:Run RtHDVBg_LENOVO_DOLBYDRAGON Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON

Yes HKLM:Run RtHDVBg_LENOVO_MICPKEY Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY

Yes HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

Yes HKLM:Run RtsFT RTFTrack.exe

Yes HKLM:Run ShadowPlay Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

Scheduled Tasks:

Yes Task Adobe Flash Player PPAPI Notifier Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_pepper.exe -check pepperplugin

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Yes Task AutoKMS C:\Windows\AutoKMS\AutoKMS.exe

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)

Yes Task DropboxUpdateTaskMachineCore Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c

Yes Task DropboxUpdateTaskMachineUA Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler

Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c

Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

Yes Task Opera scheduled Autoupdate 1430064947 Opera Software C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)

No Task Optimize Start Menu Cache Files-S-1-5-21-1902430429-670318691-634964578-1001

Yes Task Private Internet Access Startup "C:\Program Files\pia_manager\pia_manager.exe" --startup

Uninstall:

1Password 4.6.0.604 AgileBits 3/1/2016 28.9 MB 4.0

3D Builder Microsoft Corporation 5/27/2016 11.1.8.0

7-Zip 15.14 (x64) Igor Pavlov 4/22/2016 4.72 MB 15.14

Adobe AIR Adobe Systems Incorporated 2/12/2016 23.2 MB 18.0.0.199

Adobe Digital Editions 4.0 Adobe Systems Incorporated 2/5/2016 21.7 MB 4.0.3

Adobe Flash Player 22 PPAPI Adobe Systems Incorporated 6/17/2016 19.5 MB 22.0.0.192

AhnLab Safe Transaction AhnLab, Inc. 6/1/2016 468 MB 1.3.9.604

Alarms & Clock Microsoft Corporation 6/16/2016 10.1605.1472.0

ALTools Update ESTsoft Corp. 2/12/2016 2.67 MB v11.4

ALZip 8.51 ESTsoft Corp. 2/12/2016 21.9 MB v8.51

Amazon Music Amazon Services LLC 6/19/2016 4.3.2.1367

Amazon Music Importer Amazon Services LLC 2/12/2016 7.72 MB 3.1.0

Analogue: A Hate Story Love Conquers All Games 2/12/2016 115 MB

Anki 2/5/2016

App connector Microsoft Corporation 2/5/2016 1.3.3.0

Apple Application Support (32-bit) Apple Inc. 5/22/2016 152 MB 4.3.1

Apple Application Support (64-bit) Apple Inc. 5/22/2016 170 MB 4.3.1

Apple Mobile Device Support Apple Inc. 3/28/2016 43.2 MB 9.3.0.15

Apple Software Update Apple Inc. 3/11/2016 4.91 MB 2.2.0.150

Audials Audials AG 6/23/2016 376 MB 12.1.6800.0

Bitdefender Antivirus Free Edition Bitdefender 6/24/2016 566 MB 1.0.21.1109

Bonjour Apple Inc. 9/29/2015 3.28 MB 3.1.0.1

Calculator Microsoft Corporation 2/5/2016 10.1601.49020.0

Camera Microsoft Corporation 5/27/2016 2016.404.120.0

CCleaner Piriform 5/13/2016 17.9 MB 5.17

Chinese Text Analyser Imral Software Pty Ltd 2/12/2016 8.29 MB 0.99.9

Corkboard DeadLife 3/5/2016 1.0.0.0

CrashPlan Code 42 Software 5/18/2016 321 MB 4.7.0.317

don't take it personally, babe, it just ain't your story 1.1 Christine Love 2/5/2016 1.1

Dropbox Dropbox, Inc. 6/25/2016 170 MB 5.4.24

eISP 1.0 2/5/2016 1.0

EnuFontInstaller Hancom 5/12/2015 34.7 MB 1.00.0000

Epubor Ultimate Epubor Inc. 2/5/2016 3.0.4.22

ESET Online Scanner v3 6/26/2016

Evaer Video Recorder for Skype 1.6.5.71 Evaer Technology 4/29/2016 1.6.5.71

ffdshow [rev 2527] [2008-12-19] 2/13/2016 13.3 MB 1.0

Foxit Cloud Foxit Software Inc. 10/1/2015 12.3 MB 3.7.143.923

Foxit Reader Foxit Software Inc. 4/25/2015 50.3 MB 7.1.3.320

Free Download Manager 3.9.5 FreeDownloadManager.ORG 4/25/2015 32.1 MB

Get Office Microsoft Corporation 6/12/2016 17.7031.23501.0

Get Skype Skype 2/5/2016 3.2.1.0

Get Started Microsoft Corporation 6/24/2016 3.9.10.0

Google Chrome Google Inc. 4/22/2015 489 MB 51.0.2704.103

Groove Music Microsoft Corporation 6/21/2016 3.6.22051.0

Hancom Office 2010 Hancom 2/12/2016 1.30 GB 8.0.1

Influent Rob Howland 5/20/2016 680 MB

INISAFE MoaSign S v1.0 INITECH, Inc. 6/1/2016 1.0.43

INISAFE SandBox 1.0 Initech, Inc. 2/5/2016 1.0

Innorix File Transfer Solution INNORIX 2/5/2016 7.1.3.847

Innorix File Transfer Solution(G) INNORIX 2/5/2016 7.2.0.591

Intel® Management Engine Components Intel Corporation 4/23/2015 9.5.14.1724

Intel® Processor Graphics Intel Corporation 2/5/2016 10.18.15.4279

IPinside Non-p Agent interezen 6/1/2016 2.0.0.2

iTunes Apple Inc. 6/5/2016 282 MB 12.4.1.6

KakaoTalk Daum Kakao Corp 5/29/2016 2.2.1.1211

Kindle AMZN Mobile LLC 2/5/2016 2.1.0.2

Lenovo Companion LENOVO INC. 6/24/2016 3.49.1.0

Lenovo EasyCamera Realtek Semiconductor Corp. 2/5/2016 6.3.9600.11103

Lenovo pointing device ELAN Microelectronic Corp. 2/5/2016 11.4.68.3

Mail and Calendar Microsoft Corporation 6/21/2016 17.6965.40901.0

Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 3/23/2016 56.9 MB 2.2.1.1043

Maps Microsoft Corporation 6/21/2016 5.1606.1670.0

MelOn Player4 2/12/2016 69.9 MB 4.0

Messaging + Skype Microsoft Corporation 4/19/2016 2.15.20002.0

Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 6/24/2015 2.47 MB 4.0.40804.0

Microsoft Office Home and Student 2013 - en-us Microsoft Corporation 6/24/2016 1.39 GB 15.0.4833.1001

Microsoft Office Proofing Tools 2013 - English Microsoft Corporation 5/12/2016 43.1 MB 15.0.4569.1506

Microsoft Office 언어 교정 도구 2013 - 한국어 Microsoft Corporation 5/12/2016 72.0 MB 15.0.4569.1506

Microsoft Silverlight Microsoft Corporation 6/24/2016 237 MB 5.1.50428.0

Microsoft Solitaire Collection Microsoft Studios 6/3/2016 3.9.5250.0

Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 4/26/2015 6.45 MB 8.0.56336

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 5/17/2015 22.7 MB 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 5/18/2015 22.7 MB 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 5/13/2015 1.35 MB 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 5/10/2015 12.3 MB 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 5/17/2015 27.7 MB 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 5/17/2015 22.2 MB 10.0.40219

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 4/15/2016 22.5 MB 10.0.50903

Microsoft Wi-Fi Microsoft Corporation 4/29/2016 1.1604.4.0

Money Microsoft Corporation 6/4/2016 4.9.76.0

Movies & TV Microsoft Corporation 6/24/2016 3.6.21441.0

Mozilla Maintenance Service Mozilla 2/5/2016 221 KB 31.6.0

MSN Health & Fitness Microsoft Corporation 2/5/2016 3.0.4.336

MSN Travel Microsoft Corporation 2/5/2016 3.0.4.336

NaturalReader 14 Free Naturalsoft 3/12/2016 138 MB 1.00.0000

News Microsoft Corporation 6/4/2016 4.9.76.0

nProtect KeyCrypt V6.0 2/5/2016

NVIDIA GeForce Experience 2.4.5.44 NVIDIA Corporation 6/23/2015 24.5 MB 2.4.5.44

NVIDIA Graphics Driver 353.62 NVIDIA Corporation 2/5/2016 563 MB 353.62

NVIDIA PhysX System Software 9.15.0428 NVIDIA Corporation 6/23/2015 348 MB 9.15.0428

OneNote Microsoft Corporation 6/24/2016 17.7070.57821.0

Opera Stable 38.0.2220.31 Opera Software 6/17/2016 270 MB 38.0.2220.31

paint.net dotPDN LLC 3/6/2016 55.7 MB 4.0.9

People Microsoft Corporation 4/5/2016 10.0.10811.0

Phone Microsoft Corporation 6/3/2016 2.17.27003.0

Phone Companion Microsoft Corporation 2/5/2016 10.1602.3010.0

Photos Microsoft Corporation 6/3/2016 16.526.11220.0

Private Internet Access Support Files Private Internet Access 4/25/2015 3.11 MB 1.0.0.0

QQ International Tencent Technology(Shenzhen) Company Limited 4/25/2015 182 MB 1.91.1369.0

QuiteRSS version 0.17.7 QuiteRSS Team 5/6/2015 46.6 MB 0.17.7

Reader Microsoft Corporation 6/15/2016 6.4.9926.18339

Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2/12/2016 17.8 MB 6.0.1.7560

Revo Uninstaller Pro 3.1.6 VS Revo Group, Ltd. 5/11/2016 38.7 MB 3.1.6

Sandboxie 5.10 (64-bit) Sandboxie Holdings, LLC 3/23/2016 5.10

Shan Gui Magenta Factory 2/12/2016 560 MB

Skype Click to Call Microsoft Corporation 5/26/2016 20.0 MB 8.3.0.9150

Skype™ 7.24 Skype Technologies S.A. 5/28/2016 127 MB 7.24.104

Speccy Piriform 5/20/2016 14.3 MB 1.29

Sports Microsoft Corporation 6/4/2016 4.9.76.0

Spotify Spotify AB 6/15/2016 1.0.31.56.g526cfefe

Steam Valve Corporation 2/5/2016 2.10.91.91

Store Microsoft Corporation 4/30/2016 11602.1.26.0

Sway Microsoft Corporation 6/15/2016 17.7070.45221.0

Touchpad Blocker KARPOLAN 2/12/2016 952 KB 2.9

TuneIn Radio TuneIn 6/16/2016 3.0.1717.0

Twitter Twitter Inc. 6/12/2016 5.1.2.0

Update for Korean Microsoft IME Standard Dictionary Microsoft Corporation 4/27/2015 1.52 MB 16.0.662.1

Verbix 9.0 Verbix 5/10/2015 5.15 MB 9.0.9

Visual Studio 2012 x64 Redistributables AVG Technologies 4/25/2015 13.0 MB 14.0.0.1

Visual Studio 2012 x86 Redistributables AVG Technologies CZ, s.r.o. 4/25/2015 40.0 KB 14.0.0.1

VLC media player VideoLAN 2/12/2016 112 MB 2.2.1

Voice Recorder Microsoft Corporation 6/16/2016 10.1605.1471.0

Wacom Tablet Wacom Technology Corp. 2/9/2016 6.3.15-3

Weather Microsoft Corporation 6/4/2016 4.9.76.0

WebTablet FB Plugin 32 bit Wacom Technology Corp. 2/5/2016 2.1.0.7

WebTablet FB Plugin 64 bit Wacom Technology Corp. 2/5/2016 2.1.0.7

WeChat 腾讯科技(深圳)有限公司 2/12/2016 35.5 MB 1.5.0.22

Windows Reading List Microsoft Corporation 6/18/2016 6.3.9654.21234

Windows Scan Microsoft Corporation 2/5/2016 6.3.9654.17133

World Clock - Time Zones TIME AND DATE AS 2/5/2016 2.0.8.34

XecureWeb Control 2/5/2016

Xvid MPEG-4 Video Codec Xvid Development Team 2/17/2016

¾ÆÇÁ¸®Ä«TV Á¦°Å AfreecaTV Co., Ltd 2/5/2016

Edited by buyaobingdu, 25 June 2016 - 06:50 PM.

#9 buddy215

BC Advisor
12,882 posts
OFFLINE

Gender:Male
Location:West Tennessee
Local time:12:36 AM

Posted 25 June 2016 - 08:15 PM

Suggest Disabling these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKLM:Run Dropbox Dropbox, Inc. "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup

Yes HKLM:Run ShadowPlay Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Yes Task AutoKMS C:\Windows\AutoKMS\AutoKMS.exe

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)

Yes Task DropboxUpdateTaskMachineCore Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c

Yes Task DropboxUpdateTaskMachineUA Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler

Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

Yes Task Private Internet Access Startup "C:\Program Files\pia_manager\pia_manager.exe" --startup (This could be responsible for the temp files that Bit Defender finds)

Try disabling through at least two reboots to test. Run Bit Defender to see if it still finds the temp files and removes them.

Uninstall These programs:

ESET Online Scanner v3 6/26/2016

KakaoTalk Daum Kakao Corp 5/29/2016 2.2.1.1211

Mozilla Maintenance Service Mozilla 2/5/2016 221 KB 31.6.0

QQ International Tencent Technology(Shenzhen) Company Limited 4/25/2015 182 MB 1.91.1369.0 Use the installed Revo Uninstaller pro in Advanced Mode to uninstall

Skype Click to Call Microsoft Corporation 5/26/2016 20.0 MB 8.3.0.9150

WeChat 腾讯科技(深圳)有限公司 2/12/2016 35.5 MB 1.5.0.22

If the Revo Pro has expired...there is a free version....Download Revo Uninstaller Freeware

Edited by buddy215, 25 June 2016 - 08:28 PM.

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 buyaobingdu

Topic Starter

Members
6 posts
OFFLINE

Local time:02:36 PM

Posted 25 June 2016 - 10:44 PM

Hmm...that seems to have done it.

I followed your advice and restarted my computer. Once again, it said that the files were gone; I've waited for a few hours and I checked and it seems to have finally cleaned the files for good.

Any idea what those files were for sure? What should I do to make sure this doesn't happen again?

EDIT:

Damn it.

Seems the same problem is still here. I though it was gone because I got a message that the files had, in fact, been cleaned and hours after restarting I hadn't gotten an infected notification.

I just got a new message of the same type but this time file names are different:

C:\Windows\Temp\tmp000052a2\tmp00000fd7

C:\Windows\Temp\tmp00000b02\tmp00000002

Dunno what's going on. :scratchhead:

Edited by buyaobingdu, 26 June 2016 - 02:01 AM.

#11 buddy215

BC Advisor
12,882 posts
OFFLINE

Gender:Male
Location:West Tennessee
Local time:12:36 AM

Posted 26 June 2016 - 05:39 AM

Ten Cent is one of those programs that doesn't like to be uninstalled. It could or could not be the problem. Probably best to

start a new topic in the Malware Removal Forum by following the instructions below.

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

If you cannot complete a step, then skip it and continue with the next.
In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

DO NOT bump your new topic. Wait for a response from one of the Team Members.

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

Back to Am I infected? What do I do?