Kevin Zoll

You have been told multiple times to run FRST with it's default settings. This support thread is terminated. Reason inability or unwillingness to follow directions.

Run a fresh scan with FRST, attach the new FRST scan logs to your reply.

The system is very infected, because it has pirated software installed, that is either cracked or activated by use of a keygen. The restore partition cannot be cleaned up. The entire PC needs to be wiped and the system reinstalled using the factory provided installation media.

You were told to run FRST with its default settings, which you obviously ignored. Continue to do things your own way and I will terminate all support and close your topic. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKU\S-1-5-21-185298743-3200257722-2405642193-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 BootExecute: autocheck autochk * icarus_rvrt.exe FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION S2 AvastWscReporter; "C:\Program Files\Avast Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X] S2 WajamUpdaterV3; "C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe" [X] <==== ATTENTION S2 WiseFs; \??\C:\Windows\WiseFs64.sys [X] 2020-09-30 10:13 - 2020-09-30 10:13 - 000000000 ____D C:\ProgramData\scg4 2020-09-30 09:49 - 2020-09-30 09:49 - 000000000 ____D C:\ProgramData\s8po 2020-09-30 09:47 - 2020-09-30 09:47 - 000000000 ____D C:\ProgramData\sds4 2020-09-30 09:41 - 2020-09-30 09:41 - 000000000 ____D C:\ProgramData\sbik 2020-09-30 09:41 - 2020-09-30 09:41 - 000000000 ____D C:\ProgramData\sbc 2020-09-30 09:41 - 2020-09-30 09:41 - 000000000 ____D C:\ProgramData\s24s ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier ContextMenuHandlers1: [UnlockerShell] -> {C7E87500-58D7-4777-9E7F-864A43B67BE9} => -> Pas de fichier ContextMenuHandlers4: [UnlockerShell] -> {C7E87500-58D7-4777-9E7F-864A43B67BE9} => -> Pas de fichier ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Pas de fichier ContextMenuHandlers6: [UnlockerShell] -> {C7E87500-58D7-4777-9E7F-864A43B67BE9} => -> Pas de fichier SearchScopes: HKU\S-1-5-21-185298743-3200257722-2405642193-1001 -> {7B5E17A5-1DFB-4269-9519-177F01849132} URL = SearchScopes: HKU\S-1-5-21-185298743-3200257722-2405642193-1002 -> DefaultScope {7B5E17A5-1DFB-4269-9519-177F01849132} URL = SearchScopes: HKU\S-1-5-21-185298743-3200257722-2405642193-1003 -> DefaultScope {7B5E17A5-1DFB-4269-9519-177F01849132} URL = SearchScopes: HKU\S-1-5-21-185298743-3200257722-2405642193-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-185298743-3200257722-2405642193-1011 -> DefaultScope {7B5E17A5-1DFB-4269-9519-177F01849132} URL = SearchScopes: HKU\S-1-5-21-185298743-3200257722-2405642193-1011 -> {7B5E17A5-1DFB-4269-9519-177F01849132} URL = FirewallRules: [{B22C3A96-D037-4C08-94CC-11DEF85F71AF}] => (Allow) C:\Program Files\MiniTool ShadowMaker\AgentService.exe => Pas de fichier FirewallRules: [{8212C5AF-EEBF-4FB1-AF4C-EDF0C9A158EE}] => (Allow) C:\Program Files\MiniTool ShadowMaker\AgentService.exe => Pas de fichier C:\SlimWare.Utilities.FixCleaner.v2.0.4398.833.Incl.Keygen-BRD\Keygen\Keygen.exe C:\SlimWare.Utilities.FixCleaner.v2.0.4398.833.Incl.Keygen-BRD\Keygen C:\SlimWare.Utilities.FixCleaner.v2.0.4398.833.Incl.Keygen-BRD C:\Stellar OST to PST Converter Technical 5.0\32bit-patch.exe C:\Stellar OST to PST Converter Technical 5.0\64bit-patch.exe C:\Stellar OST to PST Converter Technical 5.0 C:\ReviverSoft PC Reviver 3.10.0.22 Multilingual\Patch\created by Download's team.exe C:\ReviverSoft PC Reviver 3.10.0.22 Multilingual\Patch C:\ReviverSoft PC Reviver 3.10.0.22 Multilingual C:\Users\initi\Downloads\uTorrent Pro 3.5.5 build 45291 Full [New].zip C:\scoped_dir6176_1002108599\pre-scan_V9_18.10.19.1.exe C:\scoped_dir6176_1002108599 D:\SlimWare.Utilities.FixCleaner.v2.0.4398.833.Incl.Keygen-BRD\Keygen\Keygen.exe D:\SlimWare.Utilities.FixCleaner.v2.0.4398.833.Incl.Keygen-BRD\Keygen D:\SlimWare.Utilities.FixCleaner.v2.0.4398.833.Incl.Keygen-BRD D:\ReviverSoft PC Reviver 3.10.0.22 Multilingual\Patch\created by Download's team.exe D:\ReviverSoft PC Reviver 3.10.0.22 Multilingual\Patch D:\ReviverSoft PC Reviver 3.10.0.22 Multilingual D:\Stellar OST to PST Converter Technical 5.0\32bit-patch.exe D:\Stellar OST to PST Converter Technical 5.0\64bit-patch.exe D:\Stellar OST to PST Converter Technical 5.0 F:\ReviverSoft PC Reviver 3.10.0.22 Multilingual\Patch\created by Download's team.exe F:\ReviverSoft PC Reviver 3.10.0.22 Multilingual\Patch F:\ReviverSoft PC Reviver 3.10.0.22 Multilingual F:\scoped_dir6176_1002108599\pre-scan_V9_18.10.19.1.exe F:\scoped_dir6176_1002108599 Close Notepad. NOTE: It's important that both files, FRST, and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system IMPORTANT: Save all of your work, as the next step may reboot your computer. Run FRST and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. NOTE: If the tool warns you about an outdated version please download and run the updated version. Also, let me know how the machine is running now, and what remaining issues you've noticed.

You need to follow directions. Everything I ask you to run has to be run from an account with Administrator privileges. Also do not enable any settings that you were not asked to enable. Rerun FRST from an administrator account and do not change any of its default settings. Attach the new FRST scan reports to your reply.

You can allow AdwCleaner to remove the following ***** [ Folders ] ***** PUP.Optional.FileViewPro C:\Program Files\FileViewPro PUP.Optional.OneSafePCCleaner C:\Program Files (x86)\OneSafe PC Cleaner PUP.Optional.OneSafePCCleaner C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSafe PC Cleaner PUP.Optional.OneSafePCCleaner C:\Users\night sun anti-VEFM1\AppData\Roaming\OneSafe PC Cleaner PUP.Optional.WebBar C:\Program Files\WebDiscoverBrowser PUP.Optional.WebBar C:\Users\night sun anti-VEFM1\AppData\Local\WebDiscoverBrowser ***** [ Files ] ***** PUP.Optional.Legacy C:\Windows\System32\drivers\TFsFltX64.sys PUP.Optional.OneSafePCCleaner C:\Users\night sun anti-VEFM1\Desktop\ONESAFE PC CLEANER.LNK ***** [ Tasks ] ***** PUP.Optional.Legacy C:\Windows\System32\Tasks\RDREMINDER ***** [ Registry ] ***** PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86CDF84B-BB92-4BF1-BD7C-D20B03CB79F1} PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RDReminder PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{fd13f4a2-b0d8-4cad-9ccf-d4128eaf25ff}_is1 PUP.Optional.Legacy HKLM\Software\WebDiscoverBrowser PUP.Optional.Legacy HKLM\Software\Wow6432Node\WebDiscoverBrowser PUP.Optional.OneSafePCCleaner HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\OneSafe PC Cleaner_is1 Let me know when that is done. Also, please run fresh scans with EEK and FRST, attach the new scan reports to your reply.

Since most of what I see in your looks is a PUP, let's start with a tool that aggressively targets PUP's. Download AdwCleaner and save it to your desktop. Right-click AdwCleaner.exe and select Run as Administrator. Read and accept the End User License Agreement. Press the Scan Now button and wait for it to complete. A window titled Scan Results will open. Select Cancel. Click the Log Files button on the left pane. Double-click the newest log file to open it in Notepad. (AdwCleaner[Sxx].txt, where x is replaced by a number) Attach the scan log to your next reply. Note: the AdwCleaner log is also saved to C:\AdwCleaner\Logs\AdwCleaner[Sxx].txt

Hello @ainoha, Welcome to the Emsisoft Support Forums. Please read the entire instructions below. Yes, they are a bit lengthy and contain necessary administrative instructions as well as technical instructions. All users of the Emsisoft Support Forums who are in need of Malware Removal assistance are required to complete the procedures listed below: NOTE: You will want to print these instructions for reference, as you will perform all scans with all browsers closed. The majority of our support staff work Monday-Friday. We try very hard to answer all posts within 24-hours of the posting, but be aware that if you post anytime in the late afternoon or evening on Friday, or anytime on Saturday or Sunday, you will not receive an answer until Monday. Also, be aware that our support technicians may not be in the same time zone as you, therefore there could be several hours difference between when you post and the technician working your support case is available. The below guidelines are for the Help, my PC is infected! Support Forum. They are intended to help you provide the technician, working your thread, with enough information to start formulating a plan to clean your machine; and for you to leave the Emsisoft Support Forums with a safe, secure, functioning computer. Emsisoft does not condone the use of Pirated/Illegal software. If such software is found on your computer, the technician assisting you will insist that the Pirated/Illegal software be removed. We reserve the right to refuse help to anyone who is unwilling to uninstall Pirated/Illegal software We insist that anyone receiving help, here at the Emsisoft Support Forums, install an Anti-Malware program at a minimum to protect their system. Start only one thread requesting help. Keep all your questions in your thread. DO NOT start a new topic. If you don't know, stop and ask! Don't keep going on. Continue to respond until you are given "All Clear" (Just because you can't see a problem doesn't mean it isn't there) Once your case has been solved, the thread will be closed. Your thread will be closed after 72-hours of no activity. DO NOT use any form of Haxor, Leetspeak, Netspeak, IM speak and such in any postings on this forum. Use only proper spelling, grammar, punctuation, and capitalization. The more time the person helping you has to spend trying to figure out what you are saying, the longer it will take them to formulate a response. DO NOT post any logs without first completing the steps in this guide, they will be deleted. DO NOT copy and paste logs into your threads. All logs are to be attached to your post. Download to your Desktop: Emsisoft Emergency Kit Farbar Recovery Scan Tool NOTE: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. NOTE: If you are unable to download the tools from the infected system, the tools can be saved to and run from a USB flash drive. All scans are to be run in Normal Mode. WARNING: The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. Let's get started: Install and Run Emsisoft Emergency Kit (EEK): IMPORTANT If you have Emsisoft Anti-Malware (EAM) Installed do not install and use EEK. Instead run a custom scan with EAM and provided the EAM Scan report. Double click EmergencyKitScanner.exe to install EEK When the installation of EEK is complete the Emergency Kit scanner will run. NOTE: Make sure to enable PUPs detection. Click "Yes" to Update Emsisoft Emergency Kit Under "Scan" click-on "Malware Scan". IMPORTANT: Do not quarantine or delete anything. We just want the scan log without anything being quarantined or deleted. Save the scan log somewhere that you can find it. Exit Emsisoft Emergency Kit. Run Farbar Recovery Scan Tool (FRST): Double-click to run it. When the tool opens click Yes to the disclaimer. NOTE: DO NOT change any of the default settings. If you do we will just close your logs and ask for new ones ran with FRST's default settings. Press the Scan button. Farbar Recovery Scan Tool will produce the following logs: FRST.txt Addition.txt Attach the following logs to your reply: Emsisoft Emergency Kit log (C:\EEK\Reports) NOTE: If you ran EAM supply the EAM scan report. FRST.txt Addition.txt IMPORTANT NOTE: Any logs that are copied and pasted to a post will be removed from the post without being read. Do not alter or change the logs in any way. Once a Malware Removal Specialist has replied to your request for malware removal, they will handle your case from start to finish. You will have 72 hours to reply to any instructions given by the Malware Removal Specialist handling your case. Failure to comply with requests for information or instructions from the Malware Removal Specialist handling your case will result in the locking of your thread.

Thread Closed Reason: Lack of Response PM either Kevin, or Arthur to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread

Hello @KawkaGaming, Welcome to the Emsisoft Support Forums. Please read the entire instructions below. Yes, they are a bit lengthy and contain necessary administrative instructions as well as technical instructions. All users of the Emsisoft Support Forums who are in need of Malware Removal assistance are required to complete the procedures listed below: NOTE: You will want to print these instructions for reference, as you will perform all scans with all browsers closed. The majority of our support staff work Monday-Friday. We try very hard to answer all posts within 24-hours of the posting, but be aware that if you post anytime in the late afternoon or evening on Friday, or anytime on Saturday or Sunday, you will not receive an answer until Monday. Also, be aware that our support technicians may not be in the same time zone as you, therefore there could be several hours difference between when you post and the technician working your support case is available. The below guidelines are for the Help, my PC is infected! Support Forum. They are intended to help you provide the technician, working your thread, with enough information to start formulating a plan to clean your machine; and for you to leave the Emsisoft Support Forums with a safe, secure, functioning computer. Emsisoft does not condone the use of Pirated/Illegal software. If such software is found on your computer, the technician assisting you will insist that the Pirated/Illegal software be removed. We reserve the right to refuse help to anyone who is unwilling to uninstall Pirated/Illegal software We insist that anyone receiving help, here at the Emsisoft Support Forums, install an Anti-Malware program at a minimum to protect their system. Start only one thread requesting help. Keep all your questions in your thread. DO NOT start a new topic. If you don't know, stop and ask! Don't keep going on. Continue to respond until you are given "All Clear" (Just because you can't see a problem doesn't mean it isn't there) Once your case has been solved, the thread will be closed. Your thread will be closed after 72-hours of no activity. DO NOT use any form of Haxor, Leetspeak, Netspeak, IM speak and such in any postings on this forum. Use only proper spelling, grammar, punctuation, and capitalization. The more time the person helping you has to spend trying to figure out what you are saying, the longer it will take them to formulate a response. DO NOT post any logs without first completing the steps in this guide, they will be deleted. DO NOT copy and paste logs into your threads. All logs are to be attached to your post. Download to your Desktop: Emsisoft Emergency Kit Farbar Recovery Scan Tool NOTE: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. NOTE: If you are unable to download the tools from the infected system, the tools can be saved to and run from a USB flash drive. All scans are to be run in Normal Mode. WARNING: The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. Let's get started: Install and Run Emsisoft Emergency Kit (EEK): IMPORTANT If you have Emsisoft Anti-Malware (EAM) Installed do not install and use EEK. Instead run a custom scan with EAM and provided the EAM Scan report. Double click EmergencyKitScanner.exe to install EEK When the installation of EEK is complete the Emergency Kit scanner will run. NOTE: Make sure to enable PUPs detection. Click "Yes" to Update Emsisoft Emergency Kit Under "Scan" click-on "Malware Scan". IMPORTANT: Do not quarantine or delete anything. We just want the scan log without anything being quarantined or deleted. Save the scan log somewhere that you can find it. Exit Emsisoft Emergency Kit. Run Farbar Recovery Scan Tool (FRST): Double-click to run it. When the tool opens click Yes to the disclaimer. NOTE: DO NOT change any of the default settings. If you do we will just close your logs and ask for new ones ran with FRST's default settings. Press the Scan button. Farbar Recovery Scan Tool will produce the following logs: FRST.txt Addition.txt Attach the following logs to your reply: Emsisoft Emergency Kit log (C:\EEK\Reports) NOTE: If you ran EAM supply the EAM scan report. FRST.txt Addition.txt IMPORTANT NOTE: Any logs that are copied and pasted to a post will be removed from the post without being read. Do not alter or change the logs in any way. Once a Malware Removal Specialist has replied to your request for malware removal, they will handle your case from start to finish. You will have 72 hours to reply to any instructions given by the Malware Removal Specialist handling your case. Failure to comply with requests for information or instructions from the Malware Removal Specialist handling your case will result in the locking of your thread.

Windows 10 Pro retail is 175.82 € and Office Professional 2019 retails for 527.48€.

Hello @ROSARIO, Welcome to the Emsisoft Support Forums. Please let us know the results of updating Windows 10 to 2004.

Hello @Foxrazu, Welcome to the Emsisoft Support Forums. The presence of the below listed lines in your FRST reports indicate that the copy of Windows 10 Pro and/or Microsoft Office Professional Plus 2016 are not properly licensed and activated. Task: {95928783-BF6E-4D97-9888-B2A110BA06CC} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe 2020-07-10 13:50 - 2019-11-25 15:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico 2020-07-10 13:50 - 2019-11-25 15:54 - 000000000 ____D C:\Program Files\KMSpico 2020-07-10 13:47 - 2019-11-25 15:36 - 000000000 ____D C:\Program Files (x86)\KMSPico 11 2020-07-10 10:27 - 2019-11-25 15:35 - 000000000 ____D C:\Users\Oxfam\Downloads\KMSPico 11.0.2 [TeamDaz] Until such time that the aforementioned items are properly licensed activated no further assistance will be forthcoming.

Hello Peter, Welcome to the Emsisoft Support Forums. What is the version # of EEK that you are using?

Thread Closed Reason: Lack of Response PM either Kevin, or Arthur to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread