Hi guys, I need your help.
I have the "System Check" virus/malware and before I stumbled across this forum I had ran SUPERAntispyware Tech edition. It did find and remove some of the "System Check files" but obviously not all... as my desktop and all the files on my computer are still hidden. Unfortunately the log files from this program were not saved for some reason, even though the "save log files" checkbox was checked? Anyway I hope I haven't done more damage then good!
Here are the logs requested:
Malwarebytes log:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.20.01
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: WIN-AER8981K0EI [administrator]
1/20/2012 7:50:19 AM
mbam-log-2012-01-20 (07-50-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 178548
Time elapsed: 2 minute(s), 48 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
**************************
Gmer log: It didn't produce a log.
*************************
DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Administrator at 9:05:52 on 2012-01-20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.3028 [GMT -6:00]
.
AV: Shaw Secure 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Shaw Secure 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Shaw Secure 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
P:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Windows\system32\emaudsv.exe
P:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files (x86)\Shaw Secure\Common\FSMA32.EXE
C:\Program Files (x86)\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files (x86)\Shaw Secure\Common\FSLAUNCH.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - p:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - C:\Program Files (x86)\Shaw Secure\NRS\iescript\baselitmus.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - C:\Program Files (x86)\Shaw Secure\NRS\iescript\baselitmus.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] p:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [E-MU USB Audio Control Panel] "p:\Program Files (x86)\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe"
mRun: [F-Secure Manager] "C:\Program Files (x86)\Shaw Secure\Common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "C:\Program Files (x86)\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "P:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] p:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - P:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - p:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Program Files (x86)\Shaw Secure\FSPS\program\FSLSP.DLL
Trusted Zone: hc-sc.gc.ca\weboffice
DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - hxxp://www.riffinteractive.com/setup/RiffLick.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226
TCP: Interfaces\{1EAA2A31-D44B-422C-BE5A-E964AE332BC8} : DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - p:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Shaw Secure\NRS\iescript\baselitmus.dll
BHO-X64: LitmusBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Shaw Secure\NRS\iescript\baselitmus.dll
mRun-x64: [F-Secure Manager] "C:\Program Files (x86)\Shaw Secure\Common\FSM32.EXE" /splash
mRun-x64: [F-Secure TNB] "C:\Program Files (x86)\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "P:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] p:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bz4w4vsh.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: P:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys --> C:\Windows\system32\DRIVERS\mv61xx.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Shaw Secure\HIPS\drivers\fshs.sys [2010-7-14 57920]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys --> C:\Windows\system32\drivers\fses.sys [?]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys --> C:\Windows\system32\drivers\fsdfw.sys [?]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Shaw Secure\Anti-Virus\minifilter\fsvista.sys [2010-7-14 14904]
R1 SASDIFSV;SASDIFSV;C:\Users\ADMINI~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Users\ADMINI~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 emaudsv;E-MU Audio Service;C:\Windows\system32\emaudsv.exe --> C:\Windows\system32\emaudsv.exe [?]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\Shaw Secure\Anti-Virus\fsgk32st.exe [2010-7-14 215648]
R2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [2010-10-6 1636872]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Shaw Secure\Anti-Virus\minifilter\fsgk.sys [2010-7-14 198808]
R3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;C:\Windows\system32\DRIVERS\MAudioMIDISPORT.sys --> C:\Windows\system32\DRIVERS\MAudioMIDISPORT.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
S3 emusba10;E-MU USB-Audio 1.0 Driver;C:\Windows\system32\DRIVERS\emusba10.sys --> C:\Windows\system32\DRIVERS\emusba10.sys [?]
S3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Shaw Secure\ORSP Client\fsorsp.exe [2010-7-14 61088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
S3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;C:\Windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys --> C:\Windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys [?]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\system32\DRIVERS\silabenm.sys --> C:\Windows\system32\DRIVERS\silabenm.sys [?]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\system32\DRIVERS\silabser.sys --> C:\Windows\system32\DRIVERS\silabser.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-01-20 07:37:12 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Malwarebytes
2012-01-20 07:37:03 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-20 07:36:59 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-20 06:01:30 -------- d--h--w- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2012-01-20 06:01:30 -------- d--h--w- C:\ProgramData\SUPERAntiSpyware.com
2012-01-11 21:02:33 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 21:02:32 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 21:02:31 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 21:02:31 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 21:02:23 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 21:02:21 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 21:02:15 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 21:02:15 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-03 14:22:02 103864 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-12-23 01:13:31 201816 ---ha-w- C:\Windows\SysWow64\PnkBstrB.exe
.
==================== Find3M ====================
.
2011-12-23 01:13:28 66872 ---ha-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-11-27 21:10:20 414368 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-24 19:29:02 94208 ---ha-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ---ha-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 9:06:06.13 ===============
I have the "System Check" virus/malware and before I stumbled across this forum I had ran SUPERAntispyware Tech edition. It did find and remove some of the "System Check files" but obviously not all... as my desktop and all the files on my computer are still hidden. Unfortunately the log files from this program were not saved for some reason, even though the "save log files" checkbox was checked? Anyway I hope I haven't done more damage then good!
Here are the logs requested:
Malwarebytes log:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.20.01
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: WIN-AER8981K0EI [administrator]
1/20/2012 7:50:19 AM
mbam-log-2012-01-20 (07-50-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 178548
Time elapsed: 2 minute(s), 48 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
**************************
Gmer log: It didn't produce a log.
*************************
DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Administrator at 9:05:52 on 2012-01-20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.3028 [GMT -6:00]
.
AV: Shaw Secure 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Shaw Secure 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Shaw Secure 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
P:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Windows\system32\emaudsv.exe
P:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files (x86)\Shaw Secure\Common\FSMA32.EXE
C:\Program Files (x86)\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files (x86)\Shaw Secure\Common\FSLAUNCH.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - p:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - C:\Program Files (x86)\Shaw Secure\NRS\iescript\baselitmus.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - C:\Program Files (x86)\Shaw Secure\NRS\iescript\baselitmus.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] p:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [E-MU USB Audio Control Panel] "p:\Program Files (x86)\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe"
mRun: [F-Secure Manager] "C:\Program Files (x86)\Shaw Secure\Common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "C:\Program Files (x86)\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "P:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] p:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - P:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - p:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Program Files (x86)\Shaw Secure\FSPS\program\FSLSP.DLL
Trusted Zone: hc-sc.gc.ca\weboffice
DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - hxxp://www.riffinteractive.com/setup/RiffLick.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226
TCP: Interfaces\{1EAA2A31-D44B-422C-BE5A-E964AE332BC8} : DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - p:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Shaw Secure\NRS\iescript\baselitmus.dll
BHO-X64: LitmusBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Shaw Secure\NRS\iescript\baselitmus.dll
mRun-x64: [F-Secure Manager] "C:\Program Files (x86)\Shaw Secure\Common\FSM32.EXE" /splash
mRun-x64: [F-Secure TNB] "C:\Program Files (x86)\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "P:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] p:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bz4w4vsh.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: P:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys --> C:\Windows\system32\DRIVERS\mv61xx.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Shaw Secure\HIPS\drivers\fshs.sys [2010-7-14 57920]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys --> C:\Windows\system32\drivers\fses.sys [?]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys --> C:\Windows\system32\drivers\fsdfw.sys [?]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Shaw Secure\Anti-Virus\minifilter\fsvista.sys [2010-7-14 14904]
R1 SASDIFSV;SASDIFSV;C:\Users\ADMINI~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Users\ADMINI~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 emaudsv;E-MU Audio Service;C:\Windows\system32\emaudsv.exe --> C:\Windows\system32\emaudsv.exe [?]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\Shaw Secure\Anti-Virus\fsgk32st.exe [2010-7-14 215648]
R2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [2010-10-6 1636872]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Shaw Secure\Anti-Virus\minifilter\fsgk.sys [2010-7-14 198808]
R3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;C:\Windows\system32\DRIVERS\MAudioMIDISPORT.sys --> C:\Windows\system32\DRIVERS\MAudioMIDISPORT.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
S3 emusba10;E-MU USB-Audio 1.0 Driver;C:\Windows\system32\DRIVERS\emusba10.sys --> C:\Windows\system32\DRIVERS\emusba10.sys [?]
S3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Shaw Secure\ORSP Client\fsorsp.exe [2010-7-14 61088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
S3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;C:\Windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys --> C:\Windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys [?]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\system32\DRIVERS\silabenm.sys --> C:\Windows\system32\DRIVERS\silabenm.sys [?]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\system32\DRIVERS\silabser.sys --> C:\Windows\system32\DRIVERS\silabser.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-01-20 07:37:12 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Malwarebytes
2012-01-20 07:37:03 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-20 07:36:59 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-20 06:01:30 -------- d--h--w- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2012-01-20 06:01:30 -------- d--h--w- C:\ProgramData\SUPERAntiSpyware.com
2012-01-11 21:02:33 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 21:02:32 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 21:02:31 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 21:02:31 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 21:02:23 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 21:02:21 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 21:02:15 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 21:02:15 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-03 14:22:02 103864 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-12-23 01:13:31 201816 ---ha-w- C:\Windows\SysWow64\PnkBstrB.exe
.
==================== Find3M ====================
.
2011-12-23 01:13:28 66872 ---ha-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-11-27 21:10:20 414368 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-24 19:29:02 94208 ---ha-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ---ha-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 9:06:06.13 ===============