Solved Broni: Please review these logs of a Dell Inspiron Running Windows 7 Home Premium--Part 1

drwizgeek

Posts: 125   +0
Broni: Please review these logs of a Dell Inspiron Running Windows 7 Home Premium. I thank you in advance for your continued understanding and support. Meanwhile, I wish you, your colleagues, and your families, a very...

Happy New Year!
________________ FRST.txt _________________
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2022
Ran by ali (administrator) on ALI-PC (Dell Inc. Inspiron 1545) (15-01-2022 19:39:29)
Running from C:\troubleshoorter\cleanup15jan22\security_sw
Loaded Profiles: ali
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(CyberLink -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Dell Inc -> SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Dell Inc -> SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Dell Inc. -> ) C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Dell Inc. -> SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Dell Inc. -> SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Dell Inc. -> SupportSoft, Inc.) C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe
(Dell Inc. -> SupportSoft, Inc.) C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
(Dell Inc.) [File not signed] [File is in use] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Dell Inc.) [File not signed] C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Windows Hardware Compatibility Publisher -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Windows Hardware Compatibility Publisher -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Sonic Solutions -> ) C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Stardock Corporation) [File not signed] C:\Program Files\Dell\DellDock\DockLogin.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation -> Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.) [File not signed] [File is in use]
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [368640 2010-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] (Sonic Solutions -> )
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (Dell Inc. -> SupportSoft, Inc.)
HKLM-x32\...\Run: [DellComms] => C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe [206064 2009-05-05] (Dell Inc. -> SupportSoft, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] (Dell Inc. -> )
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) [File not signed]
HKLM\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe [18240 2010-01-22] (Dell Inc -> Dell)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-02-11] (Dell Inc -> Softthinks)
HKLM-x32\...\RunOnce: [STToasterLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120128 2010-02-11] (Dell Inc -> )
HKU\S-1-5-21-3895428205-2381722362-2872330137-1001\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-3895428205-2381722362-2872330137-1001\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\97.0.4692.71\Installer\chrmstp.exe [2022-01-07] (Google LLC -> Google LLC)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-05-10]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation -> Stardock Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3D75BD7C-662F-4470-9E51-DB6C61976D6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-19] (Google LLC -> Google LLC)
Task: {53BD5DFA-669F-454F-899F-8EA33BD2EA33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-19] (Google LLC -> Google LLC)
Task: {614E4703-9701-4B65-882C-136B0868E643} - System32\Tasks\DG6FLBL1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [4968960 2009-07-16] (Dell Inc.) [File not signed] [File is in use]
Task: {BB528825-958A-4783-A165-B310CD6FE74E} - System32\Tasks\Opera scheduled Autoupdate 1592812109 => C:\Users\ali\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {CEB31BD5-AA7A-4BD1-ACD8-59C3E21C87DD} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [29851288 2021-09-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {D22EC550-6A18-416B-B78D-39D47592AD4D} - System32\Tasks\Avira_Security_Update => C:\Windows\system32\net.exe [55808 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
Task: {E1325158-66EB-4680-95AA-0B80714443E4} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [236704 2021-10-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {F2761C97-079B-4553-AA0E-7BD50CD46D3B} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1675120 2021-10-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {F28B95F1-7945-42E4-8DF4-9EF8E92C0133} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {F7183928-5752-40A1-ADEF-C81539D8C52B} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2648424 2021-10-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {FA27FA3E-C563-4721-9359-2EA9E50EEF98} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FC67C0D9-4BC1-4597-8D6B-ADF6E93DA518}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF DefaultProfile: 2qcwkag6.default
FF ProfilePath: C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\fjkecc0j.default-release [2022-01-15]
FF DownloadDir: C:\troubleshoorter
FF Homepage: Mozilla\Firefox\Profiles\fjkecc0j.default-release -> about:blank
FF Session Restore: Mozilla\Firefox\Profiles\fjkecc0j.default-release -> is enabled.
FF Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\fjkecc0j.default-release\Extensions\@windscribeff.xpi [2021-07-05]
FF Extension: (Touch VPN - Secure and unlimited VPN proxy) - C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\fjkecc0j.default-release\Extensions\touch-vpn@anchorfree.com.xpi [2021-05-20]
FF ProfilePath: C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\zxd9ndhg.dev-edition-default [2019-08-21]
FF Homepage: Mozilla\Firefox\Profiles\zxd9ndhg.dev-edition-default -> about:blank
FF Session Restore: Mozilla\Firefox\Profiles\zxd9ndhg.dev-edition-default -> is enabled.
FF ProfilePath: C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\2qcwkag6.default [2021-07-13]
FF Homepage: Mozilla\Firefox\Profiles\2qcwkag6.default -> about:blank
FF Session Restore: Mozilla\Firefox\Profiles\2qcwkag6.default -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-16] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-16] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll [2009-06-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default [2022-01-15]
CHR DownloadDir: C:\troubleshoorter
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-19]
CHR Extension: (Docs) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-19]
CHR Extension: (Google Drive) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-28]
CHR Extension: (Touch VPN - Secure and unlimited VPN proxy) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\bihmplhobchoageeokmgbdihknkjbknd [2021-07-02]
CHR Extension: (YouTube) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-19]
CHR Extension: (Sheets) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-19]
CHR Extension: (Google Docs Offline) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-01-12]
CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2021-12-13]
CHR Extension: (Hotspot Shield Free VPN Proxy - Unlimited VPN) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2021-09-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (TunnelBear VPN) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2021-09-13]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2022-01-13]
CHR Extension: (Gmail) - C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor8.0; c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-18] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1206648 2021-07-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [485048 2021-07-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [485048 2021-07-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [574832 2022-01-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2989160 2021-08-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [384480 2021-08-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [272672 2021-10-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AviraSecurityUpdater; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [275088 2021-10-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [159080 2021-04-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation -> Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [158912 2019-03-28] (Microsoft Dynamic Code Publisher -> Microsoft Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes Corporation -> Malwarebytes)
R2 SftService; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [660800 2010-02-11] (Dell Inc -> SoftThinks)
R2 sprtsvc_DellComms; C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [206064 2009-05-05] (Dell Inc. -> SupportSoft, Inc.)
R2 sprtsvc_DellSupportCenter; C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe [206064 2009-05-21] (Dell Inc. -> SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [68152 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [221600 2021-10-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [177112 2021-03-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36072 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35376 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 BrSerIb; C:\Windows\System32\DRIVERS\BrSerIb.sys [95344 2012-07-31] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 BrUsbSIb; C:\Windows\System32\DRIVERS\BrUsbSIb.sys [21872 2012-06-21] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-22] (Malwarebytes Corporation -> )
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-05-07] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-07] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-05-07] (Malwarebytes Corporation -> Malwarebytes)
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [487424 2009-06-28] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [393728 2009-05-19] (Microsoft Windows Hardware Compatibility Publisher -> Marvell)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-15 19:38 - 2022-01-15 19:40 - 000000000 ____D C:\FRST
2022-01-15 10:32 - 2022-01-15 10:32 - 000000000 ____D C:\Roxio

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-15 19:34 - 2020-04-19 20:08 - 000000000 ____D C:\Program Files (x86)\Google
2022-01-15 19:32 - 2017-04-12 10:39 - 000000000 ____D C:\troubleshoorter
2022-01-15 19:29 - 2009-07-13 20:45 - 000026000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2022-01-15 19:29 - 2009-07-13 20:45 - 000026000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2022-01-15 19:26 - 2009-07-13 21:13 - 000799186 _____ C:\Windows\system32\PerfStringBackup.INI
2022-01-15 19:26 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2022-01-15 19:20 - 2010-05-10 19:06 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2022-01-15 19:18 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-01-15 19:08 - 2019-04-10 10:06 - 001038968 _____ C:\Windows\ntbtlog.txt
2022-01-15 19:04 - 2010-05-10 21:10 - 000000000 ____D C:\dell
2022-01-15 11:39 - 2021-10-31 20:53 - 000003380 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-15 11:39 - 2021-10-31 20:52 - 000003252 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-15 11:35 - 2017-04-16 11:22 - 000000000 ____D C:\Users\ali\AppData\LocalLow\Mozilla
2022-01-15 11:30 - 2017-04-13 15:50 - 000251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2022-01-13 13:06 - 2019-01-11 18:19 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2022-01-13 13:03 - 2017-04-16 12:02 - 000002061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-01-07 11:22 - 2020-04-19 20:09 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-07 11:22 - 2020-04-19 20:09 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-01-06 10:22 - 2020-06-21 23:41 - 000003292 _____ C:\Windows\system32\Tasks\Avira_Antivirus_Systray

==================== Files in the root of some directories ========

2017-04-17 11:19 - 2017-04-17 11:19 - 000000000 _____ () C:\Users\ali\AppData\Roaming\wklnhst.dat

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2022-01-03 10:54
==================== End of FRST.txt ========================
 

drwizgeek

Posts: 125   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2022
Ran by ali (15-01-2022 19:43:57)
Running from C:\troubleshoorter\cleanup15jan22\security_sw
Microsoft Windows 7 Home Premium Service Pack 1 (X64) (2015-05-04 04:48:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3895428205-2381722362-2872330137-500 - Administrator - Disabled)
ali (S-1-5-21-3895428205-2381722362-2872330137-1001 - Administrator - Enabled) => C:\Users\ali
Guest (S-1-5-21-3895428205-2381722362-2872330137-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3895428205-2381722362-2872330137-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {AC17F611-00B5-72DF-E540-58FE9912ECC8}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {177617F5-268F-7D51-DFF0-638CE295A675}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.011.20039 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.8.198 - Adobe Systems, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2201.2134 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.37.7.25887 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.57.24596 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG;)
Avira Software Updater (HKLM-x32\...\{5FFF909D-D88F-42B9-9A85-328A1290611C}) (Version: 2.0.6.48309 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.13.0.11216 - Avira Operations GmbH & Co. KG) Hidden
Brother MFL-Pro Suite MFC-7360N (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
Dell Communications (Support Software) (HKLM-x32\...\{351DE0AB-7787-4497-9A7A-4AA9E3A4E290}) (Version: 1.0.09094 - Dell)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.41 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.92 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: - Stardock Corporation)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1102.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 97.0.4692.71 - Google LLC)
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
HHD Software Free Hex Editor Neo 6.54 (HKLM\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 6.54.01.6478 - HHD Software, Ltd.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 97.0.1072.55 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{67635FB6-2F63-4FFB-830B-D4C01597EBA4}) (Version: 1.2.1 - DELL)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 77.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 77.0.1 (x86 en-US)) (Version: 77.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 77.0.1 - Mozilla)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
RogueKiller version 12.10.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.4.0 - Adlice Software)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
TurboTax 2018 (HKLM-x32\...\TurboTax 2018) (Version: 2018.0 - Intuit, Inc)
TurboTax 2019 (HKLM-x32\...\TurboTax 2019) (Version: 2019.0 - Intuit, Inc)
TurboTax 2020 (HKLM-x32\...\TurboTax 2020) (Version: 2020.0 - Intuit, Inc)
Update for Office 2007 (KB934528) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version: - )
Update for Office System 2007 Setup (KB929722) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version: - )
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-07-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-09-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-09-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-06-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-09-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-07-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2010-05-10 18:53 - 2009-07-16 17:06 - 000058368 _____ () [File not signed] [File is in use] C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2015-05-03 21:43 - 2009-02-27 15:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-05-03 21:43 - 2005-04-21 20:36 - 000143360 _____ () [File not signed] C:\Windows\system32\BrSNMP64.dll
2010-05-10 18:53 - 2009-07-16 17:06 - 000073216 _____ (Broadcom Corporation) [File not signed] C:\Windows\system32\wltrynt.dll
2015-05-03 21:43 - 2012-07-25 16:23 - 000007168 _____ (Brother Industries Ltd.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\BRLFXA5C.DLL
2015-05-03 21:43 - 2012-07-25 16:23 - 000231936 _____ (Brother Industries Ltd.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\BRUFXA5C.dll
2015-05-03 21:43 - 2012-04-23 14:03 - 000380928 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2015-05-03 21:43 - 2010-09-29 16:07 - 000180224 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
2015-05-03 21:43 - 2011-02-28 10:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2015-05-03 21:43 - 2012-01-11 13:39 - 000626688 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2015-05-03 21:43 - 2012-09-06 20:02 - 000155648 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2015-05-03 21:43 - 2012-07-06 12:33 - 000098304 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2015-05-03 21:43 - 2012-07-06 12:33 - 017694720 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2015-05-03 21:43 - 2012-07-17 12:36 - 000090112 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLEng.dll
2015-05-03 21:43 - 2012-07-05 03:32 - 000084480 _____ (Brother Industries, Ltd.) [File not signed] C:\Windows\system32\BrNetSti.dll
2010-05-10 18:55 - 2009-06-04 16:03 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\IAAMon_ENU.dll
2010-05-10 18:55 - 2009-06-04 16:02 - 000118784 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\PlugInRAID_ENU.dll
2010-05-10 18:55 - 2009-06-04 15:55 - 000208896 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ISDI.dll
2019-03-27 22:48 - 2019-03-27 22:48 - 000115200 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2015-05-03 21:46 - 2015-05-03 21:46 - 000479232 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcm80.dll
2010-05-10 19:11 - 2009-12-29 13:35 - 001060864 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CyberLink\PowerDVD DX\MFC71.DLL
2010-05-10 19:11 - 2009-12-29 13:35 - 000499712 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CyberLink\PowerDVD DX\MSVCP71.dll
2010-05-10 19:11 - 2009-12-29 13:35 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CyberLink\PowerDVD DX\MSVCR71.dll
2015-05-03 21:47 - 2015-05-03 21:47 - 000065536 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll
2009-05-21 05:59 - 2009-05-21 05:59 - 000024464 _____ (SupportSoft, Inc. -> SupportSoft, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Dell Support Center\bin\SupportSoft.Agent.Sprocket.dll
2009-05-21 05:59 - 2009-05-21 05:59 - 000040848 _____ (SupportSoft, Inc. -> SupportSoft, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Dell Support Center\bin\SupportSoft.Agent.Sprocket.SupportMessage.dll
2009-05-21 05:59 - 2009-05-21 05:59 - 000073728 _____ (SupportSoft, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Dell Support Center\bin\sprtmessage.dll
2009-05-21 05:59 - 2009-05-21 05:59 - 001069056 _____ (SupportSoft, Inc.) [File not signed] C:\Program Files (x86)\Dell Support Center\bin\LIBEAY32.dll
2009-05-05 02:39 - 2009-05-05 02:39 - 001069056 _____ (SupportSoft, Inc.) [File not signed] C:\Program Files (x86)\Dell\DellComms\bin\LIBEAY32.dll
2009-11-13 13:57 - 2009-11-13 13:57 - 001441792 _____ (SwapDrive, Inc.) [File not signed] C:\Program Files (x86)\Dell DataSafe Online\BuEng.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3895428205-2381722362-2872330137-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3895428205-2381722362-2872330137-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://about/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3895428205-2381722362-2872330137-1001 -> DefaultScope {F310E00B-5713-480D-91F6-C2EA1BF62CCC} URL =
SearchScopes: HKU\S-1-5-21-3895428205-2381722362-2872330137-1001 -> {F310E00B-5713-480D-91F6-C2EA1BF62CCC} URL =
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab
DPF: HKLM {CAFEEFAC-0018-0000-00121-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab
DPF: HKLM {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2009-07-23] (Cozi Group Inc. -> Cozi Group, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2017-04-14 09:17 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Dell\Dell Wireless WLAN Card;c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared;C:\Program Files\RogueKiller;
HKU\S-1-5-21-3895428205-2381722362-2872330137-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ali\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1368524B-3633-4B5D-ADCA-A1C2D4FA517A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{A94C7B6F-7D9E-4CCA-B179-F55E3D6DB8F4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{498502B7-551A-4ECC-9F84-221BCB720AEA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{71CE1993-BB6B-4460-9EE6-EA7812EF89A1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E4B21AE6-ECBE-40FD-A318-21ADE19E4C6C}] => (Allow) C:\Windows\system32\svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3F1AC4C1-616B-4C4D-A496-AE8E576FE5D4}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{30AD8EA3-5314-46A5-9644-6759E3BE92CB}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{EC340103-1AE0-4AFE-8DD4-D606EEEACCB2}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{8531D600-185F-407E-A3FE-E1EB197F6F01}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10f\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{14EF5D95-07BB-47B1-9765-DB0F0224AC97}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10f\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{D6351D02-D31A-4EC6-8C51-52A5B4462E7B}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{FB2AEDB7-D0A4-42BF-8ABC-2D3985A98DDE}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{44B9674A-D903-4227-843A-81FA9AB2CB8B}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{063D725F-93B0-4805-BE47-6C37D16A37CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{811BDE2E-09FA-4520-804D-4643B78B74AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BF2BF813-A839-4390-99B6-607BBF3B7F0D}] => (Allow) C:\Users\ali\AppData\Local\Programs\Opera\68.0.3618.173\opera.exe => No File
FirewallRules: [{B5AAA021-AE19-4578-89C6-965B30B7156B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{06413CFA-EFED-4422-B11F-57F7E9A532C0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{BE0EB42C-4C91-40FD-97C8-90CF304D9F31}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{D4640953-4645-474D-8A95-0D13CB77FE65}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{C12B978F-D5AE-4D82-9678-7CDEA1CEA60F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{936AF87B-9081-4A7A-9BD1-5867B93FD885}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{A1EBEDF8-9166-4ECC-A05D-7227BC92D639}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E93AC5A9-0700-411B-B185-512D90D5EE5B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\97.0.1072.55\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{53808D62-BA6C-4A4B-B546-A2EB8BB56CED}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{9E3B7554-92F5-4FE2-9252-96132BA6DF5E}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{C511A3C8-319C-4BF6-B375-F3A47E0ED350}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Restore Points =========================

12-11-2021 13:12:30 Scheduled Checkpoint
26-11-2021 16:08:14 Scheduled Checkpoint
05-12-2021 23:28:11 Scheduled Checkpoint
03-01-2022 11:01:58 Scheduled Checkpoint
15-01-2022 11:16:40 before_15jan22_cleanup_n_updare

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/15/2022 07:21:38 PM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (01/15/2022 07:20:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_e372d88f30fbb845.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b.manifest.

Error: (01/15/2022 07:04:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_e372d88f30fbb845.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b.manifest.

Error: (01/15/2022 05:09:56 PM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (01/15/2022 11:10:34 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_e372d88f30fbb845.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b.manifest.

Error: (01/15/2022 11:10:34 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_e372d88f30fbb845.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b.manifest.

Error: (01/15/2022 10:41:36 AM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (01/15/2022 10:33:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_e372d88f30fbb845.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b.manifest.


System errors:
=============
Error: (01/15/2022 07:48:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (01/15/2022 07:13:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/15/2022 07:13:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/15/2022 07:04:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/15/2022 07:04:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/15/2022 07:04:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/15/2022 07:04:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/15/2022 07:04:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.


==================== Memory info ===========================

BIOS: Dell Inc. A14 12/07/2009
Motherboard: Dell Inc. 0G848F
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 89%
Total physical RAM: 2008.36 MB
Available physical RAM: 203.05 MB
Total Virtual: 4016.73 MB
Available Virtual: 1046.75 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:149.48 GB) NTFS

\\?\Volume{a49fb228-5cb7-11df-8b02-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.23 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 7144970A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 

Broni

Posts: 55,919   +506
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

You're not saying what the issues are.
 

drwizgeek

Posts: 125   +0
Hello Broni:

Thank you for your response. The primary symptom is that this laptop is running increasingly slower and slower!

My educated guess is that Avira antivirus may be the primary cause. I installed it several years ago. Later, its developers unilaterally "upgraded" it to Avira security, including a VPN that they constantly push and at times enable it without asking me, which I immediately disable. I reviewed the logs last night, it looks like they have just hidden the old one and installed the "upgrade". As a result,I cannot disable their auto update.

Another indication of a problem is that on boot up, the "red umbrella" icon in the system tray is the old one. But, if I open the Antivirus, it changes to a new icon and opens the restricted Avira Security interface, instead. I intend to replace this with another lightweight antivirus, similar to the old Avira, once you give this laptop a green light.

I think other malware might be adding to the problem and may need a routine cleanup. I hope this addresses your question.

Best regards!
 

Broni

Posts: 55,919   +506
So far, I don't see much there, however I can see your main issue:
Total physical RAM: 2008.36 MB
With this amount of RAM. With so little of RAM your computer will be slow, no matter what.

Now...

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

drwizgeek

Posts: 125   +0
Hello Broni:

Thank you very much for your instructions. I completed all the tasks mostly as you advised. I encountered a few complications that I resolved, mostly due to changes in the current versions of the three software. Here are two important issues that might be of interest to you:

1. I uninstalled my old, but updated, Malwarebytes version and installed the latest version to ensure full compliance with your instructions.

2. All three software detected nothing! AdwCleaner suggested that this laptop had ~ 30 preinstalled [bloatware] such as Wild-Tangent game and Dell support that could be quarantined. Given the small RAM, I decided to see if this will improve the laptop's speed. When I restarted it to complete this task, however, it resulted in a short BSOD! But, the OS recovered and generated a log of the dump files. BTW, AdwCleaner's scan was quite fast. RogueKiller took 45 minutes, however!

Please advise if any further actions are warranted. Thank you, again, for your continued support.

Best regards!

P.S. I stayed up till ~ 2 AM this morning to post this only to discover that the platform only saved a draft of it, except the very last edits! I hope it works this time!

Here are the logs:

____________ RogueKiller Log ____________
Program : RogueKiller Anti-Malware
Version : 15.1.5.0
x64 : Yes
Program Date : Dec 15 2021
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : Yes
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : ali
User is Admin : Yes
Date : 2022/01/17 07:58:26
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 2738
Found items : 0
Total scanned : 62943
Signatures Version : 20220110_103811
Truesight Driver : Yes
Updates Count : 4
Arguments : -minimize

************************* Warnings *************************

************************* Updates *************************
Java 8 Update 121 (64-bit) (64-bit), version 8.0.1210.13
[+] Available Version : 8.0.3110.0
[+] Size : 108 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\Java\jre1.8.0_121\

Malwarebytes version 3.0.6.1469 (64-bit), version 3.0.6.1469
[+] Available Version : 4.5.0
[+] Size : 154 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\Malwarebytes\Anti-Malware\

Avira Security (32-bit), version 1.1.57.24596
[+] Available Version : 1.1.60.26061
[+] Wow6432 : Yes
[+] Portable : No

Mozilla Firefox 77.0.1 (x86 en-US) (32-bit), version 77.0.1
[+] Available Version : 96.0.1
[+] Size : 181 MB
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\Mozilla Firefox


************************* Processes *************************

************************* Modules *************************

************************* Services *************************

************************* Scheduled Tasks *************************

************************* Registry *************************

************************* WMI *************************

************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\WINDOWS\System32\drivers\etc\hosts


************************* Filesystem *************************

************************* Web Browsers *************************

************************* Antirootkit *************************

_______________ Malwarebytes Log _____________________________
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/17/22
Scan Time: 12:35 AM
Log File: 72879644-7770-11ec-a45b-a4badbb3c396.json

-Software Information-
Version: 4.5.0.152
Components Version: 1.0.1538
Update Package Version: 1.0.49915
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ali-PC\ali

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 261890
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 11 min, 55 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

_________________ AdwCleaner Log ___________________________
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-17-2022
# Duration: 00:01:08
# OS: Windows 7 Home Premium
# Cleaned: 30
# Awaiting reboot:1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.DellCommunications Folder C:\Program Files (x86)\DELL\DELLCOMMS
Deleted Preinstalled.DellGamesBundle Folder C:\Program Files (x86)\WILDTANGENT\DELL GAMES
Deleted Preinstalled.DellGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Dell Game Console
Deleted Preinstalled.DellGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WT071246
Deleted Preinstalled.DellGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WT071265
Deleted Preinstalled.DellGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WT071298
Deleted Preinstalled.DellGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WT071368
Deleted Preinstalled.DellGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WT071418
Deleted Preinstalled.DellGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WT071443
Deleted Preinstalled.DellGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WT071469
Deleted Preinstalled.DellGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WT071472
Deleted Preinstalled.DellGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WT071475
Deleted Preinstalled.DellGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WT071478
Deleted Preinstalled.DellGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WT071797
Deleted Preinstalled.DellGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WT071815
Deleted Preinstalled.DellGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WT071838
Deleted Preinstalled.DellGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WT071947
Deleted Preinstalled.DellGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WT071952
Deleted Preinstalled.DellGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WT071953
Deleted Preinstalled.DellGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent dell Master Uninstall
Deleted Preinstalled.DellGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-dell-genres
Deleted Preinstalled.DellGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-dell-main
Deleted Preinstalled.DellQuickset Folder C:\Program Files\DELL\QUICKSET
Deleted Preinstalled.DellQuickset Folder C:\ProgramData\DELL\QUICKSET
Deleted Preinstalled.DellQuickset Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{87CF757E-C1F1-4D22-865C-00C6950B5258}
Deleted Preinstalled.DellSupportCenter Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL SUPPORT CENTER
Deleted Preinstalled.DellSupportCenter Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|DellSupportCenter
Deleted Preinstalled.DellSupportCenter Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Deleted Preinstalled.LenovoThinkVantageToolbox Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\PC-Doctor for Windows
Needs Reboot Preinstalled.DellSupportCenter Folder C:\Program Files (x86)\DELL SUPPORT CENTER


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****


***** [ Folders ] *****

Cleaning failed C:\Program Files (x86)\DELL SUPPORT CENTER

*************************

AdwCleaner[S00].txt - [5079 octets] - [17/01/2022 00:56:30]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Broni

Posts: 55,919   +506
Nothing really there, so, as I said before, your computer slowness I caused by very little amount of RAM.
See if you can add some more.
 

drwizgeek

Posts: 125   +0
Hello Broni:

Thank you very much for your prompt action and response. I will upgrade to 4 GB of RAM, a new AV, and the latest version of Firefox, plus a possible defrag of its HD soon. Thank you, again, and wishing you and your family, a very...

Happy 2022!:)