Solved My computer was hit by unknown malware

annew

Posts: 30   +3
Hello
My computer hangs off and on and I have to reboot the system using the power button.
And even if I pressed Ctr Alt del then no task manager appear so I cannot reboot the
system. The only way is to press the power button and then to turn it on again.

I scanned the system with Malwarebytes , ZoneAlarm , webroot , Stinger and KVRT
all detected nothing ?
How to fix this

So I ran Farbar FRST to check the system and this is the Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-05-2020
Ran by K (04-05-2020 09:00:04)
Running from C:\Users\K\Downloads
Windows 7 Professional Service Pack 1 (X64) (2019-04-28 04:17:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4237547623-3581648954-966888715-500 - Administrator - Disabled)
Guest (S-1-5-21-4237547623-3581648954-966888715-501 - Limited - Disabled)
K (S-1-5-21-4237547623-3581648954-966888715-1000 - Administrator - Enabled) => C:\Users\K

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {EA22F846-E33A-0128-9418-185509C86920}
AV: ZoneAlarm Antivirus (Enabled - Up to date) {B558F217-D667-9806-B388-2B026DB849E4}
AS: Webroot SecureAnywhere (Enabled - Up to date) {514319A2-C500-0EA6-AEA8-2327724F239D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {0E3913F3-F05D-9788-8938-1070163F0359}
FW: ZoneAlarm Firewall (Enabled) {8D637332-9C08-995E-98D7-8237936B0E9F}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
ACA & MEP 2019 Object Enabler (HKLM\...\{28B89EEF-2004-0000-5102-CF3F3A09B77D}) (Version: 8.1.44.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-2001-0000-3102-CF3F3A09B77D}) (Version: 23.0.46.0 - Autodesk) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.106.303.107 - ALPS ELECTRIC CO., LTD.)
AutoCAD 2019 - English (HKLM\...\{28B89EEF-2001-0409-2102-CF3F3A09B77D}) (Version: 23.0.46.0 - Autodesk) Hidden
AutoCAD 2019 (HKLM\...\{28B89EEF-2001-0000-0102-CF3F3A09B77D}) (Version: 23.0.162.0 - Autodesk) Hidden
AutoCAD 2019 Language Pack - English (HKLM\...\{28B89EEF-2001-0409-1102-CF3F3A09B77D}) (Version: 23.0.103.0 - Autodesk) Hidden
Autodesk App Manager 2016-2019 (HKLM-x32\...\{C1BF29A7-2D9E-4E8D-A3C1-02F6B20B8AB7}) (Version: 2.5.0 - Autodesk)
Autodesk AutoCAD 2019 - English (HKLM\...\AutoCAD 2019 - English) (Version: 23.0.46.0 - Autodesk)
Autodesk AutoCAD 2019.1.2 Update (HKLM-x32\...\{f4f9ba0b-2001-0000-0102-f66cecbc6200}) (Version: 23.0.162.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.3.0 (HKLM-x32\...\{448BC38C-2654-48CD-BB43-F59A37854A3E}) (Version: 1.3.0.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2019 Add-in 64 bit (HKLM\...\{59758C9C-FB82-4430-852C-FC79BBE62982}) (Version: 4.70.9 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.16.29 - Autodesk)
Autodesk Featured Apps 2016-2019 (HKLM-x32\...\{79F5747D-A961-4CCD-88B0-41F004D79AEB}) (Version: 2.5.0 - Autodesk)
Autodesk Genuine Service (HKLM-x32\...\{EF86FB37-98AB-49C2-930B-77A5E04758FE}) (Version: 2.2.0 - Autodesk)
Autodesk License Service (x64) - 7.1.4 (HKLM\...\{F53D6D10-7A75-4A39-8C53-A3D855C7C50A}) (Version: 7.1.4.0 - Autodesk)
Autodesk Material Library 2019 (HKLM-x32\...\{8F69EE2C-DC34-4746-9B47-7511147BD4B0}) (Version: 17.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2019 (HKLM-x32\...\{3AAA4C1B-51DA-487D-81A3-4234DBB9A8F9}) (Version: 17.11.3.0 - Autodesk)
Autodesk ReCap (HKLM\...\{50EDF910-0000-1033-0102-E3D118CE2EEA}) (Version: 5.0.4.17 - Autodesk) Hidden
Autodesk ReCap (HKLM\...\Autodesk ReCap 360) (Version: 5.0.4.17 - Autodesk)
Autodesk ReCap Photo (HKLM\...\{0E4FA9C0-0000-1033-0102-1B3A7F15D307}) (Version: 19.1.3.4 - Autodesk) Hidden
Autodesk ReCap Photo (HKLM\...\Autodesk ReCap Photo) (Version: 19.1.3.4 - Autodesk)
Autodesk ReCap Photo Update 19.1.0 (HKLM-x32\...\{11b0543e-b0f6-438b-8de5-ac6bbe34cc8f}) (Version: 19.1.0.10 - Autodesk)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.27(T) - TOSHIBA CORPORATION)
Brother MFL-Pro Suite DCP-7065DN (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Bullzip PDF Printer 11.9.0.2735 (HKLM\...\Bullzip PDF Printer_is1) (Version: 11.9.0.2735 - Bullzip)
Core (HKLM\...\{DEE1F2D9-006D-4FE4-BAB0-96732C9E636E}) (Version: 1.0.0.103 - Webroot) Hidden
Essential NetTools (HKLM-x32\...\{F38ADD30-FB36-11E1-3D6C-0095FA964AE1}) (Version: 4.4 - TamoSoft)
FARO LS 1.1.700.0 (64bit) (HKLM-x32\...\{FF6E9382-0B85-48DE-888F-76EFD9A87038}) (Version: 7.0.0.23 - FARO Scanner Production)
File Viewer Lite (HKLM-x32\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 1.5.0 - Sharpened Productions)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.129 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.33 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) 4.0 (HKLM-x32\...\{6D2580AE-0284-4CE0-9A39-A0E5E3A5C28C}) (Version: 17.0.1416.01 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft .NET Framework 4.8 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 11 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Software Limited)
paint.net (HKLM\...\{B998B716-4001-4919-BA90-BA14B51DFEB5}) (Version: 4.1.6 - dotPDN LLC)
PeaZip 6.8.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.8.0 - Giorgio Tani)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PowerBASIC for Windows version 10.04 (HKLM-x32\...\{CFE5EA52-F20A-44D0-A180-ED3129FB717E}_is1) (Version: 10.04 - PowerBASIC, Inc.)
Python 3.7.3 (32-bit) (HKU\S-1-5-21-4237547623-3581648954-966888715-1000\...\{24ac8299-2abd-4ddd-8be3-031debb6093c}) (Version: 3.7.3150.0 - Python Software Foundation)
Python 3.7.3 Add to Path (32-bit) (HKLM-x32\...\{2DB1318D-E51C-419B-99D5-D15F7120BD09}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Core Interpreter (32-bit) (HKLM-x32\...\{33AB9CEA-621E-4064-9FB0-7048E79DB5B5}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Development Libraries (32-bit) (HKLM-x32\...\{52DDE5D8-B45C-4C1D-81DD-D72317DE8B08}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Documentation (32-bit) (HKLM-x32\...\{2BC067C0-B392-49C0-988B-C839C62D8B65}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Executables (32-bit) (HKLM-x32\...\{E3E61712-C062-45E7-8348-D7DBF66FACFD}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 pip Bootstrap (32-bit) (HKLM-x32\...\{9846DC93-4A39-496F-8AE3-0E3AB4EF4385}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Standard Library (32-bit) (HKLM-x32\...\{DC6190E7-D05E-465A-9FB6-7418BC901991}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Tcl/Tk Support (32-bit) (HKLM-x32\...\{1341418F-C713-4943-ACB2-9F4D4743D193}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Test Suite (32-bit) (HKLM-x32\...\{FE5E4BF9-7487-4CE8-A2AC-F78C6B4BE487}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Utility Scripts (32-bit) (HKLM-x32\...\{AE9303AD-EBD0-4C85-A9D0-55B1BA972D11}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39058 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.85.423.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7520 - Realtek Semiconductor Corp.)
StudioTax 2019 (HKLM-x32\...\{09F18C8B-5B39-497C-8F57-1328318241F5}) (Version: 15.0.3.0 - BHOK IT Consulting)
Tekla Structures 2019 (HKLM\...\{FBEF321F-46B4-4337-961A-F9A0508C7E94}) (Version: 219.0.47170 - Trimble Solutions Corporation)
Tekla Structures 2019 Canada Env_10 (HKLM\...\{4225CC89-6F86-4960-B063-273970DFB993}) (Version: 219.0.222 - Trimble Solutions Corporation)
Tekla Warehouse Service (HKLM-x32\...\{55C3E467-D2AB-478B-A4AE-EEC9CB86ABC2}) (Version: 1.3.14 - Trimble Solutions Corporation)
TextCrawler Free 3.0.3 (HKLM-x32\...\TextCrawler Free) (Version: 3.0.3 - DigitalVolcano Software Ltd)
The Enigma Protector v6.70 Build 20200428 (HKLM-x32\...\The Enigma Protector_is1) (Version: - The Enigma Protector Developers Team)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.14 - Toshiba Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.13 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.4.10.64 - Toshiba Corporation)
TOSHIBA Flash Cards (HKLM\...\{F5D089A2-3E02-4471-AA04-3C7B87A60BD4}) (Version: 9.0.6.6401 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.6.02.6403 - Toshiba Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.15 - TOSHIBA Corporation)
TOSHIBA HWSetup (HKLM-x32\...\{0E94D98C-00A7-4C93-9708-8E5A1859E72E}) (Version: 9.0.5.3202 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{6C0A2179-56CB-4F1F-9681-E777A4F3C800}) (Version: 9.0.3.3201 - Toshiba Corporation)
TOSHIBA PC Diagnostic Tool (HKLM-x32\...\{F0794FA5-1809-4FC3-AA4E-48061281B5A2}) (Version: 9.0.3.6400 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{A0D34C74-70AC-45E4-9735-A11DA95A5810}) (Version: 4.00.00.6402 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.9.52040013 - Toshiba Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA System Driver (HKLM\...\{46754F5B-B496-4BCA-87E5-84ACF27FCE0F}) (Version: 9.0.3.6401 - Toshiba Corporation)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 6.1.2.3 - Toshiba Corporation)
Tsep File Dispatcher Launcher (HKLM\...\{E77800FE-DA6C-43DF-B473-29B20C60BB55}) (Version: 1.3.19 - Trimble Solutions Corporation)
TunnelBear (HKLM-x32\...\{000a1d8b-8a80-4cd4-8781-7770c7923b7f}) (Version: 4.2.6.0 - TunnelBear)
TunnelBear (HKLM-x32\...\{71843510-D27B-4003-AB30-D02F2E78C45D}) (Version: 4.2.6.0 - TunnelBear) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.28.39 - Webroot)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 20 - Windscribe Limited)
ZoneAlarm Antivirus (HKLM-x32\...\{F3790C3A-1015-410D-8BE1-EA48C2637BFF}) (Version: 15.6.121.18102 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Antivirus (HKLM-x32\...\ZoneAlarm Antivirus) (Version: 15.6.121.18102 - Check Point)
ZoneAlarm Firewall (HKLM-x32\...\{18FE6943-D33D-42F5-99D5-0ED22F633E32}) (Version: 15.6.121.18102 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (HKLM-x32\...\{881E7A8C-9C4B-4D14-B390-EAFBA278CF45}) (Version: 15.6.121.18102 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4237547623-3581648954-966888715-1000_Classes\CLSID\{4AC6DFE1-607B-45B2-B289-D7FBCD44169C}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2019\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4237547623-3581648954-966888715-1000_Classes\CLSID\{74D0CE91-F931-4FAC-BEA9-EE32E43EAD37}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2019\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4237547623-3581648954-966888715-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4237547623-3581648954-966888715-1000_Classes\CLSID\{E11054A5-EE73-4928-A39A-2C4986E7138F}\InprocServer32 -> C:\windows\system32\kernel32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4237547623-3581648954-966888715-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2019\en-US\acadficn.dll (Autodesk, Inc. -> Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\windows\system32\WRusr.dll [2020-05-04] (Webroot Inc. -> Webroot)
ShellIconOverlayIdentifiers: [ ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\windows\system32\WRusr.dll [2020-05-04] (Webroot Inc. -> Webroot)
ShellIconOverlayIdentifiers: [ ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\windows\system32\WRusr.dll [2020-05-04] (Webroot Inc. -> Webroot)
ShellIconOverlayIdentifiers: [ ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\windows\system32\WRusr.dll [2020-05-04] (Webroot Inc. -> Webroot)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll [2018-01-29] (Autodesk, Inc. -> Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2018-01-29] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\windows\system32\WRusr.dll [2020-05-04] (Webroot Inc. -> Webroot)
ContextMenuHandlers1: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2019-07-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\windows\system32\WRusr.dll [2020-05-04] (Webroot Inc. -> Webroot)
ContextMenuHandlers6: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]

==================== Loaded Modules (Whitelisted) =============

2020-04-09 18:36 - 2020-04-09 18:36 - 000030720 _____ ( () [File not signed]) [File is in use ] C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.Wrapper.dll
2019-04-28 15:11 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 001603072 _____ () [File not signed] C:\Program Files (x86)\Windscribe\libGLESv2.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 000071168 _____ () [File not signed] C:\Program Files (x86)\Windscribe\zlib1.dll
2019-04-28 15:12 - 2008-08-18 18:27 - 000122880 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll
2019-04-28 15:12 - 2012-04-23 15:03 - 000380928 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2019-04-28 09:52 - 2019-02-15 08:13 - 000221696 _____ (Bullzip) [File not signed] C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll
2019-07-25 10:52 - 2019-07-25 10:52 - 000986112 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CheckPoint\ZoneAlarm\dbghelp.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 000058368 _____ (The c-ares library, hxxps://c-ares.haxx.se/) [File not signed] C:\Program Files (x86)\Windscribe\cares.dll
2019-08-21 11:27 - 2018-09-13 23:56 - 000350208 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files (x86)\Windscribe\libcurl.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 001212928 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Windscribe\LIBEAY32.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 000276480 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Windscribe\SSLEAY32.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 000024576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\imageformats\qgif.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 000025088 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\imageformats\qico.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 000986624 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\platforms\qwindows.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 004694016 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Core.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 003677184 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Gui.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 000856064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Network.dll
2019-08-21 11:27 - 2018-07-06 17:22 - 004483072 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Widgets.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01872483.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01872483.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR521 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-4237547623-3581648954-966888715-1000\Software\Classes\.scr: AutoCADScriptFile => C:\windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-04-29 20:24 - 2019-04-29 20:24 - 000000824 ____N C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\
HKU\S-1-5-21-4237547623-3581648954-966888715-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\K\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 208.67.222.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [{E95CD1C0-A1F9-46C3-9FA1-C9D2DD53CF77}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Mobile Wireless Group -> )
FirewallRules: [TCP Query User{B5231620-BCBA-4621-A032-1413C47D3A0F}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [UDP Query User{799E97D7-51A7-4120-A136-27AA820B614B}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [{C1122265-9BFB-420E-83E0-E68A584968EB}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{04073677-4EDB-4CCC-A71E-3DAF0A7F2672}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{6254BE72-A9E4-4769-8B20-792FDCB57452}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{099D9AA0-54C7-4F5B-A206-1ED75493C265}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{9ED34C84-3A36-4BDB-BF4C-C8BBBDB3A8DF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:800 GB) (Free:644.84 GB) (81%)

==================== Faulty Device Manager Devices ============

Name: TOSHIBA Web Camera - HD
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel(R) Dual Band Wireless-AC 3160
Description: Intel(R) Dual Band Wireless-AC 3160
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel(R) Display Audio
Description: Intel(R) Display Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel(R) Corporation
Service: IntcDAud
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (05/01/2020 07:05:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 4.0.0.638, time stamp: 0x5ea21563
Faulting module name: ntdll.dll, version: 6.1.7601.24511, time stamp: 0x5d3fa9bd
Exception code: 0xc0000374
Fault offset: 0x00000000000bf302
Faulting process id: 0x1864
Faulting application start time: 0x01d62026091e265b
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: 55c18619-8c19-11ea-ae3c-b86b23b0f585

Error: (04/28/2020 07:42:36 PM) (Source: MsiInstaller) (EventID: 10005) (User: KP)
Description: Product: Python 3.7.3 pip Bootstrap (32-bit) -- No Python 3.7 installation was detected.

Error: (04/28/2020 07:42:00 PM) (Source: MsiInstaller) (EventID: 10005) (User: KP)
Description: Product: Python 3.7.3 pip Bootstrap (32-bit) -- No Python 3.7 installation was detected.

Error: (04/28/2020 09:57:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Faulting module name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Exception code: 0xc0000005
Fault offset: 0x00006bee
Faulting process id: 0x3cb0
Faulting application start time: 0x01d61d7e0a34c301
Faulting application path: C:\ESD\SkyF TestInstall\SkyFrame\Bin\Check McID.EXE
Faulting module path: C:\ESD\SkyF TestInstall\SkyFrame\Bin\Check McID.EXE
Report Id: 48bc4c7b-8971-11ea-8aa7-b86b23b0f585

Error: (04/28/2020 09:50:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Faulting module name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Exception code: 0xc0000005
Fault offset: 0x00006bee
Faulting process id: 0x2bd4
Faulting application start time: 0x01d61d7d27490bb1
Faulting application path: C:\PB SkyFrame 12\A Module Creators\Checking Progs\Check McID\Check McID.EXE
Faulting module path: C:\PB SkyFrame 12\A Module Creators\Checking Progs\Check McID\Check McID.EXE
Report Id: 6541c29b-8970-11ea-8aa7-b86b23b0f585

Error: (04/28/2020 09:50:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Faulting module name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Exception code: 0xc0000005
Fault offset: 0x00006bee
Faulting process id: 0x2ab0
Faulting application start time: 0x01d61d7d1dcd101a
Faulting application path: C:\PB SkyFrame 12\A Module Creators\Checking Progs\Check McID\Check McID.EXE
Faulting module path: C:\PB SkyFrame 12\A Module Creators\Checking Progs\Check McID\Check McID.EXE
Report Id: 5d0be389-8970-11ea-8aa7-b86b23b0f585

Error: (04/27/2020 07:24:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MSigner.EXE, version: 1.2.0.0, time stamp: 0x00003039
Faulting module name: MSigner.EXE, version: 1.2.0.0, time stamp: 0x00003039
Exception code: 0xc0000005
Fault offset: 0x00037a4a
Faulting process id: 0x1458
Faulting application start time: 0x01d61d042f819758
Faulting application path: C:\PB Test MS\MSigner\MSigner.EXE
Faulting module path: C:\PB Test MS\MSigner\MSigner.EXE
Report Id: 6e5ed25c-88f7-11ea-b9a3-b86b23b0f585

Error: (04/27/2020 07:18:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MSigner.EXE, version: 1.2.0.0, time stamp: 0x00003039
Faulting module name: MSigner.EXE, version: 1.2.0.0, time stamp: 0x00003039
Exception code: 0xc0000005
Fault offset: 0x0003484d
Faulting process id: 0xb98
Faulting application start time: 0x01d61d034ebb7756
Faulting application path: C:\PB Test MS\MSigner\MSigner.EXE
Faulting module path: C:\PB Test MS\MSigner\MSigner.EXE
Report Id: 8d8a6a18-88f6-11ea-b9a3-b86b23b0f585


System errors:
=============
Error: (05/03/2020 06:03:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (05/03/2020 06:03:28 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\K\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/03/2020 06:03:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (05/03/2020 06:03:27 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\K\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/03/2020 06:03:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (05/03/2020 06:03:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\K\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/03/2020 06:03:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (05/03/2020 06:03:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\K\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


==================== Memory info ===========================

BIOS: TOSHIBA Version 1.40 09/25/2014
Motherboard: TOSHIBA Satellite Pro R50-B
Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 66%
Total physical RAM: 6061.36 MB
Available physical RAM: 2027.47 MB
Total Virtual: 12120.86 MB
Available Virtual: 8178.47 MB

==================== Drives ================================

Drive c: (TI313417D0A) (Fixed) (Total:800 GB) (Free:644.84 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{5dd2b991-6964-11e9-91dc-806e6f6e6963}\ (System) (Fixed) (Total:1.46 GB) (Free:1.24 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: BB415172)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=800 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================


from the addition.txt I found this 01872483.sys but couldn't locate this file in the system?
 

annew

Posts: 30   +3
How do write the Farbar's fixlist.txt to clear off 2 unknown or malware drivers
that are located in the alternate data stream namely 01872483.sys and SMR521 ?

I bet that these are where the malware are hiding?
 

Broni

Posts: 55,803   +503
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================

I still need FRST.txt log.

Also...you're running two AV programs, Webroot SecureAnywhere and ZoneAlarm Antivirus.
That may cause some conflict. I strongly recommend, you uninstall one of them.
 

annew

Posts: 30   +3
Thank you Broni, here's my FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-05-2020
Ran by K (administrator) on KP (TOSHIBA Satellite Pro R50-B) (04-05-2020 08:50:49)
Running from C:\Users\K\Downloads
Loaded Profiles: K (Available Profiles: K)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation-Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Trimble Solutions Corporation -> Trimble) C:\Program Files (x86)\Tekla Warehouse\Tekla.Warehouse.WindowsService.exe
(TunnelBear -> TunnelBear) C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
(Webroot Inc. -> Webroot) C:\Program Files\Webroot\WRSA.exe <2>
(Webroot Inc. -> Webroot, Inc.) C:\Program Files\Webroot\Core\WRCoreService.x64.exe
(Webroot Inc. -> Webroot, Inc.) C:\Program Files\Webroot\Core\WRSkyClient.x64.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\Windscribe.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\wsappcontrol.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [711040 2013-08-20] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-09] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [326448 2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [4878504 2020-04-06] (Webroot Inc. -> Webroot)
HKU\S-1-5-21-4237547623-3581648954-966888715-1000\...\Policies\Explorer: []
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Installer\chrmstp.exe [2020-04-27] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{3AFF1C30-4959-4c2f-8BED-E6E81E39F57A}] -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtCp.dll [2012-02-01] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
Startup: C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GenuineService.lnk [2019-05-14]
ShortcutTarget: GenuineService.lnk -> C:\Users\K\Autodesk\Genuine Service\GenuineService.exe (Autodesk Inc -> Autodesk)
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00C28D69-B739-4A49-8ADA-3F54FF76DC9B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-11] (Google LLC -> Google LLC)
Task: {861A6C67-8D1B-4E6A-A836-ED79F3D1CAD3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-11] (Google LLC -> Google LLC)
Task: {BF50E1CF-B569-40C6-A891-4DCECC6625C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257928 2014-08-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {CBB427A0-C50E-4026-A0D2-3932782F8EF0} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\K\Desktop\AV tools\esetonlinescanner_enu.exe [8149816 2019-10-07] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {CD255C92-17D5-470A-BE0F-5DFDBF0C891C} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\K\Desktop\AV tools\esetonlinescanner_enu.exe [8149816 2019-10-07] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {D3C063EF-19F0-494A-8600-BD975F8B1462} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 8.8.8.8
Tcpip\..\Interfaces\{23235C2E-30F9-4A33-A74C-C93DB86EB54C}: [DhcpNameServer] 172.18.11.1
Tcpip\..\Interfaces\{7655EAE4-EA9A-4AD8-982B-B00330A24224}: [NameServer] 8.8.8.8,208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{7655EAE4-EA9A-4AD8-982B-B00330A24224}: [DhcpNameServer] 208.67.222.222 208.67.220.220 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4237547623-3581648954-966888715-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4237547623-3581648954-966888715-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-4237547623-3581648954-966888715-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://follow.toshiba.ca/toshiba/id-ss
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2020-01-09] (Webroot Inc. -> Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2020-01-09] (Webroot Inc. -> Webroot)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-05] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\K\AppData\Local\Google\Chrome\User Data\Default [2020-05-04]
CHR Extension: (Google Drive) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-03-11]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2020-03-11]
CHR Extension: (YouTube) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-11]
CHR Extension: (uBlock Origin) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-04-21]
CHR Extension: (ZoneAlarm Web Secure) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\flljooaijgdgaaogmfhakpojmddcjjmj [2020-05-01]
CHR Extension: (Google Docs Offline) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-21]
CHR Extension: (Anti Miner - No 1 Coin Minerblock) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibhpgkhoicjhklmbhdoeikeggbeejonj [2020-03-11]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2020-04-07]
CHR Extension: (Disconnect) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2020-03-11]
CHR Extension: (Webroot Filtering Extension) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2020-03-19]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2020-03-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-03-11]
CHR Extension: (Gmail) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-03-11]
CHR Extension: (Chrome Media Router) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-21]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [87384 2014-03-27] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [359680 2019-07-12] (Intel Corporation -> Intel Corporation)
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-05-01] (Malwarebytes Inc -> Malwarebytes)
S4 mfevtp; C:\windows\system32\mfevtps.exe [343544 2020-04-28] (McAfee, Inc. -> McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] (Intel Corporation-Mobile Wireless Group -> )
R2 Tekla Warehouse; C:\Program Files (x86)\Tekla Warehouse\Tekla.Warehouse.WindowsService.exe [17904 2019-01-21] (Trimble Solutions Corporation -> Trimble)
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [137848 2020-04-09] (TunnelBear -> TunnelBear)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4501544 2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited)
R2 WirelessKB850NotificationService; C:\windows\system32\WirelessKB850NotificationService.exe [174256 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
R2 WRCoreService; C:\Program Files\Webroot\Core\WRCoreService.x64.exe [1643224 2019-10-02] (Webroot Inc. -> Webroot, Inc.)
R3 WRSkyClient; C:\Program Files\Webroot\Core\WRSkyClient.x64.exe [2950832 2019-10-02] (Webroot Inc. -> Webroot, Inc.)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [4878504 2020-04-06] (Webroot Inc. -> Webroot)
R2 ZA NET ICM Service; C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe [40304 2019-02-06] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.)
S3 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel Corporation-Mobile Wireless Group -> Intel® Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 config; C:\windows\System32\DRIVERS\ibtfudrv.sys [120528 2014-04-14] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R3 dc3d; C:\windows\System32\DRIVERS\dc3d.sys [47616 2011-05-18] (Hardware Group Test Cert -> Microsoft Corporation)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [153312 2020-05-01] (Malwarebytes Corporation -> Malwarebytes)
R0 iaStorF; C:\windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [531280 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klfltsdk; C:\windows\System32\DRIVERS\klfltsdk.sys [252544 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klgse; C:\windows\System32\DRIVERS\klgse.sys [521336 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\windows\System32\DRIVERS\klhk.sys [1107064 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klifsdk; C:\windows\System32\DRIVERS\klifsdk.sys [1105536 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\windows\System32\DRIVERS\klwtp.sys [212304 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [214496 2020-05-01] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [195432 2020-05-04] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [73368 2020-05-04] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [248968 2020-05-04] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [112752 2020-05-04] (Malwarebytes Inc -> Malwarebytes)
R3 MEIx64; C:\windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S4 mfehidk; C:\windows\System32\drivers\mfehidk.sys [917008 2020-04-28] (McAfee, Inc. -> McAfee, Inc.)
S4 mferkdet; C:\windows\System32\drivers\mferkdet.sys [124432 2020-04-28] (McAfee, Inc. -> McAfee, Inc.)
S3 NETwNs64; C:\windows\System32\DRIVERS\Netwsw02.sys [3442144 2014-06-18] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R0 pwdrvio; C:\windows\System32\pwdrvio.sys [19152 2019-05-29] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2019-05-29] (MiniTool Solution Ltd -> )
R3 tap-tb-0901; C:\windows\System32\DRIVERS\tap-tb-0901.sys [38656 2019-06-19] (TunnelBear, Inc. -> The OpenVPN Project)
R3 tapwindscribe0901; C:\windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
R1 Vsdatant; C:\windows\System32\DRIVERS\vsdatant.sys [461240 2019-04-26] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R3 WirelessKeyboardFilter; C:\windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
R1 WRCore; C:\windows\system32\drivers\WRCore.x64.sys [148336 2019-08-09] (Webroot Inc. -> Webroot, Inc.)
R0 WRkrn; C:\windows\System32\drivers\WRkrn.sys [143592 2019-11-04] (Webroot Inc. -> Webroot)
S3 wrUrlFlt; C:\windows\system32\DRIVERS\wrUrlFlt.sys [67912 2020-01-09] (Webroot Inc. -> Webroot)
U3 iswSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-04 08:50 - 2020-05-04 08:51 - 000020893 _____ C:\Users\K\Downloads\FRST.txt
2020-05-04 08:49 - 2020-05-04 08:49 - 000000116 _____ C:\Users\K\Desktop\use of FRST.txt
2020-05-04 08:48 - 2020-05-04 08:51 - 000000000 ____D C:\FRST
2020-05-04 08:44 - 2020-05-04 08:45 - 002283520 _____ (Farbar) C:\Users\K\Downloads\FRST64 (1).exe
2020-05-04 07:34 - 2020-05-04 07:34 - 000315770 _____ C:\Users\K\Downloads\BCHydro Bill May 6 2020.pdf
2020-05-04 06:56 - 2020-05-04 07:06 - 000000000 ____D C:\Users\K\AppData\LocalLow\IGDump
2020-05-04 06:26 - 2020-05-04 06:26 - 001897451 _____ C:\Users\K\Downloads\cpp_tutorial.pdf
2020-05-04 05:48 - 2020-05-04 05:49 - 000000000 ____D C:\Users\K\Desktop\suspects
2020-05-04 05:34 - 2020-05-04 05:34 - 000073368 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2020-05-04 05:33 - 2020-05-04 05:33 - 000195432 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2020-05-04 05:33 - 2020-05-04 05:33 - 000112752 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2020-05-04 05:31 - 2020-05-04 05:31 - 000248968 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2020-05-03 20:00 - 2020-05-03 20:56 - 000000957 _____ C:\Users\K\Desktop\Fix chrome problems.txt
2020-05-03 10:36 - 2020-05-03 10:36 - 000000000 ____D C:\ProgramData\Emsisoft
2020-05-03 10:31 - 2020-05-03 10:41 - 000000000 ____D C:\EMIsoft
2020-05-03 09:43 - 2020-05-03 09:45 - 347985608 _____ C:\Users\K\Downloads\EmsisoftEmergencyKit.exe
2020-05-03 06:25 - 2020-05-03 06:25 - 001980016 _____ (Malwarebytes) C:\Users\K\Downloads\MBSetup (1).exe
2020-05-02 14:06 - 2020-05-02 14:09 - 000001251 _____ C:\Users\K\Desktop\resmon.lnk
2020-05-02 05:28 - 2020-05-02 05:28 - 000255928 _____ (Malwarebytes) C:\windows\system32\Drivers\5179C37C.sys
2020-05-02 04:39 - 2020-05-02 04:41 - 116014512 _____ (Microsoft Corporation) C:\Users\K\Downloads\MSERT.exe
2020-05-01 19:10 - 2020-05-01 19:10 - 000214496 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2020-05-01 19:10 - 2020-05-01 19:10 - 000001971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-05-01 19:10 - 2020-05-01 19:10 - 000001959 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-05-01 19:10 - 2020-05-01 19:10 - 000001959 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-05-01 13:19 - 2020-05-01 13:21 - 011429976 _____ (SurfRight B.V.) C:\Users\K\Downloads\HitmanPro_x64 (1).exe
2020-04-30 10:25 - 2020-04-30 10:29 - 176865720 _____ (AO Kaspersky Lab) C:\Users\K\Downloads\KVRT.exe
2020-04-30 10:21 - 2020-04-30 10:21 - 032108584 _____ (Microsoft Corporation) C:\Users\K\Downloads\Windows-KB890830-x64-V5.81.exe
2020-04-29 20:36 - 2020-04-29 20:48 - 000066560 _____ (SkyHitek Solutions Inc.) C:\Users\K\Desktop\Semula.EXE
2020-04-29 14:39 - 2020-04-29 14:39 - 013256517 _____ C:\Users\K\Downloads\Design_and_Analysis_of_Connections_in_St.pdf
2020-04-29 14:17 - 2020-04-29 14:17 - 006061327 _____ C:\Users\K\Downloads\Design_of_timber_structures_according_to.pdf
2020-04-29 14:01 - 2020-04-29 14:02 - 004275045 _____ C:\Users\K\Downloads\DESIGN_OF_STRUCTURAL_CONNECTIONS_TO_EURO.pdf
2020-04-29 13:55 - 2020-04-29 13:55 - 002999409 _____ C:\Users\K\Downloads\Structural_Design_of_Steelwork_to_Third.pdf
2020-04-29 13:50 - 2020-04-29 13:50 - 003564128 _____ C:\Users\K\Downloads\Good The_Behaviour_and_Design_of_Steel_Struct.pdf
2020-04-29 13:46 - 2020-04-29 13:46 - 000965648 _____ C:\Users\K\Downloads\Manual_for_the_design_of_steelwork_build.pdf
2020-04-29 09:35 - 2020-04-29 09:35 - 000002840 _____ C:\Users\K\Desktop\WrtFTPUserPW.txt
2020-04-29 05:45 - 2020-05-03 06:54 - 000000000 ____D C:\Users\K\AppData\Local\VirtualStore
2020-04-28 17:46 - 2020-04-28 17:33 - 000343544 _____ (McAfee, Inc.) C:\windows\system32\mfevtps.exe
2020-04-28 17:33 - 2020-04-28 17:33 - 000917008 _____ (McAfee, Inc.) C:\windows\system32\Drivers\mfehidk.sys
2020-04-28 17:33 - 2020-04-28 17:33 - 000124432 _____ (McAfee, Inc.) C:\windows\system32\Drivers\mferkdet.sys
2020-04-28 17:31 - 2020-05-03 10:28 - 000000000 ____D C:\Program Files\stinger
2020-04-27 07:30 - 2020-04-27 16:32 - 000000000 ____D C:\PB SkyFrame 12
2020-04-26 20:02 - 2020-04-26 20:07 - 000000344 _____ C:\Users\K\Desktop\Financial support during Covid.txt
2020-04-26 10:58 - 2020-04-26 10:58 - 001295576 _____ (Google LLC) C:\Users\K\Downloads\ChromeSetup.exe
2020-04-26 09:41 - 2020-04-26 09:42 - 008196784 _____ (Malwarebytes) C:\Users\K\Downloads\adwcleaner_8.0.4.exe
2020-04-26 08:57 - 2020-04-26 08:57 - 000255928 _____ (Malwarebytes) C:\windows\system32\Drivers\27D2E4DD.sys
2020-04-25 14:23 - 2020-04-29 11:18 - 000000000 ____D C:\SkyFrame Installer
2020-04-25 14:17 - 2020-04-29 11:24 - 000000000 ____D C:\SkyFrame Deploy
2020-04-23 20:03 - 2020-04-23 20:03 - 003873611 _____ C:\Users\K\Downloads\5275d259-45b1-4769-b937-de76b3be5615
2020-04-23 19:59 - 2020-04-23 19:59 - 004449720 _____ C:\Users\K\Downloads\0ce1ffb9-44ed-422e-8810-283bea150e8b
2020-04-23 17:05 - 2020-04-23 17:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear
2020-04-23 11:52 - 2020-04-23 11:52 - 000255928 _____ (Malwarebytes) C:\windows\system32\Drivers\2733A3C5.sys
2020-04-17 14:01 - 2020-04-17 16:53 - 000000000 ____D C:\Users\K\Desktop\JdM
2020-04-17 09:18 - 2020-04-17 09:18 - 001976302 _____ C:\Users\K\Downloads\0a8ff580-e271-4897-be95-dda3aedc2391
2020-04-17 09:16 - 2020-04-17 09:16 - 001890848 _____ C:\Users\K\Downloads\e7d7cab9-4194-4c09-8731-ff206f481257
2020-04-17 09:11 - 2020-04-17 09:11 - 000916029 _____ C:\Users\K\Downloads\69aa340e-dd54-4c53-9b4c-781d916bd85c
2020-04-16 12:15 - 2020-04-16 12:15 - 008811099 _____ C:\Users\K\Downloads\1b7ee25c-c582-4b1b-8670-23dcf6a55e60
2020-04-16 12:12 - 2020-04-16 12:12 - 003970393 _____ C:\Users\K\Downloads\240c5aea-fc1f-430c-915d-8096d7776672
2020-04-16 12:10 - 2020-04-16 12:10 - 006111671 _____ C:\Users\K\Downloads\66abda57-7fbd-46b3-85ef-101172d6c51b
2020-04-16 12:08 - 2020-04-16 12:08 - 000646054 _____ C:\Users\K\Downloads\2216b495-9849-412c-8b24-76ce486a17ec
2020-04-16 12:06 - 2020-04-16 12:06 - 014153252 _____ C:\Users\K\Downloads\0777271d-1320-4381-9eb7-c4aaea91d6a4
2020-04-16 10:20 - 2020-04-16 10:20 - 000255928 _____ (Malwarebytes) C:\windows\system32\Drivers\356654B4.sys
2020-04-13 16:38 - 2020-04-23 20:27 - 000000115 _____ C:\Users\K\Desktop\Minister of Health.txt
2020-04-12 06:25 - 2020-04-25 22:42 - 000000851 _____ C:\Users\K\Desktop\COVID19.txt
2020-04-10 09:55 - 2020-04-10 09:55 - 000000000 ____D C:\Users\K\AppData\Local\CEF

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-04 08:42 - 2014-08-22 03:42 - 000000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2020-05-04 07:24 - 2019-04-27 23:37 - 000000000 ____D C:\Users\K\Desktop\AV tools
2020-05-04 06:20 - 2009-07-13 21:45 - 000028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-05-04 06:20 - 2009-07-13 21:45 - 000028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-05-04 06:03 - 2019-09-07 03:50 - 000000000 ____D C:\ProgramData\WRData
2020-05-04 05:31 - 2019-04-28 18:57 - 000000000 __SHD C:\Users\K\IntelGraphicsProfiles
2020-05-04 05:30 - 2019-09-07 03:50 - 000174232 _____ (Webroot) C:\windows\SysWOW64\WRusr.dll
2020-05-04 05:30 - 2019-09-07 03:50 - 000105048 _____ (Webroot) C:\windows\system32\WRusr.dll
2020-05-04 05:30 - 2009-07-13 22:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2020-05-03 17:50 - 2019-10-08 01:18 - 000003702 _____ C:\windows\system32\Tasks\EOSv3 Scheduler onLogOn
2020-05-03 17:50 - 2019-10-08 01:18 - 000003262 _____ C:\windows\system32\Tasks\EOSv3 Scheduler onTime
2020-05-03 15:31 - 2009-07-13 22:13 - 000781790 _____ C:\windows\system32\PerfStringBackup.INI
2020-05-03 15:31 - 2009-07-13 20:20 - 000000000 ____D C:\windows\inf
2020-05-03 12:51 - 2019-06-04 06:10 - 000000000 ____D C:\Temp2
2020-05-03 09:16 - 2020-03-15 06:55 - 000000131 _____ C:\Users\K\Desktop\test publish.txt
2020-05-03 05:28 - 2019-04-27 21:17 - 000000000 ____D C:\Users\K
2020-05-02 21:29 - 2019-08-18 17:07 - 000000000 ____D C:\Users\K\AppData\Local\CrashDumps
2020-05-02 21:14 - 2019-11-03 16:41 - 000007636 _____ C:\Users\K\AppData\Local\Resmon.ResmonCfg
2020-05-02 18:03 - 2020-01-25 13:09 - 000000000 ____D C:\Users\K\Desktop\SkyFrame Improvement
2020-05-02 14:10 - 2019-04-29 19:01 - 000000000 ____D C:\Users\K\Desktop\Other Notes
2020-05-02 06:15 - 2019-09-08 06:53 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2020-05-02 04:20 - 2019-04-27 23:31 - 000000000 ____D C:\Temp
2020-05-01 19:09 - 2019-09-09 13:14 - 000153312 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2020-05-01 13:22 - 2019-07-16 00:37 - 000000000 ____D C:\ProgramData\HitmanPro
2020-05-01 12:58 - 2017-01-14 11:05 - 000000000 ____D C:\OxygenBasic_Jun6
2020-04-30 18:55 - 2019-05-09 09:37 - 000011420 _____ C:\Users\K\Desktop\gkg.txt
2020-04-30 16:46 - 2019-06-02 18:14 - 000000000 ____D C:\PB
2020-04-30 10:24 - 2019-04-28 13:01 - 121542864 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2020-04-29 11:31 - 2019-07-01 18:24 - 000000000 ____D C:\Users\K\Desktop\Programing
2020-04-29 11:02 - 2019-05-12 14:24 - 000000000 ____D C:\Users\K\Documents\The Enigma Protector
2020-04-29 11:02 - 2019-05-12 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Enigma Protector
2020-04-29 11:02 - 2019-05-12 14:24 - 000000000 ____D C:\Program Files (x86)\The Enigma Protector
2020-04-28 06:55 - 2020-03-18 20:06 - 000001920 _____ C:\Users\K\Desktop\SkyFrame.lnk
2020-04-28 06:04 - 2019-11-30 10:03 - 000000000 ____D C:\Users\K\Desktop\Nak Beli
2020-04-27 20:28 - 2019-10-08 14:58 - 000000000 ____D C:\SkyFrame Dist
2020-04-27 18:27 - 2020-03-11 16:15 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-27 18:27 - 2020-03-11 16:15 - 000002154 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-27 18:27 - 2020-03-11 16:15 - 000002154 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-04-27 15:38 - 2020-01-02 07:08 - 000000000 ____D C:\PB Test Curai
2020-04-27 15:36 - 2020-03-06 06:19 - 000000000 ____D C:\PB Test MS
2020-04-27 14:34 - 2019-07-27 21:14 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2020-04-26 05:14 - 2019-08-18 07:28 - 000000000 ____D C:\PB SkyFrame
2020-04-24 05:16 - 2019-04-28 16:23 - 000000000 ___SD C:\windows\system32\CompatTel
2020-04-24 05:16 - 2019-04-28 16:23 - 000000000 ____D C:\windows\system32\appraiser
2020-04-24 05:16 - 2009-07-13 20:20 - 000000000 ____D C:\windows\PolicyDefinitions
2020-04-23 17:15 - 2019-04-28 15:19 - 000000000 ____D C:\Users\K\Desktop\DT other
2020-04-23 17:06 - 2019-04-27 20:36 - 000000000 ____D C:\ProgramData\Package Cache
2020-04-23 17:04 - 2019-04-27 21:18 - 000001424 _____ C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2020-04-20 15:02 - 2019-08-23 16:36 - 000011066 _____ C:\Users\K\Desktop\dlgproc.txt
2020-04-12 08:17 - 2019-05-07 09:25 - 000000000 ____D C:\Users\K\Desktop\DT important
2020-04-12 08:16 - 2019-07-01 17:46 - 000000000 ____D C:\Program Files\JetBrains
2020-04-08 10:20 - 2019-06-02 20:45 - 000000000 ____D C:\PB Aid
2020-04-07 12:30 - 2019-08-29 19:50 - 000002397 _____ C:\Users\K\Desktop\Resource Version.txt
2020-04-05 21:05 - 2019-08-28 17:42 - 000000000 ____D C:\SkyHitek

==================== Files in the root of some directories ========

2019-11-03 16:41 - 2020-05-02 21:14 - 000007636 _____ () C:\Users\K\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-04-28 07:31
==================== End of FRST.txt ========================
 

annew

Posts: 30   +3
As you see under Registry (Whitelisted) , there are 2 items that needed attention :

GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 

Broni

Posts: 55,803   +503
Those two is just a minor stuff.
Did you uninstall one of AV programs?

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

annew

Posts: 30   +3
Thanks Broni
Downloaded the RogueKiller and installed into the system and scanned. The scanned report is as follows :

RogueKiller Anti-Malware V14.4.2.0 (x64) [Apr 30 2020] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : K [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20200506_123134, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2020/05/06 10:04:14 (Duration : 00:17:34)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[MalPE.99 (Potentially Malicious)] EK.EXE -- %USERPROFILE%\Desktop\EK.EXE -> Deleted
[MalPE.99 (Potentially Malicious)] EK.EXE -- %USERPROFILE%\Desktop\EK.EXE -> Found



Please note that Ek.exe is my own developed program , it does nothing malicious ?
 

annew

Posts: 30   +3
Here's the malwarebytes scan report , no malware reported

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/6/20
Scan Time: 11:02 AM
Log File: cad341f4-8fc3-11ea-98c8-00ff23235c2e.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.889
Update Package Version: 1.0.23404
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: KP\K

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 401212
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 3 hr, 41 min, 4 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

annew

Posts: 30   +3
Here's the Adwcleaner log -- again nothing detected ?

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build: 04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-06-2020
# Duration: 00:00:05
# OS: Windows 7 Professional
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [84486 octets] - [08/09/2019 21:18:50]
AdwCleaner[S00].txt - [1409 octets] - [08/09/2019 21:19:27]
AdwCleaner[C00].txt - [1577 octets] - [08/09/2019 21:20:00]
AdwCleaner[S01].txt - [1518 octets] - [12/09/2019 07:01:34]
AdwCleaner[C01].txt - [1706 octets] - [12/09/2019 07:01:53]
AdwCleaner[S02].txt - [1640 octets] - [20/09/2019 17:51:46]
AdwCleaner[C02].txt - [1828 octets] - [20/09/2019 17:52:14]
AdwCleaner[S03].txt - [1762 octets] - [16/10/2019 09:11:20]
AdwCleaner[C03].txt - [1950 octets] - [16/10/2019 09:11:41]
AdwCleaner[S04].txt - [1884 octets] - [03/11/2019 06:16:54]
AdwCleaner[C04].txt - [2072 octets] - [03/11/2019 06:17:08]
AdwCleaner[S05].txt - [2006 octets] - [08/11/2019 17:35:02]
AdwCleaner[C05].txt - [2194 octets] - [08/11/2019 17:35:17]
AdwCleaner[S06].txt - [2128 octets] - [24/11/2019 06:38:46]
AdwCleaner[C06].txt - [2316 octets] - [24/11/2019 06:39:31]
AdwCleaner[S07].txt - [2250 octets] - [03/12/2019 05:38:26]
AdwCleaner[C07].txt - [2438 octets] - [03/12/2019 05:38:47]
AdwCleaner[S08].txt - [2372 octets] - [12/12/2019 05:07:27]
AdwCleaner[C08].txt - [2560 octets] - [12/12/2019 05:08:53]
AdwCleaner[S09].txt - [2494 octets] - [21/12/2019 08:13:35]
AdwCleaner[C09].txt - [2682 octets] - [21/12/2019 08:16:43]
AdwCleaner[S10].txt - [2616 octets] - [05/01/2020 06:11:21]
AdwCleaner[C10].txt - [2804 octets] - [05/01/2020 06:11:46]
AdwCleaner[S11].txt - [2738 octets] - [12/01/2020 09:47:00]
AdwCleaner[C11].txt - [2926 octets] - [12/01/2020 09:48:18]
AdwCleaner[S12].txt - [2860 octets] - [22/01/2020 05:27:18]
AdwCleaner[C12].txt - [3048 octets] - [22/01/2020 05:27:37]
AdwCleaner[S13].txt - [2982 octets] - [29/01/2020 10:37:15]
AdwCleaner[C13].txt - [3170 octets] - [29/01/2020 10:37:33]
AdwCleaner[S14].txt - [3104 octets] - [01/02/2020 06:38:41]
AdwCleaner[S15].txt - [3245 octets] - [01/02/2020 06:49:32]
AdwCleaner[C15].txt - [3435 octets] - [01/02/2020 06:49:42]
AdwCleaner[S16].txt - [3367 octets] - [02/02/2020 06:22:47]
AdwCleaner[C16].txt - [3557 octets] - [02/02/2020 06:23:00]
AdwCleaner[S17].txt - [3489 octets] - [11/02/2020 11:41:39]
AdwCleaner[C17].txt - [3679 octets] - [11/02/2020 11:47:02]
AdwCleaner[S18].txt - [3611 octets] - [15/02/2020 05:40:25]
AdwCleaner[C18].txt - [3801 octets] - [15/02/2020 05:40:40]
AdwCleaner[S19].txt - [3733 octets] - [17/02/2020 11:43:45]
AdwCleaner[C19].txt - [3923 octets] - [17/02/2020 11:44:02]
AdwCleaner[S20].txt - [3855 octets] - [19/02/2020 12:23:36]
AdwCleaner[C20].txt - [4045 octets] - [19/02/2020 12:23:47]
AdwCleaner[S21].txt - [3977 octets] - [24/02/2020 09:05:53]
AdwCleaner[C21].txt - [4167 octets] - [24/02/2020 09:10:44]
AdwCleaner[S22].txt - [4099 octets] - [02/03/2020 09:36:43]
AdwCleaner[C22].txt - [4289 octets] - [02/03/2020 09:37:00]
AdwCleaner[S23].txt - [4310 octets] - [09/03/2020 11:44:24]
AdwCleaner[C23].txt - [4480 octets] - [09/03/2020 11:46:31]
AdwCleaner[S24].txt - [4343 octets] - [10/03/2020 17:00:16]
AdwCleaner[C24].txt - [4533 octets] - [10/03/2020 17:00:30]
AdwCleaner[S25].txt - [4465 octets] - [10/03/2020 17:49:37]
AdwCleaner[S26].txt - [4526 octets] - [16/03/2020 07:33:52]
AdwCleaner[C26].txt - [4716 octets] - [16/03/2020 07:34:00]
AdwCleaner[S27].txt - [4648 octets] - [23/03/2020 09:24:21]
AdwCleaner[C27].txt - [4838 octets] - [23/03/2020 09:28:41]
AdwCleaner[S28].txt - [4770 octets] - [25/03/2020 03:08:33]
AdwCleaner[C28].txt - [4960 octets] - [25/03/2020 03:08:45]
AdwCleaner[S29].txt - [4892 octets] - [06/04/2020 09:14:58]
AdwCleaner[C29].txt - [5082 octets] - [06/04/2020 09:15:24]
AdwCleaner[S30].txt - [5014 octets] - [10/04/2020 06:15:38]
AdwCleaner[C30].txt - [5204 octets] - [10/04/2020 06:15:58]
AdwCleaner[S31].txt - [5136 octets] - [13/04/2020 14:53:25]
AdwCleaner[C31].txt - [5326 octets] - [13/04/2020 14:53:38]
AdwCleaner[S32].txt - [5258 octets] - [25/04/2020 22:43:46]
AdwCleaner[C32].txt - [5448 octets] - [25/04/2020 22:44:09]
AdwCleaner[S33].txt - [5380 octets] - [27/04/2020 17:16:18]
AdwCleaner[C33].txt - [5570 octets] - [27/04/2020 17:16:31]
AdwCleaner[S34].txt - [5502 octets] - [28/04/2020 17:20:43]
AdwCleaner[C34].txt - [5692 octets] - [28/04/2020 17:21:10]
AdwCleaner[S35].txt - [5624 octets] - [02/05/2020 03:51:17]
AdwCleaner[C35].txt - [5814 octets] - [02/05/2020 03:51:36]
AdwCleaner[S36].txt - [5746 octets] - [03/05/2020 06:38:38]
AdwCleaner[C36].txt - [5936 octets] - [03/05/2020 06:39:14]
AdwCleaner[S37].txt - [5868 octets] - [03/05/2020 11:05:24]
AdwCleaner[C37].txt - [6058 octets] - [03/05/2020 11:05:52]
AdwCleaner[S38].txt - [5990 octets] - [06/05/2020 14:51:56]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C38].txt ##########
 

Broni

Posts: 55,803   +503
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

annew

Posts: 30   +3
I have downloaded the Farbar Service Scanner and ran it and its report as below :

Farbar Service Scanner Version: 27-01-2016
Ran by K (administrator) on 06-05-2020 at 15:13:29
Running from "C:\Users\K\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Google.com is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 

annew

Posts: 30   +3
Here's the FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-05-2020
Ran by K (administrator) on KP (TOSHIBA Satellite Pro R50-B) (06-05-2020 15:16:57)
Running from C:\Users\K\Downloads
Loaded Profiles: K (Available Profiles: K)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Autodesk Inc -> Autodesk) C:\Users\K\Autodesk\Genuine Service\GenuineService.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <15>
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation-Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Inc -> Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Malwarebytes Inc -> Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Inc -> Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Trimble Solutions Corporation -> Trimble) C:\Program Files (x86)\Tekla Warehouse\Tekla.Warehouse.WindowsService.exe
(Webroot Inc. -> Webroot) C:\Program Files\Webroot\WRSA.exe <2>
(Webroot Inc. -> Webroot, Inc.) C:\Program Files\Webroot\Core\WRCoreService.x64.exe
(Webroot Inc. -> Webroot, Inc.) C:\Program Files\Webroot\Core\WRSkyClient.x64.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [711040 2013-08-20] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-09] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [326448 2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [4878504 2020-04-06] (Webroot Inc. -> Webroot)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2480816 2020-04-14] (Malwarebytes Inc -> Malwarebytes Corporation)
HKU\S-1-5-21-4237547623-3581648954-966888715-1000\...\Policies\Explorer: []
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\Installer\chrmstp.exe [2020-05-05] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{3AFF1C30-4959-4c2f-8BED-E6E81E39F57A}] -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtCp.dll [2012-02-01] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
Startup: C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GenuineService.lnk [2019-05-14]
ShortcutTarget: GenuineService.lnk -> C:\Users\K\Autodesk\Genuine Service\GenuineService.exe (Autodesk Inc -> Autodesk)
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00C28D69-B739-4A49-8ADA-3F54FF76DC9B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-11] (Google LLC -> Google LLC)
Task: {861A6C67-8D1B-4E6A-A836-ED79F3D1CAD3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-11] (Google LLC -> Google LLC)
Task: {BF50E1CF-B569-40C6-A891-4DCECC6625C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257928 2014-08-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {CBB427A0-C50E-4026-A0D2-3932782F8EF0} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\K\Desktop\AV tools\esetonlinescanner_enu.exe [8149816 2019-10-07] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {CD255C92-17D5-470A-BE0F-5DFDBF0C891C} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\K\Desktop\AV tools\esetonlinescanner_enu.exe [8149816 2019-10-07] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {D3C063EF-19F0-494A-8600-BD975F8B1462} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 8.8.8.8
Tcpip\..\Interfaces\{23235C2E-30F9-4A33-A74C-C93DB86EB54C}: [DhcpNameServer] 172.18.11.1
Tcpip\..\Interfaces\{7655EAE4-EA9A-4AD8-982B-B00330A24224}: [NameServer] 8.8.8.8,208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{7655EAE4-EA9A-4AD8-982B-B00330A24224}: [DhcpNameServer] 208.67.222.222 208.67.220.220 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4237547623-3581648954-966888715-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4237547623-3581648954-966888715-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-4237547623-3581648954-966888715-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://follow.toshiba.ca/toshiba/id-ss
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2020-01-09] (Webroot Inc. -> Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2020-01-09] (Webroot Inc. -> Webroot)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-05] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\K\AppData\Local\Google\Chrome\User Data\Default [2020-05-06]
CHR Extension: (Google Drive) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-03-11]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2020-03-11]
CHR Extension: (YouTube) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-11]
CHR Extension: (uBlock Origin) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-04-21]
CHR Extension: (ZoneAlarm Web Secure) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\flljooaijgdgaaogmfhakpojmddcjjmj [2020-05-01]
CHR Extension: (Google Docs Offline) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-21]
CHR Extension: (Anti Miner - No 1 Coin Minerblock) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibhpgkhoicjhklmbhdoeikeggbeejonj [2020-03-11]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2020-04-07]
CHR Extension: (Disconnect) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2020-03-11]
CHR Extension: (Webroot Filtering Extension) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2020-03-19]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2020-03-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-03-11]
CHR Extension: (Gmail) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-03-11]
CHR Extension: (Chrome Media Router) - C:\Users\K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-21]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [87384 2014-03-27] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [359680 2019-07-12] (Intel Corporation -> Intel Corporation)
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [152752 2020-04-14] (Malwarebytes Inc -> Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-05-01] (Malwarebytes Inc -> Malwarebytes)
S4 mfevtp; C:\windows\system32\mfevtps.exe [343544 2020-04-28] (McAfee, Inc. -> McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] (Intel Corporation-Mobile Wireless Group -> )
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13048888 2020-04-30] (Adlice -> )
R2 Tekla Warehouse; C:\Program Files (x86)\Tekla Warehouse\Tekla.Warehouse.WindowsService.exe [17904 2019-01-21] (Trimble Solutions Corporation -> Trimble)
S4 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [137848 2020-04-09] (TunnelBear -> TunnelBear)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4501544 2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited)
R2 WirelessKB850NotificationService; C:\windows\system32\WirelessKB850NotificationService.exe [174256 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
R2 WRCoreService; C:\Program Files\Webroot\Core\WRCoreService.x64.exe [1643224 2019-10-02] (Webroot Inc. -> Webroot, Inc.)
R3 WRSkyClient; C:\Program Files\Webroot\Core\WRSkyClient.x64.exe [2950832 2019-10-02] (Webroot Inc. -> Webroot, Inc.)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [4878504 2020-04-06] (Webroot Inc. -> Webroot)
R2 ZA NET ICM Service; C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe [40304 2019-02-06] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.)
S3 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel Corporation-Mobile Wireless Group -> Intel® Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 config; C:\windows\System32\DRIVERS\ibtfudrv.sys [120528 2014-04-14] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R3 dc3d; C:\windows\System32\DRIVERS\dc3d.sys [47616 2011-05-18] (Hardware Group Test Cert -> Microsoft Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [153312 2020-04-14] (Malwarebytes Corporation -> Malwarebytes)
R0 iaStorF; C:\windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [531280 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klfltsdk; C:\windows\System32\DRIVERS\klfltsdk.sys [252544 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klgse; C:\windows\System32\DRIVERS\klgse.sys [521336 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\windows\System32\DRIVERS\klhk.sys [1107064 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klifsdk; C:\windows\System32\DRIVERS\klifsdk.sys [1105536 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\windows\System32\DRIVERS\klwtp.sys [212304 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [214496 2020-05-01] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [195432 2020-05-06] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [73368 2020-05-06] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [248968 2020-05-06] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [112752 2020-05-06] (Malwarebytes Inc -> Malwarebytes)
R3 MEIx64; C:\windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S4 mfehidk; C:\windows\System32\drivers\mfehidk.sys [917008 2020-04-28] (McAfee, Inc. -> McAfee, Inc.)
S4 mferkdet; C:\windows\System32\drivers\mferkdet.sys [124432 2020-04-28] (McAfee, Inc. -> McAfee, Inc.)
S3 NETwNs64; C:\windows\System32\DRIVERS\Netwsw02.sys [3442144 2014-06-18] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R0 pwdrvio; C:\windows\System32\pwdrvio.sys [19152 2019-05-29] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2019-05-29] (MiniTool Solution Ltd -> )
R3 tap-tb-0901; C:\windows\System32\DRIVERS\tap-tb-0901.sys [38656 2019-06-19] (TunnelBear, Inc. -> The OpenVPN Project)
R3 tapwindscribe0901; C:\windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2020-05-06] (Adlice -> )
R1 Vsdatant; C:\windows\System32\DRIVERS\vsdatant.sys [461240 2019-04-26] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R3 WirelessKeyboardFilter; C:\windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
R1 WRCore; C:\windows\system32\drivers\WRCore.x64.sys [148336 2019-08-09] (Webroot Inc. -> Webroot, Inc.)
R0 WRkrn; C:\windows\System32\drivers\WRkrn.sys [143592 2019-11-04] (Webroot Inc. -> Webroot)
S3 wrUrlFlt; C:\windows\system32\DRIVERS\wrUrlFlt.sys [67912 2020-01-09] (Webroot Inc. -> Webroot)
U3 iswSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-06 14:58 - 2020-05-06 14:58 - 000195432 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2020-05-06 14:58 - 2020-05-06 14:58 - 000073368 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2020-05-06 14:58 - 2020-05-06 14:58 - 000000000 ____D C:\Users\K\AppData\LocalLow\IGDump
2020-05-06 14:57 - 2020-05-06 14:57 - 000112752 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2020-05-06 14:55 - 2020-05-06 14:55 - 000248968 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2020-05-06 14:55 - 2020-05-06 14:55 - 000028272 _____ C:\windows\system32\Drivers\truesight.sys
2020-05-06 09:21 - 2020-05-06 09:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2020-05-06 09:21 - 2020-05-06 09:21 - 000000000 ____D C:\Program Files\RogueKiller
2020-05-06 09:19 - 2020-05-06 09:19 - 039851944 _____ (Adlice Software ) C:\Users\K\Downloads\RogueKiller_setup.exe
2020-05-06 07:42 - 2020-05-06 07:42 - 030078008 _____ C:\Users\K\Downloads\RogueKiller_portable64.exe
2020-05-06 07:02 - 2020-05-06 12:08 - 000000000 ____D C:\ProgramData\RogueKiller
2020-05-06 06:27 - 2020-05-06 07:51 - 000003021 _____ C:\Users\K\Desktop\Cleaning pc.txt
2020-05-05 08:27 - 2020-05-05 08:27 - 000111512 _____ C:\Users\K\Downloads\cursor_creator.zip
2020-05-05 06:25 - 2020-05-05 06:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2020-05-05 06:22 - 2020-05-05 06:40 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2020-05-05 06:22 - 2020-05-05 06:22 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2020-05-05 06:20 - 2020-05-05 06:20 - 002021728 _____ (Malwarebytes ) C:\Users\K\Downloads\mbae-setup-1.13.1.164.exe
2020-05-05 06:13 - 2020-05-05 06:15 - 032108584 _____ (Microsoft Corporation) C:\Users\K\Downloads\windows-kb890830-x64-v5.81 (1).exe
2020-05-04 13:46 - 2020-05-04 16:06 - 000103910 _____ C:\windows\ntbtlog.txt
2020-05-04 11:41 - 2020-05-04 11:41 - 000000000 _____ C:\Users\K\Desktop\fixlist.txt
2020-05-04 11:07 - 2020-05-06 15:14 - 000003132 _____ C:\Users\K\Downloads\FSS.txt
2020-05-04 11:05 - 2020-05-04 11:05 - 000899584 _____ (Farbar) C:\Users\K\Downloads\FSS.exe
2020-05-04 10:59 - 2020-05-04 10:59 - 000000869 _____ C:\Users\K\Downloads\other fixlist.txt
2020-05-04 09:00 - 2020-05-04 09:01 - 000037289 _____ C:\Users\K\Downloads\Addition.txt
2020-05-04 08:50 - 2020-05-06 15:19 - 000022934 _____ C:\Users\K\Downloads\FRST.txt
2020-05-04 08:49 - 2020-05-04 09:34 - 000000351 _____ C:\Users\K\Desktop\use of FRST.txt
2020-05-04 08:48 - 2020-05-06 15:18 - 000000000 ____D C:\FRST
2020-05-04 08:44 - 2020-05-04 08:45 - 002283520 _____ (Farbar) C:\Users\K\Downloads\FRST64 (1).exe
2020-05-04 06:26 - 2020-05-04 06:26 - 001897451 _____ C:\Users\K\Downloads\cpp_tutorial.pdf
2020-05-04 05:48 - 2020-05-04 05:49 - 000000000 ____D C:\Users\K\Desktop\suspects
2020-05-03 10:36 - 2020-05-03 10:36 - 000000000 ____D C:\ProgramData\Emsisoft
2020-05-03 10:31 - 2020-05-03 10:41 - 000000000 ____D C:\EMIsoft
2020-05-03 09:43 - 2020-05-03 09:45 - 347985608 _____ C:\Users\K\Downloads\EmsisoftEmergencyKit.exe
2020-05-03 06:25 - 2020-05-03 06:25 - 001980016 _____ (Malwarebytes) C:\Users\K\Downloads\MBSetup (1).exe
2020-05-02 14:06 - 2020-05-02 14:09 - 000001251 _____ C:\Users\K\Desktop\resmon.lnk
2020-05-02 05:28 - 2020-05-02 05:28 - 000255928 _____ (Malwarebytes) C:\windows\system32\Drivers\5179C37C.sys
2020-05-02 04:39 - 2020-05-02 04:41 - 116014512 _____ (Microsoft Corporation) C:\Users\K\Downloads\MSERT.exe
2020-05-01 19:10 - 2020-05-01 19:10 - 000214496 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2020-05-01 19:10 - 2020-05-01 19:10 - 000001971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-05-01 19:10 - 2020-05-01 19:10 - 000001959 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-05-01 19:10 - 2020-05-01 19:10 - 000001959 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-05-01 13:19 - 2020-05-01 13:21 - 011429976 _____ (SurfRight B.V.) C:\Users\K\Downloads\HitmanPro_x64 (1).exe
2020-04-30 10:25 - 2020-04-30 10:29 - 176865720 _____ (AO Kaspersky Lab) C:\Users\K\Downloads\KVRT.exe
2020-04-30 10:21 - 2020-04-30 10:21 - 032108584 _____ (Microsoft Corporation) C:\Users\K\Downloads\Windows-KB890830-x64-V5.81.exe
2020-04-29 20:36 - 2020-04-29 20:48 - 000066560 _____ (SkyHitek Solutions Inc.) C:\Users\K\Desktop\Semula.EXE
2020-04-29 14:39 - 2020-04-29 14:39 - 013256517 _____ C:\Users\K\Downloads\Design_and_Analysis_of_Connections_in_St.pdf
2020-04-29 14:17 - 2020-04-29 14:17 - 006061327 _____ C:\Users\K\Downloads\Design_of_timber_structures_according_to.pdf
2020-04-29 14:01 - 2020-04-29 14:02 - 004275045 _____ C:\Users\K\Downloads\DESIGN_OF_STRUCTURAL_CONNECTIONS_TO_EURO.pdf
2020-04-29 13:55 - 2020-04-29 13:55 - 002999409 _____ C:\Users\K\Downloads\Structural_Design_of_Steelwork_to_Third.pdf
2020-04-29 13:50 - 2020-04-29 13:50 - 003564128 _____ C:\Users\K\Downloads\Good The_Behaviour_and_Design_of_Steel_Struct.pdf
2020-04-29 13:46 - 2020-04-29 13:46 - 000965648 _____ C:\Users\K\Downloads\Manual_for_the_design_of_steelwork_build.pdf
2020-04-29 09:35 - 2020-04-29 09:35 - 000002840 _____ C:\Users\K\Desktop\WrtFTPUserPW.txt
2020-04-29 05:45 - 2020-05-03 06:54 - 000000000 ____D C:\Users\K\AppData\Local\VirtualStore
2020-04-28 17:46 - 2020-04-28 17:33 - 000343544 _____ (McAfee, Inc.) C:\windows\system32\mfevtps.exe
2020-04-28 17:33 - 2020-04-28 17:33 - 000917008 _____ (McAfee, Inc.) C:\windows\system32\Drivers\mfehidk.sys
2020-04-28 17:33 - 2020-04-28 17:33 - 000124432 _____ (McAfee, Inc.) C:\windows\system32\Drivers\mferkdet.sys
2020-04-28 17:31 - 2020-05-06 06:32 - 000000000 ____D C:\Program Files\stinger
2020-04-27 07:30 - 2020-04-27 16:32 - 000000000 ____D C:\PB SkyFrame 12
2020-04-26 20:02 - 2020-04-26 20:07 - 000000344 _____ C:\Users\K\Desktop\Financial support during Covid.txt
2020-04-26 10:58 - 2020-04-26 10:58 - 001295576 _____ (Google LLC) C:\Users\K\Downloads\ChromeSetup.exe
2020-04-26 09:41 - 2020-04-26 09:42 - 008196784 _____ (Malwarebytes) C:\Users\K\Downloads\adwcleaner_8.0.4.exe
2020-04-26 08:57 - 2020-04-26 08:57 - 000255928 _____ (Malwarebytes) C:\windows\system32\Drivers\27D2E4DD.sys
2020-04-25 14:23 - 2020-04-29 11:18 - 000000000 ____D C:\SkyFrame Installer
2020-04-25 14:17 - 2020-04-29 11:24 - 000000000 ____D C:\SkyFrame Deploy
2020-04-23 20:03 - 2020-04-23 20:03 - 003873611 _____ C:\Users\K\Downloads\5275d259-45b1-4769-b937-de76b3be5615
2020-04-23 19:59 - 2020-04-23 19:59 - 004449720 _____ C:\Users\K\Downloads\0ce1ffb9-44ed-422e-8810-283bea150e8b
2020-04-23 17:05 - 2020-04-23 17:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear
2020-04-23 11:52 - 2020-04-23 11:52 - 000255928 _____ (Malwarebytes) C:\windows\system32\Drivers\2733A3C5.sys
2020-04-17 14:01 - 2020-04-17 16:53 - 000000000 ____D C:\Users\K\Desktop\JdM
2020-04-17 09:18 - 2020-04-17 09:18 - 001976302 _____ C:\Users\K\Downloads\0a8ff580-e271-4897-be95-dda3aedc2391
2020-04-17 09:16 - 2020-04-17 09:16 - 001890848 _____ C:\Users\K\Downloads\e7d7cab9-4194-4c09-8731-ff206f481257
2020-04-17 09:11 - 2020-04-17 09:11 - 000916029 _____ C:\Users\K\Downloads\69aa340e-dd54-4c53-9b4c-781d916bd85c
2020-04-16 12:15 - 2020-04-16 12:15 - 008811099 _____ C:\Users\K\Downloads\1b7ee25c-c582-4b1b-8670-23dcf6a55e60
2020-04-16 12:12 - 2020-04-16 12:12 - 003970393 _____ C:\Users\K\Downloads\240c5aea-fc1f-430c-915d-8096d7776672
2020-04-16 12:10 - 2020-04-16 12:10 - 006111671 _____ C:\Users\K\Downloads\66abda57-7fbd-46b3-85ef-101172d6c51b
2020-04-16 12:08 - 2020-04-16 12:08 - 000646054 _____ C:\Users\K\Downloads\2216b495-9849-412c-8b24-76ce486a17ec
2020-04-16 12:06 - 2020-04-16 12:06 - 014153252 _____ C:\Users\K\Downloads\0777271d-1320-4381-9eb7-c4aaea91d6a4
2020-04-16 10:20 - 2020-04-16 10:20 - 000255928 _____ (Malwarebytes) C:\windows\system32\Drivers\356654B4.sys
2020-04-13 16:38 - 2020-04-23 20:27 - 000000115 _____ C:\Users\K\Desktop\Minister of Health.txt
2020-04-12 06:25 - 2020-04-25 22:42 - 000000851 _____ C:\Users\K\Desktop\COVID19.txt
2020-04-10 09:55 - 2020-04-10 09:55 - 000000000 ____D C:\Users\K\AppData\Local\CEF

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-06 15:10 - 2009-07-13 21:45 - 000028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-05-06 15:10 - 2009-07-13 21:45 - 000028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-05-06 15:00 - 2019-09-07 03:50 - 000000000 ____D C:\ProgramData\WRData
2020-05-06 14:55 - 2019-04-28 18:57 - 000000000 __SHD C:\Users\K\IntelGraphicsProfiles
2020-05-06 14:54 - 2019-09-07 03:50 - 000174232 _____ (Webroot) C:\windows\SysWOW64\WRusr.dll
2020-05-06 14:54 - 2019-09-07 03:50 - 000105048 _____ (Webroot) C:\windows\system32\WRusr.dll
2020-05-06 14:54 - 2009-07-13 22:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2020-05-06 14:44 - 2019-06-04 06:10 - 000000000 ____D C:\Temp2
2020-05-06 14:42 - 2014-08-22 03:42 - 000000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2020-05-06 10:19 - 2019-04-27 23:37 - 000000000 ____D C:\Users\K\Desktop\AV tools
2020-05-06 07:32 - 2019-04-27 23:31 - 000000000 ____D C:\Temp
2020-05-06 05:18 - 2019-06-02 20:45 - 000000000 ____D C:\PB Aid
2020-05-05 21:33 - 2020-03-11 16:15 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-05-05 21:33 - 2020-03-11 16:15 - 000002154 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-05-05 21:33 - 2020-03-11 16:15 - 000002154 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-05-05 19:26 - 2019-04-28 15:19 - 000000000 ____D C:\Users\K\Desktop\DT other
2020-05-05 12:17 - 2009-07-13 22:13 - 000781790 _____ C:\windows\system32\PerfStringBackup.INI
2020-05-05 12:17 - 2009-07-13 20:20 - 000000000 ____D C:\windows\inf
2020-05-05 11:57 - 2019-11-30 10:03 - 000000000 ____D C:\Users\K\Desktop\Nak Beli
2020-05-05 08:42 - 2020-01-25 13:09 - 000000000 ____D C:\Users\K\Desktop\SkyFrame Improvement
2020-05-05 06:42 - 2019-04-28 13:01 - 121542864 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2020-05-03 17:50 - 2019-10-08 01:18 - 000003702 _____ C:\windows\system32\Tasks\EOSv3 Scheduler onLogOn
2020-05-03 17:50 - 2019-10-08 01:18 - 000003262 _____ C:\windows\system32\Tasks\EOSv3 Scheduler onTime
2020-05-03 09:16 - 2020-03-15 06:55 - 000000131 _____ C:\Users\K\Desktop\test publish.txt
2020-05-03 05:28 - 2019-04-27 21:17 - 000000000 ____D C:\Users\K
2020-05-02 21:29 - 2019-08-18 17:07 - 000000000 ____D C:\Users\K\AppData\Local\CrashDumps
2020-05-02 21:14 - 2019-11-03 16:41 - 000007636 _____ C:\Users\K\AppData\Local\Resmon.ResmonCfg
2020-05-02 14:10 - 2019-04-29 19:01 - 000000000 ____D C:\Users\K\Desktop\Other Notes
2020-05-02 06:15 - 2019-09-08 06:53 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2020-05-01 19:09 - 2019-09-09 13:14 - 000153312 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2020-05-01 13:22 - 2019-07-16 00:37 - 000000000 ____D C:\ProgramData\HitmanPro
2020-05-01 12:58 - 2017-01-14 11:05 - 000000000 ____D C:\OxygenBasic_Jun6
2020-04-30 18:55 - 2019-05-09 09:37 - 000011420 _____ C:\Users\K\Desktop\gkg.txt
2020-04-30 16:46 - 2019-06-02 18:14 - 000000000 ____D C:\PB
2020-04-29 11:31 - 2019-07-01 18:24 - 000000000 ____D C:\Users\K\Desktop\Programing
2020-04-29 11:02 - 2019-05-12 14:24 - 000000000 ____D C:\Users\K\Documents\The Enigma Protector
2020-04-29 11:02 - 2019-05-12 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Enigma Protector
2020-04-29 11:02 - 2019-05-12 14:24 - 000000000 ____D C:\Program Files (x86)\The Enigma Protector
2020-04-28 06:55 - 2020-03-18 20:06 - 000001920 _____ C:\Users\K\Desktop\SkyFrame.lnk
2020-04-27 20:28 - 2019-10-08 14:58 - 000000000 ____D C:\SkyFrame Dist
2020-04-27 15:38 - 2020-01-02 07:08 - 000000000 ____D C:\PB Test Curai
2020-04-27 15:36 - 2020-03-06 06:19 - 000000000 ____D C:\PB Test MS
2020-04-27 14:34 - 2019-07-27 21:14 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2020-04-26 05:14 - 2019-08-18 07:28 - 000000000 ____D C:\PB SkyFrame
2020-04-24 05:16 - 2019-04-28 16:23 - 000000000 ___SD C:\windows\system32\CompatTel
2020-04-24 05:16 - 2019-04-28 16:23 - 000000000 ____D C:\windows\system32\appraiser
2020-04-24 05:16 - 2009-07-13 20:20 - 000000000 ____D C:\windows\PolicyDefinitions
2020-04-23 17:06 - 2019-04-27 20:36 - 000000000 ____D C:\ProgramData\Package Cache
2020-04-23 17:04 - 2019-04-27 21:18 - 000001424 _____ C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2020-04-20 15:02 - 2019-08-23 16:36 - 000011066 _____ C:\Users\K\Desktop\dlgproc.txt
2020-04-12 08:17 - 2019-05-07 09:25 - 000000000 ____D C:\Users\K\Desktop\DT important
2020-04-12 08:16 - 2019-07-01 17:46 - 000000000 ____D C:\Program Files\JetBrains
2020-04-07 12:30 - 2019-08-29 19:50 - 000002397 _____ C:\Users\K\Desktop\Resource Version.txt

==================== Files in the root of some directories ========

2019-11-03 16:41 - 2020-05-02 21:14 - 000007636 _____ () C:\Users\K\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-04-28 07:31
==================== End of FRST.txt ========================
 

annew

Posts: 30   +3
Here's the addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-05-2020
Ran by K (06-05-2020 15:20:48)
Running from C:\Users\K\Downloads
Windows 7 Professional Service Pack 1 (X64) (2019-04-28 04:17:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4237547623-3581648954-966888715-500 - Administrator - Disabled)
Guest (S-1-5-21-4237547623-3581648954-966888715-501 - Limited - Disabled)
K (S-1-5-21-4237547623-3581648954-966888715-1000 - Administrator - Enabled) => C:\Users\K

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {EA22F846-E33A-0128-9418-185509C86920}
AV: ZoneAlarm Antivirus (Enabled - Up to date) {B558F217-D667-9806-B388-2B026DB849E4}
AS: Webroot SecureAnywhere (Enabled - Up to date) {514319A2-C500-0EA6-AEA8-2327724F239D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {0E3913F3-F05D-9788-8938-1070163F0359}
FW: ZoneAlarm Firewall (Enabled) {8D637332-9C08-995E-98D7-8237936B0E9F}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
ACA & MEP 2019 Object Enabler (HKLM\...\{28B89EEF-2004-0000-5102-CF3F3A09B77D}) (Version: 8.1.44.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-2001-0000-3102-CF3F3A09B77D}) (Version: 23.0.46.0 - Autodesk) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.106.303.107 - ALPS ELECTRIC CO., LTD.)
AutoCAD 2019 - English (HKLM\...\{28B89EEF-2001-0409-2102-CF3F3A09B77D}) (Version: 23.0.46.0 - Autodesk) Hidden
AutoCAD 2019 (HKLM\...\{28B89EEF-2001-0000-0102-CF3F3A09B77D}) (Version: 23.0.162.0 - Autodesk) Hidden
AutoCAD 2019 Language Pack - English (HKLM\...\{28B89EEF-2001-0409-1102-CF3F3A09B77D}) (Version: 23.0.103.0 - Autodesk) Hidden
Autodesk App Manager 2016-2019 (HKLM-x32\...\{C1BF29A7-2D9E-4E8D-A3C1-02F6B20B8AB7}) (Version: 2.5.0 - Autodesk)
Autodesk AutoCAD 2019 - English (HKLM\...\AutoCAD 2019 - English) (Version: 23.0.46.0 - Autodesk)
Autodesk AutoCAD 2019.1.2 Update (HKLM-x32\...\{f4f9ba0b-2001-0000-0102-f66cecbc6200}) (Version: 23.0.162.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.3.0 (HKLM-x32\...\{448BC38C-2654-48CD-BB43-F59A37854A3E}) (Version: 1.3.0.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2019 Add-in 64 bit (HKLM\...\{59758C9C-FB82-4430-852C-FC79BBE62982}) (Version: 4.70.9 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.16.29 - Autodesk)
Autodesk Featured Apps 2016-2019 (HKLM-x32\...\{79F5747D-A961-4CCD-88B0-41F004D79AEB}) (Version: 2.5.0 - Autodesk)
Autodesk Genuine Service (HKLM-x32\...\{EF86FB37-98AB-49C2-930B-77A5E04758FE}) (Version: 2.2.0 - Autodesk)
Autodesk License Service (x64) - 7.1.4 (HKLM\...\{F53D6D10-7A75-4A39-8C53-A3D855C7C50A}) (Version: 7.1.4.0 - Autodesk)
Autodesk Material Library 2019 (HKLM-x32\...\{8F69EE2C-DC34-4746-9B47-7511147BD4B0}) (Version: 17.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2019 (HKLM-x32\...\{3AAA4C1B-51DA-487D-81A3-4234DBB9A8F9}) (Version: 17.11.3.0 - Autodesk)
Autodesk ReCap (HKLM\...\{50EDF910-0000-1033-0102-E3D118CE2EEA}) (Version: 5.0.4.17 - Autodesk) Hidden
Autodesk ReCap (HKLM\...\Autodesk ReCap 360) (Version: 5.0.4.17 - Autodesk)
Autodesk ReCap Photo (HKLM\...\{0E4FA9C0-0000-1033-0102-1B3A7F15D307}) (Version: 19.1.3.4 - Autodesk) Hidden
Autodesk ReCap Photo (HKLM\...\Autodesk ReCap Photo) (Version: 19.1.3.4 - Autodesk)
Autodesk ReCap Photo Update 19.1.0 (HKLM-x32\...\{11b0543e-b0f6-438b-8de5-ac6bbe34cc8f}) (Version: 19.1.0.10 - Autodesk)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.27(T) - TOSHIBA CORPORATION)
Brother MFL-Pro Suite DCP-7065DN (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Bullzip PDF Printer 11.9.0.2735 (HKLM\...\Bullzip PDF Printer_is1) (Version: 11.9.0.2735 - Bullzip)
Core (HKLM\...\{DEE1F2D9-006D-4FE4-BAB0-96732C9E636E}) (Version: 1.0.0.103 - Webroot) Hidden
Essential NetTools (HKLM-x32\...\{F38ADD30-FB36-11E1-3D6C-0095FA964AE1}) (Version: 4.4 - TamoSoft)
FARO LS 1.1.700.0 (64bit) (HKLM-x32\...\{FF6E9382-0B85-48DE-888F-76EFD9A87038}) (Version: 7.0.0.23 - FARO Scanner Production)
File Viewer Lite (HKLM-x32\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 1.5.0 - Sharpened Productions)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.138 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.33 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) 4.0 (HKLM-x32\...\{6D2580AE-0284-4CE0-9A39-A0E5E3A5C28C}) (Version: 17.0.1416.01 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
Malwarebytes Anti-Exploit version 1.13.1.164 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.13.1.164 - Malwarebytes)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft .NET Framework 4.8 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 11 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Software Limited)
paint.net (HKLM\...\{B998B716-4001-4919-BA90-BA14B51DFEB5}) (Version: 4.1.6 - dotPDN LLC)
PeaZip 6.8.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.8.0 - Giorgio Tani)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PowerBASIC for Windows version 10.04 (HKLM-x32\...\{CFE5EA52-F20A-44D0-A180-ED3129FB717E}_is1) (Version: 10.04 - PowerBASIC, Inc.)
Python 3.7.3 (32-bit) (HKU\S-1-5-21-4237547623-3581648954-966888715-1000\...\{24ac8299-2abd-4ddd-8be3-031debb6093c}) (Version: 3.7.3150.0 - Python Software Foundation)
Python 3.7.3 Add to Path (32-bit) (HKLM-x32\...\{2DB1318D-E51C-419B-99D5-D15F7120BD09}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Core Interpreter (32-bit) (HKLM-x32\...\{33AB9CEA-621E-4064-9FB0-7048E79DB5B5}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Development Libraries (32-bit) (HKLM-x32\...\{52DDE5D8-B45C-4C1D-81DD-D72317DE8B08}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Documentation (32-bit) (HKLM-x32\...\{2BC067C0-B392-49C0-988B-C839C62D8B65}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Executables (32-bit) (HKLM-x32\...\{E3E61712-C062-45E7-8348-D7DBF66FACFD}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 pip Bootstrap (32-bit) (HKLM-x32\...\{9846DC93-4A39-496F-8AE3-0E3AB4EF4385}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Standard Library (32-bit) (HKLM-x32\...\{DC6190E7-D05E-465A-9FB6-7418BC901991}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Tcl/Tk Support (32-bit) (HKLM-x32\...\{1341418F-C713-4943-ACB2-9F4D4743D193}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Test Suite (32-bit) (HKLM-x32\...\{FE5E4BF9-7487-4CE8-A2AC-F78C6B4BE487}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Utility Scripts (32-bit) (HKLM-x32\...\{AE9303AD-EBD0-4C85-A9D0-55B1BA972D11}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39058 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.85.423.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7520 - Realtek Semiconductor Corp.)
RogueKiller version 14.4.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.4.2.0 - Adlice Software)
StudioTax 2019 (HKLM-x32\...\{09F18C8B-5B39-497C-8F57-1328318241F5}) (Version: 15.0.3.0 - BHOK IT Consulting)
Tekla Structures 2019 (HKLM\...\{FBEF321F-46B4-4337-961A-F9A0508C7E94}) (Version: 219.0.47170 - Trimble Solutions Corporation)
Tekla Structures 2019 Canada Env_10 (HKLM\...\{4225CC89-6F86-4960-B063-273970DFB993}) (Version: 219.0.222 - Trimble Solutions Corporation)
Tekla Warehouse Service (HKLM-x32\...\{55C3E467-D2AB-478B-A4AE-EEC9CB86ABC2}) (Version: 1.3.14 - Trimble Solutions Corporation)
TextCrawler Free 3.0.3 (HKLM-x32\...\TextCrawler Free) (Version: 3.0.3 - DigitalVolcano Software Ltd)
The Enigma Protector v6.70 Build 20200428 (HKLM-x32\...\The Enigma Protector_is1) (Version: - The Enigma Protector Developers Team)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.14 - Toshiba Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.13 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.4.10.64 - Toshiba Corporation)
TOSHIBA Flash Cards (HKLM\...\{F5D089A2-3E02-4471-AA04-3C7B87A60BD4}) (Version: 9.0.6.6401 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.6.02.6403 - Toshiba Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.15 - TOSHIBA Corporation)
TOSHIBA HWSetup (HKLM-x32\...\{0E94D98C-00A7-4C93-9708-8E5A1859E72E}) (Version: 9.0.5.3202 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{6C0A2179-56CB-4F1F-9681-E777A4F3C800}) (Version: 9.0.3.3201 - Toshiba Corporation)
TOSHIBA PC Diagnostic Tool (HKLM-x32\...\{F0794FA5-1809-4FC3-AA4E-48061281B5A2}) (Version: 9.0.3.6400 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{A0D34C74-70AC-45E4-9735-A11DA95A5810}) (Version: 4.00.00.6402 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.9.52040013 - Toshiba Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA System Driver (HKLM\...\{46754F5B-B496-4BCA-87E5-84ACF27FCE0F}) (Version: 9.0.3.6401 - Toshiba Corporation)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 6.1.2.3 - Toshiba Corporation)
Tsep File Dispatcher Launcher (HKLM\...\{E77800FE-DA6C-43DF-B473-29B20C60BB55}) (Version: 1.3.19 - Trimble Solutions Corporation)
TunnelBear (HKLM-x32\...\{000a1d8b-8a80-4cd4-8781-7770c7923b7f}) (Version: 4.2.6.0 - TunnelBear)
TunnelBear (HKLM-x32\...\{71843510-D27B-4003-AB30-D02F2E78C45D}) (Version: 4.2.6.0 - TunnelBear) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.28.39 - Webroot)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 20 - Windscribe Limited)
ZoneAlarm Antivirus (HKLM-x32\...\{F3790C3A-1015-410D-8BE1-EA48C2637BFF}) (Version: 15.6.121.18102 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Antivirus (HKLM-x32\...\ZoneAlarm Antivirus) (Version: 15.6.121.18102 - Check Point)
ZoneAlarm Firewall (HKLM-x32\...\{18FE6943-D33D-42F5-99D5-0ED22F633E32}) (Version: 15.6.121.18102 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (HKLM-x32\...\{881E7A8C-9C4B-4D14-B390-EAFBA278CF45}) (Version: 15.6.121.18102 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4237547623-3581648954-966888715-1000_Classes\CLSID\{4AC6DFE1-607B-45B2-B289-D7FBCD44169C}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2019\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4237547623-3581648954-966888715-1000_Classes\CLSID\{74D0CE91-F931-4FAC-BEA9-EE32E43EAD37}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2019\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4237547623-3581648954-966888715-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4237547623-3581648954-966888715-1000_Classes\CLSID\{E11054A5-EE73-4928-A39A-2C4986E7138F}\InprocServer32 -> C:\windows\system32\kernel32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4237547623-3581648954-966888715-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2019\en-US\acadficn.dll (Autodesk, Inc. -> Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\windows\system32\WRusr.dll [2020-05-06] (Webroot Inc. -> Webroot)
ShellIconOverlayIdentifiers: [ ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\windows\system32\WRusr.dll [2020-05-06] (Webroot Inc. -> Webroot)
ShellIconOverlayIdentifiers: [ ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\windows\system32\WRusr.dll [2020-05-06] (Webroot Inc. -> Webroot)
ShellIconOverlayIdentifiers: [ ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\windows\system32\WRusr.dll [2020-05-06] (Webroot Inc. -> Webroot)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll [2018-01-29] (Autodesk, Inc. -> Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2018-01-29] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\windows\system32\WRusr.dll [2020-05-06] (Webroot Inc. -> Webroot)
ContextMenuHandlers1: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2019-07-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\windows\system32\WRusr.dll [2020-05-06] (Webroot Inc. -> Webroot)
ContextMenuHandlers6: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]

==================== Loaded Modules (Whitelisted) =============

2019-04-28 15:11 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2019-04-28 15:12 - 2008-08-18 18:27 - 000122880 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll
2019-04-28 15:12 - 2012-04-23 15:03 - 000380928 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2019-04-28 15:12 - 2011-02-28 11:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2019-04-28 15:12 - 2012-01-11 14:39 - 000626688 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2019-04-28 15:11 - 2012-09-06 21:02 - 000155648 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2019-04-28 15:11 - 2012-07-06 13:33 - 000098304 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2019-04-28 15:11 - 2012-07-06 13:33 - 017694720 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2019-04-28 15:12 - 2012-07-17 13:36 - 000090112 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2019-04-28 09:52 - 2019-02-15 08:13 - 000221696 _____ (Bullzip) [File not signed] C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll
2019-04-27 20:37 - 2014-06-09 13:49 - 000074240 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2019-07-25 10:52 - 2019-07-25 10:52 - 000986112 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CheckPoint\ZoneAlarm\dbghelp.dll
2019-04-27 20:47 - 2019-04-27 20:47 - 000065536 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01872483.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01872483.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR521 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-4237547623-3581648954-966888715-1000\Software\Classes\.scr: AutoCADScriptFile => C:\windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-04-29 20:24 - 2019-04-29 20:24 - 000000824 ____N C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\
HKU\S-1-5-21-4237547623-3581648954-966888715-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\K\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 208.67.222.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [{E95CD1C0-A1F9-46C3-9FA1-C9D2DD53CF77}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Mobile Wireless Group -> )
FirewallRules: [TCP Query User{B5231620-BCBA-4621-A032-1413C47D3A0F}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [UDP Query User{799E97D7-51A7-4120-A136-27AA820B614B}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [{C1122265-9BFB-420E-83E0-E68A584968EB}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{04073677-4EDB-4CCC-A71E-3DAF0A7F2672}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{6254BE72-A9E4-4769-8B20-792FDCB57452}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{099D9AA0-54C7-4F5B-A206-1ED75493C265}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{5867F830-56D1-412D-90EC-977E23AC4D7E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:800 GB) (Free:648.45 GB) (81%)

==================== Faulty Device Manager Devices ============

Name: TOSHIBA Web Camera - HD
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel(R) Display Audio
Description: Intel(R) Display Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel(R) Corporation
Service: IntcDAud
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel(R) Dual Band Wireless-AC 3160
Description: Intel(R) Dual Band Wireless-AC 3160
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (05/05/2020 05:35:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MBAMService.exe, version: 3.2.0.890, time stamp: 0x5e4bfca6
Faulting module name: ntdll.dll, version: 6.1.7601.24511, time stamp: 0x5d3fa9bd
Exception code: 0xc0000374
Fault offset: 0x00000000000bf302
Faulting process id: 0x918
Faulting application start time: 0x01d622d945940f44
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: e4657b31-8ecc-11ea-858f-b86b23b0f585

Error: (05/01/2020 07:05:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 4.0.0.638, time stamp: 0x5ea21563
Faulting module name: ntdll.dll, version: 6.1.7601.24511, time stamp: 0x5d3fa9bd
Exception code: 0xc0000374
Fault offset: 0x00000000000bf302
Faulting process id: 0x1864
Faulting application start time: 0x01d62026091e265b
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: 55c18619-8c19-11ea-ae3c-b86b23b0f585

Error: (04/28/2020 07:42:36 PM) (Source: MsiInstaller) (EventID: 10005) (User: KP)
Description: Product: Python 3.7.3 pip Bootstrap (32-bit) -- No Python 3.7 installation was detected.

Error: (04/28/2020 07:42:00 PM) (Source: MsiInstaller) (EventID: 10005) (User: KP)
Description: Product: Python 3.7.3 pip Bootstrap (32-bit) -- No Python 3.7 installation was detected.

Error: (04/28/2020 09:57:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Faulting module name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Exception code: 0xc0000005
Fault offset: 0x00006bee
Faulting process id: 0x3cb0
Faulting application start time: 0x01d61d7e0a34c301
Faulting application path: C:\ESD\SkyF TestInstall\SkyFrame\Bin\Check McID.EXE
Faulting module path: C:\ESD\SkyF TestInstall\SkyFrame\Bin\Check McID.EXE
Report Id: 48bc4c7b-8971-11ea-8aa7-b86b23b0f585

Error: (04/28/2020 09:50:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Faulting module name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Exception code: 0xc0000005
Fault offset: 0x00006bee
Faulting process id: 0x2bd4
Faulting application start time: 0x01d61d7d27490bb1
Faulting application path: C:\PB SkyFrame 12\A Module Creators\Checking Progs\Check McID\Check McID.EXE
Faulting module path: C:\PB SkyFrame 12\A Module Creators\Checking Progs\Check McID\Check McID.EXE
Report Id: 6541c29b-8970-11ea-8aa7-b86b23b0f585

Error: (04/28/2020 09:50:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Faulting module name: Check McID.EXE, version: 1.2.0.0, time stamp: 0x00003039
Exception code: 0xc0000005
Fault offset: 0x00006bee
Faulting process id: 0x2ab0
Faulting application start time: 0x01d61d7d1dcd101a
Faulting application path: C:\PB SkyFrame 12\A Module Creators\Checking Progs\Check McID\Check McID.EXE
Faulting module path: C:\PB SkyFrame 12\A Module Creators\Checking Progs\Check McID\Check McID.EXE
Report Id: 5d0be389-8970-11ea-8aa7-b86b23b0f585

Error: (04/27/2020 07:24:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MSigner.EXE, version: 1.2.0.0, time stamp: 0x00003039
Faulting module name: MSigner.EXE, version: 1.2.0.0, time stamp: 0x00003039
Exception code: 0xc0000005
Fault offset: 0x00037a4a
Faulting process id: 0x1458
Faulting application start time: 0x01d61d042f819758
Faulting application path: C:\PB Test MS\MSigner\MSigner.EXE
Faulting module path: C:\PB Test MS\MSigner\MSigner.EXE
Report Id: 6e5ed25c-88f7-11ea-b9a3-b86b23b0f585


System errors:
=============
Error: (05/06/2020 02:56:39 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Malwarebytes Anti-Exploit Service service hung on starting.

Error: (05/06/2020 02:52:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/06/2020 02:52:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZoneAlarm ICM NET Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/06/2020 02:52:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).

Error: (05/06/2020 02:52:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WindscribeService service terminated unexpectedly. It has done this 1 time(s).

Error: (05/06/2020 02:52:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA HDD SSD Alert Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/06/2020 02:52:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BrYNSvc service terminated unexpectedly. It has done this 1 time(s).

Error: (05/06/2020 02:52:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated unexpectedly. It has done this 1 time(s).


==================== Memory info ===========================

BIOS: TOSHIBA Version 1.40 09/25/2014
Motherboard: TOSHIBA Satellite Pro R50-B
Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 74%
Total physical RAM: 6061.36 MB
Available physical RAM: 1562.06 MB
Total Virtual: 12120.86 MB
Available Virtual: 7399.84 MB

==================== Drives ================================

Drive c: (TI313417D0A) (Fixed) (Total:800 GB) (Free:648.45 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{5dd2b991-6964-11e9-91dc-806e6f6e6963}\ (System) (Fixed) (Total:1.46 GB) (Free:1.24 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: BB415172)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=800 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 

annew

Posts: 30   +3
In the addition.txt , what are these services under the Alternate data stream ?
I couldn't find any references on these services in the internet, these looks suspicious namely
01872483.sys and SMR521

what alternate data stream scanners can I use to scan out these hidden files?



HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01872483.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01872483.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR521 => ""="Service"
 

Broni

Posts: 55,803   +503
Those will be removed.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    768 bytes · Views: 6

annew

Posts: 30   +3
Thanks Broni that was great, here's the fixlog.txt


Fix result of Farbar Recovery Scan Tool (x64) Version: 03-05-2020
Ran by K (07-05-2020 06:27:18) Run:1
Running from C:\Users\K\Desktop\AV tools\Farbar Recovery tools
Loaded Profiles: K (Available Profiles: K)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\...\Run: [] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
U3 iswSvc; no ImagePath
2019-11-03 16:41 - 2020-05-02 21:14 - 000007636 _____ () C:\Users\K\AppData\Local\Resmon.ResmonCfg
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01872483.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01872483.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR521 => ""="Service"
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\System\CurrentControlSet\Services\iswSvc => removed successfully
iswSvc => service removed successfully
C:\Users\K\AppData\Local\Resmon.ResmonCfg => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\SPPSVC-In-TCP" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\SPPSVC-In-TCP-NoScope" => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\01872483.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\01872483.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SMR521 => removed successfully


The system needed a reboot.

==== End of Fixlog 06:27:22 ====
 

Broni

Posts: 55,803   +503
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 

annew

Posts: 30   +3
Here's the FSS.txt

Farbar Service Scanner Version: 27-01-2016
Ran by K (administrator) on 07-05-2020 at 07:46:49
Running from "C:\Users\K\Desktop\AV tools\Farbar Recovery tools"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Destination is unreachable
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Google.com is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 

annew

Posts: 30   +3
From securitycheck.exe

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Webroot SecureAnywhere
ZoneAlarm Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome (81.0.4044.129)
Google Chrome (81.0.4044.138)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Exploit mbae-svc.exe
Malwarebytes Anti-Exploit mbae64.exe
Malwarebytes Anti-Exploit mbae.exe
Malwarebytes Anti-Malware mbamtray.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

annew

Posts: 30   +3
Downloaded Sophos Virus removal tool , but McAfee stinger detected it as a malware as shown in its report below

[SIZE=26px]McAfee Stinger Scan Results


McAfee® Labs Stinger™ Version 12.2.0.45 built on Apr 27 2020 at 21:41:07
Copyright© 2013-2020, McAfee, LLC. All Rights Reserved.

AV Engine version v6010.8670 for Windows.
Virus data file v1000.0 created on Apr 27, 2020
Ready to scan for 9207 viruses, trojans and variants.

Custom scan initiated on Thursday, May 07, 2020 13:47:47

C:\Temp2\Sophos Virus Removal Tool.exe\257.nsis\Data1.cab\native.exe2 is infected with Artemis!9847D719FD38
C:\Temp2\Sophos Virus Removal Tool.exe\257.nsis\Data1.cab\native.exe2 couldn't be repaired
C:\Temp2\Sophos Virus Removal Tool.exe\257.nsis\Data1.cab\native.exe1 is infected with Artemis!9847D719FD38
C:\Temp2\Sophos Virus Removal Tool.exe\257.nsis\Data1.cab\native.exe1 couldn't be repaired
C:\Temp2\Sophos Virus Removal Tool.exe is infected

Summary Report on C:\Temp2
File(s)
TotalFiles:............ 2573
Clean:................. 1964
Not Scanned:........... 606
Possibly Infected:..... 3

Time: 00:01:28

Scan completed on Thursday, May 07, 2020 13:49:15[/SIZE]
 

annew

Posts: 30   +3
Gave up on Sophos and did a Malwarebytes scan and this is the result

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/7/20
Scan Time: 7:04 AM
Log File: b611d782-906b-11ea-a0e5-00ff23235c2e.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.889
Update Package Version: 1.0.23404
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: KP\K

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 401665
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 3 hr, 35 min, 17 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)