Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-05-2020 Ran by channeal (13-05-2020 11:34:08) Running from C:\Users\channeal\Desktop Microsoft Windows 10 Home Version 1909 18363.836 (X86) (2020-05-12 17:19:28) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2559438547-1515831249-1651957702-500 - Administrator - Enabled) => C:\Users\Administrator channeal (S-1-5-21-2559438547-1515831249-1651957702-1000 - Administrator - Enabled) => C:\Users\channeal DefaultAccount (S-1-5-21-2559438547-1515831249-1651957702-503 - Limited - Disabled) Guest (S-1-5-21-2559438547-1515831249-1651957702-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2559438547-1515831249-1651957702-1002 - Limited - Enabled) nealfamily (S-1-5-21-2559438547-1515831249-1651957702-1004 - Administrator - Enabled) => C:\Users\nealfamily UpdatusUser (S-1-5-21-2559438547-1515831249-1651957702-1003 - Limited - Enabled) => C:\Users\UpdatusUser WDAGUtilityAccount (S-1-5-21-2559438547-1515831249-1651957702-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Microsoft OneDrive (HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation) Mozilla Firefox 76.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 76.0.1 (x86 en-GB)) (Version: 76.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 76.0.1 - Mozilla) OpenAL (HKLM\...\OpenAL) (Version: - ) Packages: ========= Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.36.5.0_x86__kgqvnymyfvs32 [2020-05-12] (king.com) Dell Document Hub -> C:\Program Files\WindowsApps\DellPrinter.DellDocumentHub_1.7.0.6_x86__nmdn7k89bxsn6 [2020-05-12] (DELL GLOBAL B.V. (SINGAPORE BRANCH)) Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.37.5.0_x86__kgqvnymyfvs32 [2020-05-12] (king.com) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-05-13] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x86__8wekyb3d8bbwe [2020-05-13] (Microsoft Studios) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x86__8wekyb3d8bbwe [2020-05-13] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\channeal\Favorites\Fotor for desktop.lnk -> hxxp://www.fotor.com/windows/review.htm Shortcut: C:\Users\channeal\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm ==================== Loaded Modules (Whitelisted) ============= 2020-05-12 17:13 - 2009-03-26 14:46 - 000148480 _____ () [File not signed] C:\WINDOWS\SYSTEM32\APOMngr.DLL ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2020-05-13 01:39 - 2020-05-13 01:34 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\channeal\Desktop\atheras.jpg DNS Servers: 194.168.4.100 - 194.168.8.100 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{83BFEBF7-A7F3-4F03-834E-4B8DDA62EE92}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{73CE15F7-DC9A-4C60-A63C-259437F30650}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) ==================== Restore Points ========================= 12-05-2020 22:45:58 Windows Update ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (05/13/2020 11:29:59 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3532,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (05/13/2020 12:02:57 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (05/13/2020 12:02:57 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (05/12/2020 10:50:02 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (6136,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (05/12/2020 10:46:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (05/12/2020 10:21:47 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (6100,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (05/12/2020 09:29:54 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (4404,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (05/12/2020 08:52:05 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (2660,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. System errors: ============= Error: (05/13/2020 11:35:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Connected Devices Platform Service service terminated with the following error: Unspecified error Error: (05/13/2020 11:35:34 AM) (Source: DCOM) (EventID: 10010) (User: NEAL1-DELL) Description: The server {F94358B1-E9AE-4D5C-AF66-CE50E67803C7} did not register with DCOM within the required timeout. Error: (05/13/2020 11:33:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Connected Devices Platform Service service terminated with the following error: Unspecified error Error: (05/13/2020 11:33:34 AM) (Source: DCOM) (EventID: 10010) (User: NEAL1-DELL) Description: The server {F94358B1-E9AE-4D5C-AF66-CE50E67803C7} did not register with DCOM within the required timeout. Error: (05/13/2020 11:31:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Connected Devices Platform Service service terminated with the following error: Unspecified error Error: (05/13/2020 11:31:33 AM) (Source: DCOM) (EventID: 10010) (User: NEAL1-DELL) Description: The server {284CACFE-B6F2-461A-90C3-A7ACC8353816} did not register with DCOM within the required timeout. Error: (05/13/2020 11:29:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Connected Devices Platform Service service terminated with the following error: Unspecified error Error: (05/13/2020 11:29:33 AM) (Source: DCOM) (EventID: 10010) (User: NEAL1-DELL) Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout. Windows Defender: =================================== Date: 2020-05-13 11:20:21.874 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:AutoIt/Injector.J!ibt&threatid=2147741828&enterprise=0 Name: Trojan:AutoIt/Injector.J!ibt ID: 2147741828 Severity: Severe Category: Trojan Path: file:_C:\Users\channeal\Desktop\FRST.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Windows\System32\PickerHost.exe Security intelligence Version: AV: 1.315.501.0, AS: 1.315.501.0, NIS: 1.315.501.0 Engine Version: AM: 1.1.17000.7, NIS: 1.1.17000.7 Date: 2020-05-13 11:19:43.472 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:AutoIt/Injector.J!ibt&threatid=2147741828&enterprise=0 Name: Trojan:AutoIt/Injector.J!ibt ID: 2147741828 Severity: Severe Category: Trojan Path: file:_C:\Users\channeal\Desktop\FRST.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Windows\System32\PickerHost.exe Security intelligence Version: AV: 1.315.501.0, AS: 1.315.501.0, NIS: 1.315.501.0 Engine Version: AM: 1.1.17000.7, NIS: 1.1.17000.7 Date: 2020-05-13 11:17:35.924 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:AutoIt/Injector.J!ibt&threatid=2147741828&enterprise=0 Name: Trojan:AutoIt/Injector.J!ibt ID: 2147741828 Severity: Severe Category: Trojan Path: file:_C:\Users\channeal\Desktop\FRST.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Windows\explorer.exe Security intelligence Version: AV: 1.315.501.0, AS: 1.315.501.0, NIS: 1.315.501.0 Engine Version: AM: 1.1.17000.7, NIS: 1.1.17000.7 Date: 2020-05-13 11:15:28.718 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:AutoIt/Injector.J!ibt&threatid=2147741828&enterprise=0 Name: Trojan:AutoIt/Injector.J!ibt ID: 2147741828 Severity: Severe Category: Trojan Path: file:_C:\Users\channeal\Desktop\FRST.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.315.501.0, AS: 1.315.501.0, NIS: 1.315.501.0 Engine Version: AM: 1.1.17000.7, NIS: 1.1.17000.7 ==================== Memory info =========================== BIOS: Dell Inc. DELL - 7 01/08/2007 Motherboard: Dell Inc. 0FJ030 Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz Percentage of memory in use: 46% Total physical RAM: 3582.16 MB Available physical RAM: 1901.95 MB Total Virtual: 4926.16 MB Available Virtual: 3424.7 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.57 GB) (Free:112.7 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (Cloned Files) (Fixed) (Total:65.76 GB) (Free:31.23 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (Data) (Fixed) (Total:400 GB) (Free:267.23 GB) NTFS Drive k: (TOURO Mobile) (Fixed) (Total:931.51 GB) (Free:619.51 GB) NTFS \\?\Volume{3758cd02-0000-0000-0000-402425000000}\ () (Fixed) (Total:0.44 GB) (Free:0.08 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149 GB) (Disk ID: 3758CD02) Partition 1: (Active) - (Size=148.6 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=453 MB) - (Type=27) ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 092D3660) Partition 1: (Active) - (Size=65.8 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=400 GB) - (Type=07 NTFS) ========================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: B873C38B) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================