Broni: Please review these logs of a Dell Inspiron Running Windows 7 Home Premium. I thank you in advance for your continued understanding and support. Meanwhile, I wish you, your colleagues, and your families, a very...
Happy New Year!
________________ FRST.txt _________________
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2022
Ran by ali (administrator) on ALI-PC (Dell Inc. Inspiron 1545) (15-01-2022 19:39:29)
Running from C:\troubleshoorter\cleanup15jan22\security_sw
Loaded Profiles: ali
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(CyberLink -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Dell Inc -> SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Dell Inc -> SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Dell Inc. -> ) C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Dell Inc. -> SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Dell Inc. -> SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Dell Inc. -> SupportSoft, Inc.) C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe
(Dell Inc. -> SupportSoft, Inc.) C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
(Dell Inc.) [File not signed] [File is in use] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Dell Inc.) [File not signed] C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Windows Hardware Compatibility Publisher -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Windows Hardware Compatibility Publisher -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Sonic Solutions -> ) C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Stardock Corporation) [File not signed] C:\Program Files\Dell\DellDock\DockLogin.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation -> Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.) [File not signed] [File is in use]
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [368640 2010-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] (Sonic Solutions -> )
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (Dell Inc. -> SupportSoft, Inc.)
HKLM-x32\...\Run: [DellComms] => C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe [206064 2009-05-05] (Dell Inc. -> SupportSoft, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] (Dell Inc. -> )
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) [File not signed]
HKLM\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe [18240 2010-01-22] (Dell Inc -> Dell)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-02-11] (Dell Inc -> Softthinks)
HKLM-x32\...\RunOnce: [STToasterLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120128 2010-02-11] (Dell Inc -> )
HKU\S-1-5-21-3895428205-2381722362-2872330137-1001\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-3895428205-2381722362-2872330137-1001\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\97.0.4692.71\Installer\chrmstp.exe [2022-01-07] (Google LLC -> Google LLC)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-05-10]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation -> Stardock Corporation)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {3D75BD7C-662F-4470-9E51-DB6C61976D6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-19] (Google LLC -> Google LLC)
Task: {53BD5DFA-669F-454F-899F-8EA33BD2EA33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-19] (Google LLC -> Google LLC)
Task: {614E4703-9701-4B65-882C-136B0868E643} - System32\Tasks\DG6FLBL1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [4968960 2009-07-16] (Dell Inc.) [File not signed] [File is in use]
Task: {BB528825-958A-4783-A165-B310CD6FE74E} - System32\Tasks\Opera scheduled Autoupdate 1592812109 => C:\Users\ali\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {CEB31BD5-AA7A-4BD1-ACD8-59C3E21C87DD} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [29851288 2021-09-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {D22EC550-6A18-416B-B78D-39D47592AD4D} - System32\Tasks\Avira_Security_Update => C:\Windows\system32\net.exe [55808 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
Task: {E1325158-66EB-4680-95AA-0B80714443E4} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [236704 2021-10-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {F2761C97-079B-4553-AA0E-7BD50CD46D3B} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1675120 2021-10-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {F28B95F1-7945-42E4-8DF4-9EF8E92C0133} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {F7183928-5752-40A1-ADEF-C81539D8C52B} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2648424 2021-10-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {FA27FA3E-C563-4721-9359-2EA9E50EEF98} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FC67C0D9-4BC1-4597-8D6B-ADF6E93DA518}: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF DefaultProfile: 2qcwkag6.default
FF ProfilePath: C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\fjkecc0j.default-release [2022-01-15]
FF DownloadDir: C:\troubleshoorter
FF Homepage: Mozilla\Firefox\Profiles\fjkecc0j.default-release -> about:blank
FF Session Restore: Mozilla\Firefox\Profiles\fjkecc0j.default-release -> is enabled.
FF Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\fjkecc0j.default-release\Extensions\@windscribeff.xpi [2021-07-05]
FF Extension: (Touch VPN - Secure and unlimited VPN proxy) - C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\fjkecc0j.default-release\Extensions\touch-vpn@anchorfree.com.xpi [2021-05-20]
FF ProfilePath: C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\zxd9ndhg.dev-edition-default [2019-08-21]
FF Homepage: Mozilla\Firefox\Profiles\zxd9ndhg.dev-edition-default -> about:blank
FF Session Restore: Mozilla\Firefox\Profiles\zxd9ndhg.dev-edition-default -> is enabled.
FF ProfilePath: C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\2qcwkag6.default [2021-07-13]
FF Homepage: Mozilla\Firefox\Profiles\2qcwkag6.default -> about:blank
FF Session Restore: Mozilla\Firefox\Profiles\2qcwkag6.default -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-16] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-16] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll [2009-06-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default [2022-01-15]
CHR DownloadDir: C:\troubleshoorter
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-19]
CHR Extension: (Docs) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-19]
CHR Extension: (Google Drive) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-28]
CHR Extension: (Touch VPN - Secure and unlimited VPN proxy) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\bihmplhobchoageeokmgbdihknkjbknd [2021-07-02]
CHR Extension: (YouTube) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-19]
CHR Extension: (Sheets) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-19]
CHR Extension: (Google Docs Offline) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-01-12]
CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2021-12-13]
CHR Extension: (Hotspot Shield Free VPN Proxy - Unlimited VPN) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2021-09-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (TunnelBear VPN) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2021-09-13]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2022-01-13]
CHR Extension: (Gmail) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor8.0; c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-18] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1206648 2021-07-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [485048 2021-07-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [485048 2021-07-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [574832 2022-01-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2989160 2021-08-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [384480 2021-08-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [272672 2021-10-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AviraSecurityUpdater; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [275088 2021-10-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [159080 2021-04-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation -> Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [158912 2019-03-28] (Microsoft Dynamic Code Publisher -> Microsoft Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes Corporation -> Malwarebytes)
R2 SftService; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [660800 2010-02-11] (Dell Inc -> SoftThinks)
R2 sprtsvc_DellComms; C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [206064 2009-05-05] (Dell Inc. -> SupportSoft, Inc.)
R2 sprtsvc_DellSupportCenter; C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe [206064 2009-05-21] (Dell Inc. -> SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.) [File not signed]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [68152 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [221600 2021-10-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [177112 2021-03-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36072 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35376 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 BrSerIb; C:\Windows\System32\DRIVERS\BrSerIb.sys [95344 2012-07-31] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 BrUsbSIb; C:\Windows\System32\DRIVERS\BrUsbSIb.sys [21872 2012-06-21] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-22] (Malwarebytes Corporation -> )
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-05-07] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-07] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-05-07] (Malwarebytes Corporation -> Malwarebytes)
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [487424 2009-06-28] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [393728 2009-05-19] (Microsoft Windows Hardware Compatibility Publisher -> Marvell)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-01-15 19:38 - 2022-01-15 19:40 - 000000000 ____D C:\FRST
2022-01-15 10:32 - 2022-01-15 10:32 - 000000000 ____D C:\Roxio
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-01-15 19:34 - 2020-04-19 20:08 - 000000000 ____D C:\Program Files (x86)\Google
2022-01-15 19:32 - 2017-04-12 10:39 - 000000000 ____D C:\troubleshoorter
2022-01-15 19:29 - 2009-07-13 20:45 - 000026000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2022-01-15 19:29 - 2009-07-13 20:45 - 000026000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2022-01-15 19:26 - 2009-07-13 21:13 - 000799186 _____ C:\Windows\system32\PerfStringBackup.INI
2022-01-15 19:26 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2022-01-15 19:20 - 2010-05-10 19:06 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2022-01-15 19:18 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-01-15 19:08 - 2019-04-10 10:06 - 001038968 _____ C:\Windows\ntbtlog.txt
2022-01-15 19:04 - 2010-05-10 21:10 - 000000000 ____D C:\dell
2022-01-15 11:39 - 2021-10-31 20:53 - 000003380 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-15 11:39 - 2021-10-31 20:52 - 000003252 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-15 11:35 - 2017-04-16 11:22 - 000000000 ____D C:\Users\ali\AppData\LocalLow\Mozilla
2022-01-15 11:30 - 2017-04-13 15:50 - 000251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2022-01-13 13:06 - 2019-01-11 18:19 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2022-01-13 13:03 - 2017-04-16 12:02 - 000002061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-01-07 11:22 - 2020-04-19 20:09 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-07 11:22 - 2020-04-19 20:09 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-01-06 10:22 - 2020-06-21 23:41 - 000003292 _____ C:\Windows\system32\Tasks\Avira_Antivirus_Systray
==================== Files in the root of some directories ========
2017-04-17 11:19 - 2017-04-17 11:19 - 000000000 _____ () C:\Users\ali\AppData\Roaming\wklnhst.dat
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2022-01-03 10:54
==================== End of FRST.txt ========================
Happy New Year!
________________ FRST.txt _________________
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2022
Ran by ali (administrator) on ALI-PC (Dell Inc. Inspiron 1545) (15-01-2022 19:39:29)
Running from C:\troubleshoorter\cleanup15jan22\security_sw
Loaded Profiles: ali
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(CyberLink -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Dell Inc -> SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Dell Inc -> SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Dell Inc. -> ) C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Dell Inc. -> SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Dell Inc. -> SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Dell Inc. -> SupportSoft, Inc.) C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe
(Dell Inc. -> SupportSoft, Inc.) C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
(Dell Inc.) [File not signed] [File is in use] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Dell Inc.) [File not signed] C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Windows Hardware Compatibility Publisher -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Windows Hardware Compatibility Publisher -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Sonic Solutions -> ) C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Stardock Corporation) [File not signed] C:\Program Files\Dell\DellDock\DockLogin.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation -> Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.) [File not signed] [File is in use]
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [368640 2010-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] (Sonic Solutions -> )
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (Dell Inc. -> SupportSoft, Inc.)
HKLM-x32\...\Run: [DellComms] => C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe [206064 2009-05-05] (Dell Inc. -> SupportSoft, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] (Dell Inc. -> )
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) [File not signed]
HKLM\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe [18240 2010-01-22] (Dell Inc -> Dell)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-02-11] (Dell Inc -> Softthinks)
HKLM-x32\...\RunOnce: [STToasterLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120128 2010-02-11] (Dell Inc -> )
HKU\S-1-5-21-3895428205-2381722362-2872330137-1001\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-3895428205-2381722362-2872330137-1001\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\97.0.4692.71\Installer\chrmstp.exe [2022-01-07] (Google LLC -> Google LLC)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-05-10]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation -> Stardock Corporation)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {3D75BD7C-662F-4470-9E51-DB6C61976D6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-19] (Google LLC -> Google LLC)
Task: {53BD5DFA-669F-454F-899F-8EA33BD2EA33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-19] (Google LLC -> Google LLC)
Task: {614E4703-9701-4B65-882C-136B0868E643} - System32\Tasks\DG6FLBL1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [4968960 2009-07-16] (Dell Inc.) [File not signed] [File is in use]
Task: {BB528825-958A-4783-A165-B310CD6FE74E} - System32\Tasks\Opera scheduled Autoupdate 1592812109 => C:\Users\ali\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {CEB31BD5-AA7A-4BD1-ACD8-59C3E21C87DD} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [29851288 2021-09-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {D22EC550-6A18-416B-B78D-39D47592AD4D} - System32\Tasks\Avira_Security_Update => C:\Windows\system32\net.exe [55808 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
Task: {E1325158-66EB-4680-95AA-0B80714443E4} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [236704 2021-10-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {F2761C97-079B-4553-AA0E-7BD50CD46D3B} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1675120 2021-10-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {F28B95F1-7945-42E4-8DF4-9EF8E92C0133} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {F7183928-5752-40A1-ADEF-C81539D8C52B} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2648424 2021-10-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {FA27FA3E-C563-4721-9359-2EA9E50EEF98} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FC67C0D9-4BC1-4597-8D6B-ADF6E93DA518}: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF DefaultProfile: 2qcwkag6.default
FF ProfilePath: C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\fjkecc0j.default-release [2022-01-15]
FF DownloadDir: C:\troubleshoorter
FF Homepage: Mozilla\Firefox\Profiles\fjkecc0j.default-release -> about:blank
FF Session Restore: Mozilla\Firefox\Profiles\fjkecc0j.default-release -> is enabled.
FF Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\fjkecc0j.default-release\Extensions\@windscribeff.xpi [2021-07-05]
FF Extension: (Touch VPN - Secure and unlimited VPN proxy) - C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\fjkecc0j.default-release\Extensions\touch-vpn@anchorfree.com.xpi [2021-05-20]
FF ProfilePath: C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\zxd9ndhg.dev-edition-default [2019-08-21]
FF Homepage: Mozilla\Firefox\Profiles\zxd9ndhg.dev-edition-default -> about:blank
FF Session Restore: Mozilla\Firefox\Profiles\zxd9ndhg.dev-edition-default -> is enabled.
FF ProfilePath: C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\2qcwkag6.default [2021-07-13]
FF Homepage: Mozilla\Firefox\Profiles\2qcwkag6.default -> about:blank
FF Session Restore: Mozilla\Firefox\Profiles\2qcwkag6.default -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-16] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-16] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll [2009-06-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default [2022-01-15]
CHR DownloadDir: C:\troubleshoorter
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-19]
CHR Extension: (Docs) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-19]
CHR Extension: (Google Drive) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-28]
CHR Extension: (Touch VPN - Secure and unlimited VPN proxy) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\bihmplhobchoageeokmgbdihknkjbknd [2021-07-02]
CHR Extension: (YouTube) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-19]
CHR Extension: (Sheets) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-19]
CHR Extension: (Google Docs Offline) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-01-12]
CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2021-12-13]
CHR Extension: (Hotspot Shield Free VPN Proxy - Unlimited VPN) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2021-09-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (TunnelBear VPN) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2021-09-13]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2022-01-13]
CHR Extension: (Gmail) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor8.0; c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-18] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1206648 2021-07-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [485048 2021-07-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [485048 2021-07-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [574832 2022-01-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2989160 2021-08-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [384480 2021-08-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [272672 2021-10-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AviraSecurityUpdater; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [275088 2021-10-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [159080 2021-04-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation -> Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [158912 2019-03-28] (Microsoft Dynamic Code Publisher -> Microsoft Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes Corporation -> Malwarebytes)
R2 SftService; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [660800 2010-02-11] (Dell Inc -> SoftThinks)
R2 sprtsvc_DellComms; C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [206064 2009-05-05] (Dell Inc. -> SupportSoft, Inc.)
R2 sprtsvc_DellSupportCenter; C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe [206064 2009-05-21] (Dell Inc. -> SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.) [File not signed]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [68152 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [221600 2021-10-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [177112 2021-03-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36072 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35376 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 BrSerIb; C:\Windows\System32\DRIVERS\BrSerIb.sys [95344 2012-07-31] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 BrUsbSIb; C:\Windows\System32\DRIVERS\BrUsbSIb.sys [21872 2012-06-21] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-22] (Malwarebytes Corporation -> )
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-05-07] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-07] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-05-07] (Malwarebytes Corporation -> Malwarebytes)
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [487424 2009-06-28] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [393728 2009-05-19] (Microsoft Windows Hardware Compatibility Publisher -> Marvell)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-01-15 19:38 - 2022-01-15 19:40 - 000000000 ____D C:\FRST
2022-01-15 10:32 - 2022-01-15 10:32 - 000000000 ____D C:\Roxio
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-01-15 19:34 - 2020-04-19 20:08 - 000000000 ____D C:\Program Files (x86)\Google
2022-01-15 19:32 - 2017-04-12 10:39 - 000000000 ____D C:\troubleshoorter
2022-01-15 19:29 - 2009-07-13 20:45 - 000026000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2022-01-15 19:29 - 2009-07-13 20:45 - 000026000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2022-01-15 19:26 - 2009-07-13 21:13 - 000799186 _____ C:\Windows\system32\PerfStringBackup.INI
2022-01-15 19:26 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2022-01-15 19:20 - 2010-05-10 19:06 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2022-01-15 19:18 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-01-15 19:08 - 2019-04-10 10:06 - 001038968 _____ C:\Windows\ntbtlog.txt
2022-01-15 19:04 - 2010-05-10 21:10 - 000000000 ____D C:\dell
2022-01-15 11:39 - 2021-10-31 20:53 - 000003380 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-15 11:39 - 2021-10-31 20:52 - 000003252 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-15 11:35 - 2017-04-16 11:22 - 000000000 ____D C:\Users\ali\AppData\LocalLow\Mozilla
2022-01-15 11:30 - 2017-04-13 15:50 - 000251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2022-01-13 13:06 - 2019-01-11 18:19 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2022-01-13 13:03 - 2017-04-16 12:02 - 000002061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-01-07 11:22 - 2020-04-19 20:09 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-07 11:22 - 2020-04-19 20:09 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-01-06 10:22 - 2020-06-21 23:41 - 000003292 _____ C:\Windows\system32\Tasks\Avira_Antivirus_Systray
==================== Files in the root of some directories ========
2017-04-17 11:19 - 2017-04-17 11:19 - 000000000 _____ () C:\Users\ali\AppData\Roaming\wklnhst.dat
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2022-01-03 10:54
==================== End of FRST.txt ========================