Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found a unknown user on laptop - wangzhisong - suspect as a result of malware


  • Please log in to reply
13 replies to this topic

#1 Banjulhu

Banjulhu

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 07 December 2014 - 08:12 AM

Hi.

 

The otherday when I was trying to edit user settings on my 64 bit windows 7 laptop I found that it kept freezing when trying to access the options in the user accounts. This caused me to start looking into the user folder on the C drive where I found an uknown user wangzhisong. upon searching the net I ended up at your forums and coming to the conclusion that I have some malware on my machine.

 

I am running AVG as my standard anti-virus/protection software but also installed Malwarebytes Anti-Malware last night to try and detect and fix the problem (It does not seemed to have worked)

 

I was hoping you could help verify that this is the case and if so help remove the threat.

 

All the best

 

David



BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:25 PM

Posted 07 December 2014 - 09:21 AM

You said you installed MBAM but doesn't seem to work. Did you complete a scan using it? If so, please post the results

of that scan.

wangzhisong....seems to be related to  Mobogenie software for use with an Android device.

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars.

You may see a Google Tool Bar being offered.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Hold down Control and click on this link to open ESET OnlineScan in a new window.

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 Banjulhu

Banjulhu
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 07 December 2014 - 09:56 AM

Hi here is the scan report from Malwarebytes. still going through other steps as instructed

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 06/12/2014
Scan Time: 20:07:23
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.06.10
Rootkit Database: v2014.12.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: David

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357560
Time Elapsed: 27 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, No Action By User, [50528fd0e795290d47c92ad95ca70df3],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [50528fd0e795290d47c92ad95ca70df3],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2542572313-3782304099-3806642231-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [426046193a42d75f405e8a450bf72cd4],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2542572313-3782304099-3806642231-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [4e5429363646aa8c9761741300033dc3],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2542572313-3782304099-3806642231-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [673ba4bbb7c570c6fb1f910d91736f91],

Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2542572313-3782304099-3806642231-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Z1N1J, Quarantined, [673ba4bbb7c570c6fb1f910d91736f91]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.Updater.A, C:\Users\David\AppData\Roaming\UpdaterEX\UpdateProc, Quarantined, [01a1b8a7fd7fe452f3668ca7b251b24e],

Files: 6
PUP.Optional.Wajam.A, C:\Users\David\AppData\Local\Temp\is1275519350\727139_stp\wajam_download.exe, Quarantined, [c9d90659dca0b77f8fbf2720ab55f010],
PUP.Optional.Updater.A, C:\Users\David\AppData\Roaming\UpdaterEX\UpdateProc\config.dat, Quarantined, [01a1b8a7fd7fe452f3668ca7b251b24e],
PUP.Optional.Updater.A, C:\Users\David\AppData\Roaming\UpdaterEX\UpdateProc\info.dat, Quarantined, [01a1b8a7fd7fe452f3668ca7b251b24e],
PUP.Optional.Updater.A, C:\Users\David\AppData\Roaming\UpdaterEX\UpdateProc\prod.dat, Quarantined, [01a1b8a7fd7fe452f3668ca7b251b24e],
PUP.Optional.Updater.A, C:\Users\David\AppData\Roaming\UpdaterEX\UpdateProc\STTL.DAT, Quarantined, [01a1b8a7fd7fe452f3668ca7b251b24e],
PUP.Optional.Updater.A, C:\Users\David\AppData\Roaming\UpdaterEX\UpdateProc\TTL.DAT, Quarantined, [01a1b8a7fd7fe452f3668ca7b251b24e],

Physical Sectors: 0
(No malicious items detected)


(end)



#4 Banjulhu

Banjulhu
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 07 December 2014 - 10:14 AM

Here is the JRT report

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by David on 07/12/2014 at 15:10:00.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\jibtbvpy.default\minidumps [340 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/12/2014 at 15:13:59.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#5 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:25 PM

Posted 07 December 2014 - 11:15 AM

Do you have mobogenie installed? If unsure, as someone else could of installed it, open CCleaner. Click on Tools > Click on Uninstall and see if

you see mobogenie listed in that list of programs installed on your computer.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#6 Banjulhu

Banjulhu
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 07 December 2014 - 11:41 AM

mobogenie does not appear to be installed on my machine.



#7 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:25 PM

Posted 07 December 2014 - 11:58 AM

Open CCleaner again. Click on Tools > Uninstalls > at the bottom of that page you will see a button that when clicked will allow

you to copy and paste the list of programs in your next reply.

 

Click on Startups in CCleaner. Post the list of Windows Startups.  Post the list Browser startups and Tasks by clicking on each of the buttons

for the browsers installed and Tasks.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 Banjulhu

Banjulhu
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 07 December 2014 - 12:15 PM

Here is the install list

 

Adobe AIR    Adobe Systems Incorporated    28/11/2014        15.0.0.356
Adobe Digital Editions 2.0    Adobe Systems Incorporated    19/11/2013    15.3 MB    2.0
Adobe Flash Player 15 ActiveX    Adobe Systems Incorporated    26/11/2014    6.00 MB    15.0.0.239
Adobe Flash Player 15 Plugin    Adobe Systems Incorporated    26/11/2014    6.00 MB    15.0.0.239
Adobe Reader X (10.1.12) MUI    Adobe Systems Incorporated    22/09/2014    482 MB    10.1.12
Adobe Shockwave Player 12.1    Adobe Systems, Inc.    27/05/2014        12.1.1.151
Age of Mythology: Extended Edition    SkyBox Labs    12/05/2014        
Aspera Connect 3.5.1.92525    Aspera, Inc.    04/11/2014        3.5.1.92525
AVG 2015    AVG Technologies    17/11/2014        2015.0.5577
Battle.net    Blizzard Entertainment    11/11/2014        
BioLayout Express 3D        14/02/2014        
CCleaner    Piriform    07/12/2014        5.00
CellDesigner    The Systems Biology Institute    01/09/2014    165 MB    4.4
Citrix Receiver    Citrix Systems, Inc.    07/12/2014        14.1.0.0
COPASI 4.13.87    copasi.org    01/09/2014    162 MB    4.13.87
Corel Burn.Now Lenovo Edition    Corel Corporation    22/10/2013    83.0 MB    4.5.0
Corel WinDVD    Corel Inc.    22/10/2013    302 MB    10.0.6.406
Create Recovery Media    Lenovo Group Limited    22/10/2013    8.08 MB    1.20.0.00
Cytoscape 3.1.1    Cytoscape Consortium    01/09/2014        3.1.1
Diablo III    Blizzard Entertainment    11/11/2014        
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7        22/10/2013        1.00
Dolby Advanced Audio v2    Dolby Laboratories Inc    22/10/2013    12.9 MB    7.2.7000.7
Dragon Age: Origins - Ultimate Edition    BioWare    25/01/2014        
Dropbox    Dropbox, Inc.    17/11/2014        2.10.52
Dual-Core Optimizer    AMD    16/11/2013    86.0 KB    1.1.4.0169
EPSON SX125 Series Printer Uninstall    SEIKO EPSON Corporation    11/09/2014        
ESET Online Scanner v3        07/12/2014        
Evernote v. 4.2.3    Evernote Corp.    22/10/2013    139 MB    4.2.3.15
Evoland    GOG.com    16/11/2013    101 MB    2.0.0.3
FTL: Faster Than Light    Subset Games    16/11/2013        
GIMP 2.8.8    The GIMP Team    18/11/2013    268 MB    2.8.8
GOG.com Downloader version 3.6.0    GOG.com    16/11/2013    2.19 MB    3.6.0
Google Drive    Google, Inc.    05/11/2014    34.6 MB    1.18.7821.2489
Google Talk Plugin    Google    11/11/2014    14.3 MB    5.38.6.0
ImageJ 1.48v    NIH    03/09/2014    93.1 MB    
Integrated Camera Driver Installer Package Ver.1.2.1.16    RICOH    22/10/2013        1.2.1.16
Intel AppUp® center    Intel    22/10/2013        3.8.0.41900.72
Intel® Control Center    Intel Corporation    22/10/2013        1.2.1.1007
Intel® Management Engine Components    Intel Corporation    22/10/2013        8.0.3.1427
Intel® OpenCL CPU Runtime    Intel Corporation    22/10/2013        
Intel® Processor Graphics    Intel Corporation    18/11/2013        9.17.10.2843
Intel® USB 3.0 eXtensible Host Controller Driver    Intel Corporation    22/10/2013        1.0.4.225
Intel® WiDi    Intel Corporation    22/10/2013    106 MB    3.1.29.0
Intel® PROSet/Wireless WiFi Software    Intel Corporation    22/10/2013    153 MB    15.01.0000.0830
Intel® Trusted Connect Service Client    Intel Corporation    22/10/2013    10.6 MB    1.23.605.1
Java 7 Update 67 (64-bit)    Oracle    01/09/2014    118 MB    7.0.670
Java 7 Update 71    Oracle    20/10/2014    119 MB    7.0.710
Java 8 Update 25    Oracle Corporation    25/10/2014    73.3 MB    8.0.250
Lenovo Auto Scroll Utility        22/10/2013        2.01
Lenovo Power Management Driver        18/11/2013        1.67.03.13
Lenovo Registration    Lenovo Inc.    22/10/2013    4.09 MB    1.0.3
Lenovo Solution Center    Lenovo Group Limited    28/11/2014    29.0 MB    2.7.003.00
Lenovo System Update    Lenovo    29/07/2014    16.4 MB    5.06.0016
Lenovo User Guide    Lenovo Group Limited    22/10/2013    606 KB    1.0.0009.00
Lenovo Warranty Information    Lenovo    22/10/2013    861 KB    1.0.0005.00
Lenovo Welcome    Lenovo Group Limited    22/10/2013    9.24 MB    3.1.0022.00
LibreOffice 4.3.0.4    The Document Foundation    21/08/2014    479 MB    4.3.0.4
LiveUSB Creator (remove only)        21/11/2013        
Malwarebytes Anti-Malware version 2.0.4.1028    Malwarebytes Corporation    06/12/2014    57.2 MB    2.0.4.1028
Microsoft .NET Framework 4.5.1    Microsoft Corporation    26/02/2014    38.8 MB    4.5.50938
Microsoft Mouse and Keyboard Center    Microsoft Corporation    16/11/2013        2.2.173.0
Microsoft Office    Microsoft Corporation    22/10/2013    296 MB    15.0.4454.1510
Microsoft Office File Validation Add-In    Microsoft Corporation    15/05/2014    10.9 MB    14.0.5130.5003
Microsoft Office Ultimate 2007    Microsoft Corporation    05/12/2013        12.0.6612.1000
Microsoft Silverlight    Microsoft Corporation    29/07/2014    149 MB    5.1.30514.0
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    16/11/2013    298 KB    8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64)    Microsoft Corporation    22/10/2013    708 KB    8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022    Microsoft Corporation    18/01/2014    1.70 MB    9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17    Microsoft Corporation    22/10/2013    788 KB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161    Microsoft Corporation    17/11/2013    788 KB    9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022    Microsoft Corporation    27/11/2013    1.41 MB    9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17    Microsoft Corporation    22/10/2013    596 KB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    22/10/2013    600 KB    9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219    Microsoft Corporation    21/12/2013    13.8 MB    10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219    Microsoft Corporation    21/12/2013    11.1 MB    10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610    Microsoft Corporation    21/12/2013    20.5 MB    11.0.60610.1
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610    Microsoft Corporation    21/12/2013    17.3 MB    11.0.60610.1
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005    Microsoft Corporation    14/12/2013    20.5 MB    12.0.21005.1
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005    Microsoft Corporation    14/12/2013    17.1 MB    12.0.21005.1
Microsoft XNA Framework Redistributable 4.0 Refresh    Microsoft Corporation    21/11/2013    8.03 MB    4.0.30901.0
Mozilla Firefox 33.1 (x86 en-US)    Mozilla    11/11/2014    77.5 MB    33.1
Mozilla Maintenance Service    Mozilla    10/05/2014    341 KB    29.0.1
MSXML 4.0 SP2 (KB973688)    Microsoft Corporation    16/11/2013    1.33 MB    4.20.9876.0
Nitro Pro 8    Nitro    22/10/2013    465 MB    8.5.2.10
Notepad++    Notepad++ Team    29/09/2014        6.6.9
NVIDIA 3D Vision Driver 340.84    NVIDIA Corporation    25/10/2014        340.84
NVIDIA Graphics Driver 340.84    NVIDIA Corporation    25/10/2014        340.84
NVIDIA HD Audio Driver 1.3.30.1    NVIDIA Corporation    25/10/2014        1.3.30.1
NVIDIA nView 141.36    NVIDIA Corporation    25/10/2014        141.36
NVIDIA PhysX    NVIDIA Corporation    16/11/2013    119 MB    9.09.0203
NVIDIA Update 10.4.0    NVIDIA Corporation    25/10/2014        10.4.0
On Screen Display        28/11/2014        8.42.20
Origin    Electronic Arts, Inc.    24/07/2014        9.4.11.2806
Papers, Please    3909    16/11/2013        
PCSX2 - Playstation 2 Emulator        21/02/2014        
Power Manager        22/10/2013        6.32
R for Windows 3.0.2    R Core Team    18/11/2013    96.7 MB    3.0.2
RapidBoot HDD Accelerator    Lenovo    22/10/2013        1.1.1.1
RapidBoot Shield    Lenovo    22/10/2013    23.3 MB    1.23
Razer Core    Razer Inc    27/05/2014        1.0.1.66
Razer Synapse 2.0    Razer Inc.    17/11/2014    18.1 MB    1.18.18.23036
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    22/10/2013        6.0.1.6591
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7        22/10/2013        1.00
RICOH_Media_Driver_v2.14.18.01    RICOH    22/10/2013        2.14.18.01
RPG Maker VX Ace    Enterbrain    28/11/2013        
Shadowrun Returns    Harebrained Schemes    16/11/2013        
Sid Meier's Civilization: Beyond Earth    Firaxis Games    24/10/2014        
Skype™ 6.16    Skype Technologies S.A.    06/08/2014    25.9 MB    6.16.105
Star Wars: Knights of the Old Republic    BioWare    04/12/2014        
Steam    Valve Corporation    16/11/2013        
SugarSync Manager    SugarSync, Inc.    22/10/2013        1.9.80.99066
Synology Assistant (remove only)        30/06/2014        
Taverna Workbench 2.4.0    myGrid    26/03/2014        2.4.0
The Elder Scrolls V: Skyrim    Bethesda Game Studios    27/04/2014        
ThinkPad Bluetooth with Enhanced Data Rate Software    Broadcom Corporation    22/10/2013    289 MB    6.5.1.2700
ThinkPad UltraNav Driver        18/11/2013    46.4 MB    16.2.19.7
ThinkVantage Active Protection System    Lenovo    22/10/2013    9.02 MB    1.77.0.11
ThinkVantage Communications Utility    Lenovo    22/10/2013    20.4 MB    3.0.42.0
Torchlight    GOG.com    04/12/2013    434 MB    2.0.0.12
Total War: SHOGUN 2    The Creative Assembly    29/11/2014        
Trillian    Cerulean Studios, LLC    18/11/2013        
Visual Studio 2012 x64 Redistributables    AVG Technologies    16/11/2013    12.9 MB    14.0.0.1
Visual Studio 2012 x86 Redistributables    AVG Technologies CZ, s.r.o.    16/11/2013    10.5 MB    14.0.0.1
Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0)    Intel    22/10/2013        01/11/2012 11.15.16.0
Windows Driver Package - Intel System  (01/11/2012 9.3.0.1020)    Intel    22/10/2013        01/11/2012 9.3.0.1020
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011)    Intel    22/10/2013        08/26/2011 9.3.0.1011
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011)    Intel    21/10/2013        08/26/2011 9.3.0.1011
Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011)    Intel    22/10/2013        08/26/2011 9.3.0.1011
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20)    Lenovo    22/10/2013        02/29/2012 1.65.05.20
Windows Driver Package - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0)    Synaptics    22/10/2013        04/06/2012 16.1.1.0
WinRAR 5.00 (32-bit)    win.rar GmbH    16/11/2013        5.00.0
WinSCP 5.5.5    Martin Prikryl    02/09/2014    12.8 MB    5.5.5
 

Windows Startups

 

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    EPSON SX125 Series    SEIKO EPSON CORPORATION    C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGE.EXE /FU "C:\Windows\TEMP\E_S14BB.tmp" /EF "HKCU"
Yes    HKCU:Run    Google Update    Google Inc.    "C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Yes    HKCU:Run    GoogleDriveSync    Google    "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
Yes    HKCU:Run    Sidebar    Microsoft Corporation    C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Yes    HKCU:Run    Steam    Valve Corporation    "C:\Program Files (x86)\Steam\steam.exe" -silent
Yes    HKLM:Run    Adobe ARM    Adobe Systems Incorporated    "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes    HKLM:Run    amd_dc_opt    AMD    C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
Yes    HKLM:Run    AVG_UI    AVG Technologies CZ, s.r.o.    "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
Yes    HKLM:Run    CitrixReceiver        "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
Yes    HKLM:Run    ConnectionCenter    Citrix Systems, Inc.    "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
Yes    HKLM:Run    Dolby Advanced Audio v2    Dolby Laboratories Inc.    "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
Yes    HKLM:Run    Fastboot    Lenovo    "C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" /analysis
Yes    HKLM:Run    GrooveMonitor    Microsoft Corporation    "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
Yes    HKLM:Run    HotKeysCmds    Intel Corporation    C:\Windows\system32\hkcmd.exe
Yes    HKLM:Run    IgfxTray    Intel Corporation    C:\Windows\system32\igfxtray.exe
Yes    HKLM:Run    IMSS    Intel Corporation    "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
Yes    HKLM:Run    Lenovo Registration    Lenovo, Inc.    C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
Yes    HKLM:Run    LENOVO.TPKNRRES    Lenovo Group Limited    C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
Yes    HKLM:Run    NvBackend    NVIDIA Corporation    "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes    HKLM:Run    nwiz    NVIDIA Corporation    C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
Yes    HKLM:Run    Persistence    Intel Corporation    C:\Windows\system32\igfxpers.exe
Yes    HKLM:Run    PWMTRV        rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
Yes    HKLM:Run    Razer Synapse    Razer Inc.    "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
Yes    HKLM:Run    Redirector    Citrix Systems, Inc.    "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
Yes    HKLM:Run    RotateImage    Ricoh co.,Ltd.    C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
Yes    HKLM:Run    RtHDVBg_Dolby    Realtek Semiconductor    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
Yes    HKLM:Run    RTHDVCPL    Realtek Semiconductor    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Yes    HKLM:Run    SunJavaUpdateSched    Oracle Corporation    "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes    HKLM:Run    TpShocks    Lenovo.    TpShocks.exe
Yes    HKLM:Run    USB3MON    Intel Corporation    "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
Yes    Startup Common    Bluetooth.lnk    Broadcom Corporation.    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
Yes    Startup User    Dropbox.lnk    Dropbox, Inc.    C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe
Yes    Startup User    Trillian.lnk    Cerulean Studios    C:\Program Files (x86)\Trillian\trillian.exe
 

Firefox startups

 

Yes    Extension    Adblock Plus    2.6.6    Wladimir Palant    default    Firefox 33.1    C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\jibtbvpy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Yes    Extension    Aspera Installer    3.5.1.92265    Aspera Inc.    default    Firefox 33.1    C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\jibtbvpy.default\extensions\awi@asperasoft.com
Yes    Extension    British English Dictionary    1.19.1    Mark Tyndall    default    Firefox 33.1    C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\jibtbvpy.default\extensions\en-GB@dictionaries.addons.mozilla.org
Yes    Extension    Hola Better Internet    1.5.695    Hola    default    Firefox 33.1    C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\jibtbvpy.default\extensions\jid1-4P0kohSJxU1qGg@jetpack
Yes    Plugin    Adobe Acrobat    10.1.12.15    Adobe Systems Inc.    default    Firefox 33.1    C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Yes    Plugin    AppUp    1.0.0.0    Intel    default    Firefox 33.1    C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll
Yes    Plugin    Aspera Installer    3.5.1.26729    Aspera, Inc.    default    Firefox 33.1    C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\jibtbvpy.default\extensions\awi@asperasoft.com\plugins\npinstallhelper.dll
Yes    Plugin    Aspera Web    3.5.1.26908    Aspera, Inc.     default    Firefox 33.1    c:\Users\David\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.5.1\npasperaweb_3.5.1.92525.dll
Yes    Plugin    Citrix ICA Client    14.1.0.0    Citrix Systems, Inc.    default    Firefox 33.1    C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
Yes    Plugin    Citrix URL-Redirection Helper Plugin     14.1.0.0    Citrix Systems, Inc.    default    Firefox 33.1    C:\Program Files (x86)\Citrix\ICA Client\npURLInterceptorPlugin.dll
Yes    Plugin    Google Talk Plugin    5.38.6.0    Google    default    Firefox 33.1    C:\Users\David\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
Yes    Plugin    Google Talk Plugin Video Renderer    5.38.6.0    Google    default    Firefox 33.1    C:\Users\David\AppData\Roaming\Mozilla\plugins\npo1d.dll
Yes    Plugin    Google Update    1.3.25.11    Google Inc.    default    Firefox 33.1    C:\Users\David\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
Yes    Plugin    Intel® Identity Protection Technology    2.0.59.0    Intel Corporation    default    Firefox 33.1    C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
Yes    Plugin    Intel® Identity Protection Technology    2.0.59.0    Intel Corporation    default    Firefox 33.1    C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
Yes    Plugin    Java Deployment Toolkit 8.0.250.18    11.25.2.18    Oracle Corporation    default    Firefox 33.1    C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
Yes    Plugin    Java™ Platform SE 8 U25    11.25.2.18    Oracle Corporation    default    Firefox 33.1    C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
Yes    Plugin    Nitro PDF plugin for Firefox and Chrome    8.5.2.10    Nitro PDF    default    Firefox 33.1    C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll
Yes    Plugin    NVIDIA 3D Vision    7.17.13.4084    NVIDIA Corporation    default    Firefox 33.1    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
Yes    Plugin    NVIDIA 3D VISION    7.17.13.4084    NVIDIA Corporation    default    Firefox 33.1    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
Yes    Plugin    Shockwave Flash    15.0.0.239    Adobe Systems Incorporated    default    Firefox 33.1    C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
Yes    Plugin    Shockwave for Director    12.1.1.151    Adobe Systems, Inc.    default    Firefox 33.1    C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll
Yes    Plugin    Silverlight Plug-In    5.1.30514.0     Microsoft Corporation    default    Firefox 33.1    c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
 

Internet Exlporer startup (just in case)

 

Yes    Extension    Add to Evernote 4        res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
Yes    Extension    Research    Microsoft Corporation    C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Yes    Extension    Send to OneNote    Microsoft Corporation    C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
No    Helper    Groove GFS Browser Helper    Microsoft Corporation    C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Yes    Helper    Java™ Plug-In 2 SSV Helper    Oracle Corporation    C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
Yes    Helper    Java™ Plug-In 2 SSV Helper    Oracle Corporation    C:\Program Files\Java\jre7\bin\jp2ssv.dll
Yes    Helper    Java™ Plug-In SSV Helper    Oracle Corporation    C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
Yes    Helper    Java™ Plug-In SSV Helper    Oracle Corporation    C:\Program Files\Java\jre7\bin\ssv.dll
 

and Sceduled Tasks

 

Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    DiskUpdate        C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe
Yes    Task    GoogleUpdateTaskMachineCore    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    GoogleUpdateTaskUserS-1-5-21-2542572313-3782304099-3806642231-1001Core    Google Inc.    C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskUserS-1-5-21-2542572313-3782304099-3806642231-1001UA    Google Inc.    C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    PMTask    Lenovo Group Limited    C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe
Yes    Task    RealPlayerRealUpgradeLogonTaskS-1-5-21-2542572313-3782304099-3806642231-1001        C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes    Task    RealPlayerRealUpgradeScheduledTaskS-1-5-21-2542572313-3782304099-3806642231-1001        C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
Yes    Task    SidebarExecute    Microsoft Corporation    C:\Program Files\Windows Sidebar\sidebar.exe /addGadget
Yes    Task    Synaptics TouchPad Enhancements    Synaptics Incorporated    \Program Files\Synaptics\SynTP\SynTPEnh.exe
Yes    Task    {94BEF8B4-AEBA-439C-955C-1241CC932F40}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\LiveUSB Creator\liveusb-creator.exe" -d "C:\Program Files (x86)\LiveUSB Creator"
 

ESET is still running and is about 50% of the way through.



#9 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:25 PM

Posted 07 December 2014 - 02:03 PM

Uninstall:

Java 7 Update 67 (64-bit)    Oracle    01/09/2014    118 MB    7.0.670 
Java 7 Update 71    Oracle    20/10/2014    119 MB    7.0.710

You have Nitro Pro 8 and Adobe Reader....do you use both? Update Adobe Reader if you keep it.

 

Disable in Windows Startups:

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes    HKCU:Run    Google Update    Google Inc.    "C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe" /c

Yes    HKCU:Run    Sidebar    Microsoft Corporation    C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Yes    HKCU:Run    Steam    Valve Corporation    "C:\Program Files (x86)\Steam\steam.exe" -silent
Yes    HKLM:Run    Adobe ARM    Adobe Systems Incorporated    "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

Yes    HKLM:Run    IgfxTray    Intel Corporation    C:\Windows\system32\igfxtray.exe

Yes    HKLM:Run    Lenovo Registration    Lenovo, Inc.    C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot

Yes    HKLM:Run    SunJavaUpdateSched    Oracle Corporation    "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

 

Disable in Firefox Startups:

Yes    Extension    Hola Better Internet    1.5.695    Hola    default    Firefox 33.1    C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\jibtbvpy.default\extensions\jid1-4P0kohSJxU1qGg@jetpack

Yes    Plugin    Adobe Acrobat    10.1.12.15    Adobe Systems Inc.    default    Firefox 33.1    C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

Yes    Plugin    AppUp    1.0.0.0    Intel    default    Firefox 33.1    C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (unless you installed it)

Yes    Plugin    Google Update    1.3.25.11    Google Inc.    default    Firefox 33.1    C:\Users\David\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll

Yes    Plugin    Silverlight Plug-In    5.1.30514.0     Microsoft Corporation    default    Firefox 33.1    c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
 

Disable in IE Startups:  (Since you don't use it)

Yes    Helper    Java™ Plug-In 2 SSV Helper    Oracle Corporation    C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
Yes    Helper    Java™ Plug-In 2 SSV Helper    Oracle Corporation    C:\Program Files\Java\jre7\bin\jp2ssv.dll
Yes    Helper    Java™ Plug-In SSV Helper    Oracle Corporation    C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
Yes    Helper    Java™ Plug-In SSV Helper    Oracle Corporation    C:\Program Files\Java\jre7\bin\ssv.dll
 

Disable in Tasks:

Yes    Task    GoogleUpdateTaskMachineCore    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    GoogleUpdateTaskUserS-1-5-21-2542572313-3782304099-3806642231-1001Core    Google Inc.    C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskUserS-1-5-21-2542572313-3782304099-3806642231-1001UA    Google Inc.    C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

Yes    Task    RealPlayerRealUpgradeLogonTaskS-1-5-21-2542572313-3782304099-3806642231-1001        C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes    Task    RealPlayerRealUpgradeScheduledTaskS-1-5-21-2542572313-3782304099-3806642231-1001        C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
Yes    Task    SidebarExecute    Microsoft Corporation    C:\Program Files\Windows Sidebar\sidebar.exe /addGadget

Yes    Task    {94BEF8B4-AEBA-439C-955C-1241CC932F40}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\LiveUSB Creator\liveusb-creator.exe" -d "C:\Program Files (x86)\LiveUSB Creator"
 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#10 Banjulhu

Banjulhu
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 07 December 2014 - 02:29 PM

All removed or disabled as instructed.

 

ESET still only halfway through scan after 4 hours. Will post results once it is done



#11 Banjulhu

Banjulhu
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 07 December 2014 - 03:06 PM

ESET has finished and found the following

 

C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\wajam_validate.exe-k.mbam    Win32/Wajam.F potentially unwanted application    
C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\wajam_validate.exe-r.mbam    Win32/Wajam.F potentially unwanted application    
C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\wajam_validate.exe-u.mbam    Win32/Wajam.F potentially unwanted application    
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\wajam_validate.exe-k.mbam    Win32/Wajam.F potentially unwanted application    deleted - quarantined
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\wajam_validate.exe-r.mbam    Win32/Wajam.F potentially unwanted application    deleted - quarantined
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\wajam_validate.exe-u.mbam    Win32/Wajam.F potentially unwanted application    deleted - quarantined
C:\Users\David\Downloads\ccsetup500.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
 



#12 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:25 PM

Posted 07 December 2014 - 04:08 PM

Do a search on your computer for mobogenie.

 

Are you now able to remove the user wangzhisong ?

 

If not, run the Windows Repair (All In One) Download

 

  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair WMI
  • Repair Windows Firewall
  • Repair Internet Explorer
  • Repair MDAC & MS Jet
  • Repair Hosts File
  • Remove Policies Set By Infections
  • Repair Icons
  • Repair Winsock & DNS Cache
  • Remove Temp Files
  • Repair Proxy Settings
  • Unhide Non System Files
  • Repair Windows Updates

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#13 Banjulhu

Banjulhu
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 07 December 2014 - 04:25 PM

No mobogenie can be found by explorer and I was able to delete the wangzhisong user folder this time around and I have access to the various change user profile options again so all looks good.

 

Thanks for your help.



#14 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:25 PM

Posted 07 December 2014 - 04:32 PM

You're welcome...enjoyed working with you...happy surfin' !


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users