Windows 8.1 on a Toshiba Satellite P55t-A5118. I'm not sure if the machine is infected but too many odd occurrences.
I broke one my own cardinal rules on Thursday the 25th by accessing the hotel wifi which was 9 digit pin protected, the pin being generated randomly when the key card was made. I did not notice any issues until I booted the laptop up last night and got the windows File Name Warning for a file names "C;\program". I looked at the properties and everything was unknown but it was date/time stamped during my hotel stay. Pop-up prevented Webroot from starting until I re-named or ignored the issue.
I have two accounts (one the original MS account which I never use). I logged into the original account and did not get the same pop-up for File Name Warning which makes me think there might be something in the registry for the other login. I ran a Webroot scan and a Malwarebytes scan both of which came up empty. Some of the webroot features were not working which then made me a bit suspicious and in fact it only scanned about 7500 files which is way low. Also noticed that two hidden icons were present but the icons were not visible and could not be launched.
Re-logged in the primary account and received the pop-up again at which point I deleted the file in question. Re-ran malwarebytes with nothing detected. Windows Solve PC issues showed that all anti-virus was turned off and I then received a pop-up for requesting permission for WRSA.exe to modify the system (permission the webroot executable already had). I can restore to an earlier point but would prefer to find out if there is anything else left over. Any suggestions?