wanglanxiu
2013-06-05, 22:51
Hi, I tried to watch online sports and got this plug-in. Every time I use google chrome it pops out. I have't tried spybot, SparkTrust, Adwclean, and 360superkiller, but the problem is still on. Please help to remove this. Thanks.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.17.2
Run by wanglong at 15:16:57 on 2013-06-05
Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.2996.1183 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Program Files\Rising\RSD\RsMgrSvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\DatacardService\DCService.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe
C:\Program Files\BOCOM\07USBKey\C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Windows\system32\lkads.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\lxdncoms.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\Explorer.EXE
C:\Program Files\BOCOM\07USBKey\C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\ngsrv\ngslotd.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\Program Files\alipay\SafeTransaction\AlipaySafeTran.exe
C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\lkcitdl.exe
C:\Windows\system32\lktsrv.exe
C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\Windows\system32\nipxism.exe
C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
C:\Program Files\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\alipay\SafeTransaction\Alipaybsm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Rising\RSD\popwndexe.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe
C:\Users\wanglong\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Tencent\QQ\Bin\QQProtect\Bin\QQProtect.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k HsfXAudioService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hao123.com/?tn=29065018_55_hao_pg
uDefault_Page_URL = hxxp://lenovo.msn.com
uProxyServer = localhost:21320
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Lexmark 工具条: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: WebProtect: {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} - c:\program files\cmbchina\webprotect\WebProtect.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: FlashCatchBHO Class: {88618A96-6D8A-42E7-B932-9073D5B2080F} - c:\program files\flashcatch\flashcatch.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: ICBC Anti-Phishing class: {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - c:\program files\icbcebanktools\icbcantiphishing\icbc_win32\Icbc_AntiPhishing.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Lexmark 工具条: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: FlashCatch: {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - c:\program files\flashcatch\flashcatch.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Lexmark 工具条: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
TB: FlashCatch: {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - c:\program files\flashcatch\flashcatch.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [RSDTRAY] "c:\program files\rising\rsd\popwndexe.exe"
mRun: [NI Update Service] "c:\program files\national instruments\shared\update service\NIUpdateService.exe" -startupTask
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
StartupFolder: c:\users\wanglong\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\wanglong\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\wanglong\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nierro~1.lnk - c:\program files\national instruments\shared\ni error reporting\nierserver.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: 转换为 Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: 转换为现有 PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: 转换选定的链接为 Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: 转换选定的链接为现有 PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: 转换选项为 Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: 转换选项为现有 PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: 转换链接目标为 Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: 转换链接目标为现有 PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: 95559.com.cn
Trusted Zone: alipay.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: alisoft.com
Trusted Zone: bankcomm.com
Trusted Zone: bankofchina.com
Trusted Zone: boc.cn
Trusted Zone: boc.cn
Trusted Zone: icbc.com.cn
Trusted Zone: taobao.com
Trusted Zone: taobao.com
Trusted Zone: alipay.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
Trusted Zone: taobao.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{AB14D844-17A3-4739-92EC-368A40F265C9} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{AB14D844-17A3-4739-92EC-368A40F265C9}\26C61636B697 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AB14D844-17A3-4739-92EC-368A40F265C9}\554477962756C6563737 : DHCPNameServer = 131.238.74.7 131.238.74.8
TCP: Interfaces\{AB14D844-17A3-4739-92EC-368A40F265C9}\75847237 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AB14D844-17A3-4739-92EC-368A40F265C9}\8423440373 : DHCPNameServer = 202.96.134.133 202.96.128.166
TCP: Interfaces\{AB14D844-17A3-4739-92EC-368A40F265C9}\C67716E676368656E6 : DHCPNameServer = 207.69.188.186 207.69.188.187
TCP: Interfaces\{AB14D844-17A3-4739-92EC-368A40F265C9}\E4544574541425833333 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Notification Packages = scecli ACGina
mASetup: aetsprov - c:\windows\system32\regsvr32.exe /s c:\windows\system32\aetsprov.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-4-21 24304]
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [2012-12-18 15448]
R0 nipxibaf;National Instruments PXI Bridge Access Driver;c:\windows\system32\drivers\nipxibaf.sys [2013-1-14 62712]
R0 nipxibrc;National Instruments PXI Bridge Configuration Driver;c:\windows\system32\drivers\nipxibrc.sys [2013-1-14 46344]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R1 CgbKeyFlt;CgbKeyFlt;c:\windows\CgbKeyFlt.sys [2011-12-31 33616]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2009-12-9 13480]
R1 QQProtect;QQProtect;c:\windows\system32\drivers\QQProtect.sys [2012-3-14 117920]
R2 AlipaySecSvc;Alipay security service;c:\program files\alipay\alieditplus\AlipaySecSvc.exe [2013-5-20 431456]
R2 CMB8100;CMB8100;c:\windows\system32\drivers\CertClient.dat [2010-6-4 11808]
R2 CMBProtector;CMBProtector;c:\windows\system32\drivers\CMBProtector.dat [2010-6-4 10272]
R2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2009-11-20 212992]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-4-21 132456]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2013-1-17 12408]
R2 nistreamk;nistreamk;c:\windows\system32\drivers\nistreamkl.sys [2012-6-6 19648]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2013-1-29 12424]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-4-21 48640]
R2 rsdsys;rsd protect;c:\windows\system32\drivers\protreg.sys [2013-6-4 21208]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2009-11-2 14808]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2010-4-21 126080]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-4-21 214696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-4-16 106656]
R3 GDBaseSmc;USB Chip Holder Service;c:\windows\system32\drivers\Chip_smc.sys [2010-1-17 20256]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-4-21 125696]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-4-21 209920]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2010-4-21 88832]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2012-3-6 22016]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2010-10-18 7122944]
R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2013-1-29 12424]
R3 R5BaseSmc;USB Token Holder Service;c:\windows\system32\drivers\smccard.sys [2010-1-20 20512]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys [2012-9-8 23608]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-10-8 38336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 EZUSB;AnchorChips General Purpose USB Driver (ezusb.sys);c:\windows\system32\drivers\ezusb.sys [2013-3-19 17424]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\solidworks corp\solidworks\swscheduler\DTSCoordinatorService.exe [2010-10-5 87336]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-2-5 201168]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2013-1-30 39272]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2012-2-5 101120]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2011-5-15 17408]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2012-3-6 22016]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2013-1-14 26192]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2013-1-14 11960]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2013-1-14 23736]
S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2012-6-28 11976]
S3 niimaqdxk;niimaqdxk;c:\windows\system32\drivers\niimaqdxkl.sys [2013-2-15 11864]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2012-12-19 12600]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2012-12-19 12600]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2011-8-9 21144]
S3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-11-20 20848]
S3 PCDSRVC{C4B36920-79E24793-06000000}_0;PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc.pkms [2009-11-20 20848]
S3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-4-21 816792]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-06-05 18:53:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-06-05 18:52:27 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-06-05 18:52:16 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-06-05 18:51:32 -------- d-----w- c:\users\wanglong\appdata\local\Programs
2013-06-05 18:31:51 -------- d-----w- c:\programdata\Tencent
2013-06-05 18:30:18 -------- d-----w- c:\users\wanglong\appdata\local\Tencent
2013-06-05 16:06:09 -------- d-----w- c:\programdata\PXISA
2013-06-05 15:57:17 -------- d-----w- c:\program files\cameralink
2013-06-05 15:38:35 -------- d-----w- c:\programdata\IVI Foundation
2013-06-05 15:38:35 -------- d-----w- c:\program files\IVI Foundation
2013-06-05 14:46:07 -------- d-----w- C:\National Instruments Downloads
2013-06-05 04:24:51 97 ----a-w- c:\windows\DeleteOnReboot.bat
2013-06-05 03:39:34 -------- d-----r- C:\RavBin
2013-06-05 03:34:50 21208 ------w- c:\windows\system32\drivers\protreg.sys
2013-06-05 03:33:59 -------- d-----w- c:\program files\Rising
2013-06-05 03:33:58 -------- d-----w- c:\programdata\Rising
2013-06-04 23:35:12 -------- d-----w- c:\users\wanglong\appdata\roaming\DriverCure
2013-06-04 23:35:11 -------- d-----w- c:\users\wanglong\appdata\roaming\SparkTrust
2013-06-04 23:30:48 -------- d-----w- c:\programdata\SparkTrust
2013-06-04 19:57:50 -------- d-----w- c:\users\wanglong\appdata\roaming\360SuperKiller
2013-06-04 19:53:58 -------- d-----w- c:\users\wanglong\appdata\roaming\SosClient
2013-06-03 21:04:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-06-03 21:04:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-06-03 21:04:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-06-03 21:04:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-06-03 21:04:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-06-03 04:24:47 -------- d-----w- c:\programdata\360safe
2013-06-03 04:23:45 2594632 ----a-r- c:\program files\common files\microsoft shared\vba\vba6\VBE6.DLL
2013-06-03 04:21:43 -------- d-----w- c:\users\wanglong\appdata\roaming\360Login
2013-06-03 04:20:00 -------- d-----w- c:\program files\360
2013-05-31 01:06:21 1210728 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-05-26 02:16:26 -------- d-----w- C:\a
2013-05-13 16:05:54 -------- d-----w- C:\A9R2908.tmp
2013-05-13 16:05:24 -------- d-----w- C:\A9R2907.tmp
2013-05-13 16:05:24 -------- d-----w- C:\A9R2906.tmp
2013-05-13 16:05:22 -------- d-----w- C:\A9R2905.tmp
2013-05-07 16:21:42 -------- d-----w- c:\users\wanglong\appdata\local\{1438690B-C617-4B45-839D-655904D1B333}
.
==================== Find3M ====================
.
2013-06-05 03:31:01 174056 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2013-05-15 03:31:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 03:31:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-01 07:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 07:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-04 22:11:34 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-04 21:57:45 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-04-04 21:54:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-03-26 13:41:34 415792 ----a-w- C:\UCLiveCore.dll
2013-03-26 13:41:28 215088 ----a-w- C:\live_deamon.dll
2013-03-22 20:37:43 34013072 ----a-w- c:\windows\system32\PersonalBankMain.ocx
2013-03-21 20:28:02 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-03-19 05:06:09 3958120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:06:09 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:54:22 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:50:03 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-14 16:44:22 0 ----a-w- c:\windows\system32\nsf7552.tmp
2013-03-14 15:39:41 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-14 15:39:41 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-14 15:39:41 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-11 07:27:42 2972272 ----a-w- c:\windows\system32\SogouPY.ime
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD25 rev.02.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83A37000]<< >>UNKNOWN [0x8CBD1000]<< >>UNKNOWN [0x8CBC0000]<< >>UNKNOWN [0x8BF99000]<< >>UNKNOWN [0x83A00000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x83A72718] -> \Device\Harddisk0\DR0[0x88F16030]
\Driver\Disk[0x86578058] -> IRP_MJ_CREATE -> 0x8CBD539F
3 [0x8CBD559E] -> ntkrnlpa!IofCallDriver[0x83A72718] -> [0x872E6B98]
\Driver\ACPI[0x8658C030] -> IRP_MJ_CREATE -> 0x8BFA24AA
kernel: MBR read successfully
_asm { JMP 0x10; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 15:18:02.51 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-05 15:21:34
-----------------------------
15:21:34.228 OS Version: Windows 6.1.7600
15:21:34.228 Number of processors: 4 586 0x2502
15:21:34.228 ComputerName: WANGLONG-THINK UserName: wanglong
15:21:35.809 Initialize success
15:24:03.310 AVAST engine defs: 13060501
15:27:31.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:27:31.197 Disk 0 Vendor: WDC_WD25 02.0 Size: 238475MB BusType: 3
15:27:31.327 Disk 0 MBR read successfully
15:27:31.337 Disk 0 MBR scan
15:27:31.367 Disk 0 unknown MBR code
15:27:31.387 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
15:27:31.427 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 73653 MB offset 2459712
15:27:31.457 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10003 MB offset 153301680
15:27:31.467 Disk 0 Partition - 00 05 Extended 153614 MB offset 173789280
15:27:31.497 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 153614 MB offset 173789343
15:27:31.507 Disk 0 scanning sectors +488391120
15:27:31.627 Disk 0 scanning C:\Windows\system32\drivers
15:27:54.072 Service scanning
15:28:46.231 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
15:28:49.812 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
15:28:58.494 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
15:28:58.574 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
15:29:00.135 Modules scanning
15:29:16.779 Disk 0 trace - called modules:
15:29:16.809 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys spps.sys >>UNKNOWN [0x864df938]<<
15:29:16.819 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88f16030]
15:29:16.829 3 CLASSPNP.SYS[8cbd559e] -> nt!IofCallDriver -> [0x872e6b98]
15:29:16.839 5 ACPI.sys[8bfa23b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x87306028]
15:29:18.100 AVAST engine scan C:\Windows
15:29:22.190 AVAST engine scan C:\Windows\system32
15:36:24.111 AVAST engine scan C:\Windows\system32\drivers
15:36:53.327 AVAST engine scan C:\Users\wanglong
15:40:35.705 Disk 0 MBR has been saved successfully to "C:\Users\wanglong\Desktop\MBR.dat"
15:40:35.725 The log file has been saved successfully to "C:\Users\wanglong\Desktop\aswMBR.txt"
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.17.2
Run by wanglong at 15:16:57 on 2013-06-05
Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.2996.1183 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Program Files\Rising\RSD\RsMgrSvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\DatacardService\DCService.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe
C:\Program Files\BOCOM\07USBKey\C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Windows\system32\lkads.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\lxdncoms.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\Explorer.EXE
C:\Program Files\BOCOM\07USBKey\C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\ngsrv\ngslotd.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\Program Files\alipay\SafeTransaction\AlipaySafeTran.exe
C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\lkcitdl.exe
C:\Windows\system32\lktsrv.exe
C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\Windows\system32\nipxism.exe
C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
C:\Program Files\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\alipay\SafeTransaction\Alipaybsm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Rising\RSD\popwndexe.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe
C:\Users\wanglong\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Tencent\QQ\Bin\QQProtect\Bin\QQProtect.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k HsfXAudioService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hao123.com/?tn=29065018_55_hao_pg
uDefault_Page_URL = hxxp://lenovo.msn.com
uProxyServer = localhost:21320
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Lexmark 工具条: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: WebProtect: {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} - c:\program files\cmbchina\webprotect\WebProtect.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: FlashCatchBHO Class: {88618A96-6D8A-42E7-B932-9073D5B2080F} - c:\program files\flashcatch\flashcatch.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: ICBC Anti-Phishing class: {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - c:\program files\icbcebanktools\icbcantiphishing\icbc_win32\Icbc_AntiPhishing.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Lexmark 工具条: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: FlashCatch: {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - c:\program files\flashcatch\flashcatch.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Lexmark 工具条: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
TB: FlashCatch: {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - c:\program files\flashcatch\flashcatch.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [RSDTRAY] "c:\program files\rising\rsd\popwndexe.exe"
mRun: [NI Update Service] "c:\program files\national instruments\shared\update service\NIUpdateService.exe" -startupTask
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
StartupFolder: c:\users\wanglong\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\wanglong\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\wanglong\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nierro~1.lnk - c:\program files\national instruments\shared\ni error reporting\nierserver.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: 转换为 Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: 转换为现有 PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: 转换选定的链接为 Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: 转换选定的链接为现有 PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: 转换选项为 Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: 转换选项为现有 PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: 转换链接目标为 Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: 转换链接目标为现有 PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: 95559.com.cn
Trusted Zone: alipay.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: alisoft.com
Trusted Zone: bankcomm.com
Trusted Zone: bankofchina.com
Trusted Zone: boc.cn
Trusted Zone: boc.cn
Trusted Zone: icbc.com.cn
Trusted Zone: taobao.com
Trusted Zone: taobao.com
Trusted Zone: alipay.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
Trusted Zone: taobao.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{AB14D844-17A3-4739-92EC-368A40F265C9} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{AB14D844-17A3-4739-92EC-368A40F265C9}\26C61636B697 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AB14D844-17A3-4739-92EC-368A40F265C9}\554477962756C6563737 : DHCPNameServer = 131.238.74.7 131.238.74.8
TCP: Interfaces\{AB14D844-17A3-4739-92EC-368A40F265C9}\75847237 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AB14D844-17A3-4739-92EC-368A40F265C9}\8423440373 : DHCPNameServer = 202.96.134.133 202.96.128.166
TCP: Interfaces\{AB14D844-17A3-4739-92EC-368A40F265C9}\C67716E676368656E6 : DHCPNameServer = 207.69.188.186 207.69.188.187
TCP: Interfaces\{AB14D844-17A3-4739-92EC-368A40F265C9}\E4544574541425833333 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Notification Packages = scecli ACGina
mASetup: aetsprov - c:\windows\system32\regsvr32.exe /s c:\windows\system32\aetsprov.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-4-21 24304]
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [2012-12-18 15448]
R0 nipxibaf;National Instruments PXI Bridge Access Driver;c:\windows\system32\drivers\nipxibaf.sys [2013-1-14 62712]
R0 nipxibrc;National Instruments PXI Bridge Configuration Driver;c:\windows\system32\drivers\nipxibrc.sys [2013-1-14 46344]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R1 CgbKeyFlt;CgbKeyFlt;c:\windows\CgbKeyFlt.sys [2011-12-31 33616]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2009-12-9 13480]
R1 QQProtect;QQProtect;c:\windows\system32\drivers\QQProtect.sys [2012-3-14 117920]
R2 AlipaySecSvc;Alipay security service;c:\program files\alipay\alieditplus\AlipaySecSvc.exe [2013-5-20 431456]
R2 CMB8100;CMB8100;c:\windows\system32\drivers\CertClient.dat [2010-6-4 11808]
R2 CMBProtector;CMBProtector;c:\windows\system32\drivers\CMBProtector.dat [2010-6-4 10272]
R2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2009-11-20 212992]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-4-21 132456]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2013-1-17 12408]
R2 nistreamk;nistreamk;c:\windows\system32\drivers\nistreamkl.sys [2012-6-6 19648]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2013-1-29 12424]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-4-21 48640]
R2 rsdsys;rsd protect;c:\windows\system32\drivers\protreg.sys [2013-6-4 21208]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2009-11-2 14808]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2010-4-21 126080]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-4-21 214696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-4-16 106656]
R3 GDBaseSmc;USB Chip Holder Service;c:\windows\system32\drivers\Chip_smc.sys [2010-1-17 20256]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-4-21 125696]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-4-21 209920]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2010-4-21 88832]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2012-3-6 22016]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2010-10-18 7122944]
R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2013-1-29 12424]
R3 R5BaseSmc;USB Token Holder Service;c:\windows\system32\drivers\smccard.sys [2010-1-20 20512]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys [2012-9-8 23608]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-10-8 38336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 EZUSB;AnchorChips General Purpose USB Driver (ezusb.sys);c:\windows\system32\drivers\ezusb.sys [2013-3-19 17424]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\solidworks corp\solidworks\swscheduler\DTSCoordinatorService.exe [2010-10-5 87336]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-2-5 201168]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2013-1-30 39272]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2012-2-5 101120]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2011-5-15 17408]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2012-3-6 22016]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2013-1-14 26192]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2013-1-14 11960]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2013-1-14 23736]
S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2012-6-28 11976]
S3 niimaqdxk;niimaqdxk;c:\windows\system32\drivers\niimaqdxkl.sys [2013-2-15 11864]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2012-12-19 12600]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2012-12-19 12600]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2011-8-9 21144]
S3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-11-20 20848]
S3 PCDSRVC{C4B36920-79E24793-06000000}_0;PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc.pkms [2009-11-20 20848]
S3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-4-21 816792]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-06-05 18:53:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-06-05 18:52:27 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-06-05 18:52:16 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-06-05 18:51:32 -------- d-----w- c:\users\wanglong\appdata\local\Programs
2013-06-05 18:31:51 -------- d-----w- c:\programdata\Tencent
2013-06-05 18:30:18 -------- d-----w- c:\users\wanglong\appdata\local\Tencent
2013-06-05 16:06:09 -------- d-----w- c:\programdata\PXISA
2013-06-05 15:57:17 -------- d-----w- c:\program files\cameralink
2013-06-05 15:38:35 -------- d-----w- c:\programdata\IVI Foundation
2013-06-05 15:38:35 -------- d-----w- c:\program files\IVI Foundation
2013-06-05 14:46:07 -------- d-----w- C:\National Instruments Downloads
2013-06-05 04:24:51 97 ----a-w- c:\windows\DeleteOnReboot.bat
2013-06-05 03:39:34 -------- d-----r- C:\RavBin
2013-06-05 03:34:50 21208 ------w- c:\windows\system32\drivers\protreg.sys
2013-06-05 03:33:59 -------- d-----w- c:\program files\Rising
2013-06-05 03:33:58 -------- d-----w- c:\programdata\Rising
2013-06-04 23:35:12 -------- d-----w- c:\users\wanglong\appdata\roaming\DriverCure
2013-06-04 23:35:11 -------- d-----w- c:\users\wanglong\appdata\roaming\SparkTrust
2013-06-04 23:30:48 -------- d-----w- c:\programdata\SparkTrust
2013-06-04 19:57:50 -------- d-----w- c:\users\wanglong\appdata\roaming\360SuperKiller
2013-06-04 19:53:58 -------- d-----w- c:\users\wanglong\appdata\roaming\SosClient
2013-06-03 21:04:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-06-03 21:04:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-06-03 21:04:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-06-03 21:04:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-06-03 21:04:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-06-03 04:24:47 -------- d-----w- c:\programdata\360safe
2013-06-03 04:23:45 2594632 ----a-r- c:\program files\common files\microsoft shared\vba\vba6\VBE6.DLL
2013-06-03 04:21:43 -------- d-----w- c:\users\wanglong\appdata\roaming\360Login
2013-06-03 04:20:00 -------- d-----w- c:\program files\360
2013-05-31 01:06:21 1210728 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-05-26 02:16:26 -------- d-----w- C:\a
2013-05-13 16:05:54 -------- d-----w- C:\A9R2908.tmp
2013-05-13 16:05:24 -------- d-----w- C:\A9R2907.tmp
2013-05-13 16:05:24 -------- d-----w- C:\A9R2906.tmp
2013-05-13 16:05:22 -------- d-----w- C:\A9R2905.tmp
2013-05-07 16:21:42 -------- d-----w- c:\users\wanglong\appdata\local\{1438690B-C617-4B45-839D-655904D1B333}
.
==================== Find3M ====================
.
2013-06-05 03:31:01 174056 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2013-05-15 03:31:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 03:31:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-01 07:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 07:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-04 22:11:34 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-04 21:57:45 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-04-04 21:54:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-03-26 13:41:34 415792 ----a-w- C:\UCLiveCore.dll
2013-03-26 13:41:28 215088 ----a-w- C:\live_deamon.dll
2013-03-22 20:37:43 34013072 ----a-w- c:\windows\system32\PersonalBankMain.ocx
2013-03-21 20:28:02 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-03-19 05:06:09 3958120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:06:09 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:54:22 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:50:03 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-14 16:44:22 0 ----a-w- c:\windows\system32\nsf7552.tmp
2013-03-14 15:39:41 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-14 15:39:41 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-14 15:39:41 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-11 07:27:42 2972272 ----a-w- c:\windows\system32\SogouPY.ime
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD25 rev.02.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83A37000]<< >>UNKNOWN [0x8CBD1000]<< >>UNKNOWN [0x8CBC0000]<< >>UNKNOWN [0x8BF99000]<< >>UNKNOWN [0x83A00000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x83A72718] -> \Device\Harddisk0\DR0[0x88F16030]
\Driver\Disk[0x86578058] -> IRP_MJ_CREATE -> 0x8CBD539F
3 [0x8CBD559E] -> ntkrnlpa!IofCallDriver[0x83A72718] -> [0x872E6B98]
\Driver\ACPI[0x8658C030] -> IRP_MJ_CREATE -> 0x8BFA24AA
kernel: MBR read successfully
_asm { JMP 0x10; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 15:18:02.51 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-05 15:21:34
-----------------------------
15:21:34.228 OS Version: Windows 6.1.7600
15:21:34.228 Number of processors: 4 586 0x2502
15:21:34.228 ComputerName: WANGLONG-THINK UserName: wanglong
15:21:35.809 Initialize success
15:24:03.310 AVAST engine defs: 13060501
15:27:31.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:27:31.197 Disk 0 Vendor: WDC_WD25 02.0 Size: 238475MB BusType: 3
15:27:31.327 Disk 0 MBR read successfully
15:27:31.337 Disk 0 MBR scan
15:27:31.367 Disk 0 unknown MBR code
15:27:31.387 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
15:27:31.427 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 73653 MB offset 2459712
15:27:31.457 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10003 MB offset 153301680
15:27:31.467 Disk 0 Partition - 00 05 Extended 153614 MB offset 173789280
15:27:31.497 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 153614 MB offset 173789343
15:27:31.507 Disk 0 scanning sectors +488391120
15:27:31.627 Disk 0 scanning C:\Windows\system32\drivers
15:27:54.072 Service scanning
15:28:46.231 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
15:28:49.812 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
15:28:58.494 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
15:28:58.574 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
15:29:00.135 Modules scanning
15:29:16.779 Disk 0 trace - called modules:
15:29:16.809 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys spps.sys >>UNKNOWN [0x864df938]<<
15:29:16.819 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88f16030]
15:29:16.829 3 CLASSPNP.SYS[8cbd559e] -> nt!IofCallDriver -> [0x872e6b98]
15:29:16.839 5 ACPI.sys[8bfa23b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x87306028]
15:29:18.100 AVAST engine scan C:\Windows
15:29:22.190 AVAST engine scan C:\Windows\system32
15:36:24.111 AVAST engine scan C:\Windows\system32\drivers
15:36:53.327 AVAST engine scan C:\Users\wanglong
15:40:35.705 Disk 0 MBR has been saved successfully to "C:\Users\wanglong\Desktop\MBR.dat"
15:40:35.725 The log file has been saved successfully to "C:\Users\wanglong\Desktop\aswMBR.txt"