:sad:
MY SYSTEM
Microsoft Windows XP Media Center Edition
Version 2002
Service Pack 2 (although I am sure I downloaded Service Pack 3 some time ago.)
Acer Inc., AcerSystem
MY SECURITY PROGRAMS
Avast Pro Antivirus
Malwarebytes Anti-Malware Premium
SuperAntispyware Free Edition
MY PROBLEM
Virus...
It started with interference to my VLC Media Player. I tried playing some videos in YouTube, but they would not play properly. The sound is only a sputtering mess; the video screen is all gray. A BLUE BAR I had never seen before appeared immediately below the video window, asking me if I was having trouble viewing my videos. It told me to "click here" for suggestions. However, the suggestions were only standard trouble-shooting questions. I did not click on anything else, but backed out.
After that, all sorts of problems began occurring.
I completely deleted my Malwarebytes Premium and re-downloaded it from the Malwarebytes site. That restored my Real-Time Protection.
I DO have Windows XP restore disks, but if I use them, I will lose quite a bit of information off my computer.
GMER would not finish it's scan. It kept coming up with an error. I finally ran it with only "Sections" and "C" checked. I have included a screen shot of the error report.
DDS (Ver_2012-11-20.01) - FAT32_x86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.67.2
Run by Randy at 1:36:00 on 2014-12-27
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mysearch.avg.com?cid={3FA53EE0-3219-4F78-B6AB-42C175E7FE26}&mid=b70d864b2b13478e8de06dca14441ef6-1d5f5311370dd06a59918f593f96f2eada0bcf85&lang=en&ds=ad011&coid=avgtbdisad&cmpid=&pr=sa&d=&v=18.1.0.443&pid=safeguard&sg=&sap=hp
mDefault_Page_URL = hxxp://global.acer.com
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: IEExtension.VDownloaderBHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SkyTel] SkyTel.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 0
mRun: [Acer ePresentation HPD] c:\acer\empowering technology\epresentation\ePresentation.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Boot] c:\acer\empowering technology\epower\Boot.exe
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [WorksFUD] c:\program files\microsoft works\wkfud.exe
mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1400014618236
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{37C8F16D-B9EB-4EBD-8CA9-1F481E22F805} : DHCPNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\randy\application data\mozilla\firefox\profiles\enh5uj8z.default-1402764676125\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_16_0_0_235.dll
.
============= SERVICES / DRIVERS ===============
.
R? anvsnddrv;AnvSoft Virtual Sound Device
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? NAVENG;NAVENG
R? NAVEX15;NAVEX15
R? Symantec Core LC;Symantec Core LC
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? aswHwid;avast! HardwareID
S? aswKbd;aswKbd
S? aswMonFlt;aswMonFlt
S? aswRvrt;avast! Revert
S? aswSnx;aswSnx
S? aswSP;aswSP
S? aswVmm;avast! VM Monitor
S? avast! Antivirus;avast! Antivirus
S? ccEvtMgr;Symantec Event Manager
S? ccSetMgr;Symantec Settings Manager
S? FreemakeVideoCapture;FreemakeVideoCapture
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? MBAMSwissArmy;MBAMSwissArmy
S? McrdSvc;Media Center Extender Service
S? npf;NetGroup Packet Filter Driver
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
.
=============== File Associations ===============
.
ShellExec: AMIPRO.EXE: open=c:\amipro\AMIPRO.EXE
.
=============== Created Last 30 ================
.
2014-12-25 20:38:18 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-25 20:30:42 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-25 20:30:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-25 20:30:28 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-12-24 10:00:14 74864 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2014-12-24 10:00:14 20080 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2014-12-24 10:00:13 260208 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2014-12-24 10:00:12 338032 ----a-w- c:\program files\mozilla firefox\firefox.exe
2014-12-24 10:00:10 331376 ----a-w- c:\program files\mozilla firefox\freebl3.dll
2014-12-24 10:00:08 5246064 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2014-12-24 10:00:02 10397296 ----a-w- c:\program files\mozilla firefox\icudt52.dll
2014-12-24 10:00:01 1023600 ----a-w- c:\program files\mozilla firefox\icuin52.dll
2014-12-24 10:00:00 800368 ----a-w- c:\program files\mozilla firefox\icuuc52.dll
2014-12-24 10:00:00 45168 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2014-12-10 15:53:28 -------- d-----w- c:\documents and settings\randy\local settings\application data\Adobe
2014-12-09 07:46:37 114904 ----a-w- c:\windows\system32\drivers\6A094204.sys
2014-11-30 19:42:30 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
.
==================== Find3M ====================
.
2014-12-10 15:54:34 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-10 15:54:32 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-21 11:09:28 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-21 11:09:28 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-21 11:09:28 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-21 11:09:28 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-21 11:09:26 43152 ----a-w- c:\windows\avastSS.scr
2014-11-21 11:09:10 787800 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-11-21 11:09:08 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-02-27 14:57:32 4226536 ----a-w- c:\program files\winamp5666_lite_en-us.exe
.
============= FINISH: 1:52:08.79 ===============
:dance:Subsequent to my posting this thread, I was able to get GMER to run a full scan. (I guess the third time is the charm!) Anyway, I have attached the results of the full GMER scan below!
MY SYSTEM
Microsoft Windows XP Media Center Edition
Version 2002
Service Pack 2 (although I am sure I downloaded Service Pack 3 some time ago.)
Acer Inc., AcerSystem
MY SECURITY PROGRAMS
Avast Pro Antivirus
Malwarebytes Anti-Malware Premium
SuperAntispyware Free Edition
MY PROBLEM
Virus...
It started with interference to my VLC Media Player. I tried playing some videos in YouTube, but they would not play properly. The sound is only a sputtering mess; the video screen is all gray. A BLUE BAR I had never seen before appeared immediately below the video window, asking me if I was having trouble viewing my videos. It told me to "click here" for suggestions. However, the suggestions were only standard trouble-shooting questions. I did not click on anything else, but backed out.
After that, all sorts of problems began occurring.
ACTIONS ALREADY TAKEN:
- The virus will not allow computer to run in Safe Mode...instead, whenever I attempt to open Safe Mode, it turns the computer off completely for several minutes, either just after I enter Safe Mode, or before I even finish entering it!
- My computer runs VERY slowly...it takes forever (and repeated attempts) to open programs or files
- My VLC Media Player is basically non-functional...the sound is indistinguishable, only sputtering, and there is no picture to speak of (only gray screen)
- It shut down my Malwarebytes Real-Time Protection, and would not allow "Fix Now" to run.
I completely deleted my Malwarebytes Premium and re-downloaded it from the Malwarebytes site. That restored my Real-Time Protection.
- I completely deleted my VLC Media Player and re-downloaded it from the main site.
- I ran complete system scans with all three of my security programs. Malwarebytes Premium and SuperAntiSpyware found nothing. Avast Pro Antivirus found a virus and said it had removed it to the "Chest".
I DO have Windows XP restore disks, but if I use them, I will lose quite a bit of information off my computer.
GMER would not finish it's scan. It kept coming up with an error. I finally ran it with only "Sections" and "C" checked. I have included a screen shot of the error report.
DDS (Ver_2012-11-20.01) - FAT32_x86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.67.2
Run by Randy at 1:36:00 on 2014-12-27
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mysearch.avg.com?cid={3FA53EE0-3219-4F78-B6AB-42C175E7FE26}&mid=b70d864b2b13478e8de06dca14441ef6-1d5f5311370dd06a59918f593f96f2eada0bcf85&lang=en&ds=ad011&coid=avgtbdisad&cmpid=&pr=sa&d=&v=18.1.0.443&pid=safeguard&sg=&sap=hp
mDefault_Page_URL = hxxp://global.acer.com
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: IEExtension.VDownloaderBHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SkyTel] SkyTel.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 0
mRun: [Acer ePresentation HPD] c:\acer\empowering technology\epresentation\ePresentation.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Boot] c:\acer\empowering technology\epower\Boot.exe
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [WorksFUD] c:\program files\microsoft works\wkfud.exe
mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1400014618236
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{37C8F16D-B9EB-4EBD-8CA9-1F481E22F805} : DHCPNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\randy\application data\mozilla\firefox\profiles\enh5uj8z.default-1402764676125\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_16_0_0_235.dll
.
============= SERVICES / DRIVERS ===============
.
R? anvsnddrv;AnvSoft Virtual Sound Device
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? NAVENG;NAVENG
R? NAVEX15;NAVEX15
R? Symantec Core LC;Symantec Core LC
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? aswHwid;avast! HardwareID
S? aswKbd;aswKbd
S? aswMonFlt;aswMonFlt
S? aswRvrt;avast! Revert
S? aswSnx;aswSnx
S? aswSP;aswSP
S? aswVmm;avast! VM Monitor
S? avast! Antivirus;avast! Antivirus
S? ccEvtMgr;Symantec Event Manager
S? ccSetMgr;Symantec Settings Manager
S? FreemakeVideoCapture;FreemakeVideoCapture
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? MBAMSwissArmy;MBAMSwissArmy
S? McrdSvc;Media Center Extender Service
S? npf;NetGroup Packet Filter Driver
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
.
=============== File Associations ===============
.
ShellExec: AMIPRO.EXE: open=c:\amipro\AMIPRO.EXE
.
=============== Created Last 30 ================
.
2014-12-25 20:38:18 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-25 20:30:42 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-25 20:30:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-25 20:30:28 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-12-24 10:00:14 74864 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2014-12-24 10:00:14 20080 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2014-12-24 10:00:13 260208 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2014-12-24 10:00:12 338032 ----a-w- c:\program files\mozilla firefox\firefox.exe
2014-12-24 10:00:10 331376 ----a-w- c:\program files\mozilla firefox\freebl3.dll
2014-12-24 10:00:08 5246064 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2014-12-24 10:00:02 10397296 ----a-w- c:\program files\mozilla firefox\icudt52.dll
2014-12-24 10:00:01 1023600 ----a-w- c:\program files\mozilla firefox\icuin52.dll
2014-12-24 10:00:00 800368 ----a-w- c:\program files\mozilla firefox\icuuc52.dll
2014-12-24 10:00:00 45168 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2014-12-10 15:53:28 -------- d-----w- c:\documents and settings\randy\local settings\application data\Adobe
2014-12-09 07:46:37 114904 ----a-w- c:\windows\system32\drivers\6A094204.sys
2014-11-30 19:42:30 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
.
==================== Find3M ====================
.
2014-12-10 15:54:34 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-10 15:54:32 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-21 11:09:28 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-21 11:09:28 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-21 11:09:28 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-21 11:09:28 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-21 11:09:26 43152 ----a-w- c:\windows\avastSS.scr
2014-11-21 11:09:10 787800 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-11-21 11:09:08 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-02-27 14:57:32 4226536 ----a-w- c:\program files\winamp5666_lite_en-us.exe
.
============= FINISH: 1:52:08.79 ===============
:dance:Subsequent to my posting this thread, I was able to get GMER to run a full scan. (I guess the third time is the charm!) Anyway, I have attached the results of the full GMER scan below!