Results 1 to 4 of 4

Thread: Live player 3.2 Ads pops out every time I use google chrome

  1. #1
    Junior Member
    Join Date
    Jun 2013
    Posts
    1

    Default Live player 3.2 Ads pops out every time I use google chrome

    Hi, I tried to watch online sports and got this plug-in. Every time I use google chrome it pops out. I have't tried spybot, SparkTrust, Adwclean, and 360superkiller, but the problem is still on. Please help to remove this. Thanks.

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.17.2
    Run by wanglong at 15:16:57 on 2013-06-05
    Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.2996.1183 [GMT -4:00]
    .
    AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\ibmpmsvc.exe
    C:\Program Files\Rising\RSD\RsMgrSvc.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
    C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\ProgramData\DatacardService\DCService.exe
    C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
    C:\Windows\system32\HPSIsvc.exe
    C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe
    C:\Program Files\BOCOM\07USBKey\C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe
    C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    C:\Windows\system32\lkads.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\lxdncoms.exe
    c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\BOCOM\07USBKey\C:\Program Files\National Instruments\MAX\nimxs.exe
    C:\Program Files\ngsrv\ngslotd.exe
    C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
    C:\Program Files\alipay\SafeTransaction\AlipaySafeTran.exe
    C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
    C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
    C:\Program Files\Common Files\Motive\pcCMService.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files\Lenovo\Access Connections\AcSvc.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\lkcitdl.exe
    C:\Windows\system32\lktsrv.exe
    C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
    C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
    C:\Windows\system32\nipxism.exe
    C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
    C:\Program Files\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
    C:\Program Files\alipay\SafeTransaction\Alipaybsm.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Rising\RSD\popwndexe.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe
    C:\Users\wanglong\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\DllHost.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\Program Files\Lenovo\System Update\SUService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Tencent\QQ\Bin\QQProtect\Bin\QQProtect.exe
    C:\Program Files\Tencent\QQ\Bin\QQ.exe
    C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.hao123.com/?tn=29065018_55_hao_pg
    uDefault_Page_URL = hxxp://lenovo.msn.com
    uProxyServer = localhost:21320
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Lexmark 工具条: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
    BHO: WebProtect: {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} - c:\program files\cmbchina\webprotect\WebProtect.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: FlashCatchBHO Class: {88618A96-6D8A-42E7-B932-9073D5B2080F} - c:\program files\flashcatch\flashcatch.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: ICBC Anti-Phishing class: {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - c:\program files\icbcebanktools\icbcantiphishing\icbc_win32\Icbc_AntiPhishing.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    TB: Lexmark 工具条: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: FlashCatch: {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - c:\program files\flashcatch\flashcatch.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    TB: Lexmark 工具条: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
    TB: FlashCatch: {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - c:\program files\flashcatch\flashcatch.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [RSDTRAY] "c:\program files\rising\rsd\popwndexe.exe"
    mRun: [NI Update Service] "c:\program files\national instruments\shared\update service\NIUpdateService.exe" -startupTask
    mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
    StartupFolder: c:\users\wanglong\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\wanglong\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\users\wanglong\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nierro~1.lnk - c:\program files\national instruments\shared\ni error reporting\nierserver.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
    IE: 转换为 Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: 转换为现有 PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: 转换选定的链接为 Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: 转换选定的链接为现有 PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: 转换选项为 Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: 转换选项为现有 PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: 转换链接目标为 Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: 转换链接目标为现有 PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    Trusted Zone: 95559.com.cn
    Trusted Zone: alipay.com
    Trusted Zone: alipay.com
    Trusted Zone: alisoft.com
    Trusted Zone: alisoft.com
    Trusted Zone: bankcomm.com
    Trusted Zone: bankofchina.com
    Trusted Zone: boc.cn
    Trusted Zone: boc.cn
    Trusted Zone: icbc.com.cn
    Trusted Zone: taobao.com
    Trusted Zone: taobao.com
    Trusted Zone: alipay.com
    Trusted Zone: alipay.com
    Trusted Zone: alisoft.com
    Trusted Zone: alisoft.com
    Trusted Zone: taobao.com
    Trusted Zone: taobao.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{AB14D844-17A3-4739-92EC-368A40F265C9} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{AB14D844-17A3-4739-92EC-368A40F265C9}\26C61636B697 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{AB14D844-17A3-4739-92EC-368A40F265C9}\554477962756C6563737 : DHCPNameServer = 131.238.74.7 131.238.74.8
    TCP: Interfaces\{AB14D844-17A3-4739-92EC-368A40F265C9}\75847237 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{AB14D844-17A3-4739-92EC-368A40F265C9}\8423440373 : DHCPNameServer = 202.96.134.133 202.96.128.166
    TCP: Interfaces\{AB14D844-17A3-4739-92EC-368A40F265C9}\C67716E676368656E6 : DHCPNameServer = 207.69.188.186 207.69.188.187
    TCP: Interfaces\{AB14D844-17A3-4739-92EC-368A40F265C9}\E4544574541425833333 : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    LSA: Notification Packages = scecli ACGina
    mASetup: aetsprov - c:\windows\system32\regsvr32.exe /s c:\windows\system32\aetsprov.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-4-21 24304]
    R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [2012-12-18 15448]
    R0 nipxibaf;National Instruments PXI Bridge Access Driver;c:\windows\system32\drivers\nipxibaf.sys [2013-1-14 62712]
    R0 nipxibrc;National Instruments PXI Bridge Configuration Driver;c:\windows\system32\drivers\nipxibrc.sys [2013-1-14 46344]
    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
    R1 CgbKeyFlt;CgbKeyFlt;c:\windows\CgbKeyFlt.sys [2011-12-31 33616]
    R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2009-12-9 13480]
    R1 QQProtect;QQProtect;c:\windows\system32\drivers\QQProtect.sys [2012-3-14 117920]
    R2 AlipaySecSvc;Alipay security service;c:\program files\alipay\alieditplus\AlipaySecSvc.exe [2013-5-20 431456]
    R2 CMB8100;CMB8100;c:\windows\system32\drivers\CertClient.dat [2010-6-4 11808]
    R2 CMBProtector;CMBProtector;c:\windows\system32\drivers\CMBProtector.dat [2010-6-4 10272]
    R2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2009-11-20 212992]
    R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-4-21 132456]
    R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2013-1-17 12408]
    R2 nistreamk;nistreamk;c:\windows\system32\drivers\nistreamkl.sys [2012-6-6 19648]
    R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2013-1-29 12424]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
    R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-4-21 48640]
    R2 rsdsys;rsd protect;c:\windows\system32\drivers\protreg.sys [2013-6-4 21208]
    R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2009-11-2 14808]
    R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2010-4-21 126080]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-4-21 214696]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-4-16 106656]
    R3 GDBaseSmc;USB Chip Holder Service;c:\windows\system32\drivers\Chip_smc.sys [2010-1-17 20256]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-4-21 125696]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-4-21 209920]
    R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2010-4-21 88832]
    R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2012-3-6 22016]
    R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2010-10-18 7122944]
    R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2013-1-29 12424]
    R3 R5BaseSmc;USB Token Holder Service;c:\windows\system32\drivers\smccard.sys [2010-1-20 20512]
    R3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys [2012-9-8 23608]
    R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-10-8 38336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 EZUSB;AnchorChips General Purpose USB Driver (ezusb.sys);c:\windows\system32\drivers\ezusb.sys [2013-3-19 17424]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\solidworks corp\solidworks\swscheduler\DTSCoordinatorService.exe [2010-10-5 87336]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-2-5 201168]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2013-1-30 39272]
    S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2012-2-5 101120]
    S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2011-5-15 17408]
    S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2012-3-6 22016]
    S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2013-1-14 26192]
    S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2013-1-14 11960]
    S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2013-1-14 23736]
    S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2012-6-28 11976]
    S3 niimaqdxk;niimaqdxk;c:\windows\system32\drivers\niimaqdxkl.sys [2013-2-15 11864]
    S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2012-12-19 12600]
    S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2012-12-19 12600]
    S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2011-8-9 21144]
    S3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-11-20 20848]
    S3 PCDSRVC{C4B36920-79E24793-06000000}_0;PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc.pkms [2009-11-20 20848]
    S3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-4-21 816792]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    .
    =============== File Associations ===============
    .
    FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
    FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2013-06-05 18:53:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2013-06-05 18:52:27 15224 ----a-w- c:\windows\system32\sdnclean.exe
    2013-06-05 18:52:16 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2013-06-05 18:51:32 -------- d-----w- c:\users\wanglong\appdata\local\Programs
    2013-06-05 18:31:51 -------- d-----w- c:\programdata\Tencent
    2013-06-05 18:30:18 -------- d-----w- c:\users\wanglong\appdata\local\Tencent
    2013-06-05 16:06:09 -------- d-----w- c:\programdata\PXISA
    2013-06-05 15:57:17 -------- d-----w- c:\program files\cameralink
    2013-06-05 15:38:35 -------- d-----w- c:\programdata\IVI Foundation
    2013-06-05 15:38:35 -------- d-----w- c:\program files\IVI Foundation
    2013-06-05 14:46:07 -------- d-----w- C:\National Instruments Downloads
    2013-06-05 04:24:51 97 ----a-w- c:\windows\DeleteOnReboot.bat
    2013-06-05 03:39:34 -------- d-----r- C:\RavBin
    2013-06-05 03:34:50 21208 ------w- c:\windows\system32\drivers\protreg.sys
    2013-06-05 03:33:59 -------- d-----w- c:\program files\Rising
    2013-06-05 03:33:58 -------- d-----w- c:\programdata\Rising
    2013-06-04 23:35:12 -------- d-----w- c:\users\wanglong\appdata\roaming\DriverCure
    2013-06-04 23:35:11 -------- d-----w- c:\users\wanglong\appdata\roaming\SparkTrust
    2013-06-04 23:30:48 -------- d-----w- c:\programdata\SparkTrust
    2013-06-04 19:57:50 -------- d-----w- c:\users\wanglong\appdata\roaming\360SuperKiller
    2013-06-04 19:53:58 -------- d-----w- c:\users\wanglong\appdata\roaming\SosClient
    2013-06-03 21:04:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2013-06-03 21:04:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2013-06-03 21:04:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2013-06-03 21:04:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2013-06-03 21:04:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2013-06-03 04:24:47 -------- d-----w- c:\programdata\360safe
    2013-06-03 04:23:45 2594632 ----a-r- c:\program files\common files\microsoft shared\vba\vba6\VBE6.DLL
    2013-06-03 04:21:43 -------- d-----w- c:\users\wanglong\appdata\roaming\360Login
    2013-06-03 04:20:00 -------- d-----w- c:\program files\360
    2013-05-31 01:06:21 1210728 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2013-05-26 02:16:26 -------- d-----w- C:\a
    2013-05-13 16:05:54 -------- d-----w- C:\A9R2908.tmp
    2013-05-13 16:05:24 -------- d-----w- C:\A9R2907.tmp
    2013-05-13 16:05:24 -------- d-----w- C:\A9R2906.tmp
    2013-05-13 16:05:22 -------- d-----w- C:\A9R2905.tmp
    2013-05-07 16:21:42 -------- d-----w- c:\users\wanglong\appdata\local\{1438690B-C617-4B45-839D-655904D1B333}
    .
    ==================== Find3M ====================
    .
    2013-06-05 03:31:01 174056 ----a-w- c:\windows\system32\drivers\wpshelper.sys
    2013-05-15 03:31:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-05-15 03:31:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-05-01 07:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2013-05-01 07:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2013-04-04 22:11:34 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2013-04-04 22:02:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-04-04 22:02:17 1129472 ----a-w- c:\windows\system32\wininet.dll
    2013-04-04 21:58:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-04-04 21:57:45 420864 ----a-w- c:\windows\system32\vbscript.dll
    2013-04-04 21:54:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-03-26 13:41:34 415792 ----a-w- C:\UCLiveCore.dll
    2013-03-26 13:41:28 215088 ----a-w- C:\live_deamon.dll
    2013-03-22 20:37:43 34013072 ----a-w- c:\windows\system32\PersonalBankMain.ocx
    2013-03-21 20:28:02 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2013-03-19 05:06:09 3958120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-03-19 05:06:09 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-03-19 04:54:22 38912 ----a-w- c:\windows\system32\csrsrv.dll
    2013-03-19 02:50:03 69632 ----a-w- c:\windows\system32\smss.exe
    2013-03-14 16:44:22 0 ----a-w- c:\windows\system32\nsf7552.tmp
    2013-03-14 15:39:41 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-03-14 15:39:41 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-03-14 15:39:41 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2013-03-11 07:27:42 2972272 ----a-w- c:\windows\system32\SogouPY.ime
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7600 Disk: WDC_WD25 rev.02.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: >>UNKNOWN [0x83A37000]<< >>UNKNOWN [0x8CBD1000]<< >>UNKNOWN [0x8CBC0000]<< >>UNKNOWN [0x8BF99000]<< >>UNKNOWN [0x83A00000]<<
    _asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
    1 ntkrnlpa!IofCallDriver[0x83A72718] -> \Device\Harddisk0\DR0[0x88F16030]
    \Driver\Disk[0x86578058] -> IRP_MJ_CREATE -> 0x8CBD539F
    3 [0x8CBD559E] -> ntkrnlpa!IofCallDriver[0x83A72718] -> [0x872E6B98]
    \Driver\ACPI[0x8658C030] -> IRP_MJ_CREATE -> 0x8BFA24AA
    kernel: MBR read successfully
    _asm { JMP 0x10; }
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 15:18:02.51 ===============

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-06-05 15:21:34
    -----------------------------
    15:21:34.228 OS Version: Windows 6.1.7600
    15:21:34.228 Number of processors: 4 586 0x2502
    15:21:34.228 ComputerName: WANGLONG-THINK UserName: wanglong
    15:21:35.809 Initialize success
    15:24:03.310 AVAST engine defs: 13060501
    15:27:31.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    15:27:31.197 Disk 0 Vendor: WDC_WD25 02.0 Size: 238475MB BusType: 3
    15:27:31.327 Disk 0 MBR read successfully
    15:27:31.337 Disk 0 MBR scan
    15:27:31.367 Disk 0 unknown MBR code
    15:27:31.387 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
    15:27:31.427 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 73653 MB offset 2459712
    15:27:31.457 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10003 MB offset 153301680
    15:27:31.467 Disk 0 Partition - 00 05 Extended 153614 MB offset 173789280
    15:27:31.497 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 153614 MB offset 173789343
    15:27:31.507 Disk 0 scanning sectors +488391120
    15:27:31.627 Disk 0 scanning C:\Windows\system32\drivers
    15:27:54.072 Service scanning
    15:28:46.231 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    15:28:49.812 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
    15:28:58.494 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
    15:28:58.574 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
    15:29:00.135 Modules scanning
    15:29:16.779 Disk 0 trace - called modules:
    15:29:16.809 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys spps.sys >>UNKNOWN [0x864df938]<<
    15:29:16.819 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88f16030]
    15:29:16.829 3 CLASSPNP.SYS[8cbd559e] -> nt!IofCallDriver -> [0x872e6b98]
    15:29:16.839 5 ACPI.sys[8bfa23b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x87306028]
    15:29:18.100 AVAST engine scan C:\Windows
    15:29:22.190 AVAST engine scan C:\Windows\system32
    15:36:24.111 AVAST engine scan C:\Windows\system32\drivers
    15:36:53.327 AVAST engine scan C:\Users\wanglong
    15:40:35.705 Disk 0 MBR has been saved successfully to "C:\Users\wanglong\Desktop\MBR.dat"
    15:40:35.725 The log file has been saved successfully to "C:\Users\wanglong\Desktop\aswMBR.txt"
    Attached Files Attached Files

  2. #2
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hello wanglanxiu,

    I apologize for the delay in replying to your inquiry. If you still need help please continue.

    =========================

    My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.
    • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

    Please stay with this topic until I let you know that your system appears to be "All Clear"

    Important: All tools MUST be run from the Desktop.

    =========================

    1. Security Check

    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    =========================

    2. aswMBR

    Download aswMBR.exe and save it to your desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • When asked if you want to download Avast's virus definitions please select Yes.
    • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


    =========================


    3. OTL

    Download OTL to your desktop.
    • Make sure all other windows are closed and to let it run uninterrupted.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      %USERPROFILE%\..|smtmp;true;true;true /FP
      %temp%\smtmp\*.* /s >
      /md5start
      iexplore.*
      explorer.*
      winlogon.*
      dll
      zx.dll
      hlp.dat
      consrv.dll
      services.*
      /md5stop
      netsvcs
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\Fonts\*.exe
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.jpg
      %systemroot%\*.png
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      dir "%systemdrive%\*" /S /A:L /C
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      %PROGRAMFILES%\bak. /s
      %systemroot%\system32\bak. /s
      %ALLUSERSPROFILE%\Start Menu\*.lnk /x
      %systemroot%\system32\config\systemprofile\*.dat /x
      %systemroot%\*.config
      %systemroot%\system32\*.db
      %PROGRAMFILES%\Internet Explorer\*.dat
      %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
      %USERPROFILE%\Desktop\*.exe
      %PROGRAMFILES%\Common Files\*.*
      %systemroot%\*.src
      %systemroot%\install\*.*
      %systemroot%\system32\DLL\*.*
      %systemroot%\system32\HelpFiles\*.*
      %systemroot%\system32\rundll\*.*
      %systemroot%\winn32\*.*
      %systemroot%\Java\*.*
      %systemroot%\system32\test\*.*
      %systemroot%\system32\Rundll32\*.*
      %systemroot%\AppPatch\Custom\*.*
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      BASESERVICES
      DRIVES
      CREATERESTOREPOINT

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
      • You may need two posts to fit them both in.


    =========================

    In your next post please provide the following:

    • checkup.txt
    • aswMBR.txt
    • attach MBR.zip
    • OTL.txt
    • Extras.txt
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  3. #3
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi wanglanxiu,

    Just checking in to see if you still need help?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  4. #4
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    This thread has been closed due to inactivity. If it has been three days or more since your last post it will not be re-opened.

    If you still require help, please start a new topic and include fresh DDS and aswMBR logs, along with a link to your previous thread.

    Please do not add any logs that might have been requested previously, you would be starting fresh.

    Applies only to the original poster, anyone else with similar problems please start your own topic.
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •