Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-03-2020
Ran by Israelboy (02-04-2020 10:32:53)
Running from C:\Users\Israelboy\Downloads
Windows 10 Pro Version 1909 18363.720 (X64) (2020-03-29 20:07:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2144179286-1767492315-836047351-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2144179286-1767492315-836047351-503 - Limited - Disabled)
Guest (S-1-5-21-2144179286-1767492315-836047351-501 - Limited - Disabled)
Israelboy (S-1-5-21-2144179286-1767492315-836047351-1001 - Administrator - Enabled) => C:\Users\Israelboy
WDAGUtilityAccount (S-1-5-21-2144179286-1767492315-836047351-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.149 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2144179286-1767492315-836047351-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-03-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-03-30] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.1224.0_x64__8wekyb3d8bbwe [2020-03-30] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-30] (Microsoft Corporation) [MS Ad]
Norton Safe Web -> C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.11.3.0_neutral__v68kp9n051hdp [2020-04-01] (Symantec Corporation)
Norton Security -> C:\Program Files\WindowsApps\SymantecCorporation.NortonSecurity_1.9.710.0_x64__v68kp9n051hdp [2020-04-01] (Symantec Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-18 21:49 - 2019-03-18 21:49 - 000000824 ____N C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2144179286-1767492315-836047351-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{84747270-3233-442D-8507-949859E1EA2F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{352D1989-F563-4D31-BDD9-2DC2FDD25E4D}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Synaptics PS/2 Port TouchPad
Description: Synaptics PS/2 Port TouchPad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (04/02/2020 10:31:38 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x800401fb, Object is not registered
.


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ac5676de-899b-42a3-891e-56d13973e80e}

Error: (04/02/2020 10:31:38 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x800401fb, Object is not registered
]


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ac5676de-899b-42a3-891e-56d13973e80e}

Error: (04/02/2020 09:56:15 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/02/2020 09:02:52 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IEventSystem::Store.  hr = 0x80010108, The object invoked has disconnected from its clients.
.


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {06d7ab01-7660-4a7c-a8b8-5fc11b4cd2c8}

Error: (04/02/2020 09:00:51 AM) (Source: VSS) (EventID: 12342) (User: )
Description: Volume Shadow Copy Error: An error 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
 was encountered while trying to initialize the Registry Writer.  This may cause
future shadow-copy creations to fail.

Error: (04/02/2020 09:00:51 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine Subscribing the Registry server writer failed. hr = 8004230208lx.  hr = 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
.

Error: (04/02/2020 09:00:51 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IEventSystem::Store.  hr = 0x80070005, Access is denied.
.


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {80b1ec3a-027b-4532-848c-6464482cfbb3}

Error: (04/02/2020 08:56:59 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IEventSystem::Store.  hr = 0x80010108, The object invoked has disconnected from its clients.
.


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ffc0abb6-8f28-4202-98fd-f6a293053445}


System errors:
=============
Error: (04/02/2020 10:31:37 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register with DCOM within the required timeout.

Error: (04/02/2020 09:02:51 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register with DCOM within the required timeout.

Error: (04/02/2020 08:56:58 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register with DCOM within the required timeout.

Error: (04/02/2020 08:34:18 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register with DCOM within the required timeout.

Error: (04/02/2020 07:37:16 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register with DCOM within the required timeout.

Error: (04/02/2020 07:08:36 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register with DCOM within the required timeout.

Error: (04/02/2020 06:34:44 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register with DCOM within the required timeout.

Error: (04/02/2020 06:01:44 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2020-04-02 08:54:59.648
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:AutoIt/Injector.J!ibt&threatid=2147741828&enterprise=0
Name: Trojan:AutoIt/Injector.J!ibt
ID: 2147741828
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Israelboy\Downloads\FRST.exe; webfile:_C:\Users\Israelboy\Downloads\FRST.exe|http://www.geekstogo.com/forum/files/get/4774eb487ba647a8413165a485129423/6919-FRST.exe|pid:10376,ProcessStart:132302738638043925
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
Process Name: Unknown
Security intelligence Version: AV: 1.313.588.0, AS: 1.313.588.0, NIS: 1.313.588.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-03-30 13:51:57.878
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {12ED8081-5D43-42AF-B468-7432CA189784}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2020-03-30 18:17:35.344
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.313.431.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16900.4
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode 

Date: 2020-03-30 18:07:32.277
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2020-03-30 13:37:10.838
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.285.74.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2020-03-30 13:37:10.837
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.285.74.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2020-03-30 13:37:10.837
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.285.74.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

==================== Memory info =========================== 

BIOS: Hewlett-Packard F.16 01/22/2010
Motherboard: Hewlett-Packard 3658
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 92%
Total physical RAM: 3894.86 MB
Available physical RAM: 295.46 MB
Total Virtual: 7862.86 MB
Available Virtual: 1842.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.44 GB) (Free:191.16 GB) NTFS

\\?\Volume{856db518-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{856db518-0000-0000-0000-40bb37000000}\ () (Fixed) (Total:0.64 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 856DB518)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=658 MB) - (Type=27)

==================== End of Addition.txt =======================