Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-08-2020 Ran by Marcus (04-08-2020 14:51:35) Running from C:\Users\Marcus\Videos Microsoft Windows 7 Starter Service Pack 1 (X86) (2020-07-26 15:02:21) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1645230268-563741961-2066604008-500 - Administrator - Disabled) Guest (S-1-5-21-1645230268-563741961-2066604008-501 - Limited - Disabled) Marcus (S-1-5-21-1645230268-563741961-2066604008-1000 - Administrator - Enabled) => C:\Users\Marcus ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Webroot SecureAnywhere (Enabled - Up to date) {A16A5B28-D1C0-417E-771B-123558EECC69} AS: Webroot SecureAnywhere (Enabled - Up to date) {1A0BBACC-F7FA-4EF0-4DAB-2947236986D4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - ) 7-Zip 18.01 (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov) CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform) EasyBCD 2.3 (HKLM\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies) IVONA 2 (HKLM\...\IVONA 2) (Version: 1.6.3 - IVO Software Sp. z o.o.) IVONA MiniReader (HKLM\...\IVONA MiniReader) (Version: - IVO Software Sp. z o.o.) IVONA Reader (HKLM\...\IVONA Reader) (Version: - IVO Software Sp. z o.o.) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) NirSoft OpenedFilesView (HKLM\...\NirSoft OpenedFilesView) (Version: - ) NVIDIA Graphics Driver 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.90 - NVIDIA Corporation) PowerStrip 3 (remove only) (HKLM\...\PowerStrip 3 (remove only)) (Version: - ) Reg Organizer version 7.40 (HKLM\...\Reg Organizer_is1) (Version: 7.40 - ChemTable Software) Sp5 (HKLM\...\{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}) (Version: 5.1.4324.0 - Microsoft) Hidden Sp5Intl (HKLM\...\{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}) (Version: 5.1.4324.0 - Microsoft) Hidden Sp5TTInt (HKLM\...\{E415C943-37E5-473F-8BAE-043C56734124}) (Version: 5.1.4324.0 - Microsoft) Hidden SpCommon (HKLM\...\{6C3959C6-943E-44B3-BAAD-570B04B134E5}) (Version: 5.1.4324.0 - Microsoft) Hidden SpPhones (HKLM\...\{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}) (Version: 6.0.3122.0 - Microsoft) Hidden SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1 - Krzysztof Kowalczyk) Virtual Magnifying Glass v3.6 (HKLM\...\Virtual Magnifying Glass_is1) (Version: - ) Webroot SecureAnywhere (HKLM\...\WRUNINST) (Version: 9.0.28.48 - Webroot) Windows x86 (32bit) 4Gb-Fix (Up to 128Gb) (HKLM\...\ntk128gb) (Version: 0.0.0.48 - evgen_?) WinRAR 5.90 (32-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH) Wise JetSearch 4.1.1 (HKLM\...\Wise JetSearch_is1) (Version: 4.1.1 - WiseCleaner.com, Inc.) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\windows\system32\WRusr.dll [2020-08-04] (Webroot Inc. -> Webroot) ContextMenuHandlers6: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\windows\system32\WRusr.dll [2020-08-04] (Webroot Inc. -> Webroot) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer_disabled::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ShortcutWithArgument: C:\Users\Marcus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\62d757ab9d1d0be\FlashPeak Slimjet.lnk -> C:\Program Files\Slimjet\slimjet.exe (FlashPeak Inc.) -> --profile-directory=Default ==================== Loaded Modules (Whitelisted) ============= 2009-07-14 01:35 - 2011-08-09 17:00 - 000035840 _____ () [File not signed] C:\windows\system32\slc.dll 2020-07-26 17:08 - 2018-01-28 17:00 - 000049152 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2020-08-01 21:59 - 000000064 _____ C:\windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1645230268-563741961-2066604008-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.100.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) mpsdrv => Firewall Service is not running. MpsSvc => Firewall Service is not running. bfe => Firewall Service is not running. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{59B22930-20D1-433E-88FA-85F7923F268A}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= Check "VSS" service ==================== Faulty Device Manager Devices ============ Name: Atheros AR9285 802.11b/g WiFi Adapter Description: Atheros AR9285 802.11b/g WiFi Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Atheros Communications Inc. Service: athr Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ======================== Application errors: ================== Error: (08/04/2020 02:51:53 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. . Operation: Instantiating VSS server Error: (08/04/2020 02:51:53 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Operation: Instantiating VSS server Error: (08/04/2020 02:47:00 PM) (Source: MsiInstaller) (EventID: 11722) (User: NT AUTHORITY) Description: Product: Core -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action CA_WRCA_INSTALL, location: C:\windows\Installer\MSI7C33.tmp, command: /Install "C:\Program Files\Webroot\Core\\" System errors: ============= Error: (08/04/2020 02:45:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The PStrip service failed to start due to the following error: The specified procedure could not be found. Error: (08/04/2020 02:45:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The PStrip service failed to start due to the following error: The specified procedure could not be found. Error: (08/04/2020 02:45:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The PStrip service failed to start due to the following error: The specified procedure could not be found. Error: (08/04/2020 02:45:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The PStrip service failed to start due to the following error: The specified procedure could not be found. Error: (08/04/2020 02:45:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The PStrip service failed to start due to the following error: The specified procedure could not be found. Error: (08/04/2020 02:45:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The PStrip service failed to start due to the following error: The specified procedure could not be found. Error: (08/04/2020 02:45:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The PStrip service failed to start due to the following error: The specified procedure could not be found. Error: (08/04/2020 02:45:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The PStrip service failed to start due to the following error: The specified procedure could not be found. ==================== Memory info =========================== BIOS: Hewlett-Packard F.11 08/21/2009 Motherboard: Quanta 306A Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz Percentage of memory in use: 26% Total physical RAM: 4062.93 MB Available physical RAM: 2988.16 MB Total Virtual: 8124.22 MB Available Virtual: 7052.46 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:48.73 GB) (Free:29.97 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (Home) (Fixed) (Total:188.81 GB) (Free:86.82 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: () (Fixed) (Total:60.56 GB) (Free:41.92 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 29574688) Partition 1: (Active) - (Size=48.7 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=188.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=60.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================