Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-05-2020 01 Ran by channeal (13-05-2020 15:41:32) Running from C:\Users\channeal\Desktop Microsoft Windows 10 Home Version 1909 18363.836 (X86) (2020-05-12 17:19:28) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2559438547-1515831249-1651957702-500 - Administrator - Enabled) => C:\Users\Administrator channeal (S-1-5-21-2559438547-1515831249-1651957702-1000 - Administrator - Enabled) => C:\Users\channeal DefaultAccount (S-1-5-21-2559438547-1515831249-1651957702-503 - Limited - Disabled) Guest (S-1-5-21-2559438547-1515831249-1651957702-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2559438547-1515831249-1651957702-1002 - Limited - Enabled) nealfamily (S-1-5-21-2559438547-1515831249-1651957702-1004 - Administrator - Enabled) => C:\Users\nealfamily UpdatusUser (S-1-5-21-2559438547-1515831249-1651957702-1003 - Limited - Enabled) => C:\Users\UpdatusUser WDAGUtilityAccount (S-1-5-21-2559438547-1515831249-1651957702-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.371 - Adobe) Facebook Gameroom 1.23.7426.18586 (HKLM\...\{58E3FB73-8B88-4807-A803-79B5ADA0136F}) (Version: 1.23.7426.18586 - Facebook) Microsoft OneDrive (HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation) Mozilla Firefox 76.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 76.0.1 (x86 en-GB)) (Version: 76.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 76.0.1 - Mozilla) OpenAL (HKLM\...\OpenAL) (Version: - ) Packages: ========= Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.36.5.0_x86__kgqvnymyfvs32 [2020-05-12] (king.com) Dell Document Hub -> C:\Program Files\WindowsApps\DellPrinter.DellDocumentHub_1.7.0.6_x86__nmdn7k89bxsn6 [2020-05-12] (DELL GLOBAL B.V. (SINGAPORE BRANCH)) Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.37.5.0_x86__kgqvnymyfvs32 [2020-05-12] (king.com) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-05-13] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x86__8wekyb3d8bbwe [2020-05-13] (Microsoft Studios) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x86__8wekyb3d8bbwe [2020-05-13] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\channeal\Favorites\Fotor for desktop.lnk -> hxxp://www.fotor.com/windows/review.htm Shortcut: C:\Users\channeal\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm ==================== Loaded Modules (Whitelisted) ============= 2020-05-01 10:23 - 2020-05-01 10:23 - 001184256 _____ ( () [File not signed]) [File is in use ] C:\Users\channeal\AppData\Local\Facebook\Games\CefSharp.Core.dll 2020-05-01 10:23 - 2020-05-01 10:23 - 071641088 _____ () [File not signed] C:\Users\channeal\AppData\Local\Facebook\Games\libcef.dll 2020-05-12 17:13 - 2009-03-26 14:46 - 000148480 _____ () [File not signed] C:\WINDOWS\SYSTEM32\APOMngr.DLL 2020-05-01 10:23 - 2020-05-01 10:23 - 000433664 _____ (The Chromium Authors) [File not signed] C:\Users\channeal\AppData\Local\Facebook\Games\chrome_elf.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2020-05-13 01:39 - 2020-05-13 01:34 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\channeal\Desktop\atheras.jpg DNS Servers: 194.168.4.100 - 194.168.8.100 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{83BFEBF7-A7F3-4F03-834E-4B8DDA62EE92}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{73CE15F7-DC9A-4C60-A63C-259437F30650}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) ==================== Restore Points ========================= 12-05-2020 22:45:58 Windows Update ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== System errors: ============= Error: (05/13/2020 03:43:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Connected Devices Platform Service service terminated with the following error: Unspecified error Error: (05/13/2020 03:43:30 PM) (Source: DCOM) (EventID: 10010) (User: NEAL1-DELL) Description: The server {284CACFE-B6F2-461A-90C3-A7ACC8353816} did not register with DCOM within the required timeout. Error: (05/13/2020 03:41:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Connected Devices Platform Service service terminated with the following error: Unspecified error Error: (05/13/2020 03:41:30 PM) (Source: DCOM) (EventID: 10010) (User: NEAL1-DELL) Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout. Error: (05/13/2020 03:39:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Connected Devices Platform Service service terminated with the following error: Unspecified error Error: (05/13/2020 03:39:30 PM) (Source: DCOM) (EventID: 10010) (User: NEAL1-DELL) Description: The server {F94358B1-E9AE-4D5C-AF66-CE50E67803C7} did not register with DCOM within the required timeout. Error: (05/13/2020 03:37:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Connected Devices Platform Service service terminated with the following error: Unspecified error Error: (05/13/2020 03:37:30 PM) (Source: DCOM) (EventID: 10010) (User: NEAL1-DELL) Description: The server {F94358B1-E9AE-4D5C-AF66-CE50E67803C7} did not register with DCOM within the required timeout. Windows Defender: =================================== Date: 2020-05-13 15:31:20.595 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.D!ml&threatid=2147749373&enterprise=0 Name: Trojan:Win32/Wacatac.D!ml ID: 2147749373 Severity: Severe Category: Trojan Path: file:_C:\Users\channeal\Desktop\FRST.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Windows\explorer.exe Security intelligence Version: AV: 1.315.565.0, AS: 1.315.565.0, NIS: 1.315.565.0 Engine Version: AM: 1.1.17000.7, NIS: 1.1.17000.7 Date: 2020-05-13 15:28:38.390 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.D!ml&threatid=2147749373&enterprise=0 Name: Trojan:Win32/Wacatac.D!ml ID: 2147749373 Severity: Severe Category: Trojan Path: file:_C:\Users\channeal\Desktop\FRST.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Windows\explorer.exe Security intelligence Version: AV: 1.315.565.0, AS: 1.315.565.0, NIS: 1.315.565.0 Engine Version: AM: 1.1.17000.7, NIS: 1.1.17000.7 Date: 2020-05-13 15:27:25.552 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.D!ml&threatid=2147749373&enterprise=0 Name: Trojan:Win32/Wacatac.D!ml ID: 2147749373 Severity: Severe Category: Trojan Path: file:_C:\Users\channeal\Desktop\FRST.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Windows\explorer.exe Security intelligence Version: AV: 1.315.565.0, AS: 1.315.565.0, NIS: 1.315.565.0 Engine Version: AM: 1.1.17000.7, NIS: 1.1.17000.7 ==================== Memory info =========================== BIOS: Dell Inc. DELL - 7 01/08/2007 Motherboard: Dell Inc. 0FJ030 Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz Percentage of memory in use: 47% Total physical RAM: 3582.16 MB Available physical RAM: 1893.47 MB Total Virtual: 4926.16 MB Available Virtual: 3477.54 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.57 GB) (Free:111.8 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (Cloned Files) (Fixed) (Total:65.76 GB) (Free:31.23 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (Data) (Fixed) (Total:400 GB) (Free:267.23 GB) NTFS Drive k: (TOURO Mobile) (Fixed) (Total:931.51 GB) (Free:619.51 GB) NTFS \\?\Volume{3758cd02-0000-0000-0000-402425000000}\ () (Fixed) (Total:0.44 GB) (Free:0.08 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149 GB) (Disk ID: 3758CD02) Partition 1: (Active) - (Size=148.6 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=453 MB) - (Type=27) ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 092D3660) Partition 1: (Active) - (Size=65.8 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=400 GB) - (Type=07 NTFS) ========================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: B873C38B) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================