Unusual one, this!
After a previous fresh install of Vivaldi browser, and on running it without a web site loaded, Vivaldi appears to be downloading HUGE amounts of data.
The browser does not auto-update, and any browser extensions installed are very small and load/install fairly quickly.
The issue has already been asked at Vivaldi forums here -
https://forum.vivaldi.net/topic/36494/vivaldi-downloading-all-the-time
But there is no definite answer yet as to the cause of the large data download.
Several anti-malware programs were run, but no malware was found.
Since then, the OS partition has been wiped, re-formatted, and the OS and some other software has been re-installed, including Vivaldi.
Running Vivaldi again, it appears that it is once again in the process of downloading a lot of data, when, according to others, this is not usual.
Wanting to be certain, as far as possible, that there is no malware/spyware nor anything else unwanted on my system!
Here are the latest FRST scan results -
FRST-
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2019 01
Ran by Administrator (administrator) on MINE-PC (16-04-2019 22:41:07)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Mine & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\update_notifier.exe
(ITSamples.com) [File not signed] C:\Program Files (x86)\ITSamples\NetworkIndicator\NetworkIndicator.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Mark Straver -> Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation -> Intel Corporation)
HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\Run: [Vivaldi Update Notifier] => C:\Program Files\Vivaldi\Application\update_notifier.exe [1800776 2019-04-11] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\Run: [NetworkIndicator] => C:\Program Files (x86)\ITSamples\NetworkIndicator\NetworkIndicator.exe [376832 2014-12-19] (ITSamples.com) [File not signed]
HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4056176 2019-04-04] (Tonec Inc. -> Tonec Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{81FFABC0-2688-451C-AF60-44CB672A9193}: [NameServer] 203.97.78.43 203.97.78.44
Internet Explorer:
==================
HKU\S-1-5-21-1869737474-3930770182-1401445859-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1869737474-3930770182-1401445859-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2018-11-22] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2018-11-22] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: pu17pyvj.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\pu17pyvj.default [2019-04-16]
FF Extension: (Adblock Latitude) - C:\Users\Administrator\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\pu17pyvj.default\Extensions\[email protected] [2019-04-16] [Legacy] [not signed]
FF HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2019-04-16] [Legacy] [not signed]
FF HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-21] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_105.dll [2019-04-16] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_105.dll [2019-04-16] (Adobe Systems Incorporated -> )
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-04-04]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-04-04]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [543112 2017-07-21] (Advanced Micro Devices, Inc. -> AMD)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1146880 2009-06-11] (Microsoft Windows -> LSI Corp)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [38422408 2017-07-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [532360 2017-07-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [59392 2012-02-19] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [84608 2012-02-19] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-04-17 07:59 - 2019-04-16 12:03 - 000000000 ____D C:\Windows\Panther
2019-04-16 22:41 - 2019-04-16 22:41 - 000007429 _____ C:\Users\Administrator\Desktop\FRST.txt
2019-04-16 22:38 - 2019-04-16 22:38 - 000000000 ____D C:\Users\Administrator\Desktop\FRST-OlderVersion
2019-04-16 22:31 - 2019-04-16 22:41 - 000000000 ____D C:\FRST
2019-04-16 22:30 - 2019-04-16 22:38 - 002434048 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2019-04-16 15:45 - 2019-04-16 15:50 - 001909200 _____ C:\Users\Administrator\Downloads\exeinfope_v54.zip
2019-04-16 13:49 - 2019-04-16 13:49 - 000007601 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2019-04-16 13:03 - 2019-04-16 15:57 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DMCache
2019-04-16 13:03 - 2019-04-16 13:04 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\IDM
2019-04-16 13:03 - 2019-04-16 13:03 - 000001009 _____ C:\Users\Administrator\Desktop\Internet Download Manager.lnk
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\Users\Administrator\Downloads\Video
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\Users\Administrator\Downloads\Compressed
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\ProgramData\IDM
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2019-04-16 12:32 - 2019-04-16 12:32 - 000001241 _____ C:\Users\Public\Desktop\Network Indicator.lnk
2019-04-16 12:32 - 2019-04-16 12:32 - 000000000 ____D C:\Program Files (x86)\ITSamples
2019-04-16 12:30 - 2019-04-16 12:30 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2019-04-16 12:30 - 2019-04-16 12:30 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Moonchild Productions
2019-04-16 12:30 - 2019-04-16 12:30 - 000000000 ____D C:\Users\Administrator\AppData\Local\Moonchild Productions
2019-04-16 12:24 - 2019-04-16 12:25 - 000846848 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-04-16 12:24 - 2019-04-16 12:25 - 000175616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-04-16 12:24 - 2019-04-16 12:25 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-04-16 12:24 - 2019-04-16 12:25 - 000000000 ____D C:\Windows\system32\Macromed
2019-04-16 12:24 - 2019-04-16 12:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2019-04-16 12:23 - 2019-04-16 12:23 - 000002233 _____ C:\Users\Administrator\Desktop\Vivaldi.lnk
2019-04-16 12:23 - 2019-04-16 12:23 - 000002203 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2019-04-16 12:23 - 2019-04-16 12:23 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\AMD
2019-04-16 12:23 - 2019-04-16 12:23 - 000000000 ____D C:\Users\Administrator\AppData\Local\Vivaldi
2019-04-16 12:23 - 2019-04-16 12:23 - 000000000 ____D C:\Program Files\Vivaldi
2019-04-16 12:22 - 2019-04-16 12:39 - 000000000 ____D C:\Program Files\Pale Moon
2019-04-16 12:22 - 2019-04-16 12:30 - 000001066 _____ C:\Users\Public\Desktop\Pale Moon.lnk
2019-04-16 12:21 - 2019-04-16 22:18 - 000003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4CEE092-A574-4E34-A2B4-8F2DE9BE0C61}
2019-04-16 12:21 - 2019-04-16 12:21 - 000057560 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2019-04-16 12:21 - 2019-04-16 12:21 - 000036864 _____ C:\Users\Administrator\Documents\EasyBCD Backup (2019-04-16).bcd
2019-04-16 12:21 - 2019-04-16 12:21 - 000000000 ____D C:\Users\Administrator\AppData\Local\NeoSmart_Technologies
2019-04-16 12:20 - 2019-04-16 12:20 - 000001213 _____ C:\Users\Public\Desktop\EasyBCD 2.4.lnk
2019-04-16 12:20 - 2019-04-16 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
2019-04-16 12:20 - 2019-04-16 12:20 - 000000000 ____D C:\Program Files (x86)\NeoSmart Technologies
2019-04-16 12:18 - 2019-04-16 15:57 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2019-04-16 12:18 - 2019-04-16 12:23 - 000000000 ____D C:\Users\Administrator\AppData\Local\AMD
2019-04-16 12:17 - 2019-04-16 12:17 - 000003146 _____ C:\Windows\System32\Tasks\StartCN
2019-04-16 12:17 - 2019-04-16 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2019-04-16 12:17 - 2019-04-16 12:17 - 000000000 ____D C:\Program Files (x86)\AMD
2019-04-16 12:16 - 2019-04-16 12:16 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2019-04-16 12:16 - 2019-04-16 12:16 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2019-04-16 12:16 - 2017-06-16 07:32 - 000541984 _____ C:\Windows\system32\vulkan-1.dll
2019-04-16 12:16 - 2017-06-16 07:32 - 000525088 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-04-16 12:16 - 2017-06-16 07:32 - 000254240 _____ C:\Windows\system32\vulkaninfo.exe
2019-04-16 12:16 - 2017-06-16 07:32 - 000233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-04-16 12:16 - 2015-07-19 01:08 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2019-04-16 12:15 - 2019-04-16 12:16 - 000000000 ____D C:\ProgramData\Package Cache
2019-04-16 12:14 - 2019-04-16 12:14 - 000757660 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-04-16 12:13 - 2019-04-16 12:17 - 000000000 ____D C:\Program Files\AMD
2019-04-16 12:12 - 2019-04-16 12:26 - 000000000 ____D C:\AMD
2019-04-16 12:11 - 2019-04-16 12:11 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2019-04-16 12:11 - 2019-04-16 12:11 - 000000000 ____D C:\Program Files (x86)\Etron Technology
2019-04-16 12:11 - 2012-02-19 15:17 - 000084608 _____ (Etron Technology Inc) C:\Windows\system32\Drivers\EtronXHCI.sys
2019-04-16 12:11 - 2012-02-19 15:17 - 000059392 _____ (Etron Technology Inc) C:\Windows\system32\Drivers\EtronHub3.sys
2019-04-16 12:09 - 2019-04-16 12:09 - 000001443 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-04-16 12:09 - 2019-04-16 12:09 - 000001409 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2019-04-16 12:09 - 2019-04-16 12:09 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2019-04-16 12:09 - 2019-04-16 12:09 - 000000000 ____D C:\Users\Administrator
2019-04-16 12:09 - 2011-04-12 20:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2019-04-16 12:08 - 2019-04-16 12:08 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2019-04-16 12:08 - 2012-01-27 05:39 - 000787736 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2019-04-16 12:08 - 2012-01-27 05:39 - 000356120 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2019-04-16 12:08 - 2012-01-27 05:39 - 000016152 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2019-04-16 12:05 - 2019-04-16 12:08 - 000000000 ____D C:\Program Files (x86)\Intel
2019-04-16 12:05 - 2019-04-16 12:05 - 000000000 ____D C:\Intel
2019-04-16 12:05 - 2011-12-06 19:55 - 000053248 ____R (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2019-04-16 12:04 - 2019-04-16 12:04 - 000001447 _____ C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-04-16 12:04 - 2019-04-16 12:04 - 000001413 _____ C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2019-04-16 12:03 - 2019-04-16 12:04 - 000000000 ____D C:\Users\Mine
2019-04-16 12:03 - 2019-04-16 12:03 - 000000020 ___SH C:\Users\Mine\ntuser.ini
2019-04-16 12:03 - 2019-04-16 12:03 - 000000000 ____D C:\Users\Mine\AppData\Local\VirtualStore
2019-04-16 12:03 - 2011-04-12 20:28 - 000000000 ____D C:\Users\Mine\AppData\Roaming\Media Center Programs
2019-04-16 12:01 - 2019-04-16 12:01 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2019-04-16 12:01 - 2019-04-16 12:01 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2019-04-04 23:41 - 2018-12-20 22:05 - 000229296 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-04-17 07:58 - 2009-07-14 17:32 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2019-04-16 22:18 - 2009-07-14 17:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-16 22:18 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\inf
2019-04-16 22:14 - 2009-07-14 17:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-04-16 15:57 - 2009-07-14 16:45 - 000020672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-04-16 15:57 - 2009-07-14 16:45 - 000020672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-04-16 12:29 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\ModemLogs
2019-04-16 12:10 - 2009-07-14 15:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2019-04-16 12:09 - 2009-07-14 16:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2019-04-16 12:02 - 2009-07-14 16:45 - 000274320 _____ C:\Windows\system32\FNTCACHE.DAT
2019-04-16 12:02 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\rescache
2019-04-16 12:01 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\system32\sysprep
2019-04-16 11:59 - 2011-04-12 20:28 - 000000000 ____D C:\Windows\CSC
==================== Files in the root of some directories =======
2019-04-16 13:49 - 2019-04-16 13:49 - 000007601 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2019-04-16 14:34
==================== End of FRST.txt ============================
And Addition -
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2019 01
Ran by Administrator (16-04-2019 22:41:45)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) (2019-04-16 00:03:50)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1869737474-3930770182-1401445859-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1869737474-3930770182-1401445859-501 - Limited - Disabled)
Mine (S-1-5-21-1869737474-3930770182-1401445859-1000 - Administrator - Enabled) => C:\Users\Mine
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.105 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.105 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.105 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{6CE5234B-BD8C-72B6-7364-69CA8E42114E}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{FEA11F9B-416B-2727-5EA1-82429995D035}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{BB8B734F-8F55-E1CA-D001-166AEB5FC453}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{FDC6AD00-2690-0C79-F448-6870D088E3E6}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{324FD995-6403-C91B-C812-F8A910894512}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{9377A666-BA7B-A306-B948-EB998FBF087D}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{8C6E9090-39F9-9B36-4773-6F86F02BD555}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{3D74EBB6-6F60-ED1D-6241-BF452D0CB787}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20FF7371-58D1-D4AE-E321-1EA1D0C1A55E}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{A1BD4CBE-AB56-A4C9-C5DA-B68EB525E926}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{E58AF6C5-288F-830D-D62D-22ED85786607}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{72BDC691-D61C-6223-4FBB-A220B70F3AA4}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{D094472C-C370-653E-11CC-7B1713988675}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{12917240-54AB-4561-43BC-E0D31BCC3F35}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{D84705BF-5A46-5099-8DB8-C863ECA0CF89}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{7C07AA6D-B3AB-9C1E-6C54-5452025422B1}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{1602DD16-8687-7E1C-EC9C-867141AFE351}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{BDF46C47-1E10-2359-4F1E-014D4B57138B}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{BA329B31-7B17-D2CD-31B3-13FE20904707}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{6C39385A-C5C2-0E60-83BF-95DAF8B34FAE}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{6C18B3F7-E174-5D25-9A31-A52F8EAC0D49}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
EasyBCD 2.4 (HKLM-x32\...\EasyBCD) (Version: 2.4 - NeoSmart Technologies)
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Network Activity Indicator for Windows 7 - 8.1 (HKLM-x32\...\NetworkIndicator_is1) (Version: 1.7 - ITSamples.com)
Pale Moon 28.4.1 (x64 en-US) (HKLM\...\Pale Moon 28.4.1 (x64 en-US)) (Version: 28.4.1 - Moonchild Productions)
Vivaldi (HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\Vivaldi) (Version: 2.4.1488.38 - Vivaldi Technologies AS.)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1869737474-3930770182-1401445859-500_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Program Files\Vivaldi\Application\2.4.1488.38\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-05-12] (Tonec Inc. -> Tonec Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-07-20] (Advanced Micro Devices, Inc.) [File not signed]
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {6DF80502-B29B-4398-97D6-17E59D632010} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
==================== Loaded Modules (Whitelisted) ==============
2017-07-20 19:00 - 2017-07-20 19:00 - 000980480 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\atiacm64.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000191488 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-04-16 12:32 - 2014-12-19 19:33 - 000376832 _____ (ITSamples.com) [File not signed] C:\Program Files (x86)\ITSamples\NetworkIndicator\NetworkIndicator.exe
2019-04-16 12:22 - 2019-03-27 11:56 - 000517120 _____ (Mozilla Foundation) [File not signed] C:\Program Files\Pale Moon\freebl3.dll
2019-04-16 12:08 - 2012-01-27 05:38 - 000073728 ____R (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 14:34 - 2009-06-11 09:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1869737474-3930770182-1401445859-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 203.97.78.43 - 203.97.78.44
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BD2DA16E-8AF0-491A-8CA6-9F82D03604E0}] => (Allow) C:\Program Files\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{E21834CB-A8C6-418A-B7A6-2DD2F4D9386E}] => (Allow) C:\Program Files\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{A0D884DA-D87F-4EAA-8D26-D71C1CF66FA6}] => (Allow) C:\Program Files\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Video Controller
Description: Video Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/16/2019 10:16:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (04/16/2019 10:15:34 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={206E40B6-ED7F-414B-9EC0-D1B3DD058D78}: The user Mine-PC\Administrator dialed a connection named Telstra Clear which has failed. The error code returned on failure is 691.
Error: (04/16/2019 02:34:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AMD\CIM\Bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (04/16/2019 01:21:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (04/16/2019 01:21:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (04/16/2019 01:21:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (04/16/2019 01:21:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (04/16/2019 01:21:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
System errors:
=============
Error: (04/16/2019 10:14:22 PM) (Source: volsnap) (EventID: 29) (User: )
Description: The shadow copies of volume C: were aborted during detection.
==================== Memory info ===========================
Processor: Intel® Core i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 51%
Total physical RAM: 8076.14 MB
Available physical RAM: 3893.94 MB
Total Virtual: 16150.48 MB
Available Virtual: 11801 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:119.84 GB) (Free:94.58 GB) NTFS
Drive d: (XP SP3) (Fixed) (Total:97.76 GB) (Free:91.97 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:100.36 GB) (Free:82.65 GB) NTFS
Drive f: () (Fixed) (Total:3625.66 GB) (Free:1182.98 GB) NTFS
Drive g: (Data_2) (Fixed) (Total:353.01 GB) (Free:89.69 GB) NTFS
Drive h: (Data_3) (Fixed) (Total:14.99 GB) (Free:7.56 GB) NTFS
Drive i: (Data_1) (Fixed) (Total:310 GB) (Free:32.16 GB) NTFS
Drive j: (W 7_32 bit) (Fixed) (Total:35.92 GB) (Free:15.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 4B19BE7B)
Partition 1: (Active) - (Size=97.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=0F Extended)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 66CD451A)
Partition 1: (Not Active) - (Size=119.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=310 GB) - (Type=0F Extended)
Partition 3: (Not Active) - (Size=35.9 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: 351D3362)
Partition: GPT.
==================== End of Addition.txt ============================
Nothing obvious shown in FRST scan results, I think?
What now?
Thank you.