Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser Downloading in Background


  • Please log in to reply

#1
brispuss

brispuss

    Member

  • Member
  • PipPip
  • 48 posts

Unusual one, this!

 

After a previous fresh install of Vivaldi browser, and on running it without a web site loaded, Vivaldi appears to be downloading HUGE amounts of data.

 

The browser does not auto-update, and any browser extensions installed are very small and load/install fairly quickly.

 

The issue has already been asked at Vivaldi forums here -

https://forum.vivaldi.net/topic/36494/vivaldi-downloading-all-the-time

But there is no definite answer yet as to the cause of the large data download.

 

Several anti-malware programs were run, but no malware was found.

 

Since then, the OS partition has been wiped, re-formatted, and the OS and some other software has been re-installed, including Vivaldi.

 

Running Vivaldi again, it appears that it is once again in the process of downloading a lot of data, when, according to others, this is not usual.

 

Wanting to be certain, as far as possible, that there is no malware/spyware nor anything else unwanted on my system!

 

Here are the latest FRST scan results -

 

FRST-

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2019 01
Ran by Administrator (administrator) on MINE-PC (16-04-2019 22:41:07)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Mine & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\update_notifier.exe
(ITSamples.com) [File not signed] C:\Program Files (x86)\ITSamples\NetworkIndicator\NetworkIndicator.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Mark Straver -> Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation -> Intel Corporation)
HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\Run: [Vivaldi Update Notifier] => C:\Program Files\Vivaldi\Application\update_notifier.exe [1800776 2019-04-11] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\Run: [NetworkIndicator] => C:\Program Files (x86)\ITSamples\NetworkIndicator\NetworkIndicator.exe [376832 2014-12-19] (ITSamples.com) [File not signed]
HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4056176 2019-04-04] (Tonec Inc. -> Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{81FFABC0-2688-451C-AF60-44CB672A9193}: [NameServer] 203.97.78.43 203.97.78.44

Internet Explorer:
==================
HKU\S-1-5-21-1869737474-3930770182-1401445859-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1869737474-3930770182-1401445859-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2018-11-22] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2018-11-22] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: pu17pyvj.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\pu17pyvj.default [2019-04-16]
FF Extension: (Adblock Latitude) - C:\Users\Administrator\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\pu17pyvj.default\Extensions\[email protected] [2019-04-16] [Legacy] [not signed]
FF HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2019-04-16] [Legacy] [not signed]
FF HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-21] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_105.dll [2019-04-16] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_105.dll [2019-04-16] (Adobe Systems Incorporated -> )

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-04-04]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-04-04]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [543112 2017-07-21] (Advanced Micro Devices, Inc. -> AMD)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1146880 2009-06-11] (Microsoft Windows -> LSI Corp)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [38422408 2017-07-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [532360 2017-07-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [59392 2012-02-19] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [84608 2012-02-19] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-17 07:59 - 2019-04-16 12:03 - 000000000 ____D C:\Windows\Panther
2019-04-16 22:41 - 2019-04-16 22:41 - 000007429 _____ C:\Users\Administrator\Desktop\FRST.txt
2019-04-16 22:38 - 2019-04-16 22:38 - 000000000 ____D C:\Users\Administrator\Desktop\FRST-OlderVersion
2019-04-16 22:31 - 2019-04-16 22:41 - 000000000 ____D C:\FRST
2019-04-16 22:30 - 2019-04-16 22:38 - 002434048 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2019-04-16 15:45 - 2019-04-16 15:50 - 001909200 _____ C:\Users\Administrator\Downloads\exeinfope_v54.zip
2019-04-16 13:49 - 2019-04-16 13:49 - 000007601 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2019-04-16 13:03 - 2019-04-16 15:57 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DMCache
2019-04-16 13:03 - 2019-04-16 13:04 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\IDM
2019-04-16 13:03 - 2019-04-16 13:03 - 000001009 _____ C:\Users\Administrator\Desktop\Internet Download Manager.lnk
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\Users\Administrator\Downloads\Video
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\Users\Administrator\Downloads\Compressed
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\ProgramData\IDM
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2019-04-16 12:32 - 2019-04-16 12:32 - 000001241 _____ C:\Users\Public\Desktop\Network Indicator.lnk
2019-04-16 12:32 - 2019-04-16 12:32 - 000000000 ____D C:\Program Files (x86)\ITSamples
2019-04-16 12:30 - 2019-04-16 12:30 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2019-04-16 12:30 - 2019-04-16 12:30 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Moonchild Productions
2019-04-16 12:30 - 2019-04-16 12:30 - 000000000 ____D C:\Users\Administrator\AppData\Local\Moonchild Productions
2019-04-16 12:24 - 2019-04-16 12:25 - 000846848 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-04-16 12:24 - 2019-04-16 12:25 - 000175616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-04-16 12:24 - 2019-04-16 12:25 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-04-16 12:24 - 2019-04-16 12:25 - 000000000 ____D C:\Windows\system32\Macromed
2019-04-16 12:24 - 2019-04-16 12:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2019-04-16 12:23 - 2019-04-16 12:23 - 000002233 _____ C:\Users\Administrator\Desktop\Vivaldi.lnk
2019-04-16 12:23 - 2019-04-16 12:23 - 000002203 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2019-04-16 12:23 - 2019-04-16 12:23 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\AMD
2019-04-16 12:23 - 2019-04-16 12:23 - 000000000 ____D C:\Users\Administrator\AppData\Local\Vivaldi
2019-04-16 12:23 - 2019-04-16 12:23 - 000000000 ____D C:\Program Files\Vivaldi
2019-04-16 12:22 - 2019-04-16 12:39 - 000000000 ____D C:\Program Files\Pale Moon
2019-04-16 12:22 - 2019-04-16 12:30 - 000001066 _____ C:\Users\Public\Desktop\Pale Moon.lnk
2019-04-16 12:21 - 2019-04-16 22:18 - 000003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4CEE092-A574-4E34-A2B4-8F2DE9BE0C61}
2019-04-16 12:21 - 2019-04-16 12:21 - 000057560 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2019-04-16 12:21 - 2019-04-16 12:21 - 000036864 _____ C:\Users\Administrator\Documents\EasyBCD Backup (2019-04-16).bcd
2019-04-16 12:21 - 2019-04-16 12:21 - 000000000 ____D C:\Users\Administrator\AppData\Local\NeoSmart_Technologies
2019-04-16 12:20 - 2019-04-16 12:20 - 000001213 _____ C:\Users\Public\Desktop\EasyBCD 2.4.lnk
2019-04-16 12:20 - 2019-04-16 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
2019-04-16 12:20 - 2019-04-16 12:20 - 000000000 ____D C:\Program Files (x86)\NeoSmart Technologies
2019-04-16 12:18 - 2019-04-16 15:57 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2019-04-16 12:18 - 2019-04-16 12:23 - 000000000 ____D C:\Users\Administrator\AppData\Local\AMD
2019-04-16 12:17 - 2019-04-16 12:17 - 000003146 _____ C:\Windows\System32\Tasks\StartCN
2019-04-16 12:17 - 2019-04-16 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2019-04-16 12:17 - 2019-04-16 12:17 - 000000000 ____D C:\Program Files (x86)\AMD
2019-04-16 12:16 - 2019-04-16 12:16 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2019-04-16 12:16 - 2019-04-16 12:16 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2019-04-16 12:16 - 2017-06-16 07:32 - 000541984 _____ C:\Windows\system32\vulkan-1.dll
2019-04-16 12:16 - 2017-06-16 07:32 - 000525088 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-04-16 12:16 - 2017-06-16 07:32 - 000254240 _____ C:\Windows\system32\vulkaninfo.exe
2019-04-16 12:16 - 2017-06-16 07:32 - 000233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-04-16 12:16 - 2015-07-19 01:08 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2019-04-16 12:15 - 2019-04-16 12:16 - 000000000 ____D C:\ProgramData\Package Cache
2019-04-16 12:14 - 2019-04-16 12:14 - 000757660 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-04-16 12:13 - 2019-04-16 12:17 - 000000000 ____D C:\Program Files\AMD
2019-04-16 12:12 - 2019-04-16 12:26 - 000000000 ____D C:\AMD
2019-04-16 12:11 - 2019-04-16 12:11 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2019-04-16 12:11 - 2019-04-16 12:11 - 000000000 ____D C:\Program Files (x86)\Etron Technology
2019-04-16 12:11 - 2012-02-19 15:17 - 000084608 _____ (Etron Technology Inc) C:\Windows\system32\Drivers\EtronXHCI.sys
2019-04-16 12:11 - 2012-02-19 15:17 - 000059392 _____ (Etron Technology Inc) C:\Windows\system32\Drivers\EtronHub3.sys
2019-04-16 12:09 - 2019-04-16 12:09 - 000001443 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-04-16 12:09 - 2019-04-16 12:09 - 000001409 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2019-04-16 12:09 - 2019-04-16 12:09 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2019-04-16 12:09 - 2019-04-16 12:09 - 000000000 ____D C:\Users\Administrator
2019-04-16 12:09 - 2011-04-12 20:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2019-04-16 12:08 - 2019-04-16 12:08 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2019-04-16 12:08 - 2012-01-27 05:39 - 000787736 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2019-04-16 12:08 - 2012-01-27 05:39 - 000356120 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2019-04-16 12:08 - 2012-01-27 05:39 - 000016152 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2019-04-16 12:05 - 2019-04-16 12:08 - 000000000 ____D C:\Program Files (x86)\Intel
2019-04-16 12:05 - 2019-04-16 12:05 - 000000000 ____D C:\Intel
2019-04-16 12:05 - 2011-12-06 19:55 - 000053248 ____R (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2019-04-16 12:04 - 2019-04-16 12:04 - 000001447 _____ C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-04-16 12:04 - 2019-04-16 12:04 - 000001413 _____ C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2019-04-16 12:03 - 2019-04-16 12:04 - 000000000 ____D C:\Users\Mine
2019-04-16 12:03 - 2019-04-16 12:03 - 000000020 ___SH C:\Users\Mine\ntuser.ini
2019-04-16 12:03 - 2019-04-16 12:03 - 000000000 ____D C:\Users\Mine\AppData\Local\VirtualStore
2019-04-16 12:03 - 2011-04-12 20:28 - 000000000 ____D C:\Users\Mine\AppData\Roaming\Media Center Programs
2019-04-16 12:01 - 2019-04-16 12:01 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2019-04-16 12:01 - 2019-04-16 12:01 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2019-04-04 23:41 - 2018-12-20 22:05 - 000229296 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-17 07:58 - 2009-07-14 17:32 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2019-04-16 22:18 - 2009-07-14 17:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-16 22:18 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\inf
2019-04-16 22:14 - 2009-07-14 17:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-04-16 15:57 - 2009-07-14 16:45 - 000020672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-04-16 15:57 - 2009-07-14 16:45 - 000020672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-04-16 12:29 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\ModemLogs
2019-04-16 12:10 - 2009-07-14 15:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2019-04-16 12:09 - 2009-07-14 16:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2019-04-16 12:02 - 2009-07-14 16:45 - 000274320 _____ C:\Windows\system32\FNTCACHE.DAT
2019-04-16 12:02 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\rescache
2019-04-16 12:01 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\system32\sysprep
2019-04-16 11:59 - 2011-04-12 20:28 - 000000000 ____D C:\Windows\CSC

==================== Files in the root of some directories =======

2019-04-16 13:49 - 2019-04-16 13:49 - 000007601 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-04-16 14:34

==================== End of FRST.txt ============================

 

 

And Addition -

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2019 01
Ran by Administrator (16-04-2019 22:41:45)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) (2019-04-16 00:03:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1869737474-3930770182-1401445859-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1869737474-3930770182-1401445859-501 - Limited - Disabled)
Mine (S-1-5-21-1869737474-3930770182-1401445859-1000 - Administrator - Enabled) => C:\Users\Mine

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.105 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.105 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.105 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{6CE5234B-BD8C-72B6-7364-69CA8E42114E}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{FEA11F9B-416B-2727-5EA1-82429995D035}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{BB8B734F-8F55-E1CA-D001-166AEB5FC453}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{FDC6AD00-2690-0C79-F448-6870D088E3E6}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{324FD995-6403-C91B-C812-F8A910894512}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{9377A666-BA7B-A306-B948-EB998FBF087D}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{8C6E9090-39F9-9B36-4773-6F86F02BD555}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{3D74EBB6-6F60-ED1D-6241-BF452D0CB787}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20FF7371-58D1-D4AE-E321-1EA1D0C1A55E}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{A1BD4CBE-AB56-A4C9-C5DA-B68EB525E926}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{E58AF6C5-288F-830D-D62D-22ED85786607}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{72BDC691-D61C-6223-4FBB-A220B70F3AA4}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{D094472C-C370-653E-11CC-7B1713988675}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{12917240-54AB-4561-43BC-E0D31BCC3F35}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{D84705BF-5A46-5099-8DB8-C863ECA0CF89}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{7C07AA6D-B3AB-9C1E-6C54-5452025422B1}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{1602DD16-8687-7E1C-EC9C-867141AFE351}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{BDF46C47-1E10-2359-4F1E-014D4B57138B}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{BA329B31-7B17-D2CD-31B3-13FE20904707}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{6C39385A-C5C2-0E60-83BF-95DAF8B34FAE}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{6C18B3F7-E174-5D25-9A31-A52F8EAC0D49}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
EasyBCD 2.4 (HKLM-x32\...\EasyBCD) (Version: 2.4 - NeoSmart Technologies)
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Network Activity Indicator for Windows 7 - 8.1 (HKLM-x32\...\NetworkIndicator_is1) (Version: 1.7 - ITSamples.com)
Pale Moon 28.4.1 (x64 en-US) (HKLM\...\Pale Moon 28.4.1 (x64 en-US)) (Version: 28.4.1 - Moonchild Productions)
Vivaldi (HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\Vivaldi) (Version: 2.4.1488.38 - Vivaldi Technologies AS.)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1869737474-3930770182-1401445859-500_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Program Files\Vivaldi\Application\2.4.1488.38\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
ShellIconOverlayIdentifiers: [            IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-05-12] (Tonec Inc. -> Tonec Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-07-20] (Advanced Micro Devices, Inc.) [File not signed]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {6DF80502-B29B-4398-97D6-17E59D632010} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2017-07-20 19:00 - 2017-07-20 19:00 - 000980480 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\atiacm64.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000191488 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-04-16 12:32 - 2014-12-19 19:33 - 000376832 _____ (ITSamples.com) [File not signed] C:\Program Files (x86)\ITSamples\NetworkIndicator\NetworkIndicator.exe
2019-04-16 12:22 - 2019-03-27 11:56 - 000517120 _____ (Mozilla Foundation) [File not signed] C:\Program Files\Pale Moon\freebl3.dll
2019-04-16 12:08 - 2012-01-27 05:38 - 000073728 ____R (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 14:34 - 2009-06-11 09:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1869737474-3930770182-1401445859-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 203.97.78.43 - 203.97.78.44
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BD2DA16E-8AF0-491A-8CA6-9F82D03604E0}] => (Allow) C:\Program Files\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{E21834CB-A8C6-418A-B7A6-2DD2F4D9386E}] => (Allow) C:\Program Files\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{A0D884DA-D87F-4EAA-8D26-D71C1CF66FA6}] => (Allow) C:\Program Files\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Video Controller
Description: Video Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2019 10:16:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/16/2019 10:15:34 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={206E40B6-ED7F-414B-9EC0-D1B3DD058D78}: The user Mine-PC\Administrator dialed a connection named Telstra Clear which has failed. The error code returned on failure is 691.

Error: (04/16/2019 02:34:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AMD\CIM\Bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/16/2019 01:21:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/16/2019 01:21:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/16/2019 01:21:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/16/2019 01:21:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/16/2019 01:21:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (04/16/2019 10:14:22 PM) (Source: volsnap) (EventID: 29) (User: )
Description: The shadow copies of volume C: were aborted during detection.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 51%
Total physical RAM: 8076.14 MB
Available physical RAM: 3893.94 MB
Total Virtual: 16150.48 MB
Available Virtual: 11801 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.84 GB) (Free:94.58 GB) NTFS
Drive d: (XP SP3) (Fixed) (Total:97.76 GB) (Free:91.97 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:100.36 GB) (Free:82.65 GB) NTFS
Drive f: () (Fixed) (Total:3625.66 GB) (Free:1182.98 GB) NTFS
Drive g: (Data_2) (Fixed) (Total:353.01 GB) (Free:89.69 GB) NTFS
Drive h: (Data_3) (Fixed) (Total:14.99 GB) (Free:7.56 GB) NTFS
Drive i: (Data_1) (Fixed) (Total:310 GB) (Free:32.16 GB) NTFS
Drive j: (W 7_32 bit) (Fixed) (Total:35.92 GB) (Free:15.03 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 4B19BE7B)
Partition 1: (Active) - (Size=97.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=0F Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 66CD451A)
Partition 1: (Not Active) - (Size=119.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=310 GB) - (Type=0F Extended)
Partition 3: (Not Active) - (Size=35.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: 351D3362)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

Nothing obvious shown in FRST scan results, I think?

 

What now?

 

Thank you.


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,555 posts
  • MVP

Why are you running Internet Download Manager?  Seems an odd program to have when you are trying to isolate a problem.  Also the free version comes with adware.

https://en.wikipedia...wnload_managers

 

Also this seems odd:
 

Error: (04/16/2019 10:15:34 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={206E40B6-ED7F-414B-9EC0-D1B3DD058D78}: The user Mine-PC\Administrator dialed a connection named Telstra Clear which has failed. The error code returned on failure is 691.

 

 

Telstra Clear is a New Zealand Internet provider and why is it attempting to DIAL?

 

Error: (04/16/2019 01:21:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

 

 

Is your clock synced to Internet Time?  A new install of Windows 7 has about 200 updates to  get done so you might try turning off Windows Update to see if that's the source of the data traffic.

 

 

It would be interesting to see who Vivaldi is talking to.  Get

tcpview. 

https://live.sysinte...com/Tcpview.exe

Download, Save and then run it by right clicking and Run As Admin.

Then File, Save As (to your desktop), tcp , OK.  This should create a  file tcp.txt on your desktop.  Attach or copy and paste it to a reply.
 


  • 0

#3
brispuss

brispuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Thanks for the comments.

 

First, I am on a dial-up internet connection which is called Telstra Clear. Nothing unusual about that? The only (minor) issue is that I often have to re-dial several times in order to actually get a successful internet connection. The error 691 (invalid username and/or password) often appears (and sometimes error 628 also), but my user name and password are most definitely correct, so I don't know why I'm getting these error messages on almost every occasion when attempting a dial up internet connection.

 

I use a fully licensed version of Internet Download Manager as an aid to download large programs. This is really necessary as I'm on a slow internet connection (dial-up) and download drop outs are fairly common, unfortunately.

 

My system time is synchronized with internet time (automatically). I also do an occasional manual time synchronization as well just to be certain.

 

Vivaldi appears to have stopped downloading after approximately half an hour or so!? No where near as bad as on the previous occasion when it seemed to download for about 6 hours+!!

 

So as of this moment, Vivaldi is no longer downloading anything (that I don't know about). So should I still install and run TCPview?


Edited by brispuss, Yesterday, 07:03 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,555 posts
  • MVP

Didn't know anyone still used dialup and couldn't tell from your FRST log that you were in New Zealand.

 

I would go ahead and get tcpview.  It's a small program so even on download won't take long.  Then if it starts up again you can quickly see what is going on.

 

 

You are missing a lot of drivers which is not surprising after a reinstall.  Do you need help identifying them?  Is the modem builtin?  There should be a log of connection attempts and it may show you what is happening.

 

This error:

 

Error: (04/16/2019 10:16:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

 

 

is on all Win 7 machines because of a Microsoft mistake.  I think FRST can now remove it.

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   1.23KB   2 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 


  • 0

#5
brispuss

brispuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Downloaded Tcpview. Next time Vivaldi seems to be downloading (excessively), I'll run Tcpview.

 

My computer is a custom built desktop with the modem being an add-on card.

 

Dial-up is still being used by others, as not everyone can afford broadband.

 

I know there is additional work to be done installing drivers etc. I wanted only a minimalist installation to check for malware.

 

FRST run twice.

 

FRST fixlog -

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.04.2019
Ran by Administrator (18-04-2019 10:51:33) Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Mine & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: dir C:\tools\kernrate
CMD: Type C:\tools\kernrate\KernCap.vbs
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:






*****************


========= dir C:\tools\kernrate =========

The system cannot find the file specified.

========= End of CMD: =========


========= Type C:\tools\kernrate\KernCap.vbs =========

The system cannot find the path specified.

========= End of CMD: =========

"CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"" => removed successfully
"BVTFilter" => removed successfully
"BVTConsumer" => removed successfully

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 10:51:47 ====

 

 

FRST scan -

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.04.2019
Ran by Administrator (administrator) on MINE-PC (18-04-2019 10:53:55)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Mine & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\update_notifier.exe
(ITSamples.com) [File not signed] C:\Program Files (x86)\ITSamples\NetworkIndicator\NetworkIndicator.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mobsync.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation -> Intel Corporation)
HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\Run: [Vivaldi Update Notifier] => C:\Program Files\Vivaldi\Application\update_notifier.exe [1800776 2019-04-11] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\Run: [NetworkIndicator] => C:\Program Files (x86)\ITSamples\NetworkIndicator\NetworkIndicator.exe [376832 2014-12-19] (ITSamples.com) [File not signed]
HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4056176 2019-04-04] (Tonec Inc. -> Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{81FFABC0-2688-451C-AF60-44CB672A9193}: [NameServer] 203.97.78.43 203.97.78.44

Internet Explorer:
==================
HKU\S-1-5-21-1869737474-3930770182-1401445859-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1869737474-3930770182-1401445859-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2018-11-22] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2018-11-22] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: pu17pyvj.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\pu17pyvj.default [2019-04-18]
FF Extension: (Adblock Latitude) - C:\Users\Administrator\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\pu17pyvj.default\Extensions\[email protected] [2019-04-16] [Legacy] [not signed]
FF HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2019-04-16] [Legacy] [not signed]
FF HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-21] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-17] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-17] (Adobe Inc. -> )

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-04-04]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-04-04]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [543112 2017-07-21] (Advanced Micro Devices, Inc. -> AMD)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1146880 2009-06-11] (Microsoft Windows -> LSI Corp)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [38422408 2017-07-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [532360 2017-07-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [59392 2012-02-19] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [84608 2012-02-19] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-18 10:53 - 2019-04-18 10:54 - 000007391 _____ C:\Users\Administrator\Desktop\FRST.txt
2019-04-18 10:51 - 2019-04-18 10:51 - 000001654 _____ C:\Users\Administrator\Desktop\Fixlog.txt
2019-04-18 10:50 - 2019-04-18 10:47 - 002434048 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2019-04-17 16:11 - 2019-04-17 16:12 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-04-17 16:11 - 2019-04-17 16:12 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-04-17 07:59 - 2019-04-16 12:03 - 000000000 ____D C:\Windows\Panther
2019-04-16 22:50 - 2019-04-16 22:50 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2019-04-16 22:41 - 2019-04-16 22:42 - 000025194 _____ C:\Users\Administrator\Desktop\FRST_orig.txt
2019-04-16 22:41 - 2019-04-16 22:42 - 000023362 _____ C:\Users\Administrator\Desktop\Addition_orig.txt
2019-04-16 22:31 - 2019-04-18 10:53 - 000000000 ____D C:\FRST
2019-04-16 15:45 - 2019-04-16 15:50 - 001909200 _____ C:\Users\Administrator\Downloads\exeinfope_v54.zip
2019-04-16 13:49 - 2019-04-16 13:49 - 000007601 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2019-04-16 13:03 - 2019-04-18 10:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DMCache
2019-04-16 13:03 - 2019-04-17 12:55 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\IDM
2019-04-16 13:03 - 2019-04-16 13:03 - 000001009 _____ C:\Users\Administrator\Desktop\Internet Download Manager.lnk
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\Users\Administrator\Downloads\Video
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\Users\Administrator\Downloads\Compressed
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\ProgramData\IDM
2019-04-16 13:03 - 2019-04-16 13:03 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2019-04-16 12:32 - 2019-04-16 12:32 - 000001241 _____ C:\Users\Public\Desktop\Network Indicator.lnk
2019-04-16 12:32 - 2019-04-16 12:32 - 000000000 ____D C:\Program Files (x86)\ITSamples
2019-04-16 12:30 - 2019-04-16 12:30 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2019-04-16 12:30 - 2019-04-16 12:30 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Moonchild Productions
2019-04-16 12:30 - 2019-04-16 12:30 - 000000000 ____D C:\Users\Administrator\AppData\Local\Moonchild Productions
2019-04-16 12:24 - 2019-04-17 16:12 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-04-16 12:24 - 2019-04-17 16:12 - 000000000 ____D C:\Windows\system32\Macromed
2019-04-16 12:24 - 2019-04-16 12:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2019-04-16 12:23 - 2019-04-16 12:23 - 000002233 _____ C:\Users\Administrator\Desktop\Vivaldi.lnk
2019-04-16 12:23 - 2019-04-16 12:23 - 000002203 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2019-04-16 12:23 - 2019-04-16 12:23 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\AMD
2019-04-16 12:23 - 2019-04-16 12:23 - 000000000 ____D C:\Users\Administrator\AppData\Local\Vivaldi
2019-04-16 12:23 - 2019-04-16 12:23 - 000000000 ____D C:\Program Files\Vivaldi
2019-04-16 12:22 - 2019-04-17 15:26 - 000000000 ____D C:\Program Files\Pale Moon
2019-04-16 12:22 - 2019-04-16 12:30 - 000001066 _____ C:\Users\Public\Desktop\Pale Moon.lnk
2019-04-16 12:21 - 2019-04-18 10:14 - 000003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4CEE092-A574-4E34-A2B4-8F2DE9BE0C61}
2019-04-16 12:21 - 2019-04-16 12:21 - 000057560 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2019-04-16 12:21 - 2019-04-16 12:21 - 000036864 _____ C:\Users\Administrator\Documents\EasyBCD Backup (2019-04-16).bcd
2019-04-16 12:21 - 2019-04-16 12:21 - 000000000 ____D C:\Users\Administrator\AppData\Local\NeoSmart_Technologies
2019-04-16 12:20 - 2019-04-16 12:20 - 000001213 _____ C:\Users\Public\Desktop\EasyBCD 2.4.lnk
2019-04-16 12:20 - 2019-04-16 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
2019-04-16 12:20 - 2019-04-16 12:20 - 000000000 ____D C:\Program Files (x86)\NeoSmart Technologies
2019-04-16 12:18 - 2019-04-18 10:52 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2019-04-16 12:18 - 2019-04-16 12:23 - 000000000 ____D C:\Users\Administrator\AppData\Local\AMD
2019-04-16 12:17 - 2019-04-16 12:17 - 000003146 _____ C:\Windows\System32\Tasks\StartCN
2019-04-16 12:17 - 2019-04-16 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2019-04-16 12:17 - 2019-04-16 12:17 - 000000000 ____D C:\Program Files (x86)\AMD
2019-04-16 12:16 - 2019-04-16 12:16 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2019-04-16 12:16 - 2019-04-16 12:16 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2019-04-16 12:16 - 2017-06-16 07:32 - 000541984 _____ C:\Windows\system32\vulkan-1.dll
2019-04-16 12:16 - 2017-06-16 07:32 - 000525088 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-04-16 12:16 - 2017-06-16 07:32 - 000254240 _____ C:\Windows\system32\vulkaninfo.exe
2019-04-16 12:16 - 2017-06-16 07:32 - 000233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-04-16 12:16 - 2015-07-19 01:08 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2019-04-16 12:16 - 2015-07-19 01:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2019-04-16 12:15 - 2019-04-16 12:16 - 000000000 ____D C:\ProgramData\Package Cache
2019-04-16 12:14 - 2019-04-16 12:14 - 000757660 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-04-16 12:13 - 2019-04-16 12:17 - 000000000 ____D C:\Program Files\AMD
2019-04-16 12:12 - 2019-04-16 12:26 - 000000000 ____D C:\AMD
2019-04-16 12:11 - 2019-04-16 12:11 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2019-04-16 12:11 - 2019-04-16 12:11 - 000000000 ____D C:\Program Files (x86)\Etron Technology
2019-04-16 12:11 - 2012-02-19 15:17 - 000084608 _____ (Etron Technology Inc) C:\Windows\system32\Drivers\EtronXHCI.sys
2019-04-16 12:11 - 2012-02-19 15:17 - 000059392 _____ (Etron Technology Inc) C:\Windows\system32\Drivers\EtronHub3.sys
2019-04-16 12:09 - 2019-04-16 12:09 - 000001443 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-04-16 12:09 - 2019-04-16 12:09 - 000001409 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2019-04-16 12:09 - 2019-04-16 12:09 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2019-04-16 12:09 - 2019-04-16 12:09 - 000000000 ____D C:\Users\Administrator
2019-04-16 12:09 - 2011-04-12 20:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2019-04-16 12:08 - 2019-04-16 12:08 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2019-04-16 12:08 - 2012-01-27 05:39 - 000787736 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2019-04-16 12:08 - 2012-01-27 05:39 - 000356120 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2019-04-16 12:08 - 2012-01-27 05:39 - 000016152 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2019-04-16 12:05 - 2019-04-16 12:08 - 000000000 ____D C:\Program Files (x86)\Intel
2019-04-16 12:05 - 2019-04-16 12:05 - 000000000 ____D C:\Intel
2019-04-16 12:05 - 2011-12-06 19:55 - 000053248 ____R (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2019-04-16 12:04 - 2019-04-16 12:04 - 000001447 _____ C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-04-16 12:04 - 2019-04-16 12:04 - 000001413 _____ C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2019-04-16 12:03 - 2019-04-16 12:04 - 000000000 ____D C:\Users\Mine
2019-04-16 12:03 - 2019-04-16 12:03 - 000000020 ___SH C:\Users\Mine\ntuser.ini
2019-04-16 12:03 - 2019-04-16 12:03 - 000000000 ____D C:\Users\Mine\AppData\Local\VirtualStore
2019-04-16 12:03 - 2011-04-12 20:28 - 000000000 ____D C:\Users\Mine\AppData\Roaming\Media Center Programs
2019-04-16 12:01 - 2019-04-16 12:01 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2019-04-16 12:01 - 2019-04-16 12:01 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2019-04-04 23:41 - 2018-12-20 22:05 - 000229296 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-18 10:52 - 2009-07-14 17:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-04-18 10:51 - 2009-07-14 16:45 - 000020672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-04-18 10:51 - 2009-07-14 16:45 - 000020672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-04-18 10:13 - 2009-07-14 17:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-18 10:13 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\inf
2019-04-17 07:58 - 2009-07-14 17:32 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2019-04-16 12:29 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\ModemLogs
2019-04-16 12:10 - 2009-07-14 15:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2019-04-16 12:09 - 2009-07-14 16:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2019-04-16 12:02 - 2009-07-14 16:45 - 000274320 _____ C:\Windows\system32\FNTCACHE.DAT
2019-04-16 12:02 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\rescache
2019-04-16 12:01 - 2009-07-14 15:20 - 000000000 ____D C:\Windows\system32\sysprep
2019-04-16 11:59 - 2011-04-12 20:28 - 000000000 ____D C:\Windows\CSC

==================== Files in the root of some directories =======

2019-04-16 13:49 - 2019-04-16 13:49 - 000007601 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-04-16 14:34

==================== End of FRST.txt ============================

 

 

FRST Addition scan -

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.04.2019
Ran by Administrator (18-04-2019 10:54:31)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) (2019-04-16 00:03:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1869737474-3930770182-1401445859-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1869737474-3930770182-1401445859-501 - Limited - Disabled)
Mine (S-1-5-21-1869737474-3930770182-1401445859-1000 - Administrator - Enabled) => C:\Users\Mine

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.171 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.171 - Adobe)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{6CE5234B-BD8C-72B6-7364-69CA8E42114E}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{FEA11F9B-416B-2727-5EA1-82429995D035}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{BB8B734F-8F55-E1CA-D001-166AEB5FC453}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{FDC6AD00-2690-0C79-F448-6870D088E3E6}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{324FD995-6403-C91B-C812-F8A910894512}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{9377A666-BA7B-A306-B948-EB998FBF087D}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{8C6E9090-39F9-9B36-4773-6F86F02BD555}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{3D74EBB6-6F60-ED1D-6241-BF452D0CB787}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20FF7371-58D1-D4AE-E321-1EA1D0C1A55E}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{A1BD4CBE-AB56-A4C9-C5DA-B68EB525E926}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{E58AF6C5-288F-830D-D62D-22ED85786607}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{72BDC691-D61C-6223-4FBB-A220B70F3AA4}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{D094472C-C370-653E-11CC-7B1713988675}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{12917240-54AB-4561-43BC-E0D31BCC3F35}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{D84705BF-5A46-5099-8DB8-C863ECA0CF89}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{7C07AA6D-B3AB-9C1E-6C54-5452025422B1}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{1602DD16-8687-7E1C-EC9C-867141AFE351}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{BDF46C47-1E10-2359-4F1E-014D4B57138B}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{BA329B31-7B17-D2CD-31B3-13FE20904707}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{6C39385A-C5C2-0E60-83BF-95DAF8B34FAE}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{6C18B3F7-E174-5D25-9A31-A52F8EAC0D49}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
EasyBCD 2.4 (HKLM-x32\...\EasyBCD) (Version: 2.4 - NeoSmart Technologies)
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Network Activity Indicator for Windows 7 - 8.1 (HKLM-x32\...\NetworkIndicator_is1) (Version: 1.7 - ITSamples.com)
Pale Moon 28.4.1 (x64 en-US) (HKLM\...\Pale Moon 28.4.1 (x64 en-US)) (Version: 28.4.1 - Moonchild Productions)
Vivaldi (HKU\S-1-5-21-1869737474-3930770182-1401445859-500\...\Vivaldi) (Version: 2.4.1488.38 - Vivaldi Technologies AS.)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1869737474-3930770182-1401445859-500_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Program Files\Vivaldi\Application\2.4.1488.38\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
ShellIconOverlayIdentifiers: [            IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-05-12] (Tonec Inc. -> Tonec Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-07-20] (Advanced Micro Devices, Inc.) [File not signed]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {6DF80502-B29B-4398-97D6-17E59D632010} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-09-12 23:42 - 2016-09-12 23:42 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-04-16 12:32 - 2014-12-19 19:33 - 000376832 _____ (ITSamples.com) [File not signed] C:\Program Files (x86)\ITSamples\NetworkIndicator\NetworkIndicator.exe
2019-04-16 12:08 - 2012-01-27 05:38 - 000073728 ____R (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 14:34 - 2009-06-11 09:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1869737474-3930770182-1401445859-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 203.97.78.43 - 203.97.78.44
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BD2DA16E-8AF0-491A-8CA6-9F82D03604E0}] => (Allow) C:\Program Files\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{E21834CB-A8C6-418A-B7A6-2DD2F4D9386E}] => (Allow) C:\Program Files\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{A0D884DA-D87F-4EAA-8D26-D71C1CF66FA6}] => (Allow) C:\Program Files\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)

==================== Restore Points =========================

17-04-2019 01:31:34 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Video Controller
Description: Video Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2019 10:53:10 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={D711BEFC-8B7F-4D0B-AB2E-38A69E4F58B3}: The user Mine-PC\Administrator dialed a connection named Telstra Clear which has failed. The error code returned on failure is 691.


System errors:
=============

==================== Memory info ===========================

Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 45%
Total physical RAM: 8076.14 MB
Available physical RAM: 4368.05 MB
Total Virtual: 16150.48 MB
Available Virtual: 12400.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.84 GB) (Free:93.17 GB) NTFS
Drive d: (XP SP3) (Fixed) (Total:97.76 GB) (Free:91.97 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:100.36 GB) (Free:82.65 GB) NTFS
Drive f: () (Fixed) (Total:3625.66 GB) (Free:1182.98 GB) NTFS
Drive g: (Data_2) (Fixed) (Total:353.01 GB) (Free:89.56 GB) NTFS
Drive h: (Data_3) (Fixed) (Total:14.99 GB) (Free:7.56 GB) NTFS
Drive i: (Data_1) (Fixed) (Total:310 GB) (Free:32.48 GB) NTFS
Drive j: (W 7_32 bit) (Fixed) (Total:35.92 GB) (Free:14.6 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 4B19BE7B)
Partition 1: (Active) - (Size=97.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=0F Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 66CD451A)
Partition 1: (Not Active) - (Size=119.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=310 GB) - (Type=0F Extended)
Partition 3: (Not Active) - (Size=35.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: 351D3362)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

Anything else that needs to be done to check/confirm that there is no malware/spyware etc installed?


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,555 posts
  • MVP

I would try tcpview now so you know what it looks like.  If your problem returns you can also install wireshark

https://www.wireshark.org/

 

which should let you look at the tcp/ip traffic in detail.  The logs are very large so you won't want be able to share them with me but you might copy a page or so which might be enough to figure out what is going on.

 

This article might help with your modem problems:

 

http://www.portlandi...nder-windows-7/

 

See the section at the bottom:  Modem Diagnostics under Windows 7

which talks about logging.  It's possible that the fault is in the modem bank at your ISP.  They have a bunch of modems tied to phone lines and sometimes a modem (or its telephone line)  will fail so the call doesn't connect.  The next time you dial up you get a different phone line and a different modem and it works.  I remember when I was on dialup, there was one modem in the bank that never worked and I complained to my ISP and eventually they fixed it.

 

I don't see any malware but you can run Rogue Killer to make sure:

 

Rogue Killer

http://www.adlice.co...iller/#download
Portable 32 bits
Portable 64 bits <==Use this one

Download and Save.



Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe)  and Run As admin

Start Scan
Start Scan

Will take about 20 minutes to complete.

Open Report
Export TXT (save it to your desktop as rk) Save

Do not let Rogue Killer remove anything until you hear from me.   (It tends to have a lot of false positives)  Leave Rogue Killer up (but minimized) so you won't have to rescan.

Open rk.txt and copy and paste it to your next Reply.


  • 0






Similar Topics

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP