Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-10-2022 02 Ran by jcpow (administrator) on DESKTOP-M8HV5LP (HP HP Pavilion x360 Convertible 14m-cd0xxx) (31-10-2022 15:37:35) Running from C:\Users\jcpow.DESKTOP-M8HV5LP\Desktop Loaded Profiles: jcpow Platform: Microsoft Windows 11 Home Version 21H2 22000.1098 (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (C:\Program Files\WindowsApps\MicrosoftTeams_22273.905.1632.1008_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.24\msedgewebview2.exe <6> (C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MpCopyAccelerator.exe (DriverStore\FileRepository\igdlh64.inf_amd64_1c41cc68747d972b\igfxCUIService.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1c41cc68747d972b\igfxEM.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <12> (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel\DPTF\esif_uf.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe (services.exe ->) (Conexant Systems LLC -> Conexant Systems LLC.) C:\Windows\System32\CxAudioSvc.exe (services.exe ->) (Conexant Systems LLC -> Synaptics Incorporated.) C:\Windows\System32\SynAudSrv.exe (services.exe ->) (Hewlett-Packard Company -> HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe (services.exe ->) (Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (services.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_1e59f5ec7049260a\aesm_service.exe (services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe (services.exe ->) (Intel Corporation -> IntelĀ® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_d52c63e0e1c02c96\jhi_service.exe (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1c41cc68747d972b\igfxCUIService.exe (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1c41cc68747d972b\IntelCpHDCPSvc.exe (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1c41cc68747d972b\IntelCpHeciSvc.exe (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe (services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_120314e52c04567c\RstMwService.exe (services.exe ->) (Intel(R) Trust Services -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_1244e13de260a91d\lib\SocketHeciServer.exe (services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\NisSrv.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2> (services.exe ->) (sound research corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe (services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe (svchost.exe ->) (HP Inc. -> HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe (svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe (svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.15629.20208.0_x86__8wekyb3d8bbwe\Office16\SDXHelperBgt.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.715.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe (SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2018-02-13] (Intel(R) Rapid Storage Technology -> Intel Corporation) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [709152 2018-03-22] (HP Inc. -> HP Inc.) HKLM-x32\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" (No File) HKU\S-1-5-21-3714477290-3168749888-1815816112-1001\...\Run: [MicrosoftEdgeAutoLaunch_F18F420EFFF23C246044A97E38656FD4] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3891624 2022-10-29] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3714477290-3168749888-1815816112-1010\...\Run: [MicrosoftEdgeAutoLaunch_781186DD1152D55C5600191D9085B67F] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3891624 2022-10-29] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Windows x64\Print Processors\HPM1210PrintProc: C:\Windows\System32\spool\prtprocs\x64\HPM1210PP.dll [74240 2009-11-20] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM\...\Print\Monitors\Advanced TCP/IP Port Monitor: C:\WINDOWS\system32\mvtcpmon.dll [541184 2010-01-28] (Marvell Semiconductor, Inc.) [File not signed] HKLM\...\Print\Monitors\HP be2a Status Monitor: C:\WINDOWS\system32\hpinkstsbe2aLM.dll [468576 2018-06-15] (Hewlett Packard -> HP Inc.) HKLM\...\Print\Monitors\HPM1210LM: C:\WINDOWS\system32\HPM1210LM.DLL [405504 2009-11-20] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0303A39E-092A-4883-B3BE-8155483531F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2022-08-17] (HP Inc. -> HP Inc.) Task: {1062AA86-7244-431B-BBFD-ABD7EC74E976} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [1359728 2017-10-25] (HP Inc. -> HP Development Company, L.P.) Task: {14FBE45B-3CAE-4F77-9174-E24973DFC1E9} - System32\Tasks\RtkAudUService64_BG => C:\WINDOWS\System32\RtkAudUService64.exe [964600 2019-08-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {170FEAB9-8E24-4650-9E7D-9651D3061B4F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-17] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {2BA446C9-02E2-4D8A-ABEF-4CDA78F5737F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1149512 2022-08-17] (HP Inc. -> HP Inc.) Task: {30DE96C7-06F6-42AA-934D-11E6B5AF8327} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.) Task: {48C24255-1270-4CCE-914D-CA77C90F0F18} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-17] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {51499070-2F7A-461B-9E38-A18701847D1F} - System32\Tasks\S-1-5-21-3714477290-3168749888-1815816112-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (No File) Task: {522D856F-A65E-4404-B4F6-5FDDC3B025BB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1149512 2022-08-17] (HP Inc. -> HP Inc.) Task: {6BA905CA-B59E-44DA-A899-404A0136687D} - System32\Tasks\HPCustParticipation HP LaserJet M14-M17 => C:\Program Files\HP\HP LaserJet M14-M17\Bin\HPCustPartic.exe [6662792 2018-07-04] (Hewlett Packard -> HP Inc.) Task: {6BD43586-36CE-4B99-BCC8-C06201FD500E} - System32\Tasks\Create Restore Point => wmic.exe /Namespace:\\root\default Path SystemRestore Call CreateRestorePoint "Startup Restore Point", 100, 7 Task: {7A32A218-87DF-470F-8E40-B7C5B6BA7FAD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [847392 2022-08-17] (HP Inc. -> HP Inc.) Task: {7FDB885A-3623-4252-8EDA-8CDCE8F3736F} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\jcpow.DESKTOP-M8HV5LP\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File) Task: {9482E43E-E36F-4677-8089-D438FE251C34} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-17] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {9C6063AA-6730-4127-8D3D-92AF52477C77} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPPrinterLowInk => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPPrinterLowInk\HPPrinterLowInk.exe [221328 2022-08-17] (HP Inc. -> ) Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File) Task: {D57F5969-4E8E-4460-85C0-1C170677EF22} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-17] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {D944B806-EEE3-496A-923D-185E4DCB8AC4} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [461824 2017-10-06] (HP Inc. -> HP Inc.) Task: {DD6BFE32-3599-400C-AE19-D7AC7920502D} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" Task: {E5BC6392-83D4-4E30-AD8D-C68A0C381939} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-3714477290-3168749888-1815816112-1010 => C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1650.17.91.0_x64__8xx8rvfyw5nnt\app\MessengerHelper.exe [2007288 2022-10-25] (Facebook, Inc. -> Meta Platforms, Inc.) Task: {E79A5598-7D0F-486A-B151-A79A281DF0E2} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3714477290-3168749888-1815816112-1005 => C:\Users\jcpow.DESKTOP-M8HV5LP\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File) Task: {F2B56F62-D356-4E2B-B81B-1E8F8583313F} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs] (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.111.1.1 Tcpip\..\Interfaces\{05dfc312-c426-478e-b5da-ce0c808f7537}: [DhcpNameServer] 172.168.0.5 Tcpip\..\Interfaces\{10a4b16e-31a7-4d3f-8b0b-8ac77d12a0b1}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{e0ff2bca-6b6a-47d4-be9a-3a0ab6c415e3}: [DhcpNameServer] 10.111.1.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\jcpow.DESKTOP-M8HV5LP\AppData\Local\Microsoft\Edge\User Data\Default [2022-10-31] Edge DownloadDir: Default -> C:\Users\jcpow.DESKTOP-M8HV5LP\Downloads Edge Notifications: Default -> hxxps://en.softonic.com; hxxps://www.aliexpress.com; hxxps://www.paramountplus.com Edge HomePage: Default -> edge://newtab/ Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\jcpow.DESKTOP-M8HV5LP\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2022-08-30] FireFox: ======== FF DefaultProfile: dprbsnb0.default FF ProfilePath: C:\Users\jcpow.DESKTOP-M8HV5LP\AppData\Roaming\Mozilla\Firefox\Profiles\dprbsnb0.default [2022-05-16] FF ProfilePath: C:\Users\jcpow.DESKTOP-M8HV5LP\AppData\Roaming\Mozilla\Firefox\Profiles\6w2gp6sb.default-release [2022-08-23] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin HKU\S-1-5-21-3714477290-3168749888-1815816112-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\lynnh\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-27] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 dcsvc; C:\WINDOWS\system32\dcsvc.dll [831488 2022-09-13] (Microsoft Windows -> Microsoft Corporation) R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [905080 2020-03-18] (HP Inc. -> HP Inc.) S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) [File not signed] R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [771088 2022-08-17] (HP Inc. -> HP Inc.) R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [769568 2022-08-17] (HP Inc. -> HP Inc.) R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-06] (HP Inc. -> HP Inc.) R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [361888 2012-07-25] (Hewlett-Packard Company -> HP) R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [766504 2022-08-17] (HP Inc. -> HP Inc.) R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-11] (HP Inc. -> HP Inc.) R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1075744 2017-10-11] (HP Inc. -> HP) R2 HPSIService; C:\windows\system32\HPSIsvc.exe [126520 2009-12-03] (Hewlett-Packard Company -> HP) R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [770088 2022-08-17] (HP Inc. -> HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8765464 2022-10-05] (Malwarebytes Inc. -> Malwarebytes) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\NisSrv.exe [3170576 2022-10-17] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe [133584 2022-10-17] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 AX88179; C:\WINDOWS\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_a8bb8a6e92764769\ax88179_178a.sys [79872 2021-06-05] (Microsoft Windows -> ASIX Electronics Corp.) R3 AX88179A; C:\WINDOWS\System32\DriverStore\FileRepository\netax88179x_178a_772d.inf_amd64_e86ece73a69c7639\ax88179x_178a_772d.sys [158488 2022-04-22] (WDKTestCert AndyChen,132652806163117881 -> ASIX Electronics Corp.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [507904 2021-11-20] (Microsoft Corporation) [File not signed] S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [180224 2022-05-18] (Microsoft Corporation) [File not signed] S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [98304 2021-06-05] (Microsoft Corporation) [File not signed] R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-10-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-08-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-09-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MpKslfeee5166; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2AC710CF-E744-4D0F-BC17-9BA1C2972439}\MpKslDrv.sys [228632 2022-10-31] (Microsoft Windows -> Microsoft Corporation) S3 usbscan; C:\WINDOWS\System32\drivers\usbscan.sys [77824 2021-06-05] (Microsoft Corporation) [File not signed] S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2022-10-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [455968 2022-10-17] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-10-17] (Microsoft Windows -> Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40104 2022-06-17] (HP Inc. -> HP) S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: DcSvc -> C:\Windows\system32\dcsvc.dll (Microsoft Corporation) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2022-10-31 15:37 - 2022-10-31 15:38 - 000022213 _____ C:\Users\jcpow.DESKTOP-M8HV5LP\Desktop\FRST.txt 2022-10-31 15:37 - 2022-10-31 15:37 - 000000000 ____D C:\Users\jcpow.DESKTOP-M8HV5LP\Desktop\FRST-OlderVersion 2022-10-31 15:37 - 2022-10-31 15:37 - 000000000 ____D C:\FRST 2022-10-31 15:32 - 2022-10-31 15:32 - 002299904 _____ (Farbar) C:\Users\jcpow.DESKTOP-M8HV5LP\Downloads\Unconfirmed 403621.crdownload 2022-10-31 15:29 - 2022-10-31 15:37 - 002374144 _____ (Farbar) C:\Users\jcpow.DESKTOP-M8HV5LP\Desktop\FRST64.exe 2022-10-27 17:03 - 2022-10-27 17:03 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2022-10-11 16:27 - 2022-10-11 16:27 - 000315392 _____ C:\WINDOWS\system32\EsclScan.dll 2022-10-11 16:27 - 2022-10-11 16:27 - 000192512 _____ C:\WINDOWS\system32\EsclProtocol.dll 2022-10-11 16:26 - 2022-10-11 16:26 - 000335872 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll 2022-10-11 16:26 - 2022-10-11 16:26 - 000077824 _____ C:\WINDOWS\system32\runexehelper.exe 2022-10-11 16:26 - 2022-10-11 16:26 - 000015501 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2022-10-11 16:23 - 2022-10-11 16:23 - 000000000 ___HD C:\$WinREAgent ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2022-10-31 15:37 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\SystemTemp 2022-10-31 15:08 - 2021-08-14 17:25 - 000000000 __SHD C:\Users\jcpow\IntelGraphicsProfiles 2022-10-30 19:11 - 2021-11-20 20:13 - 000000000 ____D C:\Users\jcpow.DESKTOP-M8HV5LP 2022-10-30 19:11 - 2021-06-05 07:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-10-30 15:59 - 2021-11-20 20:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2022-10-30 12:31 - 2021-06-05 07:10 - 000000000 ___HD C:\Program Files\WindowsApps 2022-10-30 12:31 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\AppReadiness 2022-10-30 12:15 - 2020-03-13 21:50 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2022-10-30 12:15 - 2020-03-13 21:50 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2022-10-30 11:19 - 2021-11-20 20:32 - 000945380 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-10-30 11:19 - 2021-06-05 07:09 - 000000000 ____D C:\WINDOWS\INF 2022-10-30 11:15 - 2021-11-20 20:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-10-30 11:15 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\ServiceState 2022-10-30 11:15 - 2020-09-07 06:48 - 000012288 ___SH C:\DumpStack.log.tmp 2022-10-27 17:02 - 2021-06-05 07:01 - 001572864 _____ C:\WINDOWS\system32\config\BBI 2022-10-27 16:51 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\NDF 2022-10-27 16:45 - 2022-06-28 14:43 - 000000000 ____D C:\Users\jcpow.DESKTOP-M8HV5LP\Documents\Toyota 2022-10-25 12:14 - 2021-10-25 09:44 - 000000000 ____D C:\Users\jcpow.DESKTOP-M8HV5LP\AppData\Local\D3DSCache 2022-10-17 10:41 - 2018-04-28 01:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2022-10-11 17:14 - 2021-11-20 20:24 - 000417120 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2022-10-11 17:13 - 2021-06-05 07:10 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2022-10-11 17:13 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2022-10-11 17:13 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\SystemResources 2022-10-11 17:13 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2022-10-11 17:13 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\oobe 2022-10-11 17:13 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\Dism 2022-10-11 17:13 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\appraiser 2022-10-11 17:13 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\Provisioning 2022-10-11 17:13 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2022-10-11 17:13 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\BrowserCore 2022-10-11 17:13 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\bcastdvr 2022-10-11 17:07 - 2021-06-05 07:01 - 000000000 ____D C:\WINDOWS\CbsTemp 2022-10-11 17:06 - 2018-11-24 18:51 - 000000000 ____D C:\WINDOWS\system32\MRT 2022-10-11 17:00 - 2018-11-24 18:51 - 147398024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2022-10-11 16:26 - 2021-11-20 20:25 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2022-10-07 16:09 - 2021-11-20 20:29 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2022-10-07 16:09 - 2021-11-20 20:29 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2022-10-05 17:01 - 2022-03-24 15:20 - 000000000 ____D C:\Users\jcpow.DESKTOP-M8HV5LP\AppData\Local\ElevatedDiagnostics 0-00-00 02:00 - 2017-09-21 19:55 - 000004664 ____R C:\WINDOWS\system32\Drivers\CxSfPt.DAT ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================