Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-08.2024 Ran by Owner (administrator) on USERPC01 (Gigabyte Technology Co., Ltd. G31M-ES2L) (27-08-2024 21:20:53) Running from C:\Users\Owner\Desktop\FRSTEnglish.exe Loaded Profiles: Owner Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <8> (nvvsvc.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2> ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11725928 2010-12-23] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (No File) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Print\Monitors\doPDF 7 Monitor: dopdfmn7.dll (No File) HKLM\...\Print\Monitors\HP 8911 Status Monitor: C:\Windows\system32\hpinksts8911LM.dll [349032 2010-11-16] (Hewlett Packard -> Hewlett-Packard Co.) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings BootExecute: autocheck autochk * HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {55B1C2B2-12CC-4C9C-A8FC-DD193070F41A} - System32\Tasks\{336DECA1-2C43-42B9-8936-E5CA129725B0} => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (No File) Task: {46E4E981-CA00-4B55-B64D-169E6E11F49E} - System32\Tasks\{48ED43F6-276E-4B3E-84C9-AF177A05091F} => C:\Program Files (x86)\GlobalSCAPE\CuteFTP Pro\cftppro.exe (No File) Task: {6581AC58-F5C3-4EDE-8FD0-DA15E222124A} - System32\Tasks\{941DB459-573A-4A1E-88ED-47745CC68AAB} => C:\Program Files (x86)\GlobalSCAPE\CuteFTP Pro\cftppro.exe (No File) Task: {E2FB105C-20F1-4AEC-A92D-6B81463016D6} - System32\Tasks\{A9959086-46FF-41BE-810C-F206A2E3F1E6} => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (No File) Task: {47628B3D-91C0-4017-8C40-3879F23C0F9B} - System32\Tasks\{AB328369-5DE0-4EEA-98CB-DCBFBCDCCA60} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (No File) Task: {4BB7CA63-02AF-4FF7-8668-B63A957427A1} - System32\Tasks\{FAC263F5-C915-431D-A286-E4973F2D5114} => C:\Program Files\Malwarebytes\Anti-Malware\MBAM.exe [24001160 2024-08-27] (Malwarebytes Inc. -> Malwarebytes) Task: {84FAB8D4-B9A5-47B4-A42E-91001314CA94} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-21] (Adobe Inc. -> Adobe Inc.) Task: {EED986EA-2792-458A-82F6-E1189B9488D6} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [134640 2017-11-03] (Glarysoft LTD -> Glarysoft Ltd) Task: {285AE490-6180-4870-9528-C7E6DF4CA221} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\hpwebreg.exe [366440 2010-11-16] (Hewlett Packard -> Hewlett-Packard Co.) Task: {0A218628-1347-42C6-9A4F-49B1A20D05B9} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694256 2021-03-10] (Mozilla Corporation -> Mozilla Foundation) Task: {AC87D1F2-B01D-44B3-910D-4D31ECC2AEBE} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\22.6.0.142\SymErr.exe /analyze (No File) Task: {1F25F568-02EF-4D20-B278-CE70CCE0F57D} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe /submit (No File) Task: {A4BF0A43-90B0-4C85-9A63-1912FD7D4BB6} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log Task: {29547CDB-EED4-43D9-BDA4-296EB432F3FE} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {247B7634-B2F5-4FEF-9101-39A5AA968E60} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation) Task: {2A6DD338-4008-49AA-8EAE-7C28BC72B038} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler Task: {D86BA1D9-715C-44BA-B3AE-5B876DC4009A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F536E6F0-68CA-475C-ACA2-A5932F7F207E} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation) Task: {3779834B-C5F7-400A-87B6-CE60FDBDF707} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation) Task: {C53F5D6A-D684-48E0-9CD0-1DEE80065E55} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation) Task: {DF6B9886-08C6-4430-BB5C-C56DBD26DDF6} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation) Task: {25820D52-7B07-435A-8ECF-37C2660BEA0C} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 198.88.216.2 140.177.128.138 Tcpip\..\Interfaces\{C377E356-2B4E-43EA-AF96-3DB6C85A7D9E}: [DhcpNameServer] 198.88.216.2 140.177.128.138 FireFox: ======== FF DefaultProfile: j4d1xgh2.default-1699379289784 FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7go6c1zs.default-release [2024-08-27] FF Homepage: Mozilla\Firefox\Profiles\7go6c1zs.default-release -> hxxp://www.bing.com FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j4d1xgh2.default-1699379289784 [2024-03-25] FF Homepage: Mozilla\Firefox\Profiles\j4d1xgh2.default-1699379289784 -> hxxp://www.bing.com FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2024-01-02] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-21] (Adobe Inc. -> Adobe Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8965728 2024-08-27] (Malwarebytes Inc. -> Malwarebytes) S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-08-27] (Malwarebytes Inc. -> Malwarebytes) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 cdh38464; C:\Windows\System32\DRIVERS\cdh38464.sys [38544 2013-12-30] (Chord Electronics Limited -> ) S3 cdh76864; C:\Windows\System32\DRIVERS\cdh76864.sys [39080 2015-09-22] (Chord Electronics Limited -> ) S3 CMUACWO; C:\Windows\System32\DRIVERS\CMUACWO.sys [357376 2013-02-19] (C-MEDIA ELECTRONICS INC. -> C-Media Inc.) S3 DENAFRIPSUsbAudio; C:\Windows\System32\DRIVERS\DENAFRIPSUsbAudio.sys [400752 2020-12-18] (Thesycon Software Solutions GmbH & Co. KG -> ) S3 DENAFRIPSUsbAudioks; C:\Windows\System32\DRIVERS\DENAFRIPSUsbAudioks.sys [53616 2020-12-18] (Thesycon Software Solutions GmbH & Co. KG -> ) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2022-03-19] (Glarysoft Ltd -> Glarysoft Ltd) R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [231504 2024-08-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239568 2024-08-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2024-08-27 21:20 - 2024-08-27 21:22 - 000012853 _____ C:\Users\Owner\Desktop\FRST.txt 2024-08-27 21:16 - 2024-08-27 21:21 - 000000000 ____D C:\FRST 2024-08-27 21:15 - 2024-08-27 21:14 - 002397184 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe 2024-08-27 21:15 - 2024-08-27 18:13 - 002397184 _____ (Farbar) C:\Users\Owner\Desktop\FRSTEnglish.exe 2024-08-27 21:14 - 2024-08-27 21:14 - 002397184 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe 2024-08-27 21:03 - 2024-08-27 21:04 - 000001224 _____ C:\Users\Owner\Desktop\Malwarebytes 8-27-24.txt 2024-08-27 20:27 - 2024-08-27 20:27 - 000001743 _____ C:\Users\Owner\Desktop\AdwCleaner[C00].txt 2024-08-27 19:14 - 2024-08-27 19:19 - 000000000 ____D C:\AdwCleaner 2024-08-27 19:13 - 2024-08-27 19:12 - 008790880 _____ (Malwarebytes) C:\Users\Owner\Desktop\adwcleaner.exe 2024-08-27 18:12 - 2024-08-27 18:13 - 002397184 _____ (Farbar) C:\Users\Owner\Downloads\FRSTEnglish.exe 2024-08-27 18:10 - 2024-08-27 18:10 - 014199272 _____ C:\Users\Owner\Downloads\mb-support-1.9.12.1020.exe 2024-08-27 18:00 - 2024-08-27 18:00 - 002596072 _____ (Malwarebytes) C:\Users\Owner\Downloads\MBSetup(1).exe 2024-08-27 16:43 - 2024-08-27 16:45 - 000188698 _____ C:\Windows\ntbtlog.txt 2024-08-27 16:26 - 2024-08-27 16:26 - 000001114 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2024-08-27 21:16 - 2009-07-13 23:45 - 000023168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2024-08-27 21:16 - 2009-07-13 23:45 - 000023168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2024-08-27 21:12 - 2021-05-30 21:55 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla 2024-08-27 21:05 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2024-08-27 18:21 - 2023-05-01 23:45 - 000001908 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2024-08-27 18:19 - 2023-05-18 01:22 - 000000000 ____D C:\Users\Owner\AppData\Local\Malwarebytes 2024-08-27 18:17 - 2020-12-12 05:42 - 000000000 ____D C:\Program Files\Malwarebytes 2024-08-27 18:13 - 2014-08-26 19:39 - 000000000 ____D C:\Users\Owner\AppData\Local\CrashDumps 2024-08-27 17:12 - 2024-02-08 13:56 - 000239568 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2024-08-27 17:11 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf 2024-08-27 16:37 - 2016-02-21 12:57 - 000000000 ____D C:\Windows\pss 2024-08-27 16:27 - 2014-04-21 09:23 - 000000000 ____D C:\Users\Owner 2024-08-27 16:26 - 2010-11-21 02:16 - 000000000 ____D C:\Windows\CSC ==================== Files in the root of some directories ======== 2015-06-02 23:27 - 2021-06-14 22:36 - 000007596 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2024-08-27 20:10 ==================== End of FRST.txt ========================