Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser Downloading in Background


  • Please log in to reply

#1
brispuss

brispuss

    Member

  • Member
  • PipPip
  • 50 posts

Unusual one, this!

 

After a previous fresh install of Vivaldi browser, and on running it without a web site loaded, Vivaldi appears to be downloading HUGE amounts of data.

 

The browser does not auto-update, and any browser extensions installed are very small and load/install fairly quickly.

 

The issue has already been asked at Vivaldi forums here -

https://forum.vivaldi.net/topic/36494/vivaldi-downloading-all-the-time

But there is no definite answer yet as to the cause of the large data download.

 

Several anti-malware programs were run, but no malware was found.

 

Since then, the OS partition has been wiped, re-formatted, and the OS and some other software has been re-installed, including Vivaldi.

 

Running Vivaldi again, it appears that it is once again in the process of downloading a lot of data, when, according to others, this is not usual.

 

Wanting to be certain, as far as possible, that there is no malware/spyware nor anything else unwanted on my system!

 

Here are the latest FRST scan results -

 

FRST-

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2019 01
Ran by Administrator (administrator) on MINE-PC (16-04-2019 22:41:07)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Mine & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\update_notifier.exe
(ITSamples.com) [File not signed] C:\Program Files (x86)\ITSamples\NetworkIndicator\NetworkIndicator.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Mark Straver -> Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation -> Intel Corporation)
HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\Run: [Vivaldi Update Notifier] => C:\Program Files\Vivaldi\Application\update_notifier.exe [1800776 2019-04-11] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\Run: [NetworkIndicator] => C:\Program Files (x86)\ITSamples\NetworkIndicator\NetworkIndicator.exe [376832 2014-12-19] (ITSamples.com) [File not signed]
HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4056176 2019-04-04] (Tonec Inc. -> Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{81FFABC0-2688-451C-AF60-44CB672A9193}: [NameServer] 203.97.78.43 203.97.78.44

Internet Explorer:
==================
HKU\S-1-5-21-1869737474-3930770182-1401445859-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1869737474-3930770182-1401445859-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2018-11-22] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2018-11-22] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: pu17pyvj.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\pu17pyvj.default [2019-04-16]
FF Extension: (Adblock Latitude) - C:\Users\Administrator\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\pu17pyvj.default\Extensions\[email protected] [2019-04-16] [Legacy] [not signed]
FF HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2019-04-16] [Legacy] [not signed]
FF HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-21] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_105.dll [2019-04-16] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_105.dll [2019-04-16] (Adobe Systems Incorporated -> )

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-04-04]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-04-04]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [543112 2017-07-21] (Advanced Micro Devices, Inc. -> AMD)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1146880 2009-06-11] (Microsoft Windows -> LSI Corp)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [38422408 2017-07-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [532360 2017-07-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [59392 2012-02-19] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [84608 2012-02-19] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-17 07:59 - 2019-04-16 12:03 - 000000000 ____D C:\Windows\Panther
2019-04-16 22:41 - 2019-04-16 22:41 - 000007429 _____ C:\Users\Administrator\Desktop\FRST.txt
2019-04-16 22:38 - 2019-04-16 22:38 - 000000000 ____D C:\Users\Administrator\Desktop\FRST-OlderVersion
2019-04-16 22:31 - 2019-04-16 22:41 - 000000000 ____D C:\FRST
2019-04-16 22:30 - 2019-04-16 22:38 - 002434048 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2019-04-16 15:45 - 2019-04-16 15:50 - 001909200 _____ C:\Users\Administrator\Downloads\exeinfope_v54.zip
2019-04-16 13:49 - 2019-04-16 13:49 - 000007601 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2019-04-16 13:03 - 2019-04-16 15:57 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DMCache
2019-04-16 13:03 - 2019-04-16 13:04 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\IDM
2019-04-16 13:03 - 2019-04-16 13:03 - 000001009 _____ C:\Users\Administrator\Desktop\Internet Download Manager.lnk
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\Users\Administrator\Downloads\Video
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\Users\Administrator\Downloads\Compressed
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\ProgramData\IDM
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2019-04-16 12:32 - 2019-04-16 12:32 - 000001241 _____ C:\Users\Public\Desktop\Network Indicator.lnk
2019-04-16 12:32 - 2019-04-16 12:32 - 000000000 ____D C:\Program Files (x86)\ITSamples
2019-04-16 12:30 - 2019-04-16 12:30 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2019-04-16 12:30 - 2019-04-16 12:30 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Moonchild Productions
2019-04-16 12:30 - 2019-04-16 12:30 - 000000000 ____D C:\Users\Administrator\AppData\Local\Moonchild Productions
2019-04-16 12:24 - 2019-04-16 12:25 - 000846848 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-04-16 12:24 - 2019-04-16 12:25 - 000175616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-04-16 12:24 - 2019-04-16 12:25 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-04-16 12:24 - 2019-04-16 12:25 - 000000000 ____D C:\Windows\system32\Macromed
2019-04-16 12:24 - 2019-04-16 12:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2019-04-16 12:23 - 2019-04-16 12:23 - 000002233 _____ C:\Users\Administrator\Desktop\Vivaldi.lnk
2019-04-16 12:23 - 2019-04-16 12:23 - 000002203 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2019-04-16 12:23 - 2019-04-16 12:23 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\AMD
2019-04-16 12:23 - 2019-04-16 12:23 - 000000000 ____D C:\Users\Administrator\AppData\Local\Vivaldi
2019-04-16 12:23 - 2019-04-16 12:23 - 000000000 ____D C:\Program Files\Vivaldi
2019-04-16 12:22 - 2019-04-16 12:39 - 000000000 ____D C:\Program Files\Pale Moon
2019-04-16 12:22 - 2019-04-16 12:30 - 000001066 _____ C:\Users\Public\Desktop\Pale Moon.lnk
2019-04-16 12:21 - 2019-04-16 22:18 - 000003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4CEE092-A574-4E34-A2B4-8F2DE9BE0C61}
2019-04-16 12:21 - 2019-04-16 12:21 - 000057560 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2019-04-16 12:21 - 2019-04-16 12:21 - 000036864 _____ C:\Users\Administrator\Documents\EasyBCD Backup (2019-04-16).bcd
2019-04-16 12:21 - 2019-04-16 12:21 - 000000000 ____D C:\Users\Administrator\AppData\Local\NeoSmart_Technologies
2019-04-16 12:20 - 2019-04-16 12:20 - 000001213 _____ C:\Users\Public\Desktop\EasyBCD 2.4.lnk
2019-04-16 12:20 - 2019-04-16 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
2019-04-16 12:20 - 2019-04-16 12:20 - 000000000 ____D C:\Program Files (x86)\NeoSmart Technologies
2019-04-16 12:18 - 2019-04-16 15:57 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2019-04-16 12:18 - 2019-04-16 12:23 - 000000000 ____D C:\Users\Administrator\AppData\Local\AMD
2019-04-16 12:17 - 2019-04-16 12:17 - 000003146 _____ C:\Windows\System32\Tasks\StartCN
2019-04-16 12:17 - 2019-04-16 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2019-04-16 12:17 - 2019-04-16 12:17 - 000000000 ____D C:\Program Files (x86)\AMD
2019-04-16 12:16 - 2019-04-16 12:16 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2019-04-16 12:16 - 2019-04-16 12:16 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2019-04-16 12:16 - 2017-06-16 07:32 - 000541984 _____ C:\Windows\system32\vulkan-1.dll
2019-04-16 12:16 - 2017-06-16 07:32 - 000525088 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-04-16 12:16 - 2017-06-16 07:32 - 000254240 _____ C:\Windows\system32\vulkaninfo.exe
2019-04-16 12:16 - 2017-06-16 07:32 - 000233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-04-16 12:16 - 2015-07-19 01:08 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2019-04-16 12:15 - 2019-04-16 12:16 - 000000000 ____D C:\ProgramData\Package Cache
2019-04-16 12:14 - 2019-04-16 12:14 - 000757660 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-04-16 12:13 - 2019-04-16 12:17 - 000000000 ____D C:\Program Files\AMD
2019-04-16 12:12 - 2019-04-16 12:26 - 000000000 ____D C:\AMD
2019-04-16 12:11 - 2019-04-16 12:11 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2019-04-16 12:11 - 2019-04-16 12:11 - 000000000 ____D C:\Program Files (x86)\Etron Technology
2019-04-16 12:11 - 2012-02-19 15:17 - 000084608 _____ (Etron Technology Inc) C:\Windows\system32\Drivers\EtronXHCI.sys
2019-04-16 12:11 - 2012-02-19 15:17 - 000059392 _____ (Etron Technology Inc) C:\Windows\system32\Drivers\EtronHub3.sys
2019-04-16 12:09 - 2019-04-16 12:09 - 000001443 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-04-16 12:09 - 2019-04-16 12:09 - 000001409 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2019-04-16 12:09 - 2019-04-16 12:09 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2019-04-16 12:09 - 2019-04-16 12:09 - 000000000 ____D C:\Users\Administrator
2019-04-16 12:09 - 2011-04-12 20:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2019-04-16 12:08 - 2019-04-16 12:08 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2019-04-16 12:08 - 2012-01-27 05:39 - 000787736 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2019-04-16 12:08 - 2012-01-27 05:39 - 000356120 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2019-04-16 12:08 - 2012-01-27 05:39 - 000016152 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2019-04-16 12:05 - 2019-04-16 12:08 - 000000000 ____D C:\Program Files (x86)\Intel
2019-04-16 12:05 - 2019-04-16 12:05 - 000000000 ____D C:\Intel
2019-04-16 12:05 - 2011-12-06 19:55 - 000053248 ____R (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2019-04-16 12:04 - 2019-04-16 12:04 - 000001447 _____ C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-04-16 12:04 - 2019-04-16 12:04 - 000001413 _____ C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2019-04-16 12:03 - 2019-04-16 12:04 - 000000000 ____D C:\Users\Mine
2019-04-16 12:03 - 2019-04-16 12:03 - 000000020 ___SH C:\Users\Mine\ntuser.ini
2019-04-16 12:03 - 2019-04-16 12:03 - 000000000 ____D C:\Users\Mine\AppData\Local\VirtualStore
2019-04-16 12:03 - 2011-04-12 20:28 - 000000000 ____D C:\Users\Mine\AppData\Roaming\Media Center Programs
2019-04-16 12:01 - 2019-04-16 12:01 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2019-04-16 12:01 - 2019-04-16 12:01 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2019-04-04 23:41 - 2018-12-20 22:05 - 000229296 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-17 07:58 - 2009-07-14 17:32 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2019-04-16 22:18 - 2009-07-14 17:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-16 22:18 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\inf
2019-04-16 22:14 - 2009-07-14 17:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-04-16 15:57 - 2009-07-14 16:45 - 000020672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-04-16 15:57 - 2009-07-14 16:45 - 000020672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-04-16 12:29 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\ModemLogs
2019-04-16 12:10 - 2009-07-14 15:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2019-04-16 12:09 - 2009-07-14 16:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2019-04-16 12:02 - 2009-07-14 16:45 - 000274320 _____ C:\Windows\system32\FNTCACHE.DAT
2019-04-16 12:02 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\rescache
2019-04-16 12:01 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\system32\sysprep
2019-04-16 11:59 - 2011-04-12 20:28 - 000000000 ____D C:\Windows\CSC

==================== Files in the root of some directories =======

2019-04-16 13:49 - 2019-04-16 13:49 - 000007601 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-04-16 14:34

==================== End of FRST.txt ============================

 

 

And Addition -

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2019 01
Ran by Administrator (16-04-2019 22:41:45)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) (2019-04-16 00:03:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1869737474-3930770182-1401445859-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1869737474-3930770182-1401445859-501 - Limited - Disabled)
Mine (S-1-5-21-1869737474-3930770182-1401445859-1000 - Administrator - Enabled) => C:\Users\Mine

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.105 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.105 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.105 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{6CE5234B-BD8C-72B6-7364-69CA8E42114E}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{FEA11F9B-416B-2727-5EA1-82429995D035}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{BB8B734F-8F55-E1CA-D001-166AEB5FC453}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{FDC6AD00-2690-0C79-F448-6870D088E3E6}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{324FD995-6403-C91B-C812-F8A910894512}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{9377A666-BA7B-A306-B948-EB998FBF087D}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{8C6E9090-39F9-9B36-4773-6F86F02BD555}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{3D74EBB6-6F60-ED1D-6241-BF452D0CB787}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20FF7371-58D1-D4AE-E321-1EA1D0C1A55E}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{A1BD4CBE-AB56-A4C9-C5DA-B68EB525E926}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{E58AF6C5-288F-830D-D62D-22ED85786607}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{72BDC691-D61C-6223-4FBB-A220B70F3AA4}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{D094472C-C370-653E-11CC-7B1713988675}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{12917240-54AB-4561-43BC-E0D31BCC3F35}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{D84705BF-5A46-5099-8DB8-C863ECA0CF89}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{7C07AA6D-B3AB-9C1E-6C54-5452025422B1}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{1602DD16-8687-7E1C-EC9C-867141AFE351}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{BDF46C47-1E10-2359-4F1E-014D4B57138B}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{BA329B31-7B17-D2CD-31B3-13FE20904707}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{6C39385A-C5C2-0E60-83BF-95DAF8B34FAE}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{6C18B3F7-E174-5D25-9A31-A52F8EAC0D49}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
EasyBCD 2.4 (HKLM-x32\...\EasyBCD) (Version: 2.4 - NeoSmart Technologies)
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Network Activity Indicator for Windows 7 - 8.1 (HKLM-x32\...\NetworkIndicator_is1) (Version: 1.7 - ITSamples.com)
Pale Moon 28.4.1 (x64 en-US) (HKLM\...\Pale Moon 28.4.1 (x64 en-US)) (Version: 28.4.1 - Moonchild Productions)
Vivaldi (HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\Vivaldi) (Version: 2.4.1488.38 - Vivaldi Technologies AS.)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1869737474-3930770182-1401445859-500_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Program Files\Vivaldi\Application\2.4.1488.38\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
ShellIconOverlayIdentifiers: [            IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-05-12] (Tonec Inc. -> Tonec Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-07-20] (Advanced Micro Devices, Inc.) [File not signed]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {6DF80502-B29B-4398-97D6-17E59D632010} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2017-07-20 19:00 - 2017-07-20 19:00 - 000980480 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\atiacm64.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000191488 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-04-16 12:32 - 2014-12-19 19:33 - 000376832 _____ (ITSamples.com) [File not signed] C:\Program Files (x86)\ITSamples\NetworkIndicator\NetworkIndicator.exe
2019-04-16 12:22 - 2019-03-27 11:56 - 000517120 _____ (Mozilla Foundation) [File not signed] C:\Program Files\Pale Moon\freebl3.dll
2019-04-16 12:08 - 2012-01-27 05:38 - 000073728 ____R (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 14:34 - 2009-06-11 09:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1869737474-3930770182-1401445859-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 203.97.78.43 - 203.97.78.44
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BD2DA16E-8AF0-491A-8CA6-9F82D03604E0}] => (Allow) C:\Program Files\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{E21834CB-A8C6-418A-B7A6-2DD2F4D9386E}] => (Allow) C:\Program Files\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{A0D884DA-D87F-4EAA-8D26-D71C1CF66FA6}] => (Allow) C:\Program Files\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Video Controller
Description: Video Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2019 10:16:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/16/2019 10:15:34 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={206E40B6-ED7F-414B-9EC0-D1B3DD058D78}: The user Mine-PC\Administrator dialed a connection named Telstra Clear which has failed. The error code returned on failure is 691.

Error: (04/16/2019 02:34:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AMD\CIM\Bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/16/2019 01:21:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/16/2019 01:21:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/16/2019 01:21:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/16/2019 01:21:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/16/2019 01:21:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (04/16/2019 10:14:22 PM) (Source: volsnap) (EventID: 29) (User: )
Description: The shadow copies of volume C: were aborted during detection.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 51%
Total physical RAM: 8076.14 MB
Available physical RAM: 3893.94 MB
Total Virtual: 16150.48 MB
Available Virtual: 11801 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.84 GB) (Free:94.58 GB) NTFS
Drive d: (XP SP3) (Fixed) (Total:97.76 GB) (Free:91.97 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:100.36 GB) (Free:82.65 GB) NTFS
Drive f: () (Fixed) (Total:3625.66 GB) (Free:1182.98 GB) NTFS
Drive g: (Data_2) (Fixed) (Total:353.01 GB) (Free:89.69 GB) NTFS
Drive h: (Data_3) (Fixed) (Total:14.99 GB) (Free:7.56 GB) NTFS
Drive i: (Data_1) (Fixed) (Total:310 GB) (Free:32.16 GB) NTFS
Drive j: (W 7_32 bit) (Fixed) (Total:35.92 GB) (Free:15.03 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 4B19BE7B)
Partition 1: (Active) - (Size=97.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=0F Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 66CD451A)
Partition 1: (Not Active) - (Size=119.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=310 GB) - (Type=0F Extended)
Partition 3: (Not Active) - (Size=35.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: 351D3362)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

Nothing obvious shown in FRST scan results, I think?

 

What now?

 

Thank you.


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,556 posts
  • MVP

Why are you running Internet Download Manager?  Seems an odd program to have when you are trying to isolate a problem.  Also the free version comes with adware.

https://en.wikipedia...wnload_managers

 

Also this seems odd:
 

Error: (04/16/2019 10:15:34 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={206E40B6-ED7F-414B-9EC0-D1B3DD058D78}: The user Mine-PC\Administrator dialed a connection named Telstra Clear which has failed. The error code returned on failure is 691.

 

 

Telstra Clear is a New Zealand Internet provider and why is it attempting to DIAL?

 

Error: (04/16/2019 01:21:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

 

 

Is your clock synced to Internet Time?  A new install of Windows 7 has about 200 updates to  get done so you might try turning off Windows Update to see if that's the source of the data traffic.

 

 

It would be interesting to see who Vivaldi is talking to.  Get

tcpview. 

https://live.sysinte...com/Tcpview.exe

Download, Save and then run it by right clicking and Run As Admin.

Then File, Save As (to your desktop), tcp , OK.  This should create a  file tcp.txt on your desktop.  Attach or copy and paste it to a reply.
 


  • 0

#3
brispuss

brispuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Thanks for the comments.

 

First, I am on a dial-up internet connection which is called Telstra Clear. Nothing unusual about that? The only (minor) issue is that I often have to re-dial several times in order to actually get a successful internet connection. The error 691 (invalid username and/or password) often appears (and sometimes error 628 also), but my user name and password are most definitely correct, so I don't know why I'm getting these error messages on almost every occasion when attempting a dial up internet connection.

 

I use a fully licensed version of Internet Download Manager as an aid to download large programs. This is really necessary as I'm on a slow internet connection (dial-up) and download drop outs are fairly common, unfortunately.

 

My system time is synchronized with internet time (automatically). I also do an occasional manual time synchronization as well just to be certain.

 

Vivaldi appears to have stopped downloading after approximately half an hour or so!? No where near as bad as on the previous occasion when it seemed to download for about 6 hours+!!

 

So as of this moment, Vivaldi is no longer downloading anything (that I don't know about). So should I still install and run TCPview?


Edited by brispuss, 17 April 2019 - 07:03 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,556 posts
  • MVP

Didn't know anyone still used dialup and couldn't tell from your FRST log that you were in New Zealand.

 

I would go ahead and get tcpview.  It's a small program so even on download won't take long.  Then if it starts up again you can quickly see what is going on.

 

 

You are missing a lot of drivers which is not surprising after a reinstall.  Do you need help identifying them?  Is the modem builtin?  There should be a log of connection attempts and it may show you what is happening.

 

This error:

 

Error: (04/16/2019 10:16:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

 

 

is on all Win 7 machines because of a Microsoft mistake.  I think FRST can now remove it.

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   1.23KB   3 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 


  • 0

#5
brispuss

brispuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Downloaded Tcpview. Next time Vivaldi seems to be downloading (excessively), I'll run Tcpview.

 

My computer is a custom built desktop with the modem being an add-on card.

 

Dial-up is still being used by others, as not everyone can afford broadband.

 

I know there is additional work to be done installing drivers etc. I wanted only a minimalist installation to check for malware.

 

FRST run twice.

 

FRST fixlog -

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.04.2019
Ran by Administrator (18-04-2019 10:51:33) Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Mine & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: dir C:\tools\kernrate
CMD: Type C:\tools\kernrate\KernCap.vbs
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:






*****************


========= dir C:\tools\kernrate =========

The system cannot find the file specified.

========= End of CMD: =========


========= Type C:\tools\kernrate\KernCap.vbs =========

The system cannot find the path specified.

========= End of CMD: =========

"CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"" => removed successfully
"BVTFilter" => removed successfully
"BVTConsumer" => removed successfully

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 10:51:47 ====

 

 

FRST scan -

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.04.2019
Ran by Administrator (administrator) on MINE-PC (18-04-2019 10:53:55)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Mine & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\update_notifier.exe
(ITSamples.com) [File not signed] C:\Program Files (x86)\ITSamples\NetworkIndicator\NetworkIndicator.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mobsync.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation -> Intel Corporation)
HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\Run: [Vivaldi Update Notifier] => C:\Program Files\Vivaldi\Application\update_notifier.exe [1800776 2019-04-11] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\Run: [NetworkIndicator] => C:\Program Files (x86)\ITSamples\NetworkIndicator\NetworkIndicator.exe [376832 2014-12-19] (ITSamples.com) [File not signed]
HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4056176 2019-04-04] (Tonec Inc. -> Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{81FFABC0-2688-451C-AF60-44CB672A9193}: [NameServer] 203.97.78.43 203.97.78.44

Internet Explorer:
==================
HKU\S-1-5-21-1869737474-3930770182-1401445859-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1869737474-3930770182-1401445859-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2018-11-22] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2018-11-22] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: pu17pyvj.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\pu17pyvj.default [2019-04-18]
FF Extension: (Adblock Latitude) - C:\Users\Administrator\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\pu17pyvj.default\Extensions\[email protected] [2019-04-16] [Legacy] [not signed]
FF HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2019-04-16] [Legacy] [not signed]
FF HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-21] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-17] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-17] (Adobe Inc. -> )

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-04-04]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-04-04]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [543112 2017-07-21] (Advanced Micro Devices, Inc. -> AMD)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1146880 2009-06-11] (Microsoft Windows -> LSI Corp)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [38422408 2017-07-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [532360 2017-07-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [59392 2012-02-19] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [84608 2012-02-19] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-18 10:53 - 2019-04-18 10:54 - 000007391 _____ C:\Users\Administrator\Desktop\FRST.txt
2019-04-18 10:51 - 2019-04-18 10:51 - 000001654 _____ C:\Users\Administrator\Desktop\Fixlog.txt
2019-04-18 10:50 - 2019-04-18 10:47 - 002434048 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2019-04-17 16:11 - 2019-04-17 16:12 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-04-17 16:11 - 2019-04-17 16:12 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-04-17 07:59 - 2019-04-16 12:03 - 000000000 ____D C:\Windows\Panther
2019-04-16 22:50 - 2019-04-16 22:50 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2019-04-16 22:41 - 2019-04-16 22:42 - 000025194 _____ C:\Users\Administrator\Desktop\FRST_orig.txt
2019-04-16 22:41 - 2019-04-16 22:42 - 000023362 _____ C:\Users\Administrator\Desktop\Addition_orig.txt
2019-04-16 22:31 - 2019-04-18 10:53 - 000000000 ____D C:\FRST
2019-04-16 15:45 - 2019-04-16 15:50 - 001909200 _____ C:\Users\Administrator\Downloads\exeinfope_v54.zip
2019-04-16 13:49 - 2019-04-16 13:49 - 000007601 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2019-04-16 13:03 - 2019-04-18 10:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DMCache
2019-04-16 13:03 - 2019-04-17 12:55 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\IDM
2019-04-16 13:03 - 2019-04-16 13:03 - 000001009 _____ C:\Users\Administrator\Desktop\Internet Download Manager.lnk
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\Users\Administrator\Downloads\Video
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\Users\Administrator\Downloads\Compressed
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\ProgramData\IDM
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2019-04-16 12:32 - 2019-04-16 12:32 - 000001241 _____ C:\Users\Public\Desktop\Network Indicator.lnk
2019-04-16 12:32 - 2019-04-16 12:32 - 000000000 ____D C:\Program Files (x86)\ITSamples
2019-04-16 12:30 - 2019-04-16 12:30 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2019-04-16 12:30 - 2019-04-16 12:30 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Moonchild Productions
2019-04-16 12:30 - 2019-04-16 12:30 - 000000000 ____D C:\Users\Administrator\AppData\Local\Moonchild Productions
2019-04-16 12:24 - 2019-04-17 16:12 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-04-16 12:24 - 2019-04-17 16:12 - 000000000 ____D C:\Windows\system32\Macromed
2019-04-16 12:24 - 2019-04-16 12:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2019-04-16 12:23 - 2019-04-16 12:23 - 000002233 _____ C:\Users\Administrator\Desktop\Vivaldi.lnk
2019-04-16 12:23 - 2019-04-16 12:23 - 000002203 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2019-04-16 12:23 - 2019-04-16 12:23 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\AMD
2019-04-16 12:23 - 2019-04-16 12:23 - 000000000 ____D C:\Users\Administrator\AppData\Local\Vivaldi
2019-04-16 12:23 - 2019-04-16 12:23 - 000000000 ____D C:\Program Files\Vivaldi
2019-04-16 12:22 - 2019-04-17 15:26 - 000000000 ____D C:\Program Files\Pale Moon
2019-04-16 12:22 - 2019-04-16 12:30 - 000001066 _____ C:\Users\Public\Desktop\Pale Moon.lnk
2019-04-16 12:21 - 2019-04-18 10:14 - 000003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4CEE092-A574-4E34-A2B4-8F2DE9BE0C61}
2019-04-16 12:21 - 2019-04-16 12:21 - 000057560 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2019-04-16 12:21 - 2019-04-16 12:21 - 000036864 _____ C:\Users\Administrator\Documents\EasyBCD Backup (2019-04-16).bcd
2019-04-16 12:21 - 2019-04-16 12:21 - 000000000 ____D C:\Users\Administrator\AppData\Local\NeoSmart_Technologies
2019-04-16 12:20 - 2019-04-16 12:20 - 000001213 _____ C:\Users\Public\Desktop\EasyBCD 2.4.lnk
2019-04-16 12:20 - 2019-04-16 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
2019-04-16 12:20 - 2019-04-16 12:20 - 000000000 ____D C:\Program Files (x86)\NeoSmart Technologies
2019-04-16 12:18 - 2019-04-18 10:52 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2019-04-16 12:18 - 2019-04-16 12:23 - 000000000 ____D C:\Users\Administrator\AppData\Local\AMD
2019-04-16 12:17 - 2019-04-16 12:17 - 000003146 _____ C:\Windows\System32\Tasks\StartCN
2019-04-16 12:17 - 2019-04-16 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2019-04-16 12:17 - 2019-04-16 12:17 - 000000000 ____D C:\Program Files (x86)\AMD
2019-04-16 12:16 - 2019-04-16 12:16 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2019-04-16 12:16 - 2019-04-16 12:16 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2019-04-16 12:16 - 2017-06-16 07:32 - 000541984 _____ C:\Windows\system32\vulkan-1.dll
2019-04-16 12:16 - 2017-06-16 07:32 - 000525088 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-04-16 12:16 - 2017-06-16 07:32 - 000254240 _____ C:\Windows\system32\vulkaninfo.exe
2019-04-16 12:16 - 2017-06-16 07:32 - 000233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-04-16 12:16 - 2015-07-19 01:08 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2019-04-16 12:15 - 2019-04-16 12:16 - 000000000 ____D C:\ProgramData\Package Cache
2019-04-16 12:14 - 2019-04-16 12:14 - 000757660 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-04-16 12:13 - 2019-04-16 12:17 - 000000000 ____D C:\Program Files\AMD
2019-04-16 12:12 - 2019-04-16 12:26 - 000000000 ____D C:\AMD
2019-04-16 12:11 - 2019-04-16 12:11 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2019-04-16 12:11 - 2019-04-16 12:11 - 000000000 ____D C:\Program Files (x86)\Etron Technology
2019-04-16 12:11 - 2012-02-19 15:17 - 000084608 _____ (Etron Technology Inc) C:\Windows\system32\Drivers\EtronXHCI.sys
2019-04-16 12:11 - 2012-02-19 15:17 - 000059392 _____ (Etron Technology Inc) C:\Windows\system32\Drivers\EtronHub3.sys
2019-04-16 12:09 - 2019-04-16 12:09 - 000001443 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-04-16 12:09 - 2019-04-16 12:09 - 000001409 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2019-04-16 12:09 - 2019-04-16 12:09 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2019-04-16 12:09 - 2019-04-16 12:09 - 000000000 ____D C:\Users\Administrator
2019-04-16 12:09 - 2011-04-12 20:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2019-04-16 12:08 - 2019-04-16 12:08 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2019-04-16 12:08 - 2012-01-27 05:39 - 000787736 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2019-04-16 12:08 - 2012-01-27 05:39 - 000356120 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2019-04-16 12:08 - 2012-01-27 05:39 - 000016152 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2019-04-16 12:05 - 2019-04-16 12:08 - 000000000 ____D C:\Program Files (x86)\Intel
2019-04-16 12:05 - 2019-04-16 12:05 - 000000000 ____D C:\Intel
2019-04-16 12:05 - 2011-12-06 19:55 - 000053248 ____R (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2019-04-16 12:04 - 2019-04-16 12:04 - 000001447 _____ C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-04-16 12:04 - 2019-04-16 12:04 - 000001413 _____ C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2019-04-16 12:03 - 2019-04-16 12:04 - 000000000 ____D C:\Users\Mine
2019-04-16 12:03 - 2019-04-16 12:03 - 000000020 ___SH C:\Users\Mine\ntuser.ini
2019-04-16 12:03 - 2019-04-16 12:03 - 000000000 ____D C:\Users\Mine\AppData\Local\VirtualStore
2019-04-16 12:03 - 2011-04-12 20:28 - 000000000 ____D C:\Users\Mine\AppData\Roaming\Media Center Programs
2019-04-16 12:01 - 2019-04-16 12:01 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2019-04-16 12:01 - 2019-04-16 12:01 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2019-04-04 23:41 - 2018-12-20 22:05 - 000229296 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-18 10:52 - 2009-07-14 17:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-04-18 10:51 - 2009-07-14 16:45 - 000020672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-04-18 10:51 - 2009-07-14 16:45 - 000020672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-04-18 10:13 - 2009-07-14 17:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-18 10:13 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\inf
2019-04-17 07:58 - 2009-07-14 17:32 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2019-04-16 12:29 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\ModemLogs
2019-04-16 12:10 - 2009-07-14 15:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2019-04-16 12:09 - 2009-07-14 16:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2019-04-16 12:02 - 2009-07-14 16:45 - 000274320 _____ C:\Windows\system32\FNTCACHE.DAT
2019-04-16 12:02 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\rescache
2019-04-16 12:01 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\system32\sysprep
2019-04-16 11:59 - 2011-04-12 20:28 - 000000000 ____D C:\Windows\CSC

==================== Files in the root of some directories =======

2019-04-16 13:49 - 2019-04-16 13:49 - 000007601 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-04-16 14:34

==================== End of FRST.txt ============================

 

 

FRST Addition scan -

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.04.2019
Ran by Administrator (18-04-2019 10:54:31)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) (2019-04-16 00:03:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1869737474-3930770182-1401445859-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1869737474-3930770182-1401445859-501 - Limited - Disabled)
Mine (S-1-5-21-1869737474-3930770182-1401445859-1000 - Administrator - Enabled) => C:\Users\Mine

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.171 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.171 - Adobe)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{6CE5234B-BD8C-72B6-7364-69CA8E42114E}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{FEA11F9B-416B-2727-5EA1-82429995D035}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{BB8B734F-8F55-E1CA-D001-166AEB5FC453}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{FDC6AD00-2690-0C79-F448-6870D088E3E6}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{324FD995-6403-C91B-C812-F8A910894512}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{9377A666-BA7B-A306-B948-EB998FBF087D}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{8C6E9090-39F9-9B36-4773-6F86F02BD555}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{3D74EBB6-6F60-ED1D-6241-BF452D0CB787}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20FF7371-58D1-D4AE-E321-1EA1D0C1A55E}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{A1BD4CBE-AB56-A4C9-C5DA-B68EB525E926}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{E58AF6C5-288F-830D-D62D-22ED85786607}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{72BDC691-D61C-6223-4FBB-A220B70F3AA4}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{D094472C-C370-653E-11CC-7B1713988675}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{12917240-54AB-4561-43BC-E0D31BCC3F35}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{D84705BF-5A46-5099-8DB8-C863ECA0CF89}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{7C07AA6D-B3AB-9C1E-6C54-5452025422B1}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{1602DD16-8687-7E1C-EC9C-867141AFE351}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{BDF46C47-1E10-2359-4F1E-014D4B57138B}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{BA329B31-7B17-D2CD-31B3-13FE20904707}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{6C39385A-C5C2-0E60-83BF-95DAF8B34FAE}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{6C18B3F7-E174-5D25-9A31-A52F8EAC0D49}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
EasyBCD 2.4 (HKLM-x32\...\EasyBCD) (Version: 2.4 - NeoSmart Technologies)
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Network Activity Indicator for Windows 7 - 8.1 (HKLM-x32\...\NetworkIndicator_is1) (Version: 1.7 - ITSamples.com)
Pale Moon 28.4.1 (x64 en-US) (HKLM\...\Pale Moon 28.4.1 (x64 en-US)) (Version: 28.4.1 - Moonchild Productions)
Vivaldi (HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\Vivaldi) (Version: 2.4.1488.38 - Vivaldi Technologies AS.)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1869737474-3930770182-1401445859-500_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Program Files\Vivaldi\Application\2.4.1488.38\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
ShellIconOverlayIdentifiers: [            IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-05-12] (Tonec Inc. -> Tonec Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-07-20] (Advanced Micro Devices, Inc.) [File not signed]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {6DF80502-B29B-4398-97D6-17E59D632010} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-09-12 23:42 - 2016-09-12 23:42 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-04-16 12:32 - 2014-12-19 19:33 - 000376832 _____ (ITSamples.com) [File not signed] C:\Program Files (x86)\ITSamples\NetworkIndicator\NetworkIndicator.exe
2019-04-16 12:08 - 2012-01-27 05:38 - 000073728 ____R (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 14:34 - 2009-06-11 09:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1869737474-3930770182-1401445859-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 203.97.78.43 - 203.97.78.44
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BD2DA16E-8AF0-491A-8CA6-9F82D03604E0}] => (Allow) C:\Program Files\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{E21834CB-A8C6-418A-B7A6-2DD2F4D9386E}] => (Allow) C:\Program Files\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{A0D884DA-D87F-4EAA-8D26-D71C1CF66FA6}] => (Allow) C:\Program Files\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)

==================== Restore Points =========================

17-04-2019 01:31:34 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Video Controller
Description: Video Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2019 10:53:10 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={D711BEFC-8B7F-4D0B-AB2E-38A69E4F58B3}: The user Mine-PC\Administrator dialed a connection named Telstra Clear which has failed. The error code returned on failure is 691.


System errors:
=============

==================== Memory info ===========================

Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 45%
Total physical RAM: 8076.14 MB
Available physical RAM: 4368.05 MB
Total Virtual: 16150.48 MB
Available Virtual: 12400.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.84 GB) (Free:93.17 GB) NTFS
Drive d: (XP SP3) (Fixed) (Total:97.76 GB) (Free:91.97 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:100.36 GB) (Free:82.65 GB) NTFS
Drive f: () (Fixed) (Total:3625.66 GB) (Free:1182.98 GB) NTFS
Drive g: (Data_2) (Fixed) (Total:353.01 GB) (Free:89.56 GB) NTFS
Drive h: (Data_3) (Fixed) (Total:14.99 GB) (Free:7.56 GB) NTFS
Drive i: (Data_1) (Fixed) (Total:310 GB) (Free:32.48 GB) NTFS
Drive j: (W 7_32 bit) (Fixed) (Total:35.92 GB) (Free:14.6 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 4B19BE7B)
Partition 1: (Active) - (Size=97.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=0F Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 66CD451A)
Partition 1: (Not Active) - (Size=119.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=310 GB) - (Type=0F Extended)
Partition 3: (Not Active) - (Size=35.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: 351D3362)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

Anything else that needs to be done to check/confirm that there is no malware/spyware etc installed?


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,556 posts
  • MVP

I would try tcpview now so you know what it looks like.  If your problem returns you can also install wireshark

https://www.wireshark.org/

 

which should let you look at the tcp/ip traffic in detail.  The logs are very large so you won't want be able to share them with me but you might copy a page or so which might be enough to figure out what is going on.

 

This article might help with your modem problems:

 

http://www.portlandi...nder-windows-7/

 

See the section at the bottom:  Modem Diagnostics under Windows 7

which talks about logging.  It's possible that the fault is in the modem bank at your ISP.  They have a bunch of modems tied to phone lines and sometimes a modem (or its telephone line)  will fail so the call doesn't connect.  The next time you dial up you get a different phone line and a different modem and it works.  I remember when I was on dialup, there was one modem in the bank that never worked and I complained to my ISP and eventually they fixed it.

 

I don't see any malware but you can run Rogue Killer to make sure:

 

Rogue Killer

http://www.adlice.co...iller/#download
Portable 32 bits
Portable 64 bits <==Use this one

Download and Save.



Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe)  and Run As admin

Start Scan
Start Scan

Will take about 20 minutes to complete.

Open Report
Export TXT (save it to your desktop as rk) Save

Do not let Rogue Killer remove anything until you hear from me.   (It tends to have a lot of false positives)  Leave Rogue Killer up (but minimized) so you won't have to rescan.

Open rk.txt and copy and paste it to your next Reply.


  • 0

#7
brispuss

brispuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

I've done a test run of Tcpview to get a feel of what it does, thanks.

 

Thanks for the comments regarding the modem.

 

Ran Rogue killer, and no malware found, apparently -

 

 

RogueKiller Anti-Malware V13.1.9.0 (x64) [Mar 27 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/d...ad/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : Administrator [Administrator]
Started from : C:\Users\Administrator\Desktop\RogueKiller_portable64_(13.1.9.0).exe
Signatures : 20190417_102644, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/04/19 11:17:37 (Duration : 00:03:06)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 

 

For the highly suspicious long Vivaldi download on the previous occasion (6 hours +), any malware that was downloaded then may have been removed/deleted by my re-formatting the HDD.


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,556 posts
  • MVP

Looks clean.  I think you are good to go.  Time to clean up:

 

If we used FRST to clean your PC:

right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge then get the Ublock Origin extension.  For IE go to adblockplus.org  and get the program.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
(If it complains about Chrome still running you can stop it with Task Manager or go into Chrome then go to:

chrome://settings/

Hit Advanced at the bottom of the page then scroll down to near the bottom where it says System.

Change
Continue running background apps when Google Chrome is closed
to Off (slide the blue thing to the left and it turns brown)
Close Chrome.

You can run it any time that Chrome/Firefox seems slow starting.

If the browser is still slow then go in and disable all of your extensions, close the browser and Optimize with SpeedyFox then restart the browser.  If that helps then one or more of your extensions is at fault.  Go back in and turn them on one at a time and see if you can figure out which ones slow things down the most.


If you use Facebook you need FB Purity: http://www.fbpurity.com/

To prevent a relatively new phishing attack:  In Firefox, type:

https://www.xn--80ak6aa92e.com/

If the URL changes to https://www.apple.cominstead of the correct value
type:
about:config

in the URL box and hit Enter.  You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning).  In the Search box put in

puny

You should only get 2 options:
"network.IDN_show_punycode"
We want it to say True but by default it is False so double click on it to toggle from False to True.


 "network.standard-url.punycode-host" Leave this one at default of False.
Close and restart firefox.

If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.

Due to a recent rise in the number of Crytolocker infections I am now recommending you install:

https://www.bleeping...somware/dl/306/
It's currently a free version.

If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not the latest.  If in doubt uninstall all.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.


Recommended software: (I'm not saying you should download these just that if you have a need for a new program these are safe and work)  
Compression:  7-zip. 

https://www.7-zip.org/download.html

Avoid WinRar and WinZip as the free versions have adware.

Video Player:  VLC  Unlike Windows Medi Player it never seems to need extra files to work.

Office like free program:  Open Office:

https://www.openoffice.org/download/
or
LibreOffice:

https://www.libreoffice.org/

Free Anti-Virus:  Avast

https://www.getavast...line-installers

(use the off-line installer) (To prevent nagging popups right click on Avast icon in systray and click on Silent Mode)
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/

(Starts as a 14 day demo then after 14 days will still work but with a few less features)
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR:

https://www.malwareb...om/antirootkit/
Process Explorer:  Shows you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
Measure your Temperatures:  SpeedFan: 
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it.
Download Flash and Video.  To save flash video.  Works with Firefox.  https://addons.mozil...lash-and-video/This allows you to start a recording and then switch to a different window and record another video.  ( Broken by last Firefox update)

With Win 10 only there is a new Game recorder program.  It's supposed to only work for games but it works nicely to record any video you watch.  Hit the Win key + Alt + r to start the recorder.  The first time it asks you if it is looking at a game.  Just tell it yes.  After that it starts recording whenever you bring it up.  Videos are saved to the Captures folder under Videos.  You can only record what you watch so limited to only one video at a time.  Best to go to full screen before starting the recorder.

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!

Ron


  • 0

#9
brispuss

brispuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Thanks.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP