Jump to content

Cannot delete ASF file, possible virus?


Recommended Posts

I cannot delete an asf file. I've tried the following:

- Right click and delete makes the recycling window hang

- Cut and paste makes the pasting process hang

- Changing the file extension just makes it hang

- Command Prompt comes up with "invalid switch - test.asf"

- Disabling thumbnails does not make deleting work

- I cannot find the file in the Task Manager

- FileAssassin can unlock, unload, and terminate the file, but not delete it

- Turning the computer on and off does not change anything

- MalwareBytes does not detect any virus

- FarBar gave the following results (see attachments)

Addition.txt

FRST.txt

Link to post
Share on other sites

Hello aztecrex and welcome to Malwarebytes,

ASF files are containers for the streaming media,  An .asf file may contain video and audio files and can also contain metadata in the same way that MP3 files do. There is also malware that exploits such files and can be hard to find/remove... Continue as follows:

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.
 
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.


Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.


Let me see those logs in your reply...

Thank you,

Kevin...

 

Link to post
Share on other sites

RKILL
Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/14/2016 08:24:59 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Advanced Explorer Setting Removed: HideIcons [HKCU]

Backup Registry file created at:
C:\Users\Anon\Desktop\rkill\rkill-04-14-2016-08-25-03.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* TBS [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 04/14/2016 08:25:46 AM
Execution time: 0 hours(s), 0 minute(s), and 46 seconds(s)


MBAM LOG
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/14/2016
Scan Time: 8:27 AM
Logfile: mbam log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.14.04
Rootkit Database: v2016.04.09.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Anon

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327679
Time Elapsed: 10 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


FARBAR FIRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by Anon (administrator) on ANONYMOUS (14-04-2016 08:40:35)
Running from C:\Users\Anon\Videos
Loaded Profiles: Anon (Available Profiles: Anon)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\AdminService.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Qualcomm Atheros Inc.) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiCMgr.exe
(Qualcomm Atheros, Inc.) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AWiCDiag.exe
(Qualcomm Atheros Inc.) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Wcct.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Qualcomm Atheros Inc.) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\spectral\SocketServer.exe
(Qualcomm Atheros Inc.) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\DirectConnect\DirectDisplay.exe
(Quacomm Atheros, Inc.) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Agent\AthNetAgent.exe
(Qualcomm Atheros Inc.) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\DirectConnect\DCWpaSupplicant.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros Inc.) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\DirectConnect\DCDhcpService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-09-15] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-09-01] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2825968 2014-07-02] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-25] (Intel Corporation)
HKLM\...\Run: [AWiCMgr] => C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\AWiC\AWiCMgr.exe [189568 2014-08-26] (Qualcomm Atheros Inc.)
HKLM\...\Run: [AWiCDiag] => C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AWiCDiag.exe [2782336 2014-08-26] (Qualcomm Atheros, Inc.)
HKLM\...\Run: [wcct] => C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\wcct.exe [1074304 2014-08-26] (Qualcomm Atheros Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-27] (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\BtvStack.exe [134784 2014-09-22] (Qualcomm®Atheros®)
HKU\S-1-5-21-1549069913-2747596873-114636901-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1549069913-2747596873-114636901-1001] => localhost:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2F8DCCBF-BE26-4E3E-849D-DE81B90A754F}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3E2D27E2-FC4A-46F7-845C-B7DEA22456A6}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1549069913-2747596873-114636901-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1549069913-2747596873-114636901-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1549069913-2747596873-114636901-1001 -> DefaultScope {B98C4D12-EE13-4C81-9DCE-23A5A999142D} URL =
SearchScopes: HKU\S-1-5-21-1549069913-2747596873-114636901-1001 -> {B98C4D12-EE13-4C81-9DCE-23A5A999142D} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

FireFox:
========
FF ProfilePath: C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\sr05j18e.default-1450757018806
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-30] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-30] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: DownThemAll! - C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\sr05j18e.default-1450757018806\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-01-03]
FF Extension: X-notifier - C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\sr05j18e.default-1450757018806\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2016-01-14]
FF Extension: FlashGot - C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\sr05j18e.default-1450757018806\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-03-17]
FF Extension: NoScript - C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\sr05j18e.default-1450757018806\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-07]
FF Extension: Flip or Rotate Image - C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\sr05j18e.default-1450757018806\Extensions\jid0-AGJXXzyS0rT1UudxcYiNRjbGttc@jetpack.xpi [2015-12-25]
FF Extension: Old Default Image Style - C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\sr05j18e.default-1450757018806\Extensions\olddefaultimagestyle@dagger2-addons.mozilla.org.xpi [2015-12-21]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\sr05j18e.default-1450757018806\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-03-20]
FF Extension: Adblock Plus - C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\sr05j18e.default-1450757018806\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\adminservice.exe [322176 2014-09-22] (Windows (R) Win 7 DDK provider) [File not signed]
R3 AthNetAgent; C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Agent\AthNetAgent.exe [169088 2014-08-26] (Quacomm Atheros, Inc.) [File not signed]
R3 DCDhcpService; C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\DirectConnect\DCDhcpService.exe [198272 2014-08-26] (Qualcomm Atheros Inc.) [File not signed]
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [119656 2016-01-15] (Dell)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-03] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2672328 2014-07-30] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-09-30] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-18] (Realtek Semiconductor)
R2 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [173256 2014-07-30] (Invincea, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-02-10] (Microsoft Corporation)
S3 Dell.CommandPowerManager.Service; C:\Windows\SysWOW64\dllhost.exe /Processid:{2D0FDCED-4A8B-4ECF-A7B9-6E9971425C2F}

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-09-21] (Qualcomm Atheros)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-06-06] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2642264 2014-09-15] (Realtek Semiconductor Corp.)
R3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [50696 2014-07-30] (Invincea, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [183304 2014-07-30] (Invincea, Inc.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2014-07-02] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-07-02] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-14 08:25 - 2016-04-14 08:25 - 00000000 ____D C:\Users\Anon\Desktop\rkill
2016-04-14 08:24 - 2016-04-14 08:25 - 00002282 _____ C:\Users\Anon\Desktop\Rkill.txt
2016-04-14 06:52 - 2016-04-14 06:52 - 00000000 ___RD C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-04-13 11:41 - 2016-04-14 08:40 - 00000000 ___DC C:\FRST
2016-04-12 23:10 - 2016-04-12 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2016-04-12 23:10 - 2016-04-12 23:10 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN
2016-04-11 21:00 - 2016-04-12 07:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-11 15:55 - 2016-04-11 15:55 - 00055419 _____ C:\Users\Anon\AppData\Local\recently-used.xbel

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-14 08:27 - 2015-11-14 11:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-14 08:27 - 2015-08-25 19:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-14 08:23 - 2015-12-14 12:23 - 00000000 ____D C:\Users\Anon\AppData\Roaming\vlc
2016-04-14 06:59 - 2009-07-13 21:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-14 06:59 - 2009-07-13 21:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-14 06:58 - 2009-07-13 22:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-14 06:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-04-14 06:51 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-12 21:08 - 2009-07-13 22:08 - 00032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-12 07:43 - 2015-07-02 19:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-11 15:55 - 2015-07-07 21:01 - 00000000 ____D C:\Users\Anon\AppData\Local\gtk-2.0
2016-04-11 15:55 - 2015-07-07 20:59 - 00000000 ____D C:\Users\Anon\.gimp-2.8
2016-04-07 15:27 - 2015-08-25 19:36 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-07 15:27 - 2015-08-25 19:36 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-07 15:27 - 2015-08-25 19:36 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-07 15:15 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-04-05 14:24 - 2015-07-30 01:46 - 00000000 ____D C:\Users\Anon\AppData\Local\CrashDumps
2016-04-04 05:07 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-22 22:59 - 2015-11-14 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-22 22:59 - 2015-11-14 11:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

==================== Files in the root of some directories =======

2016-04-11 15:55 - 2016-04-11 15:55 - 0055419 _____ () C:\Users\Anon\AppData\Local\recently-used.xbel

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-08 21:02

==================== End of FRST.txt ============================


ADDITION
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Anon (2016-04-14 08:41:13)
Running from C:\Users\Anon\Videos
Windows 7 Professional Service Pack 1 (X64) (2015-07-03 02:17:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1549069913-2747596873-114636901-500 - Administrator - Disabled)
Anon (S-1-5-21-1549069913-2747596873-114636901-1001 - Administrator - Enabled) => C:\Users\Anon
Guest (S-1-5-21-1549069913-2747596873-114636901-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1549069913-2747596873-114636901-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Command | Power Manager (HKLM\...\{DDDAF4A7-8B7D-4088-AECC-6F50E594B4F5}) (Version: 2.0.0 - Dell Inc.)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Foundation Services (HKLM\...\{AE5E3C86-2633-4DAF-A7F4-C43D1E738BAE}) (Version: 3.1.3300.0 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 4.0.18189 - Invincea, Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.16.4 - Synaptics Incorporated)
Dell Unified Wireless Suite (HKLM-x32\...\{6CFE6F33-3D69-4B9C-AA20-FF1F8CB064D5}) (Version: 1.00.0000 - Dell)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Intel(R) Chipset Device Software (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1060 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.34 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.332 - Qualcomm Atheros Communications)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.30169 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6049 - Realtek Semiconductor Corp.)
RPG Maker VX Ace (HKLM-x32\...\RPGVXAce_E_is1) (Version: 1.02 - Enterbrain)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0367729C-644D-4129-8573-1FDAEB83F51A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {793391E5-3351-4360-AD22-5FE76E722829} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {AC89EE1E-6479-4647-906F-FF799473E855} - System32\Tasks\{8815E37C-2DEB-49A3-A5A3-62D2D10D76DD} => pcalua.exe -a C:\Users\Anon\Videos\win32_153628.4332.exe -d C:\Users\Anon\Videos
Task: {CB46322B-45BE-4046-8165-F82B3DB460EC} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-09-01] (Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-08-26 19:34 - 2014-08-26 19:34 - 00103040 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AthIHVManager.dll
2014-08-26 19:35 - 2014-08-26 19:35 - 00113792 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AthIhvWlanNoise.dll
2014-08-26 19:35 - 2014-08-26 19:35 - 00188032 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\Hotspot20Ext.dll
2014-09-22 00:01 - 2014-09-22 00:01 - 00086016 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\Bluetooth Suite\Modules\Map\MAP.dll
2015-02-10 13:57 - 2014-10-03 16:00 - 00456808 _____ () C:\Windows\system32\igfxTray.exe
2014-08-26 19:35 - 2014-08-26 19:35 - 00643712 _____ () C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\spectral\SocketServer.exe
2014-09-30 12:56 - 2014-09-30 12:56 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3696 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3753 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3851 [0]
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE [292]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1549069913-2747596873-114636901-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{7560D436-5B9E-437B-9402-3F5C7052CC6A}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\wcct.exe
FirewallRules: [{B72A00F3-3819-49A7-9A1A-2A19220407B0}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\wcct.exe
FirewallRules: [{95AEB2B7-E879-45CD-9355-13EBC0DC3EB0}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\DirectConnect\DCDhcpService.exe
FirewallRules: [{A748A9CB-66E2-42F4-BDDF-0219407D7A47}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\DirectConnect\DCDhcpService.exe
FirewallRules: [{53F0A4DC-B23C-4DB2-B0B1-EE0DB487E4F3}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\DirectConnect\DirectDisplay.exe
FirewallRules: [{6D27489B-46D4-4FF7-BAF6-10D630FDA40F}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\DirectConnect\DirectDisplay.exe
FirewallRules: [{CC6E4010-6687-41EA-98FB-EEAF7B2ACC62}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\DirectConnect\DCWpaSupplicant.exe
FirewallRules: [{1B4E3E6E-F172-47FC-A300-B69A425F0A62}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\DirectConnect\DCWpaSupplicant.exe
FirewallRules: [{2F234B65-C1CA-412B-BA53-1EF0490F5FDF}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\spectral\SocketServer.exe
FirewallRules: [{919DCC44-AC04-4249-8388-803CB89596B7}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\spectral\SocketServer.exe
FirewallRules: [{49308773-4E09-4B62-A74B-EEB699FF5C58}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiC.exe
FirewallRules: [{CD6F1ED3-D690-409B-81AA-FAD231B16353}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiC.exe
FirewallRules: [{0187E3F3-5E33-43B8-8C9A-F78CD8E97147}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiCMgr.exe
FirewallRules: [{7F752C15-C0F7-4907-8F1C-E0C360DA154A}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiCMgr.exe
FirewallRules: [{D5095AC9-F9BC-4FF9-8FE2-02ED7F0B1B48}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiCICS.exe
FirewallRules: [{C458F48C-1C02-4F13-A09C-69487042BE9F}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiCICS.exe
FirewallRules: [{D733FA1C-D1A9-4984-A1D9-A597A0B1D715}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiCSrvc.exe
FirewallRules: [{7DEEC788-7056-4624-A1A1-041FAC3AC5A5}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\AWiCSrvc.exe
FirewallRules: [{D2DCBB6E-4A11-4936-AC44-4FE60E15A795}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\DiagConsole.exe
FirewallRules: [{2737AC3D-DC86-4C02-A9A2-D7F48FAF048D}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\awic\DiagConsole.exe
FirewallRules: [{861612D6-E312-40D5-A00E-DB3A44F091E8}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AWiCDiag.exe
FirewallRules: [{41D97A6A-9005-42F6-AE0D-09C1BA476F64}] => (Allow) C:\Program Files (x86)\Dell\Dell Unified Wireless Suite\ihvs\AWiCDiag.exe
FirewallRules: [{03ABC10C-1C83-4443-8DF9-3EB9025C6B62}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A76F8550-3452-4EC8-83E6-A185443CA283}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C88344CC-C2DA-4AC5-9870-7C29F8B36FAB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{14F9947D-B597-495F-AECE-32D499962EE6}] => (Allow) LPort=2869
FirewallRules: [{BD5B09B1-FB5A-4317-A94F-665EB520DE4E}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{0F55BC64-41B9-4878-A5D5-AF7C0437460B}C:\program files (x86)\gdevelop\gdide.exe] => (Allow) C:\program files (x86)\gdevelop\gdide.exe
FirewallRules: [UDP Query User{7724E46A-660B-4957-8417-AD63599BDE82}C:\program files (x86)\gdevelop\gdide.exe] => (Allow) C:\program files (x86)\gdevelop\gdide.exe
FirewallRules: [{26724B39-A5A6-4CE6-9453-C78532E7683E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0943247B-2146-4FD8-8C86-82C71E3776FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

05-03-2016 19:58:27 Scheduled Checkpoint
14-03-2016 11:22:27 Scheduled Checkpoint
22-03-2016 11:44:05 Scheduled Checkpoint
30-03-2016 19:46:26 Scheduled Checkpoint
01-04-2016 05:07:03 Windows Update
11-04-2016 19:06:42 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/14/2016 06:51:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2016 10:11:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2016 08:20:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2016 07:03:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6b4

Start Time: 01d195a996a44b0a

Termination Time: 82

Application Path: C:\Windows\Explorer.EXE

Report Id: 09a034f6-01e5-11e6-bd4c-4cbb5863cbe3

Error: (04/13/2016 10:26:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2016 06:59:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2016 06:34:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FileASSASSIN.exe version 1.6.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1568

Start Time: 01d1958592ff6f0d

Termination Time: 16

Application Path: C:\Program Files (x86)\FileASSASSIN\FileASSASSIN.exe

Report Id: 6e38c2d9-017c-11e6-be1d-4cbb5863cbe3

Error: (04/13/2016 06:05:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2016 11:24:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FileASSASSIN.exe version 1.6.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f48

Start Time: 01d1954c86afead2

Termination Time: 15

Application Path: C:\Program Files (x86)\FileASSASSIN\FileASSASSIN.exe

Report Id: 62dc04e7-0140-11e6-a3d1-4cbb5863cbe3

Error: (04/12/2016 11:19:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FileASSASSIN.exe version 1.6.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 165c

Start Time: 01d1954b1ec4e682

Termination Time: 16

Application Path: C:\Program Files (x86)\FileASSASSIN\FileASSASSIN.exe

Report Id: bbdd5897-013f-11e6-a3d1-4cbb5863cbe3


System errors:
=============
Error: (04/13/2016 11:47:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/13/2016 10:00:07 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/13/2016 08:19:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/13/2016 08:21:11 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/13/2016 06:58:16 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/13/2016 12:25:46 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/12/2016 11:08:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:07:15 PM on ‎4/‎12/‎2016 was unexpected.

Error: (04/12/2016 10:53:33 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/12/2016 10:42:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/12/2016 10:11:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


CodeIntegrity:
===================================
Date: 2016-03-23 23:25:06.170
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-23 23:25:06.122
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-23 23:25:06.074
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-23 23:25:06.026
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-23 23:25:05.980
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-23 23:25:05.933
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-23 23:25:05.885
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-23 23:25:05.836
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-23 23:25:05.788
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-23 23:25:05.737
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 59%
Total physical RAM: 3730.29 MB
Available physical RAM: 1508.27 MB
Total Virtual: 7458.78 MB
Available Virtual: 3942.02 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:453.99 GB) (Free:413.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 54DA6C0B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Thanks for those logs, I do not see any reference to any .asf files. Continue please:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Next,

Please download Security Analysis by Rocket Grannie from here: http://rocketgrannie.spywareinfoforum.org/RGSA.exe

  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • It will produce a log named SALog.txt on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.

Note: The link to the most current version of the program will always be in the first post of this topic.
Note: (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run to continue.)
Note: The current java version on XP will show as "out of date".
Note: Flash Player ActiveX is pre-installed with Internet Explorer in Windows 10 and updates Automatically.

Please post your feedback in this topic.

Let me see those logs in your reply, also give an update on any remaining issues or concerns... If possible can you zip and attach any .asf files on your system

Thank you,

Kevin...

 

Link to post
Share on other sites

Thank you! Uploading hangs with test.asf, so I attached a pic of it.

Fix result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Anon (2016-04-14 09:21:42) Run:1
Running from C:\Users\Anon\Videos
Loaded Profiles: Anon (Available Profiles: Anon)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
ProxyServer: [S-1-5-21-1549069913-2747596873-114636901-1001] => localhost:8080
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3696 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3753 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3851 [0]
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE [292]
CMD: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
end

 

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1549069913-2747596873-114636901-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
C:\Windows\SysWOW64\MSIHANDLE => ":3696" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":3753" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":3851" ADS removed successfully.
C:\ProgramData\TEMP => ":8CE646EE" ADS removed successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1549069913-2747596873-114636901-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1549069913-2747596873-114636901-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 697.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 09:22:36 ====

 

# AdwCleaner v5.110 - Logfile created 14/04/2016 at 09:12:20
# Updated 10/04/2016 by Xplode
# Database : 2016-04-11.4 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Anon - ANONYMOUS
# Running from : C:\Users\Anon\Videos\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [700 bytes] - [14/04/2016 09:12:20]
C:\AdwCleaner\AdwCleaner[S1].txt - [761 bytes] - [14/04/2016 09:10:56]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [844 bytes] ##########

 


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.35, April 2016 (build 5.35.12524.0)
Started On Thu Apr 14 09:14:40 2016

Engine: 1.1.12603.0
Signatures: 1.217.515.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 14 09:19:06 2016


Return code: 0 (0x0)

 

 

Result of Security Analysis by Rocket Grannie (x86) version: 28th March 2016
Running from:C:\Users\Anon\Videos (09:20:18 - 04/14/2016)
***---------------------------------------------------------***
Microsoft Windows 7 Professional X64 Service Pack 1
UAC is Enabled!
Internet Explorer 11
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
***-----------------Anti-Virus - Firewall-------------------***
 
Windows Firewall is Enabled!
Searching for any other Firewall
*No other Firewall Installed*
***----------------AntiSpyware - Miscellaneous---------------***
Adobe flash Player Plugin (version 21.0.0.213)
Malwarebytes Anti-Malware (version 2.2.1.1043)
Mozilla Firefox (version 45)
Windows Live Essentials (version 16.4)

***----------------Analysis Complete-------------------------***

Capture.PNG

Link to post
Share on other sites

Very strange the file is listed as 103. 985kb, that does not equal more than 30mb.....

Do you know how to use MediaFire, is free. You can upload files to MediaFire then give me link to download to my computer....

https://www.mediafire.com/

Do you have no idea where the file came from? it seems to be a music file, obviously what it appears to be and what it really is could differ...

We can probably move that file with FRST, but I would like to know what it is...

Link to post
Share on other sites

Ah now I understand....

Lets see if it will go with FRST...

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Anon (2016-04-14 10:21:33) Run:2
Running from C:\Users\Anon\Videos
Loaded Profiles: Anon (Available Profiles: Anon)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
C:\Users\Anon\test.asf
End

*****************

Restore point was successfully created.
Processes closed successfully.
"C:\Users\Anon\test.asf" => not found.


The system needed a reboot.

==== End of Fixlog 10:21:52 ====

Link to post
Share on other sites

Ok try again....

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Anon (2016-04-14 10:42:28) Run:3
Running from C:\Users\Anon\Videos
Loaded Profiles: Anon (Available Profiles: Anon)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
c:\users\anon\libraries\videos\test.asf
End

*****************

Restore point was successfully created.
Processes closed successfully.
"c:\users\anon\libraries\videos\test.asf" => not found.


The system needed a reboot.

==== End of Fixlog 10:42:44 ====

Link to post
Share on other sites

Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Anon (2016-04-14 10:59:20)
Running from C:\Users\Anon\Videos
Boot Mode: Normal

================== Search Files: "test.asf" =============

C:\Users\Anon\Videos\test.asf
[2016-04-12 21:26][2016-04-12 21:30] 106480455 ____N ()  [File not signed]

====== End of Search ======

Link to post
Share on other sites

One more try....

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Anon (2016-04-14 11:31:48) Run:4
Running from C:\Users\Anon\Videos
Loaded Profiles: Anon (Available Profiles: Anon)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
C:\Users\Anon\Videos\test.asf
End

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\Anon\Videos\test.asf => moved successfully


The system needed a reboot.

==== End of Fixlog 11:32:03 ====

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.