Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Unwiped Drives and Servers from NCIX Retailer for Sale on Craigslist

Featured Deal: Get 95% off The Ultimate MCSE Certification Training Bundle

Photo

BitDefender: 2 files could not be disinfected

Started by buyaobingdu , Jun 25 2016 06:14 AM

  • Please log in to reply
10 replies to this topic

#1 buyaobingdu

buyaobingdu

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:09:24 PM

Posted 25 June 2016 - 06:14 AM

I'm running Opera on Windows 10.

 

I keep getting messaged from Bit Defender telling me that 2 files have found to be infected and can't be disinfected because they're in use; therefore requiring me to restart my computer.

 

When I do restart, the message about the infected files goes away however it comes back again several hours later.

 

I ran a scan with Malware Bytes but it came back as clean.

 

The two files that are infected are:

 

C://windows/temp/tmp000042d1/tmp0005d7c

C://windows/temp/tmp0000b401/tmp0001599

I'd appreciate any help fixing this, thanks. 


BC AdBot (Login to Remove)

 

#2 buddy215

buddy215

  • Moderator
  • 13,260 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:24 AM

Posted 25 June 2016 - 06:53 AM

Welcome to BC...

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 buyaobingdu

buyaobingdu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:09:24 PM

Posted 25 June 2016 - 09:49 AM

All done. Here are the logs:

 

AdwCleaner

 

# AdwCleaner v5.200 - Logfile created 25/06/2016 at 23:40:01
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-25.2 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Sun Wukong - LENOVO
# Running from : C:\Users\Sun Wukong\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Users\Public\Documents\tencent
Folder Found : C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
 
***** [ Files ] *****
 
File Found : C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Found : HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
Key Found : HKCU\Software\Classes\Tencent
Key Found : HKLM\SOFTWARE\Classes\metnsd
Key Found : HKLM\SOFTWARE\Classes\Tencent
Key Found : HKU\S-1-5-21-1902430429-670318691-634964578-1001\Software\Classes\Tencent
Key Found : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{C2FABF6C-33A4-448D-BFDA-8C92C1E439B3}C:\program files (x86)\tencent\wechat\wechat.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{3CA99A7B-8FA0-4E07-8895-757A22C1DE1A}C:\program files (x86)\tencent\wechat\wechat.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{73516401-5C19-4D87-818A-B0D58ED54C01}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{FC57BE04-BA92-44BD-97E0-FEFA99CF55F4}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{9F8A92C2-0D22-4066-AE0E-D03A36D01D3A}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{93343EEA-B08E-419F-A044-4F7A31D482AA}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Wechat]
Value Found : HKU\S-1-5-21-1902430429-670318691-634964578-1001\Software\Microsoft\Windows\CurrentVersion\Run [Wechat]
Value Found : HKU\S-1-5-21-1902430429-670318691-634964578-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Wechat]
 
***** [ Web browsers ] *****
 
[C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : pbjikboenpfhbbejgkoklgkhjpfogcam
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [3402 bytes] - [25/06/2016 23:40:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3475 bytes] ##########
 
 
Junkware
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64 
Ran by Sun Wukong (Administrator) on Sat 06/25/2016 at 23:30:11.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 12 
 
Successfully deleted: C:\ProgramData\1430656606.bdinstall.bin (File) 
Successfully deleted: C:\Users\Sun Wukong\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam (Folder) 
Successfully deleted: C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage (File) 
Successfully deleted: C:\Users\Sun Wukong\AppData\Local\kakao (Folder) 
Successfully deleted: C:\Users\Sun Wukong\AppData\Roaming\tencent (Folder) 
Successfully deleted: C:\WINDOWS\wininit.ini (File) 
Successfully deleted: C:\Program Files (x86)\Common Files\tencent (Folder) 
Successfully deleted: C:\Program Files (x86)\kakao (Folder) 
Successfully deleted: C:\Program Files (x86)\tencent (Folder) 
Successfully deleted: C:\WINDOWS\prefetch\AFREECATVPACKAGE.EXE-12E0A80D.pf (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/25/2016 at 23:33:10.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#4 buddy215

buddy215

  • Moderator
  • 13,260 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:24 AM

Posted 25 June 2016 - 10:10 AM

Please rerun AdwCleaner and be sure to choose Clean when scan finishes. Post the new log.

 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

After posting the results of the two scans above, Please do this:

 

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 buddy215

buddy215

  • Moderator
  • 13,260 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:24 AM

Posted 25 June 2016 - 10:22 AM

If you do a Google Search for your screen name you will see it is associated with a site that Google warns THIS SITE MAY HARM YOUR COMPUTER.

Possibly the site is pjhku.com....I did not click on the link provided in the search. Nor do I know if that is you or not. Just wanted to alert you if you have

visited or intend to visit that site again.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 buyaobingdu

buyaobingdu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:09:24 PM

Posted 25 June 2016 - 06:16 PM

The user name popping up on that site is a coincidence. The forum name I'm using means ''Don't Want Viruses" in Chinese :lol: so I guess either someone else is using that name or phrase there so it popped up on Google.

I ran a scan with ESET but it didn't find anything so there was no log made.

AdwCleaner:

 

# AdwCleaner v5.200 - Logfile created 26/06/2016 at 07:51:08
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-25.3 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Sun Wukong - LENOVO
# Running from : C:\Users\Sun Wukong\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Public\Documents\tencent
[-] Folder Deleted : C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
[-] Key Deleted : HKCU\Software\Classes\Tencent
[-] Key Deleted : HKLM\SOFTWARE\Classes\metnsd
[-] Key Deleted : HKLM\SOFTWARE\Classes\Tencent
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{C2FABF6C-33A4-448D-BFDA-8C92C1E439B3}C:\program files (x86)\tencent\wechat\wechat.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{3CA99A7B-8FA0-4E07-8895-757A22C1DE1A}C:\program files (x86)\tencent\wechat\wechat.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{73516401-5C19-4D87-818A-B0D58ED54C01}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{FC57BE04-BA92-44BD-97E0-FEFA99CF55F4}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{9F8A92C2-0D22-4066-AE0E-D03A36D01D3A}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{93343EEA-B08E-419F-A044-4F7A31D482AA}]
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Wechat]
[#] Value Deleted : HKU\S-1-5-21-1902430429-670318691-634964578-1001\Software\Microsoft\Windows\CurrentVersion\Run [Wechat]
[-] Value Deleted : HKU\S-1-5-21-1902430429-670318691-634964578-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Wechat]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Sun Wukong\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pbjikboenpfhbbejgkoklgkhjpfogcam
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [3548 bytes] - [26/06/2016 07:51:08]
C:\AdwCleaner\AdwCleaner[S1].txt - [3554 bytes] - [25/06/2016 23:40:01]
C:\AdwCleaner\AdwCleaner[S2].txt - [3627 bytes] - [26/06/2016 07:49:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3767 bytes] ##########

#7 buddy215

buddy215

  • Moderator
  • 13,260 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:24 AM

Posted 25 June 2016 - 06:29 PM

I'll have further comments after you post the Three lists from CCleaner Tools.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 buyaobingdu

buyaobingdu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:09:24 PM

Posted 25 June 2016 - 06:50 PM

Whoops. I apologize, I forgot about those.

Windows Startups:
 

Yes HKCU:Run afreecatvpackage AfreecaTV co., Ltd C:\Program Files (x86)\afreeca\afreecatvpackage.exe
No HKCU:Run Amazon Music Amazon Services LLC "C:\Users\Sun Wukong\AppData\Local\Amazon Music\Amazon Music Helper.exe"
Yes HKCU:Run AudialsNotifier Audials AG C:\Program Files (x86)\Audials\Audials 2016\AudialsNotifier.exe
Yes HKCU:Run avichannel Evaer Technology "C:\Program Files (x86)\Evaer\videochannel.exe"
No HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run CrashPlanService C:\Users\Sun Wukong\AppData\Local\Programs\CrashPlan\CrashPlanService.vbs
Yes HKCU:Run CrashPlanTray Code 42 Software, Inc. C:\Users\Sun Wukong\AppData\Local\Programs\CrashPlan\CrashPlanTray.exe
No HKCU:Run KakaoTalk "C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe" -bystartup
No HKCU:Run OneDrive Microsoft Corporation "C:\Users\Sun Wukong\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKCU:Run SandboxieControl Sandboxie Holdings, LLC "C:\Program Files\Sandboxie\SbieCtrl.exe"
No HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
No HKCU:Run Spotify Spotify Ltd "C:\Users\Sun Wukong\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
No HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\Sun Wukong\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
No HKCU:Run Steam Valve Corporation "C:\Program Files (x86)\Steam\steam.exe" -silent
Yes HKCU:Run TouchpadBlocker.exe KARPOLAN "C:\Program Files (x86)\Touchpad Blocker\TouchpadBlocker.exe" -startup
Yes HKCU:RunOnce Uninstall C:\Users\Sun Wukong\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sun Wukong\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1"
Yes HKCU:RunOnce Uninstall C:\Users\Sun Wukong\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sun Wukong\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
Yes HKCU:RunOnce Uninstall C:\Users\Sun Wukong\AppData\Local\Microsoft\OneDrive\17.3.6301.0127 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sun Wukong\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"
Yes HKCU:RunOnce Uninstall C:\Users\Sun Wukong\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sun Wukong\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
No HKLM:Run Agile1pAgent AgileBits C:\Program Files (x86)\1Password 4\Agile1pAgent.exe
Yes HKLM:Run AhnLab Safe Transaction Application AhnLab, Inc. "C:\Program Files\AhnLab\Safe Transaction\stsess.exe" /tray
Yes HKLM:Run Dropbox Dropbox, Inc. "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
Yes HKLM:Run ETDCtrl ELAN Microelectronics Corp. %ProgramFiles%\Elantech\ETDCtrl.exe
No HKLM:Run HncUpdate90 한글과컴퓨터 C:\Program Files (x86)\Hnc\HncUtils\Update\HncCheck.exe
No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes HKLM:Run RtHDVBg_Dolby Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
Yes HKLM:Run RtHDVBg_LENOVO_DOLBYDRAGON Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON
Yes HKLM:Run RtHDVBg_LENOVO_MICPKEY Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY
Yes HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Yes HKLM:Run RtsFT RTFTrack.exe
Yes HKLM:Run ShadowPlay Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
 
Scheduled Tasks:

Yes Task Adobe Flash Player PPAPI Notifier Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_pepper.exe -check pepperplugin
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task AutoKMS C:\Windows\AutoKMS\AutoKMS.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task DropboxUpdateTaskMachineCore Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskMachineUA Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Opera scheduled Autoupdate 1430064947 Opera Software C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
No Task Optimize Start Menu Cache Files-S-1-5-21-1902430429-670318691-634964578-1001
Yes Task Private Internet Access Startup "C:\Program Files\pia_manager\pia_manager.exe" --startup

 
Uninstall:

1Password 4.6.0.604 AgileBits 3/1/2016 28.9 MB 4.0
3D Builder Microsoft Corporation 5/27/2016 11.1.8.0
7-Zip 15.14 (x64) Igor Pavlov 4/22/2016 4.72 MB 15.14
Adobe AIR Adobe Systems Incorporated 2/12/2016 23.2 MB 18.0.0.199
Adobe Digital Editions 4.0 Adobe Systems Incorporated 2/5/2016 21.7 MB 4.0.3
Adobe Flash Player 22 PPAPI Adobe Systems Incorporated 6/17/2016 19.5 MB 22.0.0.192
AhnLab Safe Transaction AhnLab, Inc. 6/1/2016 468 MB 1.3.9.604
Alarms & Clock Microsoft Corporation 6/16/2016 10.1605.1472.0
ALTools Update ESTsoft Corp. 2/12/2016 2.67 MB v11.4
ALZip 8.51 ESTsoft Corp. 2/12/2016 21.9 MB v8.51
Amazon Music Amazon Services LLC 6/19/2016 4.3.2.1367
Amazon Music Importer Amazon Services LLC 2/12/2016 7.72 MB 3.1.0
Analogue: A Hate Story Love Conquers All Games 2/12/2016 115 MB
Anki 2/5/2016
App connector Microsoft Corporation 2/5/2016 1.3.3.0
Apple Application Support (32-bit) Apple Inc. 5/22/2016 152 MB 4.3.1
Apple Application Support (64-bit) Apple Inc. 5/22/2016 170 MB 4.3.1
Apple Mobile Device Support Apple Inc. 3/28/2016 43.2 MB 9.3.0.15
Apple Software Update Apple Inc. 3/11/2016 4.91 MB 2.2.0.150
Audials Audials AG 6/23/2016 376 MB 12.1.6800.0
Bitdefender Antivirus Free Edition Bitdefender 6/24/2016 566 MB 1.0.21.1109
Bonjour Apple Inc. 9/29/2015 3.28 MB 3.1.0.1
Calculator Microsoft Corporation 2/5/2016 10.1601.49020.0
Camera Microsoft Corporation 5/27/2016 2016.404.120.0
CCleaner Piriform 5/13/2016 17.9 MB 5.17
Chinese Text Analyser Imral Software Pty Ltd 2/12/2016 8.29 MB 0.99.9
Corkboard DeadLife 3/5/2016 1.0.0.0
CrashPlan Code 42 Software 5/18/2016 321 MB 4.7.0.317
don't take it personally, babe, it just ain't your story 1.1 Christine Love 2/5/2016 1.1
Dropbox Dropbox, Inc. 6/25/2016 170 MB 5.4.24
eISP 1.0 2/5/2016 1.0
EnuFontInstaller Hancom 5/12/2015 34.7 MB 1.00.0000
Epubor Ultimate Epubor Inc. 2/5/2016 3.0.4.22
ESET Online Scanner v3 6/26/2016
Evaer Video Recorder for Skype 1.6.5.71 Evaer Technology 4/29/2016 1.6.5.71
ffdshow [rev 2527] [2008-12-19] 2/13/2016 13.3 MB 1.0
Foxit Cloud Foxit Software Inc. 10/1/2015 12.3 MB 3.7.143.923
Foxit Reader Foxit Software Inc. 4/25/2015 50.3 MB 7.1.3.320
Free Download Manager 3.9.5 FreeDownloadManager.ORG 4/25/2015 32.1 MB
Get Office Microsoft Corporation 6/12/2016 17.7031.23501.0
Get Skype Skype 2/5/2016 3.2.1.0
Get Started Microsoft Corporation 6/24/2016 3.9.10.0
Google Chrome Google Inc. 4/22/2015 489 MB 51.0.2704.103
Groove Music Microsoft Corporation 6/21/2016 3.6.22051.0
Hancom Office 2010 Hancom 2/12/2016 1.30 GB 8.0.1
Influent Rob Howland 5/20/2016 680 MB
INISAFE MoaSign S v1.0 INITECH, Inc. 6/1/2016 1.0.43
INISAFE SandBox 1.0 Initech, Inc. 2/5/2016 1.0
Innorix File Transfer Solution INNORIX 2/5/2016 7.1.3.847
Innorix File Transfer Solution(G) INNORIX 2/5/2016 7.2.0.591
Intel® Management Engine Components Intel Corporation 4/23/2015 9.5.14.1724
Intel® Processor Graphics Intel Corporation 2/5/2016 10.18.15.4279
IPinside Non-p Agent interezen 6/1/2016 2.0.0.2
iTunes Apple Inc. 6/5/2016 282 MB 12.4.1.6
KakaoTalk Daum Kakao Corp 5/29/2016 2.2.1.1211
Kindle AMZN Mobile LLC 2/5/2016 2.1.0.2
Lenovo Companion LENOVO INC. 6/24/2016 3.49.1.0
Lenovo EasyCamera Realtek Semiconductor Corp. 2/5/2016 6.3.9600.11103
Lenovo pointing device ELAN Microelectronic Corp. 2/5/2016 11.4.68.3
Mail and Calendar Microsoft Corporation 6/21/2016 17.6965.40901.0
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 3/23/2016 56.9 MB 2.2.1.1043
Maps Microsoft Corporation 6/21/2016 5.1606.1670.0
MelOn Player4 2/12/2016 69.9 MB 4.0
Messaging + Skype Microsoft Corporation 4/19/2016 2.15.20002.0
Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 6/24/2015 2.47 MB 4.0.40804.0
Microsoft Office Home and Student 2013 - en-us Microsoft Corporation 6/24/2016 1.39 GB 15.0.4833.1001
Microsoft Office Proofing Tools 2013 - English Microsoft Corporation 5/12/2016 43.1 MB 15.0.4569.1506
Microsoft Office 언어 교정 도구 2013 - 한국어 Microsoft Corporation 5/12/2016 72.0 MB 15.0.4569.1506
Microsoft Silverlight Microsoft Corporation 6/24/2016 237 MB 5.1.50428.0
Microsoft Solitaire Collection Microsoft Studios 6/3/2016 3.9.5250.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 4/26/2015 6.45 MB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 5/17/2015 22.7 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 5/18/2015 22.7 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 5/13/2015 1.35 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 5/10/2015 12.3 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 5/17/2015 27.7 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 5/17/2015 22.2 MB 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 4/15/2016 22.5 MB 10.0.50903
Microsoft Wi-Fi Microsoft Corporation 4/29/2016 1.1604.4.0
Money Microsoft Corporation 6/4/2016 4.9.76.0
Movies & TV Microsoft Corporation 6/24/2016 3.6.21441.0
Mozilla Maintenance Service Mozilla 2/5/2016 221 KB 31.6.0
MSN Health & Fitness Microsoft Corporation 2/5/2016 3.0.4.336
MSN Travel Microsoft Corporation 2/5/2016 3.0.4.336
NaturalReader 14 Free Naturalsoft 3/12/2016 138 MB 1.00.0000
News Microsoft Corporation 6/4/2016 4.9.76.0
nProtect KeyCrypt V6.0 2/5/2016
NVIDIA GeForce Experience 2.4.5.44 NVIDIA Corporation 6/23/2015 24.5 MB 2.4.5.44
NVIDIA Graphics Driver 353.62 NVIDIA Corporation 2/5/2016 563 MB 353.62
NVIDIA PhysX System Software 9.15.0428 NVIDIA Corporation 6/23/2015 348 MB 9.15.0428
OneNote Microsoft Corporation 6/24/2016 17.7070.57821.0
Opera Stable 38.0.2220.31 Opera Software 6/17/2016 270 MB 38.0.2220.31
paint.net dotPDN LLC 3/6/2016 55.7 MB 4.0.9
People Microsoft Corporation 4/5/2016 10.0.10811.0
Phone Microsoft Corporation 6/3/2016 2.17.27003.0
Phone Companion Microsoft Corporation 2/5/2016 10.1602.3010.0
Photos Microsoft Corporation 6/3/2016 16.526.11220.0
Private Internet Access Support Files Private Internet Access 4/25/2015 3.11 MB 1.0.0.0
QQ International Tencent Technology(Shenzhen) Company Limited 4/25/2015 182 MB 1.91.1369.0
QuiteRSS version 0.17.7 QuiteRSS Team 5/6/2015 46.6 MB 0.17.7
Reader Microsoft Corporation 6/15/2016 6.4.9926.18339
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2/12/2016 17.8 MB 6.0.1.7560
Revo Uninstaller Pro 3.1.6 VS Revo Group, Ltd. 5/11/2016 38.7 MB 3.1.6
Sandboxie 5.10 (64-bit) Sandboxie Holdings, LLC 3/23/2016 5.10
Shan Gui Magenta Factory 2/12/2016 560 MB
Skype Click to Call Microsoft Corporation 5/26/2016 20.0 MB 8.3.0.9150
Skype™ 7.24 Skype Technologies S.A. 5/28/2016 127 MB 7.24.104
Speccy Piriform 5/20/2016 14.3 MB 1.29
Sports Microsoft Corporation 6/4/2016 4.9.76.0
Spotify Spotify AB 6/15/2016 1.0.31.56.g526cfefe
Steam Valve Corporation 2/5/2016 2.10.91.91
Store Microsoft Corporation 4/30/2016 11602.1.26.0
Sway Microsoft Corporation 6/15/2016 17.7070.45221.0
Touchpad Blocker KARPOLAN 2/12/2016 952 KB 2.9
TuneIn Radio TuneIn 6/16/2016 3.0.1717.0
Twitter Twitter Inc. 6/12/2016 5.1.2.0
Update for Korean Microsoft IME Standard Dictionary Microsoft Corporation 4/27/2015 1.52 MB 16.0.662.1
Verbix 9.0 Verbix 5/10/2015 5.15 MB 9.0.9
Visual Studio 2012 x64 Redistributables AVG Technologies 4/25/2015 13.0 MB 14.0.0.1
Visual Studio 2012 x86 Redistributables AVG Technologies CZ, s.r.o. 4/25/2015 40.0 KB 14.0.0.1
VLC media player VideoLAN 2/12/2016 112 MB 2.2.1
Voice Recorder Microsoft Corporation 6/16/2016 10.1605.1471.0
Wacom Tablet Wacom Technology Corp. 2/9/2016 6.3.15-3
Weather Microsoft Corporation 6/4/2016 4.9.76.0
WebTablet FB Plugin 32 bit Wacom Technology Corp. 2/5/2016 2.1.0.7
WebTablet FB Plugin 64 bit Wacom Technology Corp. 2/5/2016 2.1.0.7
WeChat 腾讯科技(深圳)有限公司 2/12/2016 35.5 MB 1.5.0.22
Windows Reading List Microsoft Corporation 6/18/2016 6.3.9654.21234
Windows Scan Microsoft Corporation 2/5/2016 6.3.9654.17133
World Clock - Time Zones TIME AND DATE AS 2/5/2016 2.0.8.34
XecureWeb Control 2/5/2016
Xvid MPEG-4 Video Codec Xvid Development Team 2/17/2016
¾ÆÇÁ¸®Ä«TV Á¦°Å AfreecaTV Co., Ltd 2/5/2016
 

Edited by buyaobingdu, 25 June 2016 - 06:50 PM.

#9 buddy215

buddy215

  • Moderator
  • 13,260 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:24 AM

Posted 25 June 2016 - 08:15 PM

Suggest Disabling these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKLM:Run Dropbox Dropbox, Inc. "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
Yes HKLM:Run ShadowPlay Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
 
Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task AutoKMS C:\Windows\AutoKMS\AutoKMS.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task DropboxUpdateTaskMachineCore Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskMachineUA Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Private Internet Access Startup "C:\Program Files\pia_manager\pia_manager.exe" --startup (This could be responsible for the temp files that Bit Defender finds)
Try disabling through at least two reboots to test. Run Bit Defender to see if it still finds the temp files and removes them.
 
Uninstall These programs:
ESET Online Scanner v3 6/26/2016
KakaoTalk Daum Kakao Corp 5/29/2016 2.2.1.1211
Mozilla Maintenance Service Mozilla 2/5/2016 221 KB 31.6.0
QQ International Tencent Technology(Shenzhen) Company Limited 4/25/2015 182 MB 1.91.1369.0 Use the installed Revo Uninstaller pro in Advanced Mode to uninstall
Skype Click to Call Microsoft Corporation 5/26/2016 20.0 MB 8.3.0.9150
WeChat 腾讯科技(深圳)有限公司 2/12/2016 35.5 MB 1.5.0.22
 
If the Revo Pro has expired...there is a free version....Download Revo Uninstaller Freeware

Edited by buddy215, 25 June 2016 - 08:28 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 buyaobingdu

buyaobingdu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:09:24 PM

Posted 25 June 2016 - 10:44 PM

Hmm...that seems to have done it.

 

I followed your advice and restarted my computer. Once again, it said that the files were gone; I've waited for a few hours and I checked and it seems to have finally cleaned the files for good.

 

Any idea what those files were for sure? What should I do to make sure this doesn't happen again?

EDIT:

 

Damn it. 

Seems the same problem is still here. I though it was gone because I got a message that the files had, in fact, been cleaned and hours after restarting I hadn't gotten an infected notification.

I just got a new message of the same type but this time file names are different:

C:\Windows\Temp\tmp000052a2\tmp00000fd7

C:\Windows\Temp\tmp00000b02\tmp00000002

Dunno what's going on.  :scratchhead: 
 


Edited by buyaobingdu, 26 June 2016 - 02:01 AM.

#11 buddy215

buddy215

  • Moderator
  • 13,260 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:24 AM

Posted 26 June 2016 - 05:39 AM

Ten Cent is one of those programs that doesn't like to be uninstalled. It could or could not be the problem. Probably best to

start a new topic in the Malware Removal Forum by following the instructions below.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”
Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·