Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Advanced Identity Protection scam


  • Please log in to reply

#1
tazmd1

tazmd1

    New Member

  • Member
  • Pip
  • 3 posts
My friend was the victim of an attack the other day using her browser (Chrome)to order some ink catridges from Amazon.  SHe saisd she went to order it and got a alert screen that flashed and screamed nosily at her  Of course she panicked and called the number on the screen instead of just shutting the lid down and calling me to take some corrective action.  Of course the then gave the person on the other end of the phone remote access to it.  She allowed them to install Advanced Identity Protection and scan thru her system.  When they asked her for her credit card number she finally hung up the phone and shut down the laptop. 
Thats all the info I have other than I did shut down (or attempted to) Advanced Security Protection which I am sure is still active since with it shut down it popped up with a 24 hrs notice to buy it while I was here online.  I also ran the offline scanner for Microsoft's Windows Security with nothing found.  I did have it disabled when I ran the fasbar tool.  I am running it again with it enabled but have been having problems having GTG let me post it with the original scans.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-11-2019
Ran by bloom (administrator) on DESKTOP-6E6EVRB (Hewlett-Packard HP ZBook 15 G2) (10-11-2019 11:34:36)
Running from C:\Users\bloom\Desktop
Loaded Profiles: bloom (Available Profiles: bloom)
Platform: Windows 10 Pro Version 1903 18362.418 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\AMD\CNext\CCCSlim\CCC.exe
(Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\AMD\CNext\CCCSlim\MOM.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0340598.inf_amd64_3f98f2335f59980a\B340501\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0340598.inf_amd64_3f98f2335f59980a\B340501\atiesrxx.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HPHotkeyNotification.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\LanWlanWwanSwitchingServiceUWP.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\bloom\AppData\Local\Microsoft\OneDrive\19.174.0902.0013\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\bloom\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1001.4.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.33.18003.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.33.18003.0_x64__8wekyb3d8bbwe\GameBarFT.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\NisSrv.exe
(PC DRIVERS HEADQUARTERS I, INC -> PC Drivers Headquarters LP) C:\Program Files (x86)\Driver Support\DriverSupport.exe
(PC DRIVERS HEADQUARTERS I, INC -> PC Drivers HeadQuarters LP) C:\Program Files (x86)\Driver Support\svc\DriverSupportAO.exe
(PC DRIVERS HEADQUARTERS I, INC -> PC Drivers HeadQuarters LP) C:\Program Files (x86)\Driver Support\svc\DriverSupportAOsvc.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9274304 2018-05-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.97\Installer\chrmstp.exe [2019-11-07] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02DAFBAA-F9FB-4176-83A0-0B31D7F02395} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\DriverSupport.exe [10714752 2018-12-12] (PC DRIVERS HEADQUARTERS I, INC -> PC Drivers Headquarters LP) <==== ATTENTION
Task: {04542C0B-D2AD-4FCF-83DC-63B87E076C89} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-14] (Google Inc -> Google LLC)
Task: {045FC227-3C81-4FF3-87DE-5273C9CBA129} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367496 2019-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {153B74EB-A15C-407A-81F3-4FB290C0B2FE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2169960 2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {19EB2CF3-6901-4777-BEB2-AEFF0A03C387} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2169960 2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {1D91F2F4-E286-404B-9D11-0AE8C200BB15} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367496 2019-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {3F3C0144-B07A-4BFE-B1FE-EAA78527610B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [156504 2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {4D33D6D3-0F80-4DAA-B400-156C73C5E3C4} - System32\Tasks\Advanced Identity Protector_PM => C:\Program Files (x86)\Advanced Identity Protector\AdvancedIdentityProtector.exe [14553056 2019-09-12] (SYSTWEAK SOFTWARE PVT. LTD. -> Systweak)
Task: {5304AC2C-4A45-4D1E-B8EA-3E197312E046} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {53FC9F4D-7D7A-4267-8A77-1B515352891F} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe
Task: {69B3FB09-36C5-4552-AB8E-A89FBC5C456C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {726C3970-532F-4B04-90F1-19760264D446} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [156504 2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {726D2384-64FF-4B2C-AAB3-5B70222E8B1A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9714ECC3-3394-44EC-8704-24170D4877FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9AAD7871-66D8-46A8-BC52-814547571CD8} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\DriverSupport.exe [10714752 2018-12-12] (PC DRIVERS HEADQUARTERS I, INC -> PC Drivers Headquarters LP) <==== ATTENTION
Task: {AFEBED55-7804-4C4C-A03A-9D87B1AEF7C4} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [58760 2019-03-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {B6B1EFCD-6406-43FA-8393-6BB652E5B1C6} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\DriverSupport.exe [10714752 2018-12-12] (PC DRIVERS HEADQUARTERS I, INC -> PC Drivers Headquarters LP) <==== ATTENTION
Task: {D0C2ECB7-FD58-4B12-B3FC-B100F1EFD071} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-14] (Google Inc -> Google LLC)
Task: {DAF76242-238D-4EC8-8446-897C9E5FD9BB} - System32\Tasks\Advanced Identity Protector_startup => C:\Program Files (x86)\Advanced Identity Protector\AdvancedIdentityProtector.exe [14553056 2019-09-12] (SYSTWEAK SOFTWARE PVT. LTD. -> Systweak)
Task: {E59889C5-0F30-41F4-87AE-C351A8852DB0} - System32\Tasks\Driver Support => C:\Program Files (x86)\Driver Support\DriverSupport.exe [10714752 2018-12-12] (PC DRIVERS HEADQUARTERS I, INC -> PC Drivers Headquarters LP) <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{12cb1cf4-f80b-4f72-b15f-ba0504ded8e0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{436f444c-59a9-47e9-bbfc-f3d53f594240}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{7db86fe9-2391-4e80-af7b-6ea792d2cb95}: [DhcpNameServer] 192.168.5.2
Tcpip\..\Interfaces\{c7b26553-0523-40a7-85c1-29669b8dbfcb}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-07-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-07-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-07-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
Chrome:
=======
CHR Profile: C:\Users\bloom\AppData\Local\Google\Chrome\User Data\Default [2019-11-07]
CHR Extension: (Slides) - C:\Users\bloom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-07-14]
CHR Extension: (Docs) - C:\Users\bloom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-07-14]
CHR Extension: (Google Drive) - C:\Users\bloom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-07-14]
CHR Extension: (YouTube) - C:\Users\bloom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-07-14]
CHR Extension: (Sheets) - C:\Users\bloom\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\bloom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bloom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06]
CHR Extension: (Gmail) - C:\Users\bloom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\bloom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-05]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\c0340598.inf_amd64_3f98f2335f59980a\B340501\atiesrxx.exe [516824 2019-03-22] (Advanced Micro Devices, Inc. -> AMD)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11642744 2019-10-25] (Microsoft Corporation -> Microsoft Corporation)
R2 DSAO; C:\Program Files (x86)\driver support\svc\DriverSupportAOsvc.exe [2033104 2016-10-22] (PC DRIVERS HEADQUARTERS I, INC -> PC Drivers HeadQuarters LP) <==== ATTENTION <==== ATTENTION
R2 HotKeyServiceUWP; C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe [819856 2019-05-14] (HP Inc. -> HP Inc.)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [529696 2019-04-23] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373760 2017-01-27] (Intel® pGFX -> Intel Corporation)
R2 LanWlanWwanSwitchingServiceUWP; C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\LanWlanWwanSwitchingServiceUWP.exe [731072 2019-05-14] (HP Inc. -> HP Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2019-02-01] (HP Inc.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2019-02-01] (HP Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [265664 2018-05-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-09-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246872 2017-11-17] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [3201616 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MsMpEng.exe [103168 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Accelerometer; C:\Windows\System32\drivers\Accelerometer.sys [53904 2019-07-22] (HP Inc. -> HP)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0340598.inf_amd64_3f98f2335f59980a\B340501\atikmdag.sys [52894936 2019-03-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0340598.inf_amd64_3f98f2335f59980a\B340501\atikmpag.sys [598744 2019-03-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [111232 2019-03-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [111112 2017-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R0 hpdskflt; C:\Windows\System32\drivers\hpdskflt.sys [41104 2019-07-22] (HP Inc. -> HP)
S3 HPEWSFXBULK; C:\Windows\system32\drivers\hpfx64bulk.sys [29104 2019-06-11] (Hewlett-Packard Company -> Hewlett Packard)
R3 HpqKbFiltr; C:\Windows\System32\drivers\HpqKbFiltr.sys [50752 2019-05-14] (HP Inc. -> HP Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [239392 2019-04-23] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3595472 2018-10-12] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
S3 Netwtw02; C:\Windows\System32\drivers\Netwtw02.sys [6824656 2018-10-12] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R3 RTSPER; C:\Windows\System32\drivers\RtsPer.sys [887240 2018-05-29] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42584 2017-11-17] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv64.sys [1063520 2017-02-23] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-10-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [351968 2019-10-29] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2019-10-29] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-11-10 13:36 - 2019-11-10 13:36 - 088604672 _____ C:\Windows\system32\config\SOFTWARE
2019-11-10 13:23 - 2019-11-10 13:36 - 000000000 ____D C:\Windows\Microsoft Antimalware
2019-11-10 11:34 - 2019-11-10 11:35 - 000022071 _____ C:\Users\bloom\Desktop\FRST.txt
2019-11-10 11:33 - 2019-11-10 11:35 - 000000000 ____D C:\FRST
2019-11-10 11:24 - 2019-11-10 11:24 - 002260480 _____ (Farbar) C:\Users\bloom\Desktop\FRST64.exe
2019-11-10 11:15 - 2019-11-10 11:15 - 000000000 ___HD C:\OneDriveTemp
2019-11-06 13:34 - 2019-11-10 11:14 - 000000000 ____D C:\Users\bloom\AppData\Roaming\ADNPR
2019-11-06 13:34 - 2019-11-10 10:42 - 000003530 _____ C:\Windows\system32\Tasks\Advanced Identity Protector_PM
2019-11-06 13:34 - 2019-11-06 13:34 - 000003272 _____ C:\Windows\system32\Tasks\Advanced Identity Protector_startup
2019-11-06 13:34 - 2019-11-06 13:34 - 000001301 _____ C:\Users\Public\Desktop\Advanced Identity Protector.lnk
2019-11-06 13:34 - 2019-11-06 13:34 - 000001301 _____ C:\ProgramData\Desktop\Advanced Identity Protector.lnk
2019-11-06 13:34 - 2019-11-06 13:34 - 000000000 ____D C:\Users\bloom\AppData\Roaming\Advanced Identity Protector
2019-11-06 13:34 - 2019-11-06 13:34 - 000000000 ____D C:\Users\bloom\AppData\Local\Systweak
2019-11-06 13:34 - 2019-11-06 13:34 - 000000000 ____D C:\ProgramData\Systweak
2019-11-06 13:34 - 2019-11-06 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Identity Protector
2019-11-06 13:34 - 2019-11-06 13:34 - 000000000 ____D C:\Program Files (x86)\Advanced Identity Protector
2019-11-06 13:34 - 2019-05-27 15:45 - 000024768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2019-11-06 13:34 - 2019-05-27 15:45 - 000023232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2019-11-06 13:34 - 2019-05-27 15:45 - 000021184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2019-11-06 13:34 - 2019-05-27 15:45 - 000019136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2019-11-06 13:34 - 2019-05-27 15:45 - 000019136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2019-11-06 13:34 - 2019-05-27 15:45 - 000018624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2019-11-06 13:34 - 2019-05-27 15:45 - 000018624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2019-11-06 13:34 - 2019-05-27 15:45 - 000018624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2019-11-06 13:16 - 2019-11-06 13:16 - 000000000 ____D C:\Users\bloom\AppData\Local\GoToAssist Remote Support Customer
2019-11-06 13:16 - 2019-11-06 13:16 - 000000000 ____D C:\Users\bloom\AppData\Local\GoTo Opener
2019-11-06 13:12 - 2019-11-10 11:15 - 000004166 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{8348E36B-36A8-4444-A45E-1CBEA1683424}
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-11-10 11:33 - 2019-03-18 23:50 - 000000000 ____D C:\Windows\INF
2019-11-10 11:31 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-11-10 11:18 - 2019-05-01 12:32 - 000840888 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-10 11:15 - 2019-07-14 13:57 - 000000000 ___RD C:\Users\bloom\OneDrive
2019-11-10 11:15 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\AppReadiness
2019-11-10 11:13 - 2019-05-01 12:26 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-11-10 10:38 - 2019-07-14 14:02 - 000000000 ____D C:\Users\bloom\AppData\Local\D3DSCache
2019-11-10 10:37 - 2019-07-14 13:56 - 000000000 __SHD C:\Users\bloom\IntelGraphicsProfiles
2019-11-10 10:37 - 2019-07-02 13:58 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-11-10 10:37 - 2019-05-01 12:26 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-10 10:23 - 2019-07-02 12:36 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2019-11-10 10:23 - 2019-03-18 23:37 - 000786432 _____ C:\Windows\system32\config\BBI
2019-11-09 13:43 - 2019-03-18 23:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-11-07 13:02 - 2019-07-14 13:49 - 000000000 ____D C:\Users\bloom
2019-11-07 13:00 - 2019-03-18 23:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-11-07 12:59 - 2019-07-14 12:24 - 000003552 _____ C:\Windows\system32\Tasks\Driver Support
2019-11-07 12:59 - 2019-07-14 12:04 - 000000000 ____D C:\Program Files\Microsoft Office
2019-11-07 00:24 - 2019-07-14 14:01 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-07 00:24 - 2019-07-14 14:01 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-11-07 00:24 - 2019-07-14 14:01 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-11-05 08:45 - 2019-07-14 14:01 - 000003420 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-11-05 08:45 - 2019-07-14 14:01 - 000003296 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-11-05 08:45 - 2019-07-14 14:01 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-29 00:49 - 2019-05-01 12:26 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-10-28 23:28 - 2019-07-14 13:57 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-201017515-1732844204-1793734442-1001
2019-10-28 23:28 - 2019-07-14 13:49 - 000002370 _____ C:\Users\bloom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-10-17 12:40 - 2019-08-31 09:26 - 000000000 ____D C:\Users\bloom\Documents\RECIPES
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2019
Ran by bloom (10-11-2019 11:36:55)
Running from C:\Users\bloom\Desktop
Windows 10 Pro Version 1903 18362.418 (X64) (2019-07-02 18:58:10)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-201017515-1732844204-1793734442-500 - Administrator - Disabled)
bloom (S-1-5-21-201017515-1732844204-1793734442-1001 - Administrator - Enabled) => C:\Users\bloom
DefaultAccount (S-1-5-21-201017515-1732844204-1793734442-503 - Limited - Disabled)
Guest (S-1-5-21-201017515-1732844204-1793734442-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-201017515-1732844204-1793734442-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (HKLM\...\{50229C72-539F-4E65-BEB5-F0491C5074B7}) (Version: 22.2.1 - HP Inc.) Hidden
Advanced Identity Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~CF2982E1_is1) (Version: 2.1.1000.2590 - Systweak Software) <==== ATTENTION
AMD Settings (HKLM\...\WUCCCApp) (Version: 2019.0313.1224.22338 - Advanced Micro Devices, Inc.)
Driver Support (HKLM-x32\...\DriverSupport) (Version: 10.1.6.14 - PC Drivers HeadQuarters LP) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.97 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
HP Battery Check (HKLM-x32\...\HP Battery Check) (Version: 4.3.2.2 - Hewlett-Packard)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Microsoft Office Home and Business 2019 - en-us (HKLM\...\HomeBusiness2019Retail - en-us) (Version: 16.0.12130.20272 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-201017515-1732844204-1793734442-1001\...\OneDriveSetup.exe) (Version: 19.174.0902.0013 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12130.20272 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12130.20272 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12130.20272 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8451 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.65 - Synaptics Incorporated)
Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.1.4.0_x86__kgqvnymyfvs32 [2019-09-23] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.22.7.0_x86__kgqvnymyfvs32 [2019-10-03] (king.com)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-10-09] (Facebook Inc)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.581.0_x64__v10z8vjag6ke6 [2019-07-22] (HP Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-26] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-07-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-07-02] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.10022.0_x64__8wekyb3d8bbwe [2019-10-07] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-14] (Microsoft Corporation) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0 [2019-10-09] (Spotify AB) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2019-03-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2018-07-06 16:36 - 2018-07-06 16:36 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-07-06 16:36 - 2018-07-06 16:36 - 002552832 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 000040960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 000345600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 000502272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 001412608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2019-03-13 14:22 - 2019-03-13 14:22 - 005812224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 006321152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 001077248 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 000323584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 003559424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 003700224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 000359936 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 076160000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 005603840 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 000461312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 000187904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 002822144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2018-07-06 16:37 - 2018-07-06 16:37 - 000053248 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-07-06 16:37 - 2018-07-06 16:37 - 000059904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-07-06 16:37 - 2018-07-06 16:37 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2018-07-06 16:37 - 2018-07-06 16:37 - 000328192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-07-06 16:37 - 2018-07-06 16:37 - 000137728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2018-07-06 16:37 - 2018-07-06 16:37 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-07-06 16:37 - 2018-07-06 16:37 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\styles\qwindowsvistastyle.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-201017515-1732844204-1793734442-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{8FFC700B-F75E-45B1-BF07-D0B5CE0E93B7}D:\sdi_rus\sdi_x64_r1904.exe] => (Block) D:\sdi_rus\sdi_x64_r1904.exe No File
FirewallRules: [UDP Query User{AF63D45A-1D9C-44D1-93D0-9EF4BE692D5F}D:\sdi_rus\sdi_x64_r1904.exe] => (Block) D:\sdi_rus\sdi_x64_r1904.exe No File
FirewallRules: [{85E45F49-51B9-4073-88E6-A4CE968602CC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A77CABCB-FAAE-4CBD-A81C-7E4560994DFB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6317723C-5B6F-4B6A-8A40-B0CE93E7C431}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D395994B-096C-492A-AB97-B20C301A2F50}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E5966807-EA91-4603-A1C6-6625489E890F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{552BB1F2-7E2B-4196-B388-454692ED6C94}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D8F2B876-E380-4C3E-A555-7657ED98BCA6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{768E36A8-8B69-4BD4-B21B-7DFD25D1E5C1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8B3220CD-97C9-4274-B5EE-2616DD19E4F0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{8834B324-A0E2-445A-A63D-149FFB467D2E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================
Application errors:
==================
Error: (11/10/2019 10:46:37 AM) (Source: Driver Support) (EventID: 200) (User: )
Description: Timestamp: 11/10/2019 3:46:37 PM
Message: An exception occured and was caught: WebException
---------Exception Information----------
Local Time: 11/10/2019 10:46:37 AM
Type: ExceptionLogging, Version=4.0.0.98, Culture=neutral, PublicKeyToken=null
Message: The remote name could not be resolved: 'webservices.drivershq.com'
Source: System.Web.Services
Target Site: System.Net.WebResponse WaitForResponse()
Stack Trace:    at System.Web.Services.Protocols.WebClientAsyncResult.WaitForResponse()
 
   at System.Web.Services.Protocols.WebClientProtocol.EndSend(IAsyncResult asyncResult, Object& internalAsyncState, Stream& responseStream)
 
   at System.Web.Services.Protocols.SoapHttpClientProtocol.InvokeAsyncCallback(IAsyncResult result)
--------------------------------------
Additional Information
Machine Name: DESKTOP-6E6EVRB
Assembly: ExceptionLogging, Version=4.0.0.98, Culture=neutral, PublicKeyToken=null
Application Domain: DriverSupport.exe
Thread Identity: DESKTOP-6E6EVRB\bloom
Thread Name:
Windows Identity: DESKTOP-6E6EVRB\bloom
Process Name:
Error: (11/10/2019 10:46:37 AM) (Source: Driver Support) (EventID: 100) (User: )
Description: Timestamp: 11/10/2019 3:46:37 PM
Message: An exception occured and was caught: DriverDetectiveException
---------Exception Information----------
Local Time: 11/10/2019 10:46:37 AM
Type: ExceptionLogging, Version=4.0.0.98, Culture=neutral, PublicKeyToken=null
Message: The remote name could not be resolved: 'webservices.drivershq.com'
Source: Not available
Target Site:
Stack Trace: Not available
 ----------Inner Exception Information----------
  Message: The remote name could not be resolved: 'webservices.drivershq.com'
  Source: System
  Target Site: System.IO.Stream GetRequestStream(System.Net.TransportContext ByRef)
  Stack Trace:    at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
 
   at System.Net.HttpWebRequest.GetRequestStream()
 
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
 
   at DriversHQ.DriverDetective.Client.Communication.WSMisc201112.MiscService.GetWhiteLabelMetaData()
 
   at DriversHQ.DriverDetective.Client.Communication.MiscComm.GetWhiteLabelMetaData(Guid uuID, Guid registrationKey)
 
   at DriversHQ.DriverDetective.Client.h.bg()
 
   at DriversHQ.DriverDetective.Client.h.be()
--------------------------------------
Additional Information
Machine Name: DESKTOP-6E6EVRB
Assembly: ExceptionLogging, Version=4.0.0.98, Culture=neutral, PublicKeyToken=null
Application Domain: DriverSupport.exe
Thread Identity: DESKTOP-6E6EVRB\bloom
Thread Name:
Windows Identity: DESKTOP-6E6EVRB\bloom
Process Name:
Error: (11/10/2019 10:45:37 AM) (Source: Driver Support) (EventID: 200) (User: )
Description: Timestamp: 11/10/2019 3:45:37 PM
Message: An exception occured and was caught: WebException
---------Exception Information----------
Local Time: 11/10/2019 10:45:37 AM
Type: ExceptionLogging, Version=4.0.0.98, Culture=neutral, PublicKeyToken=null
Message: The remote name could not be resolved: 'webservices.drivershq.com'
Source: System.Web.Services
Target Site: System.Net.WebResponse WaitForResponse()
Stack Trace:    at System.Web.Services.Protocols.WebClientAsyncResult.WaitForResponse()
 
   at System.Web.Services.Protocols.WebClientProtocol.EndSend(IAsyncResult asyncResult, Object& internalAsyncState, Stream& responseStream)
 
   at System.Web.Services.Protocols.SoapHttpClientProtocol.InvokeAsyncCallback(IAsyncResult result)
--------------------------------------
Additional Information
Machine Name: DESKTOP-6E6EVRB
Assembly: ExceptionLogging, Version=4.0.0.98, Culture=neutral, PublicKeyToken=null
Application Domain: DriverSupport.exe
Thread Identity: DESKTOP-6E6EVRB\bloom
Thread Name:
Windows Identity: DESKTOP-6E6EVRB\bloom
Process Name:
Error: (11/10/2019 10:45:37 AM) (Source: Driver Support) (EventID: 100) (User: )
Description: Timestamp: 11/10/2019 3:45:37 PM
Message: An exception occured and was caught: DriverDetectiveException
---------Exception Information----------
Local Time: 11/10/2019 10:45:37 AM
Type: ExceptionLogging, Version=4.0.0.98, Culture=neutral, PublicKeyToken=null
Message: The remote name could not be resolved: 'webservices.drivershq.com'
Source: Not available
Target Site:
Stack Trace: Not available
 ----------Inner Exception Information----------
  Message: The remote name could not be resolved: 'webservices.drivershq.com'
  Source: System
  Target Site: System.IO.Stream GetRequestStream(System.Net.TransportContext ByRef)
  Stack Trace:    at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
 
   at System.Net.HttpWebRequest.GetRequestStream()
 
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
 
   at DriversHQ.DriverDetective.Client.Communication.WSMisc201112.MiscService.GetWhiteLabelMetaData()
 
   at DriversHQ.DriverDetective.Client.Communication.MiscComm.GetWhiteLabelMetaData(Guid uuID, Guid registrationKey)
 
   at DriversHQ.DriverDetective.Client.h.bg()
 
   at DriversHQ.DriverDetective.Client.h.be()
--------------------------------------
Additional Information
Machine Name: DESKTOP-6E6EVRB
Assembly: ExceptionLogging, Version=4.0.0.98, Culture=neutral, PublicKeyToken=null
Application Domain: DriverSupport.exe
Thread Identity: DESKTOP-6E6EVRB\bloom
Thread Name:
Windows Identity: DESKTOP-6E6EVRB\bloom
Process Name:
Error: (11/10/2019 10:44:37 AM) (Source: Driver Support) (EventID: 200) (User: )
Description: Timestamp: 11/10/2019 3:44:37 PM
Message: An exception occured and was caught: WebException
---------Exception Information----------
Local Time: 11/10/2019 10:44:37 AM
Type: ExceptionLogging, Version=4.0.0.98, Culture=neutral, PublicKeyToken=null
Message: The remote name could not be resolved: 'webservices.drivershq.com'
Source: System.Web.Services
Target Site: System.Net.WebResponse WaitForResponse()
Stack Trace:    at System.Web.Services.Protocols.WebClientAsyncResult.WaitForResponse()
 
   at System.Web.Services.Protocols.WebClientProtocol.EndSend(IAsyncResult asyncResult, Object& internalAsyncState, Stream& responseStream)
 
   at System.Web.Services.Protocols.SoapHttpClientProtocol.InvokeAsyncCallback(IAsyncResult result)
--------------------------------------
Additional Information
Machine Name: DESKTOP-6E6EVRB
Assembly: ExceptionLogging, Version=4.0.0.98, Culture=neutral, PublicKeyToken=null
Application Domain: DriverSupport.exe
Thread Identity: DESKTOP-6E6EVRB\bloom
Thread Name:
Windows Identity: DESKTOP-6E6EVRB\bloom
Process Name:
Error: (11/10/2019 10:44:37 AM) (Source: Driver Support) (EventID: 100) (User: )
Description: Timestamp: 11/10/2019 3:44:37 PM
Message: An exception occured and was caught: DriverDetectiveException
---------Exception Information----------
Local Time: 11/10/2019 10:44:37 AM
Type: ExceptionLogging, Version=4.0.0.98, Culture=neutral, PublicKeyToken=null
Message: The remote name could not be resolved: 'webservices.drivershq.com'
Source: Not available
Target Site:
Stack Trace: Not available
 ----------Inner Exception Information----------
  Message: The remote name could not be resolved: 'webservices.drivershq.com'
  Source: System
  Target Site: System.IO.Stream GetRequestStream(System.Net.TransportContext ByRef)
  Stack Trace:    at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
 
   at System.Net.HttpWebRequest.GetRequestStream()
 
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
 
   at DriversHQ.DriverDetective.Client.Communication.WSMisc201112.MiscService.GetWhiteLabelMetaData()
 
   at DriversHQ.DriverDetective.Client.Communication.MiscComm.GetWhiteLabelMetaData(Guid uuID, Guid registrationKey)
 
   at DriversHQ.DriverDetective.Client.h.bg()
 
   at DriversHQ.DriverDetective.Client.h.be()
--------------------------------------
Additional Information
Machine Name: DESKTOP-6E6EVRB
Assembly: ExceptionLogging, Version=4.0.0.98, Culture=neutral, PublicKeyToken=null
Application Domain: DriverSupport.exe
Thread Identity: DESKTOP-6E6EVRB\bloom
Thread Name:
Windows Identity: DESKTOP-6E6EVRB\bloom
Process Name:
Error: (11/10/2019 10:43:37 AM) (Source: Driver Support) (EventID: 200) (User: )
Description: Timestamp: 11/10/2019 3:43:37 PM
Message: An exception occured and was caught: WebException
---------Exception Information----------
Local Time: 11/10/2019 10:43:37 AM
Type: ExceptionLogging, Version=4.0.0.98, Culture=neutral, PublicKeyToken=null
Message: The remote name could not be resolved: 'webservices.drivershq.com'
Source: System.Web.Services
Target Site: System.Net.WebResponse WaitForResponse()
Stack Trace:    at System.Web.Services.Protocols.WebClientAsyncResult.WaitForResponse()
 
   at System.Web.Services.Protocols.WebClientProtocol.EndSend(IAsyncResult asyncResult, Object& internalAsyncState, Stream& responseStream)
 
   at System.Web.Services.Protocols.SoapHttpClientProtocol.InvokeAsyncCallback(IAsyncResult result)
--------------------------------------
Additional Information
Machine Name: DESKTOP-6E6EVRB
Assembly: ExceptionLogging, Version=4.0.0.98, Culture=neutral, PublicKeyToken=null
Application Domain: DriverSupport.exe
Thread Identity: DESKTOP-6E6EVRB\bloom
Thread Name:
Windows Identity: DESKTOP-6E6EVRB\bloom
Process Name:
Error: (11/10/2019 10:43:37 AM) (Source: Driver Support) (EventID: 100) (User: )
Description: Timestamp: 11/10/2019 3:43:37 PM
Message: An exception occured and was caught: DriverDetectiveException
---------Exception Information----------
Local Time: 11/10/2019 10:43:37 AM
Type: ExceptionLogging, Version=4.0.0.98, Culture=neutral, PublicKeyToken=null
Message: The remote name could not be resolved: 'webservices.drivershq.com'
Source: Not available
Target Site:
Stack Trace: Not available
 ----------Inner Exception Information----------
  Message: The remote name could not be resolved: 'webservices.drivershq.com'
  Source: System
  Target Site: System.IO.Stream GetRequestStream(System.Net.TransportContext ByRef)
  Stack Trace:    at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
 
   at System.Net.HttpWebRequest.GetRequestStream()
 
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
 
   at DriversHQ.DriverDetective.Client.Communication.WSMisc201112.MiscService.GetWhiteLabelMetaData()
 
   at DriversHQ.DriverDetective.Client.Communication.MiscComm.GetWhiteLabelMetaData(Guid uuID, Guid registrationKey)
 
   at DriversHQ.DriverDetective.Client.h.bg()
 
   at DriversHQ.DriverDetective.Client.h.be()
--------------------------------------
Additional Information
Machine Name: DESKTOP-6E6EVRB
Assembly: ExceptionLogging, Version=4.0.0.98, Culture=neutral, PublicKeyToken=null
Application Domain: DriverSupport.exe
Thread Identity: DESKTOP-6E6EVRB\bloom
Thread Name:
Windows Identity: DESKTOP-6E6EVRB\bloom
Process Name:

System errors:
=============
Error: (11/07/2019 12:59:18 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:29:22 PM on ‎11/‎7/‎2019 was unexpected.
Error: (11/02/2019 05:14:41 PM) (Source: Tcpip) (EventID: 4294) (User: )
Description: An attempt to clear a packet coalescing filter on the network adapter with hardware address 10-4A-7D-A8-1A-D8 has failed (IPv4 0xc023002f 1).
Error: (10/17/2019 06:34:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Connected User Experiences and Telemetry service terminated unexpectedly.  It has done this 3 time(s).
Error: (10/17/2019 06:00:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Connected User Experiences and Telemetry service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (10/17/2019 05:47:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Connected User Experiences and Telemetry service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (10/16/2019 12:19:15 PM) (Source: Tcpip) (EventID: 4294) (User: )
Description: An attempt to clear a packet coalescing filter on the network adapter with hardware address 10-4A-7D-A8-1A-D8 has failed (IPv4 0xc023002f 1).
Error: (10/14/2019 01:35:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.
Error: (10/12/2019 04:04:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.

Windows Defender:
===================================
Date: 2019-11-06 13:00:04.376
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B5DEDDA7-AFAC-498A-98E1-7370507512F6}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-10-11 11:36:01.817
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9F980400-1276-4826-AAB0-8AC750B879F3}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-09-05 20:52:58.211
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E5694C49-F7AF-4967-A219-DDDDEE5D5FAD}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-08-31 10:41:14.043
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {33BFF4B1-F14C-4145-BD6A-A86B91D3DFED}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-07-14 15:29:21.049
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {02D27CC6-42DE-44A6-8CBB-A83575969E22}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-11-10 10:47:16.714
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.305.1615.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-11-10 10:47:16.713
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.305.1615.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-11-10 10:47:16.713
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.305.1615.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-11-10 10:47:16.704
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.305.1615.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-11-10 10:47:16.703
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.305.1615.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
==================== Memory info ===========================
BIOS: Hewlett-Packard M70 Ver. 01.12 09/23/2015
Motherboard: Hewlett-Packard 2253
Processor: Intel® Core™ i7-4810MQ CPU @ 2.80GHz
Percentage of memory in use: 24%
Total physical RAM: 16265.11 MB
Available physical RAM: 12224.37 MB
Total Virtual: 18697.11 MB
Available Virtual: 14610.93 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:238.13 GB) (Free:193.05 GB) NTFS
\\?\Volume{3f1459ec-0000-0000-0000-100000000000}\ (System) (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 3F1459EC)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.1 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,236 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


Please un- install these programs:
Advanced Identity Protector
Driver Support


If it will not uninstall just skip it.

Next

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    EmptyTemp:
    CloseProcesses:
    CreateRestorePoint:
    (PC DRIVERS HEADQUARTERS I, INC -> PC Drivers Headquarters LP) C:\Program Files (x86)\Driver Support\DriverSupport.exe
    C:\Program Files (x86)\Driver Support
    ask: {02DAFBAA-F9FB-4176-83A0-0B31D7F02395} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\DriverSupport.exe [10714752 2018-12-12] (PC DRIVERS HEADQUARTERS I, INC -> PC Drivers Headquarters LP) <==== ATTENTION
    Task: {4D33D6D3-0F80-4DAA-B400-156C73C5E3C4} - System32\Tasks\Advanced Identity Protector_PM => C:\Program Files (x86)\Advanced Identity Protector\AdvancedIdentityProtector.exe [14553056 2019-09-12] (SYSTWEAK SOFTWARE PVT. LTD. -> Systweak)
    C:\Program Files (x86)\Advanced Identity Protector
    R2 DSAO; C:\Program Files (x86)\driver support\svc\DriverSupportAOsvc.exe [2033104 2016-10-22] (PC DRIVERS HEADQUARTERS I, INC -> PC Drivers HeadQuarters LP) <==== ATTENTION <==== ATTENTION
    C:\Users\Public\Desktop\Advanced Identity Protector.lnk
    C:\Users\bloom\AppData\Local\Systweak
    C:\ProgramData\Systweak
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Identity Protector
    C:\Program Files (x86)\Advanced Identity Protector
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    • Double-click FRST.exe/FRST64.exe to run it.
    • Press the Fix button just once and wait.
    • Restart the computer if prompted.
    • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
    • Please copy and paste its contents into your reply.

  • 0

#3
tazmd1

tazmd1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

I could not get it to run fix until I created a fixlog.tx then it did run and gave me this.

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-11-2019
Ran by bloom (10-11-2019 16:21:02) Run:1
Running from C:\Users\bloom\Desktop
Loaded Profiles: bloom (Available Profiles: bloom)
Boot Mode: Normal
==============================================
fixlist content:
*****************
EmptyTemp:
CloseProcesses:
CreateRestorePoint:
(PC DRIVERS HEADQUARTERS I, INC -> PC Drivers Headquarters LP) C:\Program Files (x86)\Driver Support\DriverSupport.exe
C:\Program Files (x86)\Driver Support\
ask: {02DAFBAA-F9FB-4176-83A0-0B31D7F02395} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\DriverSupport.exe [10714752 2018-12-12] (PC DRIVERS HEADQUARTERS I, INC -> PC Drivers Headquarters LP) <==== ATTENTION
Task: {4D33D6D3-0F80-4DAA-B400-156C73C5E3C4} - System32\Tasks\Advanced Identity Protector_PM => C:\Program Files (x86)\Advanced Identity Protector\AdvancedIdentityProtector.exe [14553056 2019-09-12] (SYSTWEAK SOFTWARE PVT. LTD. -> Systweak)
C:\Program Files (x86)\Advanced Identity Protector\
R2 DSAO; C:\Program Files (x86)\driver support\svc\DriverSupportAOsvc.exe [2033104 2016-10-22] (PC DRIVERS HEADQUARTERS I, INC -> PC Drivers HeadQuarters LP) <==== ATTENTION <==== ATTENTION
C:\Users\Public\Desktop\Advanced Identity Protector.lnk
C:\Users\bloom\AppData\Local\Systweak
C:\ProgramData\Systweak
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Identity Protector
C:\Program Files (x86)\Advanced Identity Protector
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
*****************
Processes closed successfully.
Error: (0) Failed to create a restore point.
C:\Program Files (x86)\Driver Support\DriverSupport.exe => No running process found
"C:\Program Files (x86)\Driver Support" => not found
ask: {02DAFBAA-F9FB-4176-83A0-0B31D7F02395} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\DriverSupport.exe [10714752 2018-12-12] (PC DRIVERS HEADQUARTERS I, INC -> PC Drivers Headquarters LP) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D33D6D3-0F80-4DAA-B400-156C73C5E3C4}" => not found
"C:\Windows\System32\Tasks\Advanced Identity Protector_PM" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced Identity Protector_PM" => not found
"C:\Program Files (x86)\Advanced Identity Protector" => not found
DSAO => service not found.
"C:\Users\Public\Desktop\Advanced Identity Protector.lnk" => not found
C:\Users\bloom\AppData\Local\Systweak => moved successfully
C:\ProgramData\Systweak => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Identity Protector" => not found
"C:\Program Files (x86)\Advanced Identity Protector" => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 7626752 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27665201 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 8815404 B
Edge => 33148234 B
Chrome => 596384296 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 5484304 B
bloom => 18657859 B
RecycleBin => 160265624 B
EmptyTemp: => 818.3 MB temporary data Removed.
================================

The system needed a reboot.
==== End of Fixlog 16:21:34 ====

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,236 posts
Looks like you were able to remove the programs so that's good.

Post another set of logs from frst so we can double check things
  • 0

#5
tazmd1

tazmd1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

results logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-11-2019
Ran by bloom (administrator) on DESKTOP-6E6EVRB (Hewlett-Packard HP ZBook 15 G2) (10-11-2019 18:26:57)
Running from C:\Users\bloom\Desktop
Loaded Profiles: bloom (Available Profiles: bloom)
Platform: Windows 10 Pro Version 1903 18362.418 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\AMD\CNext\CCCSlim\CCC.exe
(Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\AMD\CNext\CCCSlim\MOM.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0340598.inf_amd64_3f98f2335f59980a\B340501\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0340598.inf_amd64_3f98f2335f59980a\B340501\atiesrxx.exe
(Farbar) [File not signed] C:\Users\bloom\Desktop\Additional scan result of Farbar Recovery Scan Tool (x64) Version 10-11-2019.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HPHotkeyNotification.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\LanWlanWwanSwitchingServiceUWP.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\bloom\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11911.1001.8.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9274304 2018-05-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.97\Installer\chrmstp.exe [2019-11-07] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04542C0B-D2AD-4FCF-83DC-63B87E076C89} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-14] (Google Inc -> Google LLC)
Task: {045FC227-3C81-4FF3-87DE-5273C9CBA129} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367496 2019-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {153B74EB-A15C-407A-81F3-4FB290C0B2FE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2169960 2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {19EB2CF3-6901-4777-BEB2-AEFF0A03C387} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2169960 2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {1D91F2F4-E286-404B-9D11-0AE8C200BB15} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367496 2019-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {3F3C0144-B07A-4BFE-B1FE-EAA78527610B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [156504 2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {5304AC2C-4A45-4D1E-B8EA-3E197312E046} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {53FC9F4D-7D7A-4267-8A77-1B515352891F} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe
Task: {69B3FB09-36C5-4552-AB8E-A89FBC5C456C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {726C3970-532F-4B04-90F1-19760264D446} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [156504 2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {726D2384-64FF-4B2C-AAB3-5B70222E8B1A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9714ECC3-3394-44EC-8704-24170D4877FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AFEBED55-7804-4C4C-A03A-9D87B1AEF7C4} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [58760 2019-03-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {D0C2ECB7-FD58-4B12-B3FC-B100F1EFD071} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-14] (Google Inc -> Google LLC)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{12cb1cf4-f80b-4f72-b15f-ba0504ded8e0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{436f444c-59a9-47e9-bbfc-f3d53f594240}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{7db86fe9-2391-4e80-af7b-6ea792d2cb95}: [DhcpNameServer] 192.168.5.2
Tcpip\..\Interfaces\{c7b26553-0523-40a7-85c1-29669b8dbfcb}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-07-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-11-03] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-07-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-07-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
Chrome:
=======
CHR Profile: C:\Users\bloom\AppData\Local\Google\Chrome\User Data\Default [2019-11-10]
CHR Extension: (Slides) - C:\Users\bloom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-07-14]
CHR Extension: (Docs) - C:\Users\bloom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-07-14]
CHR Extension: (Google Drive) - C:\Users\bloom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-07-14]
CHR Extension: (YouTube) - C:\Users\bloom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-07-14]
CHR Extension: (Sheets) - C:\Users\bloom\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\bloom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bloom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06]
CHR Extension: (Gmail) - C:\Users\bloom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\bloom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-05]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\c0340598.inf_amd64_3f98f2335f59980a\B340501\atiesrxx.exe [516824 2019-03-22] (Advanced Micro Devices, Inc. -> AMD)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11642744 2019-10-25] (Microsoft Corporation -> Microsoft Corporation)
R2 HotKeyServiceUWP; C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe [819856 2019-05-14] (HP Inc. -> HP Inc.)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [529696 2019-04-23] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373760 2017-01-27] (Intel® pGFX -> Intel Corporation)
R2 LanWlanWwanSwitchingServiceUWP; C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\LanWlanWwanSwitchingServiceUWP.exe [731072 2019-05-14] (HP Inc. -> HP Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2019-02-01] (HP Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2019-02-01] (HP Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [265664 2018-05-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-09-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246872 2017-11-17] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [3201616 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MsMpEng.exe [103168 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Accelerometer; C:\Windows\System32\drivers\Accelerometer.sys [53904 2019-07-22] (HP Inc. -> HP)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0340598.inf_amd64_3f98f2335f59980a\B340501\atikmdag.sys [52894936 2019-03-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0340598.inf_amd64_3f98f2335f59980a\B340501\atikmpag.sys [598744 2019-03-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [111232 2019-03-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [111112 2017-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R0 hpdskflt; C:\Windows\System32\drivers\hpdskflt.sys [41104 2019-07-22] (HP Inc. -> HP)
S3 HPEWSFXBULK; C:\Windows\system32\drivers\hpfx64bulk.sys [29104 2019-06-11] (Hewlett-Packard Company -> Hewlett Packard)
R3 HpqKbFiltr; C:\Windows\System32\drivers\HpqKbFiltr.sys [50752 2019-05-14] (HP Inc. -> HP Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [239392 2019-04-23] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3595472 2018-10-12] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
S3 Netwtw02; C:\Windows\System32\drivers\Netwtw02.sys [6824656 2018-10-12] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R3 RTSPER; C:\Windows\System32\drivers\RtsPer.sys [887240 2018-05-29] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42584 2017-11-17] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv64.sys [1063520 2017-02-23] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-10-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [351968 2019-10-29] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2019-10-29] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-11-10 18:26 - 2019-11-10 11:24 - 002260480 _____ (Farbar) C:\Users\bloom\Desktop\Additional scan result of Farbar Recovery Scan Tool (x64) Version 10-11-2019 - Copy.exe
2019-11-10 18:25 - 2019-11-10 18:27 - 000000000 ____D C:\Users\bloom\Desktop\OLD
2019-11-10 18:24 - 2019-11-10 18:24 - 000000000 ___HD C:\OneDriveTemp
2019-11-10 13:36 - 2019-11-10 18:23 - 089128960 _____ C:\Windows\system32\config\SOFTWARE
2019-11-10 13:23 - 2019-11-10 13:36 - 000000000 ____D C:\Windows\Microsoft Antimalware
2019-11-10 11:34 - 2019-11-10 18:27 - 000019487 _____ C:\Users\bloom\Desktop\FRST.txt
2019-11-10 11:33 - 2019-11-10 18:27 - 000000000 ____D C:\FRST
2019-11-10 11:24 - 2019-11-10 11:24 - 002260480 _____ (Farbar) C:\Users\bloom\Desktop\Additional scan result of Farbar Recovery Scan Tool (x64) Version 10-11-2019.exe
2019-11-06 13:34 - 2019-11-10 11:14 - 000000000 ____D C:\Users\bloom\AppData\Roaming\ADNPR
2019-11-06 13:34 - 2019-11-06 13:34 - 000000000 ____D C:\Users\bloom\AppData\Roaming\Advanced Identity Protector
2019-11-06 13:34 - 2019-05-27 15:45 - 000024768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2019-11-06 13:34 - 2019-05-27 15:45 - 000023232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2019-11-06 13:34 - 2019-05-27 15:45 - 000021184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2019-11-06 13:34 - 2019-05-27 15:45 - 000019136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2019-11-06 13:34 - 2019-05-27 15:45 - 000019136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2019-11-06 13:34 - 2019-05-27 15:45 - 000018624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2019-11-06 13:34 - 2019-05-27 15:45 - 000018624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2019-11-06 13:34 - 2019-05-27 15:45 - 000018624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2019-11-06 13:16 - 2019-11-06 13:16 - 000000000 ____D C:\Users\bloom\AppData\Local\GoToAssist Remote Support Customer
2019-11-06 13:16 - 2019-11-06 13:16 - 000000000 ____D C:\Users\bloom\AppData\Local\GoTo Opener
2019-11-06 13:12 - 2019-11-10 11:15 - 000004166 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{8348E36B-36A8-4444-A45E-1CBEA1683424}
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-11-10 18:24 - 2019-07-14 13:57 - 000000000 ___RD C:\Users\bloom\OneDrive
2019-11-10 18:24 - 2019-07-14 13:56 - 000000000 __SHD C:\Users\bloom\IntelGraphicsProfiles
2019-11-10 18:24 - 2019-07-02 13:58 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-11-10 18:24 - 2019-05-01 12:26 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-10 18:24 - 2019-03-18 23:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-11-10 18:24 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\AppReadiness
2019-11-10 18:24 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-11-10 18:23 - 2019-07-02 12:36 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2019-11-10 18:23 - 2019-03-18 23:37 - 000786432 _____ C:\Windows\system32\config\BBI
2019-11-10 18:22 - 2019-05-01 12:26 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-11-10 16:28 - 2019-05-01 12:32 - 000840888 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-10 16:28 - 2019-03-18 23:50 - 000000000 ____D C:\Windows\INF
2019-11-10 12:33 - 2019-07-14 14:02 - 000000000 ____D C:\Users\bloom\AppData\Local\D3DSCache
2019-11-07 13:02 - 2019-07-14 13:49 - 000000000 ____D C:\Users\bloom
2019-11-07 13:00 - 2019-03-18 23:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-11-07 12:59 - 2019-07-14 12:04 - 000000000 ____D C:\Program Files\Microsoft Office
2019-11-07 00:24 - 2019-07-14 14:01 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-07 00:24 - 2019-07-14 14:01 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-11-07 00:24 - 2019-07-14 14:01 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-11-05 08:45 - 2019-07-14 14:01 - 000003420 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-11-05 08:45 - 2019-07-14 14:01 - 000003296 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-11-05 08:45 - 2019-07-14 14:01 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-29 00:49 - 2019-05-01 12:26 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-10-28 23:28 - 2019-07-14 13:57 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-201017515-1732844204-1793734442-1001
2019-10-28 23:28 - 2019-07-14 13:49 - 000002370 _____ C:\Users\bloom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-10-17 12:40 - 2019-08-31 09:26 - 000000000 ____D C:\Users\bloom\Documents\RECIPES
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2019
Ran by bloom (10-11-2019 18:28:44)
Running from C:\Users\bloom\Desktop
Windows 10 Pro Version 1903 18362.418 (X64) (2019-07-02 18:58:10)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-201017515-1732844204-1793734442-500 - Administrator - Disabled)
bloom (S-1-5-21-201017515-1732844204-1793734442-1001 - Administrator - Enabled) => C:\Users\bloom
DefaultAccount (S-1-5-21-201017515-1732844204-1793734442-503 - Limited - Disabled)
Guest (S-1-5-21-201017515-1732844204-1793734442-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-201017515-1732844204-1793734442-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (HKLM\...\{50229C72-539F-4E65-BEB5-F0491C5074B7}) (Version: 22.2.1 - HP Inc.) Hidden
AMD Settings (HKLM\...\WUCCCApp) (Version: 2019.0313.1224.22338 - Advanced Micro Devices, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.97 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
HP Battery Check (HKLM-x32\...\HP Battery Check) (Version: 4.3.2.2 - Hewlett-Packard)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Microsoft Office Home and Business 2019 - en-us (HKLM\...\HomeBusiness2019Retail - en-us) (Version: 16.0.12130.20272 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-201017515-1732844204-1793734442-1001\...\OneDriveSetup.exe) (Version: 19.174.0902.0013 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12130.20272 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12130.20272 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12130.20272 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8451 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.65 - Synaptics Incorporated)
Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.2.6.0_x86__kgqvnymyfvs32 [2019-11-10] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.23.7.0_x86__kgqvnymyfvs32 [2019-11-10] (king.com)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-10-09] (Facebook Inc)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.618.0_x64__v10z8vjag6ke6 [2019-11-10] (HP Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe [2019-11-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-07-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-07-02] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.11052.0_x64__8wekyb3d8bbwe [2019-11-10] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-14] (Microsoft Corporation) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0 [2019-11-10] (Spotify AB) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2019-03-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2019-02-01 22:42 - 2019-02-01 22:42 - 000050688 _____ (HP Inc.) [File not signed] c:\windows\system32\hpzinw12.dll
2019-02-01 22:42 - 2019-02-01 22:42 - 000066048 _____ (HP Inc.) [File not signed] c:\windows\system32\hpzipm12.dll
2019-03-13 14:22 - 2019-03-13 14:22 - 005812224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 006321152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 001077248 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 000323584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 003559424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 003700224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 000359936 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 076160000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 005603840 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 000461312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 000187904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-07-06 16:36 - 2018-07-06 16:36 - 002822144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-201017515-1732844204-1793734442-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{8FFC700B-F75E-45B1-BF07-D0B5CE0E93B7}D:\sdi_rus\sdi_x64_r1904.exe] => (Block) D:\sdi_rus\sdi_x64_r1904.exe No File
FirewallRules: [UDP Query User{AF63D45A-1D9C-44D1-93D0-9EF4BE692D5F}D:\sdi_rus\sdi_x64_r1904.exe] => (Block) D:\sdi_rus\sdi_x64_r1904.exe No File
FirewallRules: [{8B3220CD-97C9-4274-B5EE-2616DD19E4F0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{8834B324-A0E2-445A-A63D-149FFB467D2E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AA23E5C3-A6B2-4541-99C0-F6A5BCAA70E2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7373B43C-17B1-4E50-8CA3-D1CC54ACC7B5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{76364E96-F91C-4AA5-90DA-2BC4D67F2033}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{84716608-A876-4743-9FC6-43F5BC602D0A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CF3DC52C-E3FF-49E4-B747-5537E635E640}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{98CAD7D9-576D-423B-A7BA-99B42B845ECF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BC8CC401-9429-4DA0-B7A6-BB3473726D12}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6FAE5A22-D962-4BBA-8919-C710E8DE089E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
==================== Restore Points =========================

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================
Application errors:
==================
Error: (11/10/2019 06:24:32 PM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment for WORKGROUP\DESKTOP-6E6EVRB$ via https://IFX-KeyId-8f...plates/Aik/scepfailed:
SubmitDone
Submit(Request): Bad Request
{"Message":"Attestation statement cannot be verified, rejecting request. TPM firmware needs update."}
HTTP/1.1 400 Bad Request
Cache-Control: no-cache
Date: Sun, 10 Nov 2019 23:24:31 GMT
Pragma: no-cache
Content-Length: 101
Content-Type: application/json; charset=utf-8
Expires: -1
x-ms-request-id: b60f8001-3049-4587-97e9-d593bf7f52fc
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
Method: POST(1469ms)
Stage: SubmitDone
Bad request (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)
Error: (11/10/2019 06:24:27 PM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment for WORKGROUP\DESKTOP-6E6EVRB$ via https://IFX-KeyId-8f...plates/Aik/scepfailed:
SubmitDone
Submit(Request): Bad Request
{"Message":"Attestation statement cannot be verified, rejecting request. TPM firmware needs update."}
HTTP/1.1 400 Bad Request
Cache-Control: no-cache
Date: Sun, 10 Nov 2019 23:24:26 GMT
Pragma: no-cache
Content-Length: 101
Content-Type: application/json; charset=utf-8
Expires: -1
x-ms-request-id: 2d00a5b7-10a5-4498-9663-2ed2980c3b65
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
Method: POST(3578ms)
Stage: SubmitDone
Bad request (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)
Error: (11/10/2019 06:23:50 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (11/10/2019 04:35:30 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
Error: (11/10/2019 04:24:19 PM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment for WORKGROUP\DESKTOP-6E6EVRB$ via https://IFX-KeyId-8f...plates/Aik/scepfailed:
SubmitDone
Submit(Request): Bad Request
{"Message":"Attestation statement cannot be verified, rejecting request. TPM firmware needs update."}
HTTP/1.1 400 Bad Request
Cache-Control: no-cache
Date: Sun, 10 Nov 2019 21:24:17 GMT
Pragma: no-cache
Content-Length: 101
Content-Type: application/json; charset=utf-8
Expires: -1
x-ms-request-id: 908cf927-37bb-4c97-a264-cda84a459f5f
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
Method: POST(3844ms)
Stage: SubmitDone
Bad request (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)
Error: (11/10/2019 04:24:11 PM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment for WORKGROUP\DESKTOP-6E6EVRB$ via https://IFX-KeyId-8f...plates/Aik/scepfailed:
SubmitDone
Submit(Request): Bad Request
{"Message":"Attestation statement cannot be verified, rejecting request. TPM firmware needs update."}
HTTP/1.1 400 Bad Request
Cache-Control: no-cache
Date: Sun, 10 Nov 2019 21:24:09 GMT
Pragma: no-cache
Content-Length: 101
Content-Type: application/json; charset=utf-8
Expires: -1
x-ms-request-id: f8b928f1-5598-422e-8e9c-ac729c2e2731
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
Method: POST(2344ms)
Stage: SubmitDone
Bad request (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)
Error: (11/10/2019 04:21:03 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\bloom\Desktop\Additional scan result of Farbar Recovery Scan Tool (x64) Version 10-11-2019.exe scan result of Farbar Recovery Scan Tool (x64) Version 10-11-2019.exe" ; Description = Restore Point Created by FRST; Error = 0x80070422).
Error: (11/10/2019 03:50:57 PM) (Source: Application) (EventID: 0) (User: )
Description: Event-ID 0

System errors:
=============
Error: (11/10/2019 05:12:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.
Error: (11/10/2019 04:21:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (11/10/2019 04:21:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (11/10/2019 04:21:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP LAN/WLAN/WWAN Switching UWP Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (11/10/2019 04:21:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (11/10/2019 04:21:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel Bluetooth Service service terminated unexpectedly.  It has done this 1 time(s).
Error: (11/10/2019 04:21:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SynTPEnh Caller Service service terminated unexpectedly.  It has done this 1 time(s).
Error: (11/10/2019 04:21:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Hotkey UWP Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Windows Defender:
===================================
Date: 2019-11-10 12:52:36.292
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {61ECED79-D26A-457F-AE9A-30915C12E719}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-11-10 12:45:28.329
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B16C9EBF-4BD5-4711-8B40-1983E9ED878F}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-11-06 13:00:04.376
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B5DEDDA7-AFAC-498A-98E1-7370507512F6}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-10-11 11:36:01.817
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9F980400-1276-4826-AAB0-8AC750B879F3}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-09-05 20:52:58.211
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E5694C49-F7AF-4967-A219-DDDDEE5D5FAD}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-11-10 10:47:16.714
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.305.1615.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-11-10 10:47:16.713
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.305.1615.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-11-10 10:47:16.713
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.305.1615.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-11-10 10:47:16.704
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.305.1615.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-11-10 10:47:16.703
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.305.1615.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
==================== Memory info ===========================
BIOS: Hewlett-Packard M70 Ver. 01.12 09/23/2015
Motherboard: Hewlett-Packard 2253
Processor: Intel® Core™ i7-4810MQ CPU @ 2.80GHz
Percentage of memory in use: 20%
Total physical RAM: 16265.11 MB
Available physical RAM: 12969.39 MB
Total Virtual: 18697.11 MB
Available Virtual: 15416.28 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:238.13 GB) (Free:193.57 GB) NTFS
\\?\Volume{3f1459ec-0000-0000-0000-100000000000}\ (System) (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 3F1459EC)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.1 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================

Thanks for your help.  Let me know if there are any additional steps needed


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,236 posts
Thanks let me take a look and get back to you. How is the computer running ?
  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,236 posts
Just a few things left, lets see if we can create a restore point this time last time it was unable to. If it doesn't we may run system file checker.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    EmptyTemp:
    CloseProcesses:
    CreateRestorePoint:
    C:\Users\bloom\AppData\Roaming\Advanced Identity Protector
    FirewallRules: [TCP Query User{8FFC700B-F75E-45B1-BF07-D0B5CE0E93B7}D:\sdi_rus\sdi_x64_r1904.exe] => (Block) D:\sdi_rus\sdi_x64_r1904.exe No File
    FirewallRules: [UDP Query User{AF63D45A-1D9C-44D1-93D0-9EF4BE692D5F}D:\sdi_rus\sdi_x64_r1904.exe] => (Block) D:\sdi_rus\sdi_x64_r1904.exe No File
    • Double-click FRST.exe/FRST64.exe to run it.
    • Press the Fix button just once and wait.
    • Restart the computer if prompted.
    • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
    • Please copy and paste its contents into your reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP