Hello
My computer hangs off and on and I have to reboot the system using the power button.
And even if I pressed Ctr Alt del then no task manager appear so I cannot reboot the
system. The only way is to press the power button and then to turn it on again.
I scanned the system with Malwarebytes , ZoneAlarm , webroot , Stinger and KVRT
all detected nothing ?
How to fix this
So I ran Farbar FRST to check the system and this is the Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-05-2020
Ran by K (04-05-2020 09:00:04)
Running from C:\Users\K\Downloads
Windows 7 Professional Service Pack 1 (X64) (2019-04-28 04:17:37)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4237547623-3581648954-966888715-500 - Administrator - Disabled)
Guest (S-1-5-21-4237547623-3581648954-966888715-501 - Limited - Disabled)
K (S-1-5-21-4237547623-3581648954-966888715-1000 - Administrator - Enabled) => C:\Users\K
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Webroot SecureAnywhere (Enabled - Up to date) {EA22F846-E33A-0128-9418-185509C86920}
AV: ZoneAlarm Antivirus (Enabled - Up to date) {B558F217-D667-9806-B388-2B026DB849E4}
AS: Webroot SecureAnywhere (Enabled - Up to date) {514319A2-C500-0EA6-AEA8-2327724F239D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {0E3913F3-F05D-9788-8938-1070163F0359}
FW: ZoneAlarm Firewall (Enabled) {8D637332-9C08-995E-98D7-8237936B0E9F}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
ACA & MEP 2019 Object Enabler (HKLM\...\{28B89EEF-2004-0000-5102-CF3F3A09B77D}) (Version: 8.1.44.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-2001-0000-3102-CF3F3A09B77D}) (Version: 23.0.46.0 - Autodesk) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.106.303.107 - ALPS ELECTRIC CO., LTD.)
AutoCAD 2019 - English (HKLM\...\{28B89EEF-2001-0409-2102-CF3F3A09B77D}) (Version: 23.0.46.0 - Autodesk) Hidden
AutoCAD 2019 (HKLM\...\{28B89EEF-2001-0000-0102-CF3F3A09B77D}) (Version: 23.0.162.0 - Autodesk) Hidden
AutoCAD 2019 Language Pack - English (HKLM\...\{28B89EEF-2001-0409-1102-CF3F3A09B77D}) (Version: 23.0.103.0 - Autodesk) Hidden
Autodesk App Manager 2016-2019 (HKLM-x32\...\{C1BF29A7-2D9E-4E8D-A3C1-02F6B20B8AB7}) (Version: 2.5.0 - Autodesk)
Autodesk AutoCAD 2019 - English (HKLM\...\AutoCAD 2019 - English) (Version: 23.0.46.0 - Autodesk)
Autodesk AutoCAD 2019.1.2 Update (HKLM-x32\...\{f4f9ba0b-2001-0000-0102-f66cecbc6200}) (Version: 23.0.162.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.3.0 (HKLM-x32\...\{448BC38C-2654-48CD-BB43-F59A37854A3E}) (Version: 1.3.0.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2019 Add-in 64 bit (HKLM\...\{59758C9C-FB82-4430-852C-FC79BBE62982}) (Version: 4.70.9 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.16.29 - Autodesk)
Autodesk Featured Apps 2016-2019 (HKLM-x32\...\{79F5747D-A961-4CCD-88B0-41F004D79AEB}) (Version: 2.5.0 - Autodesk)
Autodesk Genuine Service (HKLM-x32\...\{EF86FB37-98AB-49C2-930B-77A5E04758FE}) (Version: 2.2.0 - Autodesk)
Autodesk License Service (x64) - 7.1.4 (HKLM\...\{F53D6D10-7A75-4A39-8C53-A3D855C7C50A}) (Version: 7.1.4.0 - Autodesk)
Autodesk Material Library 2019 (HKLM-x32\...\{8F69EE2C-DC34-4746-9B47-7511147BD4B0}) (Version: 17.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2019 (HKLM-x32\...\{3AAA4C1B-51DA-487D-81A3-4234DBB9A8F9}) (Version: 17.11.3.0 - Autodesk)
Autodesk ReCap (HKLM\...\{50EDF910-0000-1033-0102-E3D118CE2EEA}) (Version: 5.0.4.17 - Autodesk) Hidden
Autodesk ReCap (HKLM\...\Autodesk ReCap 360) (Version: 5.0.4.17 - Autodesk)
Autodesk ReCap Photo (HKLM\...\{0E4FA9C0-0000-1033-0102-1B3A7F15D307}) (Version: 19.1.3.4 - Autodesk) Hidden
Autodesk ReCap Photo (HKLM\...\Autodesk ReCap Photo) (Version: 19.1.3.4 - Autodesk)
Autodesk ReCap Photo Update 19.1.0 (HKLM-x32\...\{11b0543e-b0f6-438b-8de5-ac6bbe34cc8f}) (Version: 19.1.0.10 - Autodesk)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.27(T) - TOSHIBA CORPORATION)
Brother MFL-Pro Suite DCP-7065DN (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Bullzip PDF Printer 11.9.0.2735 (HKLM\...\Bullzip PDF Printer_is1) (Version: 11.9.0.2735 - Bullzip)
Core (HKLM\...\{DEE1F2D9-006D-4FE4-BAB0-96732C9E636E}) (Version: 1.0.0.103 - Webroot) Hidden
Essential NetTools (HKLM-x32\...\{F38ADD30-FB36-11E1-3D6C-0095FA964AE1}) (Version: 4.4 - TamoSoft)
FARO LS 1.1.700.0 (64bit) (HKLM-x32\...\{FF6E9382-0B85-48DE-888F-76EFD9A87038}) (Version: 7.0.0.23 - FARO Scanner Production)
File Viewer Lite (HKLM-x32\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 1.5.0 - Sharpened Productions)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.129 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.33 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) 4.0 (HKLM-x32\...\{6D2580AE-0284-4CE0-9A39-A0E5E3A5C28C}) (Version: 17.0.1416.01 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft .NET Framework 4.8 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 11 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Software Limited)
paint.net (HKLM\...\{B998B716-4001-4919-BA90-BA14B51DFEB5}) (Version: 4.1.6 - dotPDN LLC)
PeaZip 6.8.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.8.0 - Giorgio Tani)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PowerBASIC for Windows version 10.04 (HKLM-x32\...\{CFE5EA52-F20A-44D0-A180-ED3129FB717E}_is1) (Version: 10.04 - PowerBASIC, Inc.)
Python 3.7.3 (32-bit) (HKU\S-1-5-21-4237547623-3581648954-966888715-1000\...\{24ac8299-2abd-4ddd-8be3-031debb6093c}) (Version: 3.7.3150.0 - Python Software Foundation)
Python 3.7.3 Add to Path (32-bit) (HKLM-x32\...\{2DB1318D-E51C-419B-99D5-D15F7120BD09}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Core Interpreter (32-bit) (HKLM-x32\...\{33AB9CEA-621E-4064-9FB0-7048E79DB5B5}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Development Libraries (32-bit) (HKLM-x32\...\{52DDE5D8-B45C-4C1D-81DD-D72317DE8B08}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Documentation (32-bit) (HKLM-x32\...\{2BC067C0-B392-49C0-988B-C839C62D8B65}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Executables (32-bit) (HKLM-x32\...\{E3E61712-C062-45E7-8348-D7DBF66FACFD}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 pip Bootstrap (32-bit) (HKLM-x32\...\{9846DC93-4A39-496F-8AE3-0E3AB4EF4385}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Standard Library (32-bit) (HKLM-x32\...\{DC6190E7-D05E-465A-9FB6-7418BC901991}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Tcl/Tk Support (32-bit) (HKLM-x32\...\{1341418F-C713-4943-ACB2-9F4D4743D193}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Test Suite (32-bit) (HKLM-x32\...\{FE5E4BF9-7487-4CE8-A2AC-F78C6B4BE487}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Utility Scripts (32-bit) (HKLM-x32\...\{AE9303AD-EBD0-4C85-A9D0-55B1BA972D11}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39058 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.85.423.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7520 - Realtek Semiconductor Corp.)
StudioTax 2019 (HKLM-x32\...\{09F18C8B-5B39-497C-8F57-1328318241F5}) (Version: 15.0.3.0 - BHOK IT Consulting)
Tekla Structures 2019 (HKLM\...\{FBEF321F-46B4-4337-961A-F9A0508C7E94}) (Version: 219.0.47170 - Trimble Solutions Corporation)
Tekla Structures 2019 Canada Env_10 (HKLM\...\{4225CC89-6F86-4960-B063-273970DFB993}) (Version: 219.0.222 - Trimble Solutions Corporation)
Tekla Warehouse Service (HKLM-x32\...\{55C3E467-D2AB-478B-A4AE-EEC9CB86ABC2}) (Version: 1.3.14 - Trimble Solutions Corporation)
TextCrawler Free 3.0.3 (HKLM-x32\...\TextCrawler Free) (Version: 3.0.3 - DigitalVolcano Software Ltd)
The Enigma Protector v6.70 Build 20200428 (HKLM-x32\...\The Enigma Protector_is1) (Version: - The Enigma Protector Developers Team)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.14 - Toshiba Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.13 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.4.10.64 - Toshiba Corporation)
TOSHIBA Flash Cards (HKLM\...\{F5D089A2-3E02-4471-AA04-3C7B87A60BD4}) (Version: 9.0.6.6401 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.6.02.6403 - Toshiba Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.15 - TOSHIBA Corporation)
TOSHIBA HWSetup (HKLM-x32\...\{0E94D98C-00A7-4C93-9708-8E5A1859E72E}) (Version: 9.0.5.3202 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{6C0A2179-56CB-4F1F-9681-E777A4F3C800}) (Version: 9.0.3.3201 - Toshiba Corporation)
TOSHIBA PC Diagnostic Tool (HKLM-x32\...\{F0794FA5-1809-4FC3-AA4E-48061281B5A2}) (Version: 9.0.3.6400 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{A0D34C74-70AC-45E4-9735-A11DA95A5810}) (Version: 4.00.00.6402 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.9.52040013 - Toshiba Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA System Driver (HKLM\...\{46754F5B-B496-4BCA-87E5-84ACF27FCE0F}) (Version: 9.0.3.6401 - Toshiba Corporation)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 6.1.2.3 - Toshiba Corporation)
Tsep File Dispatcher Launcher (HKLM\...\{E77800FE-DA6C-43DF-B473-29B20C60BB55}) (Version: 1.3.19 - Trimble Solutions Corporation)
TunnelBear (HKLM-x32\...\{000a1d8b-8a80-4cd4-8781-7770c7923b7f}) (Version: 4.2.6.0 - TunnelBear)
TunnelBear (HKLM-x32\...\{71843510-D27B-4003-AB30-D02F2E78C45D}) (Version: 4.2.6.0 - TunnelBear) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.28.39 - Webroot)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 20 - Windscribe Limited)
ZoneAlarm Antivirus (HKLM-x32\...\{F3790C3A-1015-410D-8BE1-EA48C2637BFF}) (Version: 15.6.121.18102 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Antivirus (HKLM-x32\...\ZoneAlarm Antivirus) (Version: 15.6.121.18102 - Check Point)
ZoneAlarm Firewall (HKLM-x32\...\{18FE6943-D33D-42F5-99D5-0ED22F633E32}) (Version: 15.6.121.18102 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (HKLM-x32\...\{881E7A8C-9C4B-4D14-B390-EAFBA278CF45}) (Version: 15.6.121.18102 - Check Point Software Technologies Ltd.) Hidden
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4237547623-3581648954-966888715-1000_Classes\CLSID\{4AC6DFE1-607B-45B2-B289-D7FBCD44169C}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2019\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4237547623-3581648954-966888715-1000_Classes\CLSID\{74D0CE91-F931-4FAC-BEA9-EE32E43EAD37}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2019\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4237547623-3581648954-966888715-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4237547623-3581648954-966888715-1000_Classes\CLSID\{E11054A5-EE73-4928-A39A-2C4986E7138F}\InprocServer32 -> C:\windows\system32\kernel32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4237547623-3581648954-966888715-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2019\en-US\acadficn.dll (Autodesk, Inc. -> Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\windows\system32\WRusr.dll [2020-05-04] (Webroot Inc. -> Webroot)
ShellIconOverlayIdentifiers: [ ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\windows\system32\WRusr.dll [2020-05-04] (Webroot Inc. -> Webroot)
ShellIconOverlayIdentifiers: [ ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\windows\system32\WRusr.dll [2020-05-04] (Webroot Inc. -> Webroot)
ShellIconOverlayIdentifiers: [ ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\windows\system32\WRusr.dll [2020-05-04] (Webroot Inc. -> Webroot)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll [2018-01-29] (Autodesk, Inc. -> Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2018-01-29] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\windows\system32\WRusr.dll [2020-05-04] (Webroot Inc. -> Webroot)
ContextMenuHandlers1: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2019-07-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\windows\system32\WRusr.dll [2020-05-04] (Webroot Inc. -> Webroot)
ContextMenuHandlers6: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
==================== Loaded Modules (Whitelisted) =============
2020-04-09 18:36 - 2020-04-09 18:36 - 000030720 _____ ( () [File not signed]) [File is in use ] C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.Wrapper.dll
2019-04-28 15:11 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 001603072 _____ () [File not signed] C:\Program Files (x86)\Windscribe\libGLESv2.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 000071168 _____ () [File not signed] C:\Program Files (x86)\Windscribe\zlib1.dll
2019-04-28 15:12 - 2008-08-18 18:27 - 000122880 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll
2019-04-28 15:12 - 2012-04-23 15:03 - 000380928 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2019-04-28 09:52 - 2019-02-15 08:13 - 000221696 _____ (Bullzip) [File not signed] C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll
2019-07-25 10:52 - 2019-07-25 10:52 - 000986112 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CheckPoint\ZoneAlarm\dbghelp.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 000058368 _____ (The c-ares library, hxxps://c-ares.haxx.se/) [File not signed] C:\Program Files (x86)\Windscribe\cares.dll
2019-08-21 11:27 - 2018-09-13 23:56 - 000350208 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files (x86)\Windscribe\libcurl.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 001212928 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Windscribe\LIBEAY32.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 000276480 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Windscribe\SSLEAY32.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 000024576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\imageformats\qgif.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 000025088 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\imageformats\qico.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 000986624 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\platforms\qwindows.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 004694016 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Core.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 003677184 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Gui.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 000856064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Network.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 004483072 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Widgets.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01872483.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01872483.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR521 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
==================== Association (Whitelisted) =================
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-4237547623-3581648954-966888715-1000\Software\Classes\.scr: AutoCADScriptFile => C:\windows\system32\notepad.exe "%1"
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-04-29 20:24 - 2019-04-29 20:24 - 000000824 ____N C:\windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\
HKU\S-1-5-21-4237547623-3581648954-966888715-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\K\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 208.67.222.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [{E95CD1C0-A1F9-46C3-9FA1-C9D2DD53CF77}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Mobile Wireless Group -> )
FirewallRules: [TCP Query User{B5231620-BCBA-4621-A032-1413C47D3A0F}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [UDP Query User{799E97D7-51A7-4120-A136-27AA820B614B}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [{C1122265-9BFB-420E-83E0-E68A584968EB}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{04073677-4EDB-4CCC-A71E-3DAF0A7F2672}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{6254BE72-A9E4-4769-8B20-792FDCB57452}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{099D9AA0-54C7-4F5B-A206-1ED75493C265}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{9ED34C84-3A36-4BDB-BF4C-C8BBBDB3A8DF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:800 GB) (Free:644.84 GB) (81%)
==================== Faulty Device Manager Devices ============
Name: TOSHIBA Web Camera - HD
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Intel(R) Dual Band Wireless-AC 3160
Description: Intel(R) Dual Band Wireless-AC 3160
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Intel(R) Display Audio
Description: Intel(R) Display Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel(R) Corporation
Service: IntcDAud
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (05/01/2020 07:05:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 4.0.0.638, time stamp: 0x5ea21563
Faulting module name: ntdll.dll, version: 6.1.7601.24511, time stamp: 0x5d3fa9bd
Exception code: 0xc0000374
Fault offset: 0x00000000000bf302
Faulting process id: 0x1864
Faulting application start time: 0x01d62026091e265b
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: 55c18619-8c19-11ea-ae3c-b86b23b0f585
Error: (04/28/2020 07:42:36 PM) (Source: MsiInstaller) (EventID: 10005) (User: KP)
Description: Product: Python 3.7.3 pip Bootstrap (32-bit) -- No Python 3.7 installation was detected.
Error: (04/28/2020 07:42:00 PM) (Source: MsiInstaller) (EventID: 10005) (User: KP)
Description: Product: Python 3.7.3 pip Bootstrap (32-bit) -- No Python 3.7 installation was detected.
Error: (04/28/2020 09:57:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Faulting module name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Exception code: 0xc0000005
Fault offset: 0x00006bee
Faulting process id: 0x3cb0
Faulting application start time: 0x01d61d7e0a34c301
Faulting application path: C:\ESD\SkyF TestInstall\SkyFrame\Bin\Check McID.EXE
Faulting module path: C:\ESD\SkyF TestInstall\SkyFrame\Bin\Check McID.EXE
Report Id: 48bc4c7b-8971-11ea-8aa7-b86b23b0f585
Error: (04/28/2020 09:50:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Faulting module name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Exception code: 0xc0000005
Fault offset: 0x00006bee
Faulting process id: 0x2bd4
Faulting application start time: 0x01d61d7d27490bb1
Faulting application path: C:\PB SkyFrame 12\A Module Creators\Checking Progs\Check McID\Check McID.EXE
Faulting module path: C:\PB SkyFrame 12\A Module Creators\Checking Progs\Check McID\Check McID.EXE
Report Id: 6541c29b-8970-11ea-8aa7-b86b23b0f585
Error: (04/28/2020 09:50:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Faulting module name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Exception code: 0xc0000005
Fault offset: 0x00006bee
Faulting process id: 0x2ab0
Faulting application start time: 0x01d61d7d1dcd101a
Faulting application path: C:\PB SkyFrame 12\A Module Creators\Checking Progs\Check McID\Check McID.EXE
Faulting module path: C:\PB SkyFrame 12\A Module Creators\Checking Progs\Check McID\Check McID.EXE
Report Id: 5d0be389-8970-11ea-8aa7-b86b23b0f585
Error: (04/27/2020 07:24:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MSigner.EXE, version: 1.2.0.0, time stamp: 0x00003039
Faulting module name: MSigner.EXE, version: 1.2.0.0, time stamp: 0x00003039
Exception code: 0xc0000005
Fault offset: 0x00037a4a
Faulting process id: 0x1458
Faulting application start time: 0x01d61d042f819758
Faulting application path: C:\PB Test MS\MSigner\MSigner.EXE
Faulting module path: C:\PB Test MS\MSigner\MSigner.EXE
Report Id: 6e5ed25c-88f7-11ea-b9a3-b86b23b0f585
Error: (04/27/2020 07:18:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MSigner.EXE, version: 1.2.0.0, time stamp: 0x00003039
Faulting module name: MSigner.EXE, version: 1.2.0.0, time stamp: 0x00003039
Exception code: 0xc0000005
Fault offset: 0x0003484d
Faulting process id: 0xb98
Faulting application start time: 0x01d61d034ebb7756
Faulting application path: C:\PB Test MS\MSigner\MSigner.EXE
Faulting module path: C:\PB Test MS\MSigner\MSigner.EXE
Report Id: 8d8a6a18-88f6-11ea-b9a3-b86b23b0f585
System errors:
=============
Error: (05/03/2020 06:03:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (05/03/2020 06:03:28 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\K\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (05/03/2020 06:03:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (05/03/2020 06:03:27 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\K\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (05/03/2020 06:03:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (05/03/2020 06:03:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\K\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (05/03/2020 06:03:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (05/03/2020 06:03:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\K\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
==================== Memory info ===========================
BIOS: TOSHIBA Version 1.40 09/25/2014
Motherboard: TOSHIBA Satellite Pro R50-B
Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 66%
Total physical RAM: 6061.36 MB
Available physical RAM: 2027.47 MB
Total Virtual: 12120.86 MB
Available Virtual: 8178.47 MB
==================== Drives ================================
Drive c: (TI313417D0A) (Fixed) (Total:800 GB) (Free:644.84 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{5dd2b991-6964-11e9-91dc-806e6f6e6963}\ (System) (Fixed) (Total:1.46 GB) (Free:1.24 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: BB415172)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=800 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
from the addition.txt I found this 01872483.sys but couldn't locate this file in the system?
My computer hangs off and on and I have to reboot the system using the power button.
And even if I pressed Ctr Alt del then no task manager appear so I cannot reboot the
system. The only way is to press the power button and then to turn it on again.
I scanned the system with Malwarebytes , ZoneAlarm , webroot , Stinger and KVRT
all detected nothing ?
How to fix this
So I ran Farbar FRST to check the system and this is the Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-05-2020
Ran by K (04-05-2020 09:00:04)
Running from C:\Users\K\Downloads
Windows 7 Professional Service Pack 1 (X64) (2019-04-28 04:17:37)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4237547623-3581648954-966888715-500 - Administrator - Disabled)
Guest (S-1-5-21-4237547623-3581648954-966888715-501 - Limited - Disabled)
K (S-1-5-21-4237547623-3581648954-966888715-1000 - Administrator - Enabled) => C:\Users\K
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Webroot SecureAnywhere (Enabled - Up to date) {EA22F846-E33A-0128-9418-185509C86920}
AV: ZoneAlarm Antivirus (Enabled - Up to date) {B558F217-D667-9806-B388-2B026DB849E4}
AS: Webroot SecureAnywhere (Enabled - Up to date) {514319A2-C500-0EA6-AEA8-2327724F239D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {0E3913F3-F05D-9788-8938-1070163F0359}
FW: ZoneAlarm Firewall (Enabled) {8D637332-9C08-995E-98D7-8237936B0E9F}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
ACA & MEP 2019 Object Enabler (HKLM\...\{28B89EEF-2004-0000-5102-CF3F3A09B77D}) (Version: 8.1.44.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-2001-0000-3102-CF3F3A09B77D}) (Version: 23.0.46.0 - Autodesk) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.106.303.107 - ALPS ELECTRIC CO., LTD.)
AutoCAD 2019 - English (HKLM\...\{28B89EEF-2001-0409-2102-CF3F3A09B77D}) (Version: 23.0.46.0 - Autodesk) Hidden
AutoCAD 2019 (HKLM\...\{28B89EEF-2001-0000-0102-CF3F3A09B77D}) (Version: 23.0.162.0 - Autodesk) Hidden
AutoCAD 2019 Language Pack - English (HKLM\...\{28B89EEF-2001-0409-1102-CF3F3A09B77D}) (Version: 23.0.103.0 - Autodesk) Hidden
Autodesk App Manager 2016-2019 (HKLM-x32\...\{C1BF29A7-2D9E-4E8D-A3C1-02F6B20B8AB7}) (Version: 2.5.0 - Autodesk)
Autodesk AutoCAD 2019 - English (HKLM\...\AutoCAD 2019 - English) (Version: 23.0.46.0 - Autodesk)
Autodesk AutoCAD 2019.1.2 Update (HKLM-x32\...\{f4f9ba0b-2001-0000-0102-f66cecbc6200}) (Version: 23.0.162.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.3.0 (HKLM-x32\...\{448BC38C-2654-48CD-BB43-F59A37854A3E}) (Version: 1.3.0.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2019 Add-in 64 bit (HKLM\...\{59758C9C-FB82-4430-852C-FC79BBE62982}) (Version: 4.70.9 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.16.29 - Autodesk)
Autodesk Featured Apps 2016-2019 (HKLM-x32\...\{79F5747D-A961-4CCD-88B0-41F004D79AEB}) (Version: 2.5.0 - Autodesk)
Autodesk Genuine Service (HKLM-x32\...\{EF86FB37-98AB-49C2-930B-77A5E04758FE}) (Version: 2.2.0 - Autodesk)
Autodesk License Service (x64) - 7.1.4 (HKLM\...\{F53D6D10-7A75-4A39-8C53-A3D855C7C50A}) (Version: 7.1.4.0 - Autodesk)
Autodesk Material Library 2019 (HKLM-x32\...\{8F69EE2C-DC34-4746-9B47-7511147BD4B0}) (Version: 17.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2019 (HKLM-x32\...\{3AAA4C1B-51DA-487D-81A3-4234DBB9A8F9}) (Version: 17.11.3.0 - Autodesk)
Autodesk ReCap (HKLM\...\{50EDF910-0000-1033-0102-E3D118CE2EEA}) (Version: 5.0.4.17 - Autodesk) Hidden
Autodesk ReCap (HKLM\...\Autodesk ReCap 360) (Version: 5.0.4.17 - Autodesk)
Autodesk ReCap Photo (HKLM\...\{0E4FA9C0-0000-1033-0102-1B3A7F15D307}) (Version: 19.1.3.4 - Autodesk) Hidden
Autodesk ReCap Photo (HKLM\...\Autodesk ReCap Photo) (Version: 19.1.3.4 - Autodesk)
Autodesk ReCap Photo Update 19.1.0 (HKLM-x32\...\{11b0543e-b0f6-438b-8de5-ac6bbe34cc8f}) (Version: 19.1.0.10 - Autodesk)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.27(T) - TOSHIBA CORPORATION)
Brother MFL-Pro Suite DCP-7065DN (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Bullzip PDF Printer 11.9.0.2735 (HKLM\...\Bullzip PDF Printer_is1) (Version: 11.9.0.2735 - Bullzip)
Core (HKLM\...\{DEE1F2D9-006D-4FE4-BAB0-96732C9E636E}) (Version: 1.0.0.103 - Webroot) Hidden
Essential NetTools (HKLM-x32\...\{F38ADD30-FB36-11E1-3D6C-0095FA964AE1}) (Version: 4.4 - TamoSoft)
FARO LS 1.1.700.0 (64bit) (HKLM-x32\...\{FF6E9382-0B85-48DE-888F-76EFD9A87038}) (Version: 7.0.0.23 - FARO Scanner Production)
File Viewer Lite (HKLM-x32\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 1.5.0 - Sharpened Productions)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.129 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.33 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) 4.0 (HKLM-x32\...\{6D2580AE-0284-4CE0-9A39-A0E5E3A5C28C}) (Version: 17.0.1416.01 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft .NET Framework 4.8 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 11 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Software Limited)
paint.net (HKLM\...\{B998B716-4001-4919-BA90-BA14B51DFEB5}) (Version: 4.1.6 - dotPDN LLC)
PeaZip 6.8.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.8.0 - Giorgio Tani)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PowerBASIC for Windows version 10.04 (HKLM-x32\...\{CFE5EA52-F20A-44D0-A180-ED3129FB717E}_is1) (Version: 10.04 - PowerBASIC, Inc.)
Python 3.7.3 (32-bit) (HKU\S-1-5-21-4237547623-3581648954-966888715-1000\...\{24ac8299-2abd-4ddd-8be3-031debb6093c}) (Version: 3.7.3150.0 - Python Software Foundation)
Python 3.7.3 Add to Path (32-bit) (HKLM-x32\...\{2DB1318D-E51C-419B-99D5-D15F7120BD09}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Core Interpreter (32-bit) (HKLM-x32\...\{33AB9CEA-621E-4064-9FB0-7048E79DB5B5}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Development Libraries (32-bit) (HKLM-x32\...\{52DDE5D8-B45C-4C1D-81DD-D72317DE8B08}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Documentation (32-bit) (HKLM-x32\...\{2BC067C0-B392-49C0-988B-C839C62D8B65}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Executables (32-bit) (HKLM-x32\...\{E3E61712-C062-45E7-8348-D7DBF66FACFD}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 pip Bootstrap (32-bit) (HKLM-x32\...\{9846DC93-4A39-496F-8AE3-0E3AB4EF4385}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Standard Library (32-bit) (HKLM-x32\...\{DC6190E7-D05E-465A-9FB6-7418BC901991}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Tcl/Tk Support (32-bit) (HKLM-x32\...\{1341418F-C713-4943-ACB2-9F4D4743D193}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Test Suite (32-bit) (HKLM-x32\...\{FE5E4BF9-7487-4CE8-A2AC-F78C6B4BE487}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Utility Scripts (32-bit) (HKLM-x32\...\{AE9303AD-EBD0-4C85-A9D0-55B1BA972D11}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39058 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.85.423.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7520 - Realtek Semiconductor Corp.)
StudioTax 2019 (HKLM-x32\...\{09F18C8B-5B39-497C-8F57-1328318241F5}) (Version: 15.0.3.0 - BHOK IT Consulting)
Tekla Structures 2019 (HKLM\...\{FBEF321F-46B4-4337-961A-F9A0508C7E94}) (Version: 219.0.47170 - Trimble Solutions Corporation)
Tekla Structures 2019 Canada Env_10 (HKLM\...\{4225CC89-6F86-4960-B063-273970DFB993}) (Version: 219.0.222 - Trimble Solutions Corporation)
Tekla Warehouse Service (HKLM-x32\...\{55C3E467-D2AB-478B-A4AE-EEC9CB86ABC2}) (Version: 1.3.14 - Trimble Solutions Corporation)
TextCrawler Free 3.0.3 (HKLM-x32\...\TextCrawler Free) (Version: 3.0.3 - DigitalVolcano Software Ltd)
The Enigma Protector v6.70 Build 20200428 (HKLM-x32\...\The Enigma Protector_is1) (Version: - The Enigma Protector Developers Team)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.14 - Toshiba Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.13 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.4.10.64 - Toshiba Corporation)
TOSHIBA Flash Cards (HKLM\...\{F5D089A2-3E02-4471-AA04-3C7B87A60BD4}) (Version: 9.0.6.6401 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.6.02.6403 - Toshiba Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.15 - TOSHIBA Corporation)
TOSHIBA HWSetup (HKLM-x32\...\{0E94D98C-00A7-4C93-9708-8E5A1859E72E}) (Version: 9.0.5.3202 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{6C0A2179-56CB-4F1F-9681-E777A4F3C800}) (Version: 9.0.3.3201 - Toshiba Corporation)
TOSHIBA PC Diagnostic Tool (HKLM-x32\...\{F0794FA5-1809-4FC3-AA4E-48061281B5A2}) (Version: 9.0.3.6400 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{A0D34C74-70AC-45E4-9735-A11DA95A5810}) (Version: 4.00.00.6402 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.9.52040013 - Toshiba Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA System Driver (HKLM\...\{46754F5B-B496-4BCA-87E5-84ACF27FCE0F}) (Version: 9.0.3.6401 - Toshiba Corporation)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 6.1.2.3 - Toshiba Corporation)
Tsep File Dispatcher Launcher (HKLM\...\{E77800FE-DA6C-43DF-B473-29B20C60BB55}) (Version: 1.3.19 - Trimble Solutions Corporation)
TunnelBear (HKLM-x32\...\{000a1d8b-8a80-4cd4-8781-7770c7923b7f}) (Version: 4.2.6.0 - TunnelBear)
TunnelBear (HKLM-x32\...\{71843510-D27B-4003-AB30-D02F2E78C45D}) (Version: 4.2.6.0 - TunnelBear) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.28.39 - Webroot)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 20 - Windscribe Limited)
ZoneAlarm Antivirus (HKLM-x32\...\{F3790C3A-1015-410D-8BE1-EA48C2637BFF}) (Version: 15.6.121.18102 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Antivirus (HKLM-x32\...\ZoneAlarm Antivirus) (Version: 15.6.121.18102 - Check Point)
ZoneAlarm Firewall (HKLM-x32\...\{18FE6943-D33D-42F5-99D5-0ED22F633E32}) (Version: 15.6.121.18102 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (HKLM-x32\...\{881E7A8C-9C4B-4D14-B390-EAFBA278CF45}) (Version: 15.6.121.18102 - Check Point Software Technologies Ltd.) Hidden
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4237547623-3581648954-966888715-1000_Classes\CLSID\{4AC6DFE1-607B-45B2-B289-D7FBCD44169C}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2019\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4237547623-3581648954-966888715-1000_Classes\CLSID\{74D0CE91-F931-4FAC-BEA9-EE32E43EAD37}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2019\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4237547623-3581648954-966888715-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4237547623-3581648954-966888715-1000_Classes\CLSID\{E11054A5-EE73-4928-A39A-2C4986E7138F}\InprocServer32 -> C:\windows\system32\kernel32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4237547623-3581648954-966888715-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2019\en-US\acadficn.dll (Autodesk, Inc. -> Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\windows\system32\WRusr.dll [2020-05-04] (Webroot Inc. -> Webroot)
ShellIconOverlayIdentifiers: [ ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\windows\system32\WRusr.dll [2020-05-04] (Webroot Inc. -> Webroot)
ShellIconOverlayIdentifiers: [ ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\windows\system32\WRusr.dll [2020-05-04] (Webroot Inc. -> Webroot)
ShellIconOverlayIdentifiers: [ ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\windows\system32\WRusr.dll [2020-05-04] (Webroot Inc. -> Webroot)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll [2018-01-29] (Autodesk, Inc. -> Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2018-01-29] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\windows\system32\WRusr.dll [2020-05-04] (Webroot Inc. -> Webroot)
ContextMenuHandlers1: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2019-07-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\windows\system32\WRusr.dll [2020-05-04] (Webroot Inc. -> Webroot)
ContextMenuHandlers6: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
==================== Loaded Modules (Whitelisted) =============
2020-04-09 18:36 - 2020-04-09 18:36 - 000030720 _____ ( () [File not signed]) [File is in use ] C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.Wrapper.dll
2019-04-28 15:11 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 001603072 _____ () [File not signed] C:\Program Files (x86)\Windscribe\libGLESv2.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 000071168 _____ () [File not signed] C:\Program Files (x86)\Windscribe\zlib1.dll
2019-04-28 15:12 - 2008-08-18 18:27 - 000122880 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll
2019-04-28 15:12 - 2012-04-23 15:03 - 000380928 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2019-04-28 09:52 - 2019-02-15 08:13 - 000221696 _____ (Bullzip) [File not signed] C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll
2019-07-25 10:52 - 2019-07-25 10:52 - 000986112 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CheckPoint\ZoneAlarm\dbghelp.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 000058368 _____ (The c-ares library, hxxps://c-ares.haxx.se/) [File not signed] C:\Program Files (x86)\Windscribe\cares.dll
2019-08-21 11:27 - 2018-09-13 23:56 - 000350208 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files (x86)\Windscribe\libcurl.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 001212928 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Windscribe\LIBEAY32.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 000276480 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Windscribe\SSLEAY32.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 000024576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\imageformats\qgif.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 000025088 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\imageformats\qico.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 000986624 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\platforms\qwindows.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 004694016 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Core.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 003677184 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Gui.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 000856064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Network.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 004483072 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Widgets.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01872483.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01872483.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR521 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
==================== Association (Whitelisted) =================
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-4237547623-3581648954-966888715-1000\Software\Classes\.scr: AutoCADScriptFile => C:\windows\system32\notepad.exe "%1"
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-04-29 20:24 - 2019-04-29 20:24 - 000000824 ____N C:\windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\
HKU\S-1-5-21-4237547623-3581648954-966888715-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\K\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 208.67.222.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [{E95CD1C0-A1F9-46C3-9FA1-C9D2DD53CF77}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Mobile Wireless Group -> )
FirewallRules: [TCP Query User{B5231620-BCBA-4621-A032-1413C47D3A0F}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [UDP Query User{799E97D7-51A7-4120-A136-27AA820B614B}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [{C1122265-9BFB-420E-83E0-E68A584968EB}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{04073677-4EDB-4CCC-A71E-3DAF0A7F2672}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{6254BE72-A9E4-4769-8B20-792FDCB57452}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{099D9AA0-54C7-4F5B-A206-1ED75493C265}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{9ED34C84-3A36-4BDB-BF4C-C8BBBDB3A8DF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:800 GB) (Free:644.84 GB) (81%)
==================== Faulty Device Manager Devices ============
Name: TOSHIBA Web Camera - HD
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Intel(R) Dual Band Wireless-AC 3160
Description: Intel(R) Dual Band Wireless-AC 3160
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Intel(R) Display Audio
Description: Intel(R) Display Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel(R) Corporation
Service: IntcDAud
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (05/01/2020 07:05:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 4.0.0.638, time stamp: 0x5ea21563
Faulting module name: ntdll.dll, version: 6.1.7601.24511, time stamp: 0x5d3fa9bd
Exception code: 0xc0000374
Fault offset: 0x00000000000bf302
Faulting process id: 0x1864
Faulting application start time: 0x01d62026091e265b
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: 55c18619-8c19-11ea-ae3c-b86b23b0f585
Error: (04/28/2020 07:42:36 PM) (Source: MsiInstaller) (EventID: 10005) (User: KP)
Description: Product: Python 3.7.3 pip Bootstrap (32-bit) -- No Python 3.7 installation was detected.
Error: (04/28/2020 07:42:00 PM) (Source: MsiInstaller) (EventID: 10005) (User: KP)
Description: Product: Python 3.7.3 pip Bootstrap (32-bit) -- No Python 3.7 installation was detected.
Error: (04/28/2020 09:57:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Faulting module name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Exception code: 0xc0000005
Fault offset: 0x00006bee
Faulting process id: 0x3cb0
Faulting application start time: 0x01d61d7e0a34c301
Faulting application path: C:\ESD\SkyF TestInstall\SkyFrame\Bin\Check McID.EXE
Faulting module path: C:\ESD\SkyF TestInstall\SkyFrame\Bin\Check McID.EXE
Report Id: 48bc4c7b-8971-11ea-8aa7-b86b23b0f585
Error: (04/28/2020 09:50:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Faulting module name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Exception code: 0xc0000005
Fault offset: 0x00006bee
Faulting process id: 0x2bd4
Faulting application start time: 0x01d61d7d27490bb1
Faulting application path: C:\PB SkyFrame 12\A Module Creators\Checking Progs\Check McID\Check McID.EXE
Faulting module path: C:\PB SkyFrame 12\A Module Creators\Checking Progs\Check McID\Check McID.EXE
Report Id: 6541c29b-8970-11ea-8aa7-b86b23b0f585
Error: (04/28/2020 09:50:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Faulting module name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Exception code: 0xc0000005
Fault offset: 0x00006bee
Faulting process id: 0x2ab0
Faulting application start time: 0x01d61d7d1dcd101a
Faulting application path: C:\PB SkyFrame 12\A Module Creators\Checking Progs\Check McID\Check McID.EXE
Faulting module path: C:\PB SkyFrame 12\A Module Creators\Checking Progs\Check McID\Check McID.EXE
Report Id: 5d0be389-8970-11ea-8aa7-b86b23b0f585
Error: (04/27/2020 07:24:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MSigner.EXE, version: 1.2.0.0, time stamp: 0x00003039
Faulting module name: MSigner.EXE, version: 1.2.0.0, time stamp: 0x00003039
Exception code: 0xc0000005
Fault offset: 0x00037a4a
Faulting process id: 0x1458
Faulting application start time: 0x01d61d042f819758
Faulting application path: C:\PB Test MS\MSigner\MSigner.EXE
Faulting module path: C:\PB Test MS\MSigner\MSigner.EXE
Report Id: 6e5ed25c-88f7-11ea-b9a3-b86b23b0f585
Error: (04/27/2020 07:18:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MSigner.EXE, version: 1.2.0.0, time stamp: 0x00003039
Faulting module name: MSigner.EXE, version: 1.2.0.0, time stamp: 0x00003039
Exception code: 0xc0000005
Fault offset: 0x0003484d
Faulting process id: 0xb98
Faulting application start time: 0x01d61d034ebb7756
Faulting application path: C:\PB Test MS\MSigner\MSigner.EXE
Faulting module path: C:\PB Test MS\MSigner\MSigner.EXE
Report Id: 8d8a6a18-88f6-11ea-b9a3-b86b23b0f585
System errors:
=============
Error: (05/03/2020 06:03:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (05/03/2020 06:03:28 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\K\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (05/03/2020 06:03:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (05/03/2020 06:03:27 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\K\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (05/03/2020 06:03:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (05/03/2020 06:03:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\K\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (05/03/2020 06:03:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (05/03/2020 06:03:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\K\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
==================== Memory info ===========================
BIOS: TOSHIBA Version 1.40 09/25/2014
Motherboard: TOSHIBA Satellite Pro R50-B
Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 66%
Total physical RAM: 6061.36 MB
Available physical RAM: 2027.47 MB
Total Virtual: 12120.86 MB
Available Virtual: 8178.47 MB
==================== Drives ================================
Drive c: (TI313417D0A) (Fixed) (Total:800 GB) (Free:644.84 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{5dd2b991-6964-11e9-91dc-806e6f6e6963}\ (System) (Fixed) (Total:1.46 GB) (Free:1.24 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: BB415172)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=800 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
from the addition.txt I found this 01872483.sys but couldn't locate this file in the system?