Wanged with wangzhisong

[billmotley]

Looks like you folks have been really helpful with sorting out the wang issue. I'm sure glad you're here.

 

I followed the guidelines on the info page - "I'm infected - What do I do now?"

 

Also ran SecurityCheck.exe since it was the first action requested by the expert in a recent and identical case.

 

Deep Scan -

Nothing found using Malwarebyte's Pro version of Anti-Malware.

 

So, the contents of these log files are pasted inline below:

1. DDS.txt
2. Attach.txt
3. Checkup.txt

 

1. DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.45.2
Run by billmotley at 23:40:01 on 2014-02-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4026.2139 [GMT -8:00]
.
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gizmo\gservice.exe
C:\Program Files (x86)\Glary Utilities 4\x64\Win64ShellLink.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\MediaMall\MediaMallServer.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Users\billmotley\AppData\Local\Torch\Update\TorchCrashHandler.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\billmotley\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\FreeAlarmClockPortable\FreeAlarmClock.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Social Privacy  DNS\dnswatch.exe
C:\Program Files (x86)\Launchy\Launchy.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Acronis\DriveMonitor\adm.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.






mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\ipsbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [F977337C0B3124048FA2504A4E0325F9840830CA._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
uRun: [spotify Web Helper] "C:\Users\billmotley\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [FreeAC] C:\Program Files (x86)\FreeAlarmClockPortable\FreeAlarmClock.exe -autorun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [DuckCapture] "C:\Program Files (x86)\DuckLink\DuckCapture\DuckCapture.exe" /autorun
uRun: [DDAssist] C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe
uRun: [iLivid] "C:\Users\billmotley\AppData\Local\iLivid\iLivid.exe" -autorun
uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
uRun: [sSNNotify] "C:\Program Files\SSNNotify\bin\ssnnotify.exe" --nosplash --ssnnotifyautostart
uRun: [GizmoDriveDelegate] "C:\Program Files (x86)\Gizmo\gizmo.exe" /RemountStartupImages
mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [systemExplorerAutoStart] "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [dnsshield] C:\Program Files (x86)\Social Privacy  DNS\dnswatch.exe
mRun: [browserSafeguard] "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [browserPlugInHelper] C:\Program Files (x86)\Wondershare\AllMyTube\BrowserPlugInHelper.exe
mRun: [adm_tray.exe] C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\BILLMO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\billmotley\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\BILLMO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files (x86)\Launchy\Launchy.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~2.LNK - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Gizmo.lnk - C:\Program Files (x86)\Gizmo\gizmo.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000
TCP: NameServer = 75.126.206.18,184.173.169.186
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{0ABC30B1-5DFC-49B4-B076-5D1025F5FCBE} : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{0ABC30B1-5DFC-49B4-B076-5D1025F5FCBE} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{7413411D-771C-42B4-9224-5EB63CA30EA6} : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{7413411D-771C-42B4-9224-5EB63CA30EA6} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{8CC8E7EB-5CA7-4485-9E51-6EE487A821E7} : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{DD5D3D63-591C-47D3-8673-1AEDDEB14120} : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{DD5D3D63-591C-47D3-8673-1AEDDEB14120} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\Jaksta\AC\x86\jaudcap.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe /startup
x64-Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\System32\SSCbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\System32\SSCbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\billmotley\AppData\Roaming\Mozilla\Firefox\Profiles\cidj92cz.marionrusk\
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\MediaMall\toolbar\npVT.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Users\billmotley\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Users\billmotley\AppData\Roaming\Mozilla\Firefox\Profiles\cidj92cz.marionrusk\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}\plugins\npwidevinemediaoptimizer.dll
FF - plugin: C:\Users\billmotley\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\billmotley\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\billmotley\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
FF - ExtSQL: 2013-12-21 03:48; gvoice@elijahclark.com; C:\Users\billmotley\AppData\Roaming\Mozilla\Firefox\Profiles\cidj92cz.marionrusk\extensions\gvoice@elijahclark.com.xpi
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.enabledAddons - sp2@sp.com:1.0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.enabledScopes - 15
user_pref(extensions.newAddons,false);
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 BootDefragDriver;BootDefragDriver;C:\Windows\System32\drivers\BootDefragDriver.sys [2014-1-11 17088]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys [2013-11-23 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys [2013-11-23 1147480]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-22 1526488]
R1 cbfs3;cbfs3;C:\Windows\System32\drivers\cbfs3.sys [2013-11-25 352448]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys [2013-11-23 162392]
R1 GizmoDrv;Gizmo Device Driver;C:\Windows\System32\drivers\gizmodrv.sys [2013-11-26 34704]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2014-1-18 44744]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140214.001\IDSviA64.sys [2014-2-14 521944]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys [2013-11-23 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys [2013-11-23 590936]
R2 DDService;Drobo Dashboard Service;C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe [2011-7-14 1225088]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-11-5 844320]
R2 Gizmo Central;Gizmo Central;C:\Program Files (x86)\Gizmo\gservice.exe [2013-11-26 34728]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2013-12-18 920872]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-12-18 555304]
R2 inpoutx64;inpoutx64;C:\Windows\System32\drivers\inpoutx64.sys [2013-11-30 15008]
R2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2013-12-1 5903152]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-2-6 214896]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [2013-11-23 264360]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-23 4915040]
R2 TorchCrashHandler;Torch Crash Handler;C:\Users\billmotley\AppData\Local\Torch\Update\TorchCrashHandler.exe [2014-1-3 1205760]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-11-5 240160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-13 137648]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-11-5 58880]
R3 SSCBFS3;SugarSync CallBack File System driver v3;C:\Windows\System32\drivers\sscbfs3.sys [2013-11-23 347904]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-11-13 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-23 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-23 701512]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-15 111616]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-23 25928]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2012-6-8 27136]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-24 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-5 225280]
S3 SystemExplorerHelpService;System Explorer Service;C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [2013-11-27 821720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-24 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-24 1255736]
.
=============== File Associations ===============
.
ShellExec: colorcpl.exe: Install Profile="colorcpl.exe" "%1"
.
=============== Created Last 30 ================
.
2014-02-17 07:39:20    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBD9B282-FC67-4FC2-BD4B-7A8CACBE1DD5}\offreg.dll
2014-02-15 12:51:06    548864    ----a-w-    C:\Windows\System32\vbscript.dll
2014-02-15 12:51:06    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-02-15 11:46:47    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBD9B282-FC67-4FC2-BD4B-7A8CACBE1DD5}\mpengine.dll
2014-02-15 06:44:54    --------    d-----w-    C:\Users\billmotley\AppData\Roaming\.ssnnotify
2014-02-15 06:44:07    --------    d-----w-    C:\Program Files\SSNNotify
2014-02-15 06:43:46    --------    d-----w-    C:\Users\billmotley\.ssnnotify-installer
2014-02-13 07:43:09    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
2014-02-13 07:43:09    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2014-02-13 07:43:09    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2014-02-13 07:43:09    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2014-02-13 07:41:38    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2014-02-13 07:41:37    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2014-02-13 07:41:37    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2014-02-13 07:41:37    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2014-02-10 15:08:25    --------    d-----w-    C:\Users\billmotley\AppData\Roaming\Dogecoin
2014-02-10 15:08:17    --------    d-----w-    C:\Program Files (x86)\Dogecoin
2014-02-08 05:38:07    --------    d-----w-    C:\Program Files\RAMMon
2014-02-08 05:31:39    --------    d-----w-    C:\Program Files (x86)\Belarc
2014-02-05 06:24:06    --------    d-----w-    C:\Program Files (x86)\GreenTree Applications
2014-02-04 13:37:10    --------    d-----w-    C:\Users\billmotley\AppData\Roaming\xVideoServiceThief
2014-02-04 13:26:09    --------    d-----w-    C:\Program Files\WinPcap
2014-02-04 13:25:41    --------    d-----w-    C:\ProgramData\Freemake
2014-02-04 13:25:37    --------    d-----w-    C:\Program Files (x86)\Freemake
2014-02-04 13:14:26    --------    d-----w-    C:\Users\billmotley\dwhelper
2014-02-04 12:44:39    --------    d-----w-    C:\Users\billmotley\AppData\Roaming\Replay Media Catcher 5
2014-02-04 12:44:38    --------    d-----w-    C:\Users\billmotley\AppData\Local\Replay Media Catcher 5
2014-02-04 12:44:38    --------    d-----w-    C:\Users\billmotley\AppData\Local\Jaksta_Technologies_Pty_L
2014-02-04 12:44:00    --------    d-----w-    C:\Windows\Jaksta
2014-02-04 12:43:59    --------    d-----w-    C:\Program Files (x86)\Applian Technologies
2014-02-03 20:22:30    --------    d-----w-    C:\Program Files\CamStudio 2.7
2014-02-03 06:11:13    --------    d-----w-    C:\Users\billmotley\AppData\Roaming\WildTangent
2014-02-03 00:39:21    --------    d-----w-    C:\Program Files (x86)\cbsidlm-cbsi176-Computer_Specifications-ORG-75221749
2014-02-01 08:18:22    --------    d-----w-    C:\Program Files (x86)\DVD Identifier
2014-01-29 09:18:22    --------    d-----w-    C:\Users\billmotley\AppData\Local\Microsoft Games
2014-01-20 00:46:14    --------    d-----w-    C:\Program Files (x86)\FlvPlayer
2014-01-19 09:16:18    --------    d-----w-    C:\Users\billmotley\AppData\Roaming\DropboxMaster
2014-01-19 09:00:32    --------    d-----w-    C:\Windows\SysWow64\Hotspot Shield
2014-01-19 02:03:57    44744    ----a-w-    C:\Windows\System32\drivers\hssdrv6.sys
.
==================== Find3M  ====================
.
2014-02-06 11:30:46    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-06 09:09:30    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-05 09:34:20    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 09:34:20    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-06 08:38:04    117024    ----a-w-    C:\Windows\System32\BootDefrag.exe
2014-01-06 03:28:52    17088    ----a-w-    C:\Windows\System32\drivers\BootDefragDriver.sys
2013-12-23 19:32:50    4558848    ----a-w-    C:\Windows\SysWow64\GPhotos.scr
2013-12-21 01:45:35    13024768    ----a-w-    C:\Program Files (x86)\lastpass_x64.exe
2013-12-18 14:13:56    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2013-12-10 07:53:52    172032    ----a-w-    C:\Windows\SysWow64\AniGIF.ocx
2013-12-04 02:27:33    485888    ----a-w-    C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16    488448    ----a-w-    C:\Windows\System32\secproc.dll
2013-12-04 02:26:32    528384    ----a-w-    C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51    658432    ----a-w-    C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51    626176    ----a-w-    C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50    552960    ----a-w-    C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48    553984    ----a-w-    C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20    423936    ----a-w-    C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08    428032    ----a-w-    C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06    390144    ----a-w-    C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14    510976    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10    594944    ----a-w-    C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09    572416    ----a-w-    C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06    508928    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-12-01 05:01:09    15008    ----a-w-    C:\Windows\System32\drivers\inpoutx64.sys
2013-11-27 01:41:37    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-11-27 00:06:50    34704    ----a-w-    C:\Windows\System32\drivers\gizmodrv.sys
2013-11-26 11:40:00    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2013-11-24 13:24:59    86016    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-24 08:46:50    152576    ----a-w-    C:\Windows\SysWow64\msclmd.dll
2013-11-24 08:46:49    175616    ----a-w-    C:\Windows\System32\msclmd.dll
2013-11-24 05:35:25    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-11-24 05:34:10    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-24 05:03:02    177752    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-11-24 02:41:19    6    ----a-w-    C:\Windows\System32\PLD_Framework.cmd
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-08 21:28:05    12752384    ----a-w-    C:\Program Files (x86)\Common Files\lpuninstall.exe
2011-06-11 22:07:49    1384448    ----a-w-    C:\Program Files (x86)\JPEGsnoop.exe
2008-04-04 20:13:58    222544    ----a-w-    C:\Program Files (x86)\V98Util.dll
2008-04-04 20:12:58    869720    ----a-w-    C:\Program Files (x86)\FindServ.dll
2008-02-26 12:37:00    3400615    ----a-r-    C:\Program Files (x86)\SA2009_GettingStarted.exe
.
============= FINISH: 23:40:18.79 ===============
 

----------------------------------

----------------------------------

----------------------------------

----------------------------------

 

2. Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/23/2013 7:54:25 PM
System Uptime: 2/16/2014 8:25:45 PM (3 hours ago)
.
Motherboard: eMachines  |  | eMachines E525  
Processor: Pentium® Dual-Core CPU       T4400  @ 2.20GHz | uPGA-478 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 30.61 GiB free.
D: is FIXED (NTFS) - 0 GiB total, 0.03 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom 802.11g Network Adapter
Device ID: PCI\VEN_14E4&DEV_4315&SUBSYS_E01B105B&REV_01\4&1A6B52AB&0&00E1
Manufacturer: Broadcom
Name: Broadcom 802.11g Network Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4315&SUBSYS_E01B105B&REV_01\4&1A6B52AB&0&00E1
Service: BCM43XX
.
==== System Restore Points ===================
.
RP94: 2/13/2014 6:29:36 AM - Windows Update
RP95: 2/15/2014 4:50:01 AM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Acrobat.com
Acronis Drive Monitor
Adobe Acrobat 8 Professional
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Photoshop Elements 2.0
Adobe Reader 9.1 MUI
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
AudibleManager
Auslogics DiskDefrag
AVGO Free Video Downloader 1.9.0.2
Belarc Advisor 8.4
Bitcasa version 1.1.4.12
Bonjour
Brother MFL-Pro Suite MFC-7840W
CamStudio 2.7.2
Dogecoin
Drobo Dashboard
Dropbox
DuckCapture Standard 2.7
DVD Identifier
eMachines Games
eMachines Power Management
eMachines Recovery Management
eMachines Registration
eMachines Updater
FileZilla Client 3.7.3
FlvPlayer
GIMP 2.8.10
Gizmo Central
Glary Utilities 4.4
Google Chrome
Google Drive
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
Greenshot 1.1.7.17
Hotspot Shield 3.23
Hulu Desktop
Identity Card
ImgBurn
InfraRecorder 0.53 (x64 edition)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java 7 Update 45
Java 7 Update 45 (64-bit)
Java Auto Updater
K-Lite Codec Pack 10.1.5 Full
Launchy 2.6 Beta 2
LAV Filters 0.59.1
LG USB Modem driver
LibreOffice 4.0 Help Pack (English)
LibreOffice 4.1.4.2
Malwarebytes Anti-Malware version 1.75.0.1300
MediaMonkey 4.0
MediaPortal
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft Silverlight
Microsoft SkyDrive
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
MotoHelper 2.1.41 Driver 5.5.0
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.9.0
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Security Suite
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
OBiAPP For OBiTALK version 1.1.0(1944)
OpenOffice 4.0.1
Opera 12.16
Photo Notifier and Animation Creator
Picasa 3
PlayLater
PlayOn
qBittorrent 3.1.4
QuickTime
RAMMon V1.0
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Replay Media Catcher 5 (5.0.1.24)
Revo Uninstaller 1.95
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Skype™ 6.11
SlimCleaner
Social Privacy DNS
Spotify
SSNNotify
SugarSync
swMSM
Synaptics Pointing Device Driver
System Explorer 4.2.2
TeamViewer 9
TeraCopy 2.27
Torch
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
VLC media player 2.1.2
Widevine Media Optimizer Chrome 6.0.0
WinPcap 4.1.2
XBMC
.
==== Event Viewer Messages From Past Week ========
.
2/16/2014 6:19:45 PM, Error: Service Control Manager [7034]  - The Torch Crash Handler service terminated unexpectedly.  It has done this 1 time(s).
2/16/2014 5:34:55 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
2/15/2014 7:31:29 AM, Error: Service Control Manager [7023]  - The iPod Service service terminated with the following error:  %%-2147417831
2/12/2014 11:05:36 PM, Error: Tcpip [4199]  - The system detected an address conflict for IP address 192.168.1.121 with the system having network hardware address 9C-AD-EF-11-BF-C8. Network operations on this system may be disrupted as a result.
.
==== End Of File ===========================
 

----------------------------------

----------------------------------

----------------------------------

----------------------------------

 

3. Checkup.txt

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Norton Security Suite   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 SlimCleaner     
 Java 7 Update 45  
 Java version out of Date!
  Adobe Flash Player 12.0.0.44 Flash Player out of Date!  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (26.0)
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.107  
 Google Chrome Plugins...  
````````Process Check: objlist.exe by Laurent````````  
 MediaMall MediaMallServer.exe   
 windows defender MpCmdRun.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

 

 

 

[Psychotic]

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
• Perform everything in the correct order. Sometimes one step requires the previous one.
• If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
• Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
• Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

• Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  
  • Sections
  • IAT/EAT
  • Show All ( should be unchecked by default )
    

  [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.
  

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

[billmotley]

Hi, Marius,

 

Thank you for replying so quickly. Here is the log file -

----------------------

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-02-17 07:15:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 KINGSTON rev.505A 111.79GB
Running: xh2x1rkd.exe; Driver: C:\Users\BILLMO~1\AppData\Local\Temp\uwlyypob.sys

---- Processes - GMER 2.1 ----

Process  C:\Users\billmotley\AppData\Local\Torch\Update\TorchCrashHandler.exe (*** suspicious ***) @ C:\Users\billmotley\AppData\Local\Torch\Update\TorchCrashHandler.exe [4704] (TorchCrashHandler/TorchMedia Inc.)(2014-01-03 11:41:04)  0000000000ff0000

---- EOF - GMER 2.1 ----
 

[Psychotic]

OK, please describe your problem now.

[billmotley]

A new user appeared in my PC. > Documents and Settings > Users > wangzhisong

 

This is a problem that has been solved for others in this forum.

[Psychotic]

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.

• Run adwcleaner.exe
• Hit Scan and wait for the scan to finish.
• Confirm the message but don´t uncheck anything.
• Hit Clean
• When the run is finished, it will open up a text file
• Please post its contents within your next reply
• You´ll find the log file at C:\AdwCleaner[s1].txt also
  

 
 
 
Delete junk with JRT

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

[billmotley]

AdwCleaner

 

# AdwCleaner v3.019 - Report created 17/02/2014 at 07:47:41
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : billmotley - EMACHINES
# Running from : C:\Users\billmotley\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : hshld
[#] Service Deleted : hsstrayservice
Service Deleted : hsswd
Service Deleted : torchcrashhandler

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\hotspot shield
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\torchcrashhandler
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\hotspot shield
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\TechSmith
Folder Deleted : C:\Windows\SysWOW64\hotspot shield
Folder Deleted : C:\Users\billmotley\AppData\Local\BrowserSafeguard
Folder Deleted : C:\Users\billmotley\AppData\Local\Conduit
Folder Deleted : C:\Users\billmotley\AppData\Local\Mobogenie
Folder Deleted : C:\Users\billmotley\AppData\Local\torch
Folder Deleted : C:\Users\billmotley\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\billmotley\AppData\LocalLow\iBryte
Folder Deleted : C:\Users\billmotley\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\billmotley\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\billmotley\AppData\Roaming\DSite
Folder Deleted : C:\Users\billmotley\AppData\Roaming\hotspot shield
Folder Deleted : C:\Users\billmotley\AppData\Roaming\registry mechanic
Folder Deleted : C:\Users\billmotley\AppData\Roaming\SpeedMaxPc
Folder Deleted : C:\Users\billmotley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
Folder Deleted : C:\Users\billmotley\Documents\Mobogenie
Folder Deleted : C:\Users\billmotley\AppData\Roaming\Mozilla\Firefox\Profiles\px8ngrqn.default\Conduit
Folder Deleted : C:\Users\billmotley\AppData\Roaming\Mozilla\Firefox\Profiles\px8ngrqn.default\ConduitEngine
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
File Deleted : C:\Users\billmotley\AppData\Roaming\Mozilla\Firefox\Profiles\px8ngrqn.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Users\billmotley\AppData\Roaming\Mozilla\Firefox\Profiles\px8ngrqn.default\Extensions\addon@defaulttab.com.xpi
File Deleted : C:\Users\billmotley\AppData\Roaming\Mozilla\Firefox\Profiles\px8ngrqn.default\bprotector_prefs.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\nsprotector.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\billmotley\AppData\Roaming\Mozilla\Firefox\Profiles\px8ngrqn.default\searchplugins\safesearch.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safesearch.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\search.xml
File Deleted : C:\Users\billmotley\AppData\Roaming\Mozilla\Firefox\Profiles\cidj92cz.marionrusk\user.js
File Deleted : C:\Users\billmotley\AppData\Roaming\Mozilla\Firefox\Profiles\m76pln4x.default\user.js
File Deleted : C:\Users\billmotley\AppData\Roaming\Mozilla\Firefox\Profiles\px8ngrqn.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\iLivid.torrent
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [browserMngrDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{392DE650-A1E6-4FB3-A5A4-21285DE225BD}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\torch
Key Deleted : HKLM\Software\hotspotshield
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\torch
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\billmotley\AppData\Roaming\Mozilla\Firefox\Profiles\cidj92cz.marionrusk\prefs.js ]

Line Deleted : user_pref("CT2260173_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1374829870539,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT2549263_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1381769190256,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2549263");
Line Deleted : user_pref("extensions.FWV7.domain", "\"www.search.ask.com\"");
Line Deleted : user_pref("extensions.crossrider.bic", "13fb6b1eb87702ab4da48294e0da01fb");
Line Deleted : user_pref("extensions.fastestsearch.nofaytinbox", false);
Line Deleted : user_pref("extensions.toolbar_FWV7@apn.ask.com.install-event-fired", true);
Line Deleted : user_pref("smartbar.machineId", "9WEVATVJ7MXEAFOFQBACIJR5UM6YRBMNQQSD/OZA9BF7EDO43DSPAEK2OJOSWPLSTYIMWDH6YYZR47Y52HHBOW");
Line Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1364022294198");
Line Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
Line Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]
Line Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks");

[ File : C:\Users\billmotley\AppData\Roaming\Mozilla\Firefox\Profiles\m76pln4x.default\prefs.js ]


[ File : C:\Users\billmotley\AppData\Roaming\Mozilla\Firefox\Profiles\px8ngrqn.default\prefs.js ]


Line Deleted : user_pref("CT2418376.CTID", "CT2418376");
Line Deleted : user_pref("CT2418376.CurrentServerDate", "15-11-2010");
Line Deleted : user_pref("CT2418376.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2418376.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2418376.EnableClickToSearchBox", false);
Line Deleted : user_pref("CT2418376.EnableSearchHistory", false);
Line Deleted : user_pref("CT2418376.EnableSearchSuggest", false);
Line Deleted : user_pref("CT2418376.EnableUsage", false);
Line Deleted : user_pref("CT2418376.ExternalComponentPollDate5694225620172914022", "Sun Nov 14 2010 20:18:39 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2418376.FirstServerDate", "15-11-2010");
Line Deleted : user_pref("CT2418376.FirstTime", true);
Line Deleted : user_pref("CT2418376.FirstTimeFF3", true);
Line Deleted : user_pref("CT2418376.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2418376.GroupingServerCheckInterval", 1440);

Line Deleted : user_pref("CT2418376.Initialize", true);
Line Deleted : user_pref("CT2418376.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2418376.InstallationAndCookieDataSentCount", 2);
Line Deleted : user_pref("CT2418376.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2418376.InstalledDate", "Sun Nov 14 2010 20:18:38 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2418376.IsGrouping", false);
Line Deleted : user_pref("CT2418376.IsMulticommunity", false);
Line Deleted : user_pref("CT2418376.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2418376.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2418376.LanguagePackLastCheckTime", "Mon Nov 15 2010 20:18:38 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2418376.LanguagePackReloadIntervalMM", 1440);

Line Deleted : user_pref("CT2418376.LastLogin_3.1.0.12", "Mon Nov 15 2010 00:18:38 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2418376.LatestVersion", "2.7.2.0");
Line Deleted : user_pref("CT2418376.Locale", "en");
Line Deleted : user_pref("CT2418376.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2418376.MCDetectTooltipShow", false);

Line Deleted : user_pref("CT2418376.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2418376.SHRINK_TOOLBAR", 1);

Line Deleted : user_pref("CT2418376.SearchFromAddressBarIsInit", true);

Line Deleted : user_pref("CT2418376.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2418376.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2418376.SearchInNewTabLastCheckTime", "Mon Nov 15 2010 20:18:39 GMT-0800 (Pacific Standard Time)");


Line Deleted : user_pref("CT2418376.SearchInNewTabUserEnabled", false);
Line Deleted : user_pref("CT2418376.ServiceMapLastCheckTime", "Mon Nov 15 2010 20:18:38 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2418376.SettingsLastCheckTime", "Sun Nov 14 2010 20:18:38 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2418376.SettingsLastUpdate", "1289442085");
Line Deleted : user_pref("CT2418376.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2418376.ThirdPartyComponentsLastCheck", "Sun Nov 14 2010 20:18:38 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2418376.ThirdPartyComponentsLastUpdate", "1246790578");

Line Deleted : user_pref("CT2418376.UserID", "UN89281291135082476");
Line Deleted : user_pref("CT2418376.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2418376.alertChannelId", "812740");
Line Deleted : user_pref("CT2418376.clientLogIsEnabled", true);

Line Deleted : user_pref("CT2418376.myStuffEnabled", true);
Line Deleted : user_pref("CT2418376.myStuffPublihserMinWidth", 400);

Line Deleted : user_pref("CT2418376.myStuffServiceIntervalMM", 1440);

Line Deleted : user_pref("CT2418376.toolbarAppMetaDataLastCheckTime", "Sun Nov 14 2010 20:18:38 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2418376.toolbarContextMenuLastCheckTime", "Sun Nov 14 2010 20:18:38 GMT-0800 (Pacific Standard Time)");

Line Deleted : user_pref("CT2438727..clientLogIsEnabled", true);



Line Deleted : user_pref("CT2438727.CTID", "CT2438727");
Line Deleted : user_pref("CT2438727.CommunitiesChangesLastCheckTime", "0");
Line Deleted : user_pref("CT2438727.CurrentServerDate", "4-5-2011");
Line Deleted : user_pref("CT2438727.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2438727.DialogsGetterLastCheckTime", "Tue May 03 2011 20:02:12 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2438727.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2438727.EnableSearchHistory", false);
Line Deleted : user_pref("CT2438727.EnableSearchSuggest", false);
Line Deleted : user_pref("CT2438727.EnableUsage", false);
Line Deleted : user_pref("CT2438727.FirstServerDate", "15-7-2010");
Line Deleted : user_pref("CT2438727.FirstTime", true);
Line Deleted : user_pref("CT2438727.FirstTimeFF3", true);
Line Deleted : user_pref("CT2438727.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2438727.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2438727.GroupingInvalidateCache", false);
Line Deleted : user_pref("CT2438727.GroupingLastCheckTime", "0");
Line Deleted : user_pref("CT2438727.GroupingLastServerUpdateTime", "0");
Line Deleted : user_pref("CT2438727.GroupingServerCheckInterval", 1440);

Line Deleted : user_pref("CT2438727.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2438727.Initialize", true);
Line Deleted : user_pref("CT2438727.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2438727.InstalledDate", "Wed Jul 14 2010 21:19:51 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2438727.InvalidateCache", false);
Line Deleted : user_pref("CT2438727.IsGrouping", false);
Line Deleted : user_pref("CT2438727.IsMulticommunity", false);
Line Deleted : user_pref("CT2438727.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2438727.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2438727.LanguagePackLastCheckTime", "Tue May 03 2011 20:02:11 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);

Line Deleted : user_pref("CT2438727.LastLogin_2.7.1.3", "Mon Aug 30 2010 16:10:27 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2438727.LastLogin_3.3.3.2", "Tue May 03 2011 20:02:11 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2438727.LatestVersion", "3.3.3.2");
Line Deleted : user_pref("CT2438727.Locale", "en");
Line Deleted : user_pref("CT2438727.LoginCache", 4);
Line Deleted : user_pref("CT2438727.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2438727.MCDetectTooltipShow", false);

Line Deleted : user_pref("CT2438727.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2438727.RadioLastCheckTime", "0");
Line Deleted : user_pref("CT2438727.RadioLastUpdateIPServer", "0");
Line Deleted : user_pref("CT2438727.RadioLastUpdateServer", "0");
Line Deleted : user_pref("CT2438727.SHRINK_TOOLBAR", 1);

Line Deleted : user_pref("CT2438727.SearchFromAddressBarIsInit", true);

Line Deleted : user_pref("CT2438727.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Tue May 03 2011 20:02:11 GMT-0700 (Pacific Daylight Time)");


Line Deleted : user_pref("CT2438727.SearchInNewTabUserEnabled", false);
Line Deleted : user_pref("CT2438727.ServiceMapLastCheckTime", "Tue May 03 2011 20:02:11 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2438727.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2438727.SettingsLastCheckTime", "Tue May 03 2011 20:02:11 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2438727.SettingsLastUpdate", "1304242869");
Line Deleted : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Tue May 03 2011 20:02:11 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1278548974");

Line Deleted : user_pref("CT2438727.Uninstall", true);
Line Deleted : user_pref("CT2438727.UserID", "UN98790890301396040");
Line Deleted : user_pref("CT2438727.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2438727.alertChannelId", "832836");
Line Deleted : user_pref("CT2438727.clientLogIsEnabled", false);


Line Deleted : user_pref("CT2438727.globalFirstTimeInfoLastCheckTime", "Tue May 03 2011 20:02:11 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2438727.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2438727.myStuffEnabled", true);
Line Deleted : user_pref("CT2438727.myStuffPublihserMinWidth", 400);

Line Deleted : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);

Line Deleted : user_pref("CT2438727.oldAppsList", "129017707048431316,129017707048587567,129053036221800239,129023982256475322,129023982168975093,129023982451006863,129023982676944454,129078052328906859,129297366994[...]
Line Deleted : user_pref("CT2438727.testingCtid", "");
Line Deleted : user_pref("CT2438727.toolbarAppMetaDataLastCheckTime", "Tue May 03 2011 20:02:11 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2438727.toolbarContextMenuLastCheckTime", "Tue May 03 2011 20:02:11 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT2602812..clientLogIsEnabled", false);



Line Deleted : user_pref("CT2602812.CTID", "CT2602812");
Line Deleted : user_pref("CT2602812.CurrentServerDate", "20-2-2011");
Line Deleted : user_pref("CT2602812.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2602812.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2602812.FirstServerDate", "14-9-2010");
Line Deleted : user_pref("CT2602812.FirstTime", true);
Line Deleted : user_pref("CT2602812.FirstTimeFF3", true);
Line Deleted : user_pref("CT2602812.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2602812.GroupingServerCheckInterval", 1440);

Line Deleted : user_pref("CT2602812.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2602812.Initialize", true);
Line Deleted : user_pref("CT2602812.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2602812.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2602812.InstalledDate", "Mon Sep 13 2010 15:29:00 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2602812.IsGrouping", false);
Line Deleted : user_pref("CT2602812.IsMulticommunity", false);
Line Deleted : user_pref("CT2602812.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2602812.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2602812.LanguagePackLastCheckTime", "Sat Feb 19 2011 16:17:59 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2602812.LanguagePackReloadIntervalMM", 1440);

Line Deleted : user_pref("CT2602812.LastLogin_3.1.0.12", "Mon Sep 13 2010 15:29:35 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2602812.LastLogin_3.2.5.2", "Sat Feb 19 2011 16:18:00 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2602812.LatestVersion", "3.2.5.2");
Line Deleted : user_pref("CT2602812.Locale", "en");
Line Deleted : user_pref("CT2602812.MCDetectTooltipHeight", "83");

Line Deleted : user_pref("CT2602812.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2602812.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2602812.SearchFromAddressBarIsInit", true);

Line Deleted : user_pref("CT2602812.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2602812.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2602812.SearchInNewTabLastCheckTime", "Sat Feb 19 2011 16:18:00 GMT-0800 (Pacific Standard Time)");


Line Deleted : user_pref("CT2602812.ServiceMapLastCheckTime", "Sat Feb 19 2011 16:17:57 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2602812.SettingsLastCheckTime", "Sat Feb 19 2011 16:17:57 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2602812.SettingsLastUpdate", "1298130981");
Line Deleted : user_pref("CT2602812.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2602812.ThirdPartyComponentsLastCheck", "Sat Feb 19 2011 16:17:57 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2602812.ThirdPartyComponentsLastUpdate", "1246790578");

Line Deleted : user_pref("CT2602812.UserID", "UN08789819988190517");
Line Deleted : user_pref("CT2602812.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2602812.alertChannelId", "995634");
Line Deleted : user_pref("CT2602812.clientLogIsEnabled", false);

Line Deleted : user_pref("CT2602812.components.1000034", false);
Line Deleted : user_pref("CT2602812.components.1000082", false);
Line Deleted : user_pref("CT2602812.components.1000234", false);
Line Deleted : user_pref("CT2602812.myStuffEnabled", true);
Line Deleted : user_pref("CT2602812.myStuffPublihserMinWidth", 400);

Line Deleted : user_pref("CT2602812.myStuffServiceIntervalMM", 1440);

Line Deleted : user_pref("CT2602812.testingCtid", "");
Line Deleted : user_pref("CT2602812.toolbarAppMetaDataLastCheckTime", "Sat Feb 19 2011 16:17:59 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2602812.toolbarContextMenuLastCheckTime", "Mon Sep 13 2010 15:29:00 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT2602812.usagesFlag", 2);
Line Deleted : user_pref("CT2705941..clientLogIsEnabled", true);



Line Deleted : user_pref("CT2705941.CTID", "CT2705941");
Line Deleted : user_pref("CT2705941.CurrentServerDate", "4-5-2011");
Line Deleted : user_pref("CT2705941.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2705941.DialogsGetterLastCheckTime", "Tue May 03 2011 20:00:32 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2705941.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2705941.FirstServerDate", "28-7-2010");
Line Deleted : user_pref("CT2705941.FirstTime", true);
Line Deleted : user_pref("CT2705941.FirstTimeFF3", true);
Line Deleted : user_pref("CT2705941.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2705941.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2705941.GroupingServerCheckInterval", 1440);

Line Deleted : user_pref("CT2705941.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2705941.Initialize", true);
Line Deleted : user_pref("CT2705941.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2705941.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2705941.InstalledDate", "Tue Jul 27 2010 17:47:57 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2705941.IsGrouping", false);
Line Deleted : user_pref("CT2705941.IsMulticommunity", false);
Line Deleted : user_pref("CT2705941.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2705941.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2705941.LanguagePackLastCheckTime", "Tue May 03 2011 20:00:32 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2705941.LanguagePackReloadIntervalMM", 1440);

Line Deleted : user_pref("CT2705941.LastLogin_2.7.1.3", "Thu Jul 29 2010 01:21:11 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2705941.LastLogin_3.3.3.2", "Tue May 03 2011 20:00:32 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2705941.LatestVersion", "3.2.5.2");
Line Deleted : user_pref("CT2705941.Locale", "en");
Line Deleted : user_pref("CT2705941.LoginCache", 4);
Line Deleted : user_pref("CT2705941.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2705941.MCDetectTooltipShow", false);

Line Deleted : user_pref("CT2705941.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2705941.RadioShrinked", "expanded");
Line Deleted : user_pref("CT2705941.SHRINK_TOOLBAR", 1);

Line Deleted : user_pref("CT2705941.SearchFromAddressBarIsInit", true);

Line Deleted : user_pref("CT2705941.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2705941.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2705941.SearchInNewTabLastCheckTime", "Tue May 03 2011 20:00:32 GMT-0700 (Pacific Daylight Time)");


Line Deleted : user_pref("CT2705941.ServiceMapLastCheckTime", "Tue May 03 2011 20:00:32 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2705941.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2705941.SettingsLastCheckTime", "Tue May 03 2011 20:00:32 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2705941.SettingsLastUpdate", "1304242869");
Line Deleted : user_pref("CT2705941.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2705941.ThirdPartyComponentsLastCheck", "Tue May 03 2011 20:00:32 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2705941.ThirdPartyComponentsLastUpdate", "1246790578");

Line Deleted : user_pref("CT2705941.Uninstall", true);
Line Deleted : user_pref("CT2705941.UserID", "UN24864756804553778");
Line Deleted : user_pref("CT2705941.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2705941.alertChannelId", "1098273");
Line Deleted : user_pref("CT2705941.clientLogIsEnabled", true);

Line Deleted : user_pref("CT2705941.components.1000080", true);
Line Deleted : user_pref("CT2705941.components.1003", true);
Line Deleted : user_pref("CT2705941.components.1008", true);
Line Deleted : user_pref("CT2705941.components.129236012432097774", false);

Line Deleted : user_pref("CT2705941.globalFirstTimeInfoLastCheckTime", "Tue May 03 2011 20:00:32 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2705941.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2705941.myStuffEnabled", true);
Line Deleted : user_pref("CT2705941.myStuffPublihserMinWidth", 400);

Line Deleted : user_pref("CT2705941.myStuffServiceIntervalMM", 1440);

Line Deleted : user_pref("CT2705941.oldAppsList", "129235908558822102,129235908558978353,129236037340741858,129236035441903253,129235921079090789,129235934152330817,129235993915318216,129236007421472517,129236012432[...]
Line Deleted : user_pref("CT2705941.testingCtid", "");
Line Deleted : user_pref("CT2705941.toolbarAppMetaDataLastCheckTime", "Tue May 03 2011 20:00:32 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2705941.toolbarContextMenuLastCheckTime", "Tue May 03 2011 20:00:32 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2705941,CT2438727");




















6199470000\"");
6199470000\"");






9102130000\"");
Line Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2602812");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{bbae4b0e-6866-4520-9baa-9327b450f096}");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "sal_the_foot_mob_wars");
Line Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2602812");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bbae4b0e-6866-4520-9baa-9327b450f096}");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "sal_the_foot_mob_wars");

Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2438727,CT2705941,ConduitEngine,CT2602812,CT2418376");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727,CT2705941,CT2602812,CT2418376");
Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun May 20 2012 12:20:19 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.alertEnabled", false);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jul 22 2011 20:23:28 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 06 2012 17:36:58 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "{ee67ad42-8903-4b53-ac6d-32f90d3d0389}");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Feb 19 2011 16:17:59 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "3ec6dff7-393e-41bc-92aa-35149f19558b");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2705941");
Line Deleted : user_pref("ConduitEngine.FirstServerDate", "09/14/2010 01");
Line Deleted : user_pref("ConduitEngine.FirstTime", true);
Line Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Deleted : user_pref("ConduitEngine.Initialize", true);
Line Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Deleted : user_pref("ConduitEngine.InstalledDate", "Mon Sep 13 2010 15:28:59 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Line Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Sep 13 2010 15:28:59 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("ConduitEngine.LastLogin_3.1.0.12", "Mon Sep 13 2010 15:29:00 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Sep 13 2010 15:28:57 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("ConduitEngine.UserID", "UN34063580778042585");
Line Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Line Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Sep 13 2010 15:28:58 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("ConduitEngine.initDone", true);
Line Deleted : user_pref("browser.search.defaultthis.engineName", "AttackRooster Customized Web Search");

Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "1c51333b000000000000904ce503f1ae");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15568");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112542&tt=130812_ppcs1_3312_3");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.619:32:22");
Line Deleted : user_pref("extensions.enabledItems", "foxmarks@kei.com:4.0.3,{e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.12,{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10,{000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0[...]
Line Deleted : user_pref("extensions.engine@conduit.com.install-event-fired", true);
Line Deleted : user_pref("extensions.smarterwiki.search_blekko", true);
Line Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Line Deleted : user_pref("extentions.y2layers.installId", "811c413e-2915-4e6e-9287-6c96be49b655");
Line Deleted : user_pref("surfcanyon.daily_code", "scIsOnSearchEngineDomain = function() {\nreturn contains(scCurrentPageDomain, '.surfcanyon.') || contains(scCurrentPageDomain, '.google.') || contains(scCurrentPage[...]
Line Deleted : user_pref("surfcanyon.daily_code_timestamp", "1311101172721");
Line Deleted : user_pref("surfcanyon.hourly_code", "scGetDocument = function() {\nreturn scIsFF ? content.document : document;\n};\n\nscExtractUrlFromSpanTag = function(spanTag) {\nvar url = null;\n\nif (spanTag) {\[...]
Line Deleted : user_pref("surfcanyon.hourly_code2", "scEnableGoogle_hourly = function() {\nvar args = window.location.search;\nvar path = window.location.pathname;\nreturn (getAffectGoogle() && contains(scCurrentPag[...]
Line Deleted : user_pref("surfcanyon.hourly_code_timestamp", "1311105623399");
Line Deleted : user_pref("surfcanyon.inst_id", "06214627932651149132644580120145");
Line Deleted : user_pref("surfcanyon.inst_timestamp", "1309815095334");
Line Deleted : user_pref("surfcanyon.last_seen_splash", "333");
Line Deleted : user_pref("surfcanyon.partner_code", "MZ");

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\billmotley\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [47607 octets] - [17/02/2014 07:45:17]
AdwCleaner[s0].txt - [47749 octets] - [17/02/2014 07:47:41]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [47810 octets] ##########
 

-------------------------------

--------------------------------

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by billmotley on Mon 02/17/2014 at  8:03:01.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browsersafeguard



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02DD8284-A49F-43E5-9D84-CF19DC9AD21D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BF5CDBD7-EC78-41F8-A1B1-01829572104D}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\billmotley\AppData\Roaming\big fish games"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\billmotley\AppData\Roaming\mozilla\firefox\profiles\px8ngrqn.default\prefs.js

user_pref("extensions.plugin@searchgby.com.install-event-fired", true);

user_pref("extensions.searchgby.dd", "1349710523039");
user_pref("extensions.searchgby.dd.data", "{\"v\":\"1.5\",\"ip\":\"67.182.84.85\",\"widget\":{\"meta\": {\"code\": 200},\"response\": {\"deals\": []}}}");
user_pref("extensions.searchgby.lastupdate", "1349706921582");
user_pref("extensions.smarterwiki.search_baidu", true);
user_pref("playbryte.defaultsearchprocessed", true);
user_pref("searchgby.enable", false);
Successfully deleted the following from C:\Users\billmotley\AppData\Roaming\mozilla\firefox\profiles\cidj92cz.marionrusk\prefs.js

user_pref("extensions.FWV7.pref_tab_close", "[{\"title\":\"RE%3A%20%5BCase%20102847681%5D%20Errors%20with%20missing%20troubleshooting%20details%20-%20billmotley%40gmail.com%20
user_pref("extensions.lastpass.7bbd42e8e2645d035fc9ca1e018e8ea4095f2f1c5c1333641db084f28b223180.searchforsiteswithinaddressbar", true);
user_pref("extensions.lastpass.searchforsiteswithinaddressbar", true);
Emptied folder: C:\Users\billmotley\AppData\Roaming\mozilla\firefox\profiles\px8ngrqn.default\minidumps [39 files]
Emptied folder: C:\Users\billmotley\AppData\Roaming\mozilla\firefox\profiles\cidj92cz.marionrusk\minidumps [586 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/17/2014 at  8:15:24.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

-------------------------------

--------------------------------

 

ESET

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\nsprotector.js.vir    Win32/Conduit.SearchProtect.A potentially unwanted application
C:\Program Files\CamStudio 2.7\BunndleOfferManager.exe    a variant of Win32/Bunndle potentially unsafe application
C:\Users\billmotley\Desktop\Dropbox\Files From My Bitcasa\DancingOutlaw.com\DO Download PROJECT\setup-bluegriffon-1.6.2.exe    Win32/Somoto.E potentially unwanted application
C:\Users\billmotley\Documents\APNSetup.exe    a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application

[Psychotic]

 

C:\Program Files\CamStudio 2.7\BunndleOfferManager.exe    a variant of Win32/Bunndle potentially unsafe application

C:\Users\billmotley\Desktop\Dropbox\Files From My Bitcasa\DancingOutlaw.com\DO Download PROJECT\setup-bluegriffon-1.6.2.exe    Win32/Somoto.E potentially unwanted application

C:\Users\billmotley\Documents\APNSetup.exe    a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application

These files aren´t malware but contain security risks. I would delete them immediately - your choice.

 

As we have removed the Mobogenie adware, you may now delete the wangzhisong user directory.

 

Are any issues left?

[billmotley]

I deleted the first two applications that you quoted above. I ran searches for the following three (with Windows Search and with Launchy.exe), but did not find them:

1. Win32/Somoto.E
2. C:\Users\billmotley\Documents\APNSetup.exe
3. Win32/Bundled.Toolbar.Ask.E

I also deleted the wangzhisong user folder.

 

I will get back with you within a day to let you know if any bugs show up.

[Psychotic]

No, that´s ok. you´ve searched for the threats the files were detected as. I´m sorry, I should have removed these additions.

If you aren´t facing any issues at the moment, let´s clean up.

 

 

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

• Save it to your desktop, start it and follow the instructions in the window.
• After the scan finished the (checkup.txt) will open. Copy its content to your thread.
  

[billmotley]

I did this, but apparently failed to send it until now. Sorry for the delay. - Bill

 

 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Norton Security Suite   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 SlimCleaner     
 Java 7 Update 51  
  Adobe Flash Player 12.0.0.44 Flash Player out of Date!  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (27.0.1)
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.107  
 Google Chrome Plugins...  
````````Process Check: objlist.exe by Laurent````````  
 MediaMall MediaMallServer.exe   
 billmotley Desktop malwarebytes SecurityCheck(1).exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

[Psychotic]

Your system is clean!

 

 

Adobe Flash Player out of date

Your Adobe flash player is outdated. We will fix this.

• Get the actual player from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
• Click upon Start-->control panel-->add/remove programs.
• Search for and remove any older reader versions.
  

 

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.

• Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
• Run setup and follow the instructions.
• Click upon Start-->control panel-->add/remove programs.
• Search for and remove any older reader versions.
  

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
3. In any case please download delfix to your desktop.
   
   • Close all other programms and start delfix.
   • Please check all the boxes and run the tool.
   • delfix will now delete all found traces of our removal process
     

[*] If there is still something left please delete it manualy.

 

 

 

Recommendations: How to protect yourself

• System Updates
  Please ensure to have automatic updates activated in your control panel.
  For further information and a tutorial, see this Microsoft Support article.
• Protection
  What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
  Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
  
  • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
    It will filter unwanted advertising out of the website´s content.
  • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
    It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
    In addition, before accessing a dangerous classified web site, a warning screen is displayed.
    

  
  [*]Up to date Software
  Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:
  

  • Secunia Personal Software Inspector - checks if your software has updates available.
  • SecurityCheck (by screen317) - scans your computer for most vulnerable outdated software.
  • Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins running in your Firefox browser.
    

  [*]Backup
  Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
  The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
  

  • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
  • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
  • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
    They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
    

  
  
  

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!