I am running Windows 7 Home Premium. I have got this trojan and tried removing it with MalwareBytes, SuperAntiSpyware and Viper and have not succeed. Can you please help me - here is the DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Alan at 17:49:34 on 2012-07-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8169.5929 [GMT 9.5:30]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 61.9.226.33 61.9.242.33
TCP: Interfaces\{245C90E9-1BAD-4D32-B574-5427EBD8F499} : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{245C90E9-1BAD-4D32-B574-5427EBD8F499}\649637865627 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2721EF4A-6894-4878-917F-120717A942C8} : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{3D1BA724-2C9A-405F-B1E7-D857FDFEC528} : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{4FD40683-45F7-4C3B-AC12-A573F1455A15} : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{7188D8DF-3BA8-4A1D-AA90-C840EBE0A800} : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{7304C9F3-8B97-4BD0-BA92-F71CE31EC13E} : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{ACF94F3C-8C0C-449D-BA9F-9684DABB7CFF} : DhcpNameServer = 61.9.226.33 61.9.242.33
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\q3tc0fjp.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m ... e=UTF-8&q=
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
S3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS;C:\Windows\system32\drivers\IAMTVE.sys --> C:\Windows\system32\drivers\IAMTVE.sys [?]
S3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS;C:\Windows\system32\drivers\IAMTXPE.sys --> C:\Windows\system32\drivers\IAMTXPE.sys [?]
S3 ioatdma1;ioatdma1;C:\Windows\system32\Drivers\qd162x64.sys --> C:\Windows\system32\Drivers\qd162x64.sys [?]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\Windows\system32\Drivers\qd262x64.sys --> C:\Windows\system32\Drivers\qd262x64.sys [?]
.
=============== Created Last 30 ================
.
2012-07-04 08:08:01 711240 ----a-w- C:\Windows\isRS-000.tmp
2012-07-03 12:58:27 -------- d-----w- C:\Users\Alan\AppData\Roaming\SUPERAntiSpyware.com
2012-07-03 12:58:15 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-07-03 12:58:15 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-07-03 12:05:27 -------- d-----w- C:\Users\Alan\AppData\Roaming\Malwarebytes
2012-07-03 12:05:23 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-03 12:05:23 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-03 12:05:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-03 08:46:47 -------- d-----w- C:\ProgramData\Comodo
2012-07-03 08:43:31 -------- d-----w- C:\ProgramData\CPA_VA
2012-07-03 07:40:01 -------- d--h--w- C:\Program Files\COMODO
2012-07-03 07:40:00 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-07-03 07:40:00 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-07-03 07:40:00 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-07-02 13:12:44 -------- d-----w- C:\ProgramData\GFI Software
2012-07-02 13:12:30 61184 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-07-02 13:12:25 258304 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-07-02 13:12:25 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-07-02 13:12:07 -------- d-----w- C:\ProgramData\Downloaded Installations
2012-07-02 13:11:27 -------- d-----w- C:\Program Files (x86)\GFI Software
2012-07-02 13:11:15 -------- d-----w- C:\Users\Alan\AppData\Roaming\GFI Software
2012-07-02 13:07:01 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys
2012-07-02 13:01:54 -------- d-----w- C:\Users\Alan\AppData\Roaming\Qasel
2012-07-02 13:01:54 -------- d-----w- C:\Users\Alan\AppData\Roaming\Myof
2012-07-02 13:01:54 -------- d-----w- C:\Users\Alan\AppData\Roaming\Kawey
2012-07-02 12:32:10 328704 ----a-w- C:\Windows\System32\services.exe.90996C0537C58920
2012-07-02 12:26:23 328704 ----a-w- C:\Windows\System32\services.exe.9CC20951C03ACD27
2012-07-02 12:23:40 328704 ----a-w- C:\Windows\System32\services.exe.F5EC03C44F82961E
2012-07-02 12:19:46 328704 ----a-w- C:\Windows\System32\services.exe.A6D2FAE11519ECA4
2012-07-02 12:16:12 328704 ----a-w- C:\Windows\System32\services.exe.48EACA1B984BC82A
2012-07-02 09:52:55 328704 ----a-w- C:\Windows\System32\services.exe.2C7FA320B1270363
2012-07-02 09:47:52 328704 ----a-w- C:\Windows\System32\services.exe.2AE3EB1823625ACB
2012-06-30 15:08:44 -------- d-----w- C:\ProgramData\Windows
2012-06-28 13:54:47 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-22 06:07:42 46472 ----a-w- C:\Windows\SysWow64\sbbd.exe
2012-06-21 22:28:35 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 22:28:16 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 22:28:02 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 22:28:02 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-14 06:46:29 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-04 10:19:52 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-06-04 10:19:52 -------- d-----w- C:\Program Files (x86)\Diablo III
2012-06-04 10:19:52 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-06-04 10:18:23 -------- d-----w- C:\ProgramData\Battle.net
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-18 11:26:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-18 11:26:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-13 12:00:04 85248 ----a-w- C:\Windows\System32\drivers\sbwtis.sys
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
.
============= FINISH: 17:50:45.31 ===============