Solved PC often not displaying JPG images and cannot update software (like Super AntiSpyware).

Daniel Burkus · May 15, 2020

Hi. Recently my PC has been having problems opening .jpg images (this is particularly noticeable with Tumblr, but sometimes other sites are affected), and also updating software (especially Super AntiSpyware). I would like to rule out malware as a source of these issues, hence this post.

PC is running Windows 7 Ultimate with Service Pack 1, 64-bit O/S. Processor is Intel Pentium CPU G630, with 4 GB installed memory. If any other details are needed, please let me know.

Thank you for your time, and help.

-- Daniel M. Burkus

Broni · May 15, 2020

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Daniel Burkus · May 15, 2020

Hello, Broni! Thank you for looking into this.

-- Daniel M. Burkus

First, I am running ESET NOD32 ANTIVIRUS.

The scan from that is:

-------------------------------------------------------------------------------------------------------------------------------
Log
Scan Log

Version of detection engine: 21330 (20200515)
Date: 5/15/2020 Time: 4:24:01 PM
Scanned disks, folders and files: Operating memory;C:\Boot sectors/UEFI;D:\Boot sectors/UEFI;C:\;D:\
Operating memory » C:\Windows\System32\spool\drivers\x64\3\frdvpr_ui.dll - unable to open [4]
C:\ProgramData\Doctor Web\certcache\certdb - unable to open [4]
C:\Users\All Users\Doctor Web\certcache\certdb - unable to open [4]
C:\Users\Daniel M. Burkus\AppData\Roaming\Movavi Video Suite 2020\Movavi Video Suite 20.0.0 (x64) Install File\MovaviVideoSuiteSetup_x64.exe » 7ZIP » resources/sounds/clickdown.wav - unsupported option
C:\hiberfil.sys - unable to open [4]
C:\pagefile.sys - unable to open [4]
Number of scanned objects: 286004
Number of detections: 0
Time of completion: 4:34:15 PM Total scanning time: 614 sec (00:10:14)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.

Daniel Burkus · May 15, 2020

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2020 01
Ran by Daniel M. Burkus (administrator) on DANIELMBURKUS (SAMSUNG ELECTRONICS CO.,LTD Samsung Desktop System) (15-05-2020 17:37:18)
Running from C:\Users\Daniel M. Burkus\Desktop
Loaded Profiles: Daniel M. Burkus
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(FOXIT SOFTWARE INC. -> Foxit Corporation) C:\Users\Daniel M. Burkus\AppData\Roaming\Foxit Software\Addon\Foxit Reader\FoxitReaderUpdater.exe
(FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe
(FreeDownloadManager.org) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
(GRETECH CORPORATION -> GOM & Company) C:\Program Files (x86)\GRETECH\GOMPlayer\GOM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Kakao corp. -> Kakao Corp. ) C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6>
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Patch My PC, LLC -> Patch My PC, LLC) C:\Users\Daniel M. Burkus\Desktop\Documents\PatchMyPC.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [185648 2020-04-04] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-06-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft)
HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\Run: [Free Download Manager] => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe [10203648 2019-01-30] (FreeDownloadManager.org) [File not signed]
HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [9230256 2020-03-24] (Support.com Inc -> SUPERAntiSpyware)
HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [13543016 2020-05-11] (Kakao corp. -> Kakao Corp. )
HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [27775672 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\MountPoints2: {1b6110d3-d8e4-11e9-b745-806e6f6e6963} - F:\EasySuite.exe bootup
HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\MountPoints2: {9d32bbee-9dc6-11e9-814b-806e6f6e6963} - F:\EasySuite.exe bootup
BootExecute: autocheck autochk * sdnclean64.exe

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1C8DAC18-815F-405C-AC99-2AE8067191C1} - System32\Tasks\{6FD0F6A3-2DC4-4512-A0A5-189BB7ACAB1B} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\IrfanView\iview454_setup.exe" -d "C:\Program Files (x86)\IrfanView"
Task: {4CFDB634-6037-400C-9890-F81AA9C61A5E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [127176 2020-05-08] (Mozilla Corporation -> Mozilla Foundation)
Task: {5500925B-CB8A-4452-BF44-81C3FDAA67D1} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {58FEDB2C-0C12-45CF-A279-1A777FE237D5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {7400AAB6-6644-4ED7-B20C-8B18265EC191} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {87433426-D2D1-4A24-B521-E99A01562D5A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1706496 2020-04-05] ( ) [File not signed]
Task: {87874A01-1392-47D2-B2B0-3AA02DCC1A5B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [23571128 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9706DD96-4E00-421B-9589-380E3B5A8A02} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9746951E-7967-4039-B93B-BEB9FB08B3B8} - System32\Tasks\{171CA8D9-9883-4BD8-87D2-58402C6BE003} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\IrfanView\iview454a_plugins_setup.exe" -d "C:\Program Files (x86)\IrfanView"
Task: {9E8E29DA-55FA-4A0A-AEF4-988CFC776E22} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-05] (Google LLC -> Google LLC)
Task: {9FC53295-F990-475A-9D53-390D79272DB3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {A10CF9C3-A0A5-4097-ACEA-6FCE8FBC340B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {AD704E37-D0B2-44B9-B42C-964876582EB2} - System32\Tasks\{E916E363-DCE0-4216-A4AE-20054BD2846C} => C:\Windows\system32\pcalua.exe -a "C:\Users\Daniel M. Burkus\Desktop\irfanview_plugins_441_setup.exe" -d "C:\Users\Daniel M. Burkus\Desktop"
Task: {DAC0F33D-DD4C-484D-BFFE-D7213AD0A68A} - System32\Tasks\{AAE94F49-B553-4BBF-9BDE-1ECD297B4CE3} => C:\Windows\system32\pcalua.exe -a "C:\Users\Daniel M. Burkus\Desktop\converter.exe" -d "C:\Users\Daniel M. Burkus\Desktop"
Task: {FBE12928-5789-40B2-B5DF-B0258584DF47} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-05] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 210.220.163.82 219.250.36.130
Tcpip\..\Interfaces\{01C2E742-4648-4FB0-B14D-E9458E394E91}: [DhcpNameServer] 210.220.163.82 219.250.36.130

Internet Explorer:
==================
HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daum.net/
SearchScopes: HKU\S-1-5-21-2181456502-4158230203-1033552464-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
Handler: WSKVAllmytubechrome - No CLSID Value

FireFox:
========
FF DefaultProfile: 4v6onpe7.default
FF ProfilePath: C:\Users\Daniel M. Burkus\AppData\Roaming\Mozilla\Firefox\Profiles\4v6onpe7.default [2020-03-31]
FF ProfilePath: C:\Users\Daniel M. Burkus\AppData\Roaming\Mozilla\Firefox\Profiles\twecgs14.default-release [2020-05-15]
FF Homepage: Mozilla\Firefox\Profiles\twecgs14.default-release -> hxxps://login.yahoo.com/?.src=ym&.lang=en-US&.intl=us&.done=https%3A%2F%2Fmail.yahoo.com%2Fd
FF Extension: (Flash Video Downloader) - C:\Users\Daniel M. Burkus\AppData\Roaming\Mozilla\Firefox\Profiles\twecgs14.default-release\Extensions\ductloanphuok@gmail.com.xpi [2019-11-19]
FF Extension: (uBlock Origin) - C:\Users\Daniel M. Burkus\AppData\Roaming\Mozilla\Firefox\Profiles\twecgs14.default-release\Extensions\uBlock0@raymondhill.net.xpi [2020-04-22]
FF Extension: (Video | GIF Downloader for Twitter) - C:\Users\Daniel M. Burkus\AppData\Roaming\Mozilla\Firefox\Profiles\twecgs14.default-release\Extensions\{7bcecd12-7e59-44fd-b721-8852ae8b20a8}.xpi [2020-04-14]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2020-05-15]

Chrome:
=======
CHR HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2358784 2020-04-04] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2358784 2020-04-04] (ESET, spol. s r.o. -> ESET)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [1995184 2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-03-12] (Malwarebytes Inc -> Malwarebytes)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13048888 2020-04-30] (Adlice -> )
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [313112 2019-07-28] (Bluestack Systems, Inc. -> Bluestack System Inc. )
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [154336 2020-04-04] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [188872 2020-03-22] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [115960 2020-03-22] (ESET, spol. s r.o. -> ESET)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-05-15] (Malwarebytes Inc -> Malwarebytes)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2020-05-15] (Adlice -> )
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-15 17:37 - 2020-05-15 17:37 - 000015741 _____ C:\Users\Daniel M. Burkus\Desktop\FRST.txt
2020-05-15 17:37 - 2020-05-15 17:37 - 000000000 ____D C:\Users\Daniel M. Burkus\Desktop\FRST-OlderVersion
2020-05-15 17:36 - 2020-05-15 17:37 - 000000000 ____D C:\FRST
2020-05-15 17:33 - 2020-05-15 17:37 - 002286080 _____ (Farbar) C:\Users\Daniel M. Burkus\Desktop\FRST64.exe
2020-05-15 17:32 - 2020-05-15 17:32 - 000001890 _____ C:\Users\Daniel M. Burkus\Desktop\ESET NOD32 ANTIVIRUS Scan Results.txt
2020-05-15 15:06 - 2020-05-15 16:40 - 000000000 ____D C:\Users\Daniel M. Burkus\Downloads\Emma.2020.720p.WEBRip.800MB.x264-GalaxyRG[TGx]
2020-05-15 12:07 - 2020-05-15 12:07 - 000000000 ____D C:\ProgramData\obs-studio-hook
2020-05-15 12:04 - 2020-05-15 12:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HandBrake
2020-05-15 12:03 - 2020-05-15 12:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2020-05-15 11:14 - 2020-05-15 11:14 - 001816704 _____ (Patch My PC, LLC) C:\Users\Daniel M. Burkus\Desktop\Documents\PatchMyPC.exe
2020-05-15 11:12 - 2020-05-15 14:32 - 000000000 ____D C:\PatchMyPCUpdates
2020-05-15 11:12 - 2020-05-15 11:12 - 000001070 _____ C:\Users\Daniel M. Burkus\Desktop\Documents\VLC media player.lnk
2020-05-15 10:48 - 2020-05-15 10:53 - 000000000 ____D C:\ProgramData\RogueKiller
2020-05-15 10:48 - 2020-05-15 10:48 - 000000858 _____ C:\Users\Daniel M. Burkus\Desktop\Documents\RogueKiller.lnk
2020-05-15 10:48 - 2020-05-15 10:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2020-05-15 10:48 - 2020-05-15 10:48 - 000000000 ____D C:\Program Files\RogueKiller
2020-05-15 08:37 - 2020-05-15 08:37 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-05-14 07:51 - 2020-05-14 07:51 - 004270698 _____ C:\Users\Daniel M. Burkus\Downloads\what are these things.mp4
2020-05-14 00:20 - 2020-05-14 00:21 - 117472672 ____C (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2020-05-12 21:29 - 2020-05-12 21:30 - 000195034 _____ C:\TDSSKiller.3.1.0.28_12.05.2020_21.29.43_log.txt
2020-05-12 21:28 - 2020-05-12 21:28 - 000002150 _____ C:\TDSSKiller.3.1.0.28_12.05.2020_21.28.09_log.txt
2020-05-11 17:55 - 2020-05-14 08:21 - 000000278 _____ C:\Users\Daniel M. Burkus\Desktop\Part 7 (Notes).txt
2020-05-11 17:55 - 2020-05-14 08:19 - 000001114 _____ C:\Users\Daniel M. Burkus\Desktop\Part 7 (Text).txt
2020-05-08 23:11 - 2020-05-10 06:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-05-06 10:04 - 2020-04-26 05:57 - 016270554 _____ C:\Windows\system32\Drivers\etc\hosts.20200506-100441.backup
2020-05-02 09:25 - 2020-05-02 09:25 - 000000822 _____ C:\Users\Daniel M. Burkus\Desktop\Documents\CCleaner.lnk
2020-05-01 10:26 - 2020-05-01 10:26 - 000000000 ____D C:\Users\Daniel M. Burkus\AppData\Local\4kdownload.com
2020-05-01 10:12 - 2020-05-01 10:12 - 000000000 ____D C:\Users\Daniel M. Burkus\AppData\Roaming\4kdownload.com
2020-04-27 21:56 - 2020-04-27 21:57 - 000000000 ____D C:\Users\Daniel M. Burkus\Desktop\Bad Mother's Handbook, The (2007)
2020-04-27 20:38 - 2020-04-27 20:38 - 000000000 ____D C:\Users\Daniel M. Burkus\AppData\Local\SplitMovie
2020-04-27 20:31 - 2020-04-27 20:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2020-04-27 20:31 - 2020-04-27 20:31 - 000000000 ____D C:\ProgramData\DigitalWave.ApplicationUpdater_files
2020-04-27 20:31 - 2020-04-27 20:31 - 000000000 ____D C:\Program Files (x86)\DVDVideoSoft
2020-04-27 20:30 - 2020-04-27 20:31 - 000000000 ____D C:\Users\Daniel M. Burkus\AppData\Roaming\DVDVideoSoft
2020-04-27 20:18 - 2020-04-27 20:39 - 065990174 _____ C:\Users\Daniel M. Burkus\Desktop\FormatFactory_4.6_Portable.7z
2020-04-27 20:10 - 2020-04-27 20:10 - 000000000 ____D C:\Users\Daniel M. Burkus\AppData\Local\FreemakeVideoConverter
2020-04-27 20:09 - 2020-04-27 20:14 - 000000000 ____D C:\ProgramData\Freemake
2020-04-27 16:13 - 2020-04-27 16:13 - 000000000 ____D C:\Users\Daniel M. Burkus\AppData\Roaming\dvdcss
2020-04-27 14:08 - 2020-05-12 12:55 - 000017920 _____ C:\Users\Daniel M. Burkus\Desktop\daisu-mae (based on shiki-shi).hwp
2020-04-27 10:47 - 2020-04-27 15:49 - 000000531 _____ C:\Users\Daniel M. Burkus\Desktop\calculations.txt
2020-04-25 17:25 - 2020-04-25 17:25 - 000000022 _____ C:\Users\Daniel M. Burkus\Desktop\RAT.txt
2020-04-25 13:01 - 2020-04-25 13:01 - 000000000 ____D C:\Users\Daniel M. Burkus\Desktop\Books (PDF)
2020-04-21 00:00 - 2020-04-22 10:06 - 1773405180 _____ C:\Users\Daniel M. Burkus\Desktop\Michael Moore Presents_ Planet of the Humans _ Full Documentary _ Directed by Jeff Gibbs.mp4
2020-04-20 11:23 - 2020-04-20 11:24 - 000000000 ____D C:\Users\Daniel M. Burkus\Desktop\Lotion
2020-04-20 10:40 - 2020-05-10 12:00 - 000015872 _____ C:\Users\Daniel M. Burkus\Desktop\daisu ten-ita.hwp
2020-04-20 09:17 - 2020-04-21 09:45 - 000016896 _____ C:\Users\Daniel M. Burkus\Desktop\daisu ji-ita.hwp
2020-04-15 07:27 - 2020-04-12 19:57 - 015816842 _____ C:\Windows\system32\Drivers\etc\hosts.20200415-072733.backup

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-15 17:37 - 2019-07-03 22:50 - 000000000 ____D C:\Users\Daniel M. Burkus\AppData\Local\Free Download Manager
2020-05-15 16:21 - 2019-07-03 21:18 - 000000000 ____D C:\Users\Daniel M. Burkus\AppData\LocalLow\Mozilla
2020-05-15 15:27 - 2009-07-13 21:45 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-05-15 15:27 - 2009-07-13 21:45 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-05-15 15:18 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2020-05-15 12:03 - 2019-10-19 12:29 - 000000000 ____D C:\ProgramData\Foxit Software
2020-05-15 11:25 - 2019-07-26 23:26 - 000000000 ____D C:\ProgramData\Doctor Web
2020-05-15 11:25 - 2019-07-03 12:20 - 000000000 ____D C:\Users\Daniel M. Burkus
2020-05-15 11:13 - 2019-07-03 22:53 - 000000000 ____D C:\Users\Daniel M. Burkus\Desktop\Documents\Shortcuts
2020-05-15 11:11 - 2019-07-04 16:58 - 000000000 ____D C:\Users\Daniel M. Burkus\AppData\Roaming\vlc
2020-05-15 11:09 - 2019-08-11 07:28 - 000028272 _____ C:\Windows\system32\Drivers\truesight.sys
2020-05-15 11:07 - 2019-07-09 12:09 - 000000000 ____D C:\Users\Daniel M. Burkus\AppData\Roaming\HandBrake
2020-05-15 10:53 - 2019-10-06 08:41 - 000000000 ____D C:\Users\Daniel M. Burkus\Desktop\Movies
2020-05-15 08:43 - 2009-07-13 22:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2020-05-15 08:37 - 2019-07-04 16:05 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2020-05-15 08:37 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-05-14 00:19 - 2019-07-03 22:48 - 000000000 ____D C:\Windows\system32\MRT
2020-05-14 00:15 - 2019-07-03 22:48 - 120636720 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-05-13 17:40 - 2020-02-02 09:52 - 000000000 ____D C:\Users\Daniel M. Burkus\Doctor Web
2020-05-12 23:35 - 2019-11-26 22:34 - 000000000 ____D C:\Users\Daniel M. Burkus\Desktop\CUTE
2020-05-12 19:33 - 2019-07-13 09:40 - 000000000 ____D C:\EEK
2020-05-11 18:51 - 2019-07-15 15:36 - 000003254 _____ C:\Windows\system32\Tasks\klcp_update
2020-05-11 18:51 - 2019-07-15 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2020-05-11 18:51 - 2019-07-15 15:36 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2020-05-11 11:58 - 2019-08-19 07:33 - 000041686 _____ C:\Users\Daniel M. Burkus\Desktop\Nampo Roku (list of posts).txt
2020-05-10 06:24 - 2019-07-03 21:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-05-09 21:39 - 2020-03-26 11:10 - 000001787 _____ C:\Users\Daniel M. Burkus\Desktop\Twitters.txt
2020-05-09 00:12 - 2019-08-20 22:35 - 000000000 ____D C:\Users\Daniel M. Burkus\AppData\Local\CrashDumps
2020-05-07 22:01 - 2019-07-03 21:21 - 000002196 _____ C:\Users\Daniel M. Burkus\Desktop\Blog Templates.txt
2020-05-07 16:24 - 2019-07-03 21:21 - 000000072 _____ C:\Users\Daniel M. Burkus\Desktop\Movie Time.txt
2020-05-06 10:04 - 2009-07-13 19:34 - 016270554 ____R C:\Windows\system32\Drivers\etc\hosts.20200510-070216.backup
2020-05-02 09:25 - 2019-07-03 21:32 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-04-30 21:13 - 2019-07-03 21:32 - 000002840 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2020-04-30 21:13 - 2019-07-03 21:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-04-30 21:13 - 2019-07-03 21:32 - 000000000 ____D C:\Program Files\CCleaner
2020-04-29 16:26 - 2019-07-03 21:21 - 000000952 _____ C:\Users\Daniel M. Burkus\Desktop\Movies and Software to Search.txt
2020-04-29 09:19 - 2019-07-28 06:05 - 000000000 ____D C:\Users\Daniel M. Burkus\Desktop\Plants (Horticulture-related Files)
2020-04-26 05:57 - 2009-07-13 19:34 - 016270554 ____R C:\Windows\system32\Drivers\etc\hosts.20200503-055946.backup
2020-04-22 09:57 - 2019-09-17 00:00 - 348722723 _____ C:\Users\Daniel M. Burkus\Desktop\Full Interview_ Edward Snowden On Trump, Privacy, And Threats To Democracy _ The 11th Hour _ MSNBC.mp4
2020-04-19 08:49 - 2009-07-13 19:34 - 016270554 ____R C:\Windows\system32\Drivers\etc\hosts.20200426-055738.backup
2020-04-18 16:46 - 2019-07-04 16:04 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-04-15 07:27 - 2009-07-13 19:34 - 016270554 ____R C:\Windows\system32\Drivers\etc\hosts.20200419-084951.backup

==================== Files in the root of some directories ========

2020-03-28 06:47 - 2020-03-28 06:48 - 050063360 _____ () C:\Program Files (x86)\GUT1C51.tmp
2019-08-31 11:03 - 2020-03-11 23:58 - 000007600 _____ () C:\Users\Daniel M. Burkus\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2020-05-07 06:49
==================== End of FRST.txt ========================

Daniel Burkus · May 15, 2020

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05-2020 01
Ran by Daniel M. Burkus (15-05-2020 17:38:08)
Running from C:\Users\Daniel M. Burkus\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2019-07-03 19:20:21)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2181456502-4158230203-1033552464-500 - Administrator - Disabled)
Daniel M. Burkus (S-1-5-21-2181456502-4158230203-1033552464-1000 - Administrator - Enabled) => C:\Users\Daniel M. Burkus
Guest (S-1-5-21-2181456502-4158230203-1033552464-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2181456502-4158230203-1033552464-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: ESET Security (Enabled - Up to date) {333C65BB-8923-0EAA-C47E-C486E687BEFD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.120.0.1081 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.66 - Piriform)
CloneSpy 3.42 - 64 bit (HKLM\...\CloneSpy) (Version: 3.42 - The CloneSpy Team)
CutePDF Writer 3.2 (HKLM\...\CutePDF Writer Installation) (Version: 3.2 - Acro Software Inc.)
ESET Security (HKLM\...\{EC96F234-2A42-4D7D-9C33-443566F72BF5}) (Version: 13.1.21.0 - ESET, spol. s r.o.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 10.0.0.35798 - Foxit Software Inc.)
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: 5.1.38.7312 - FreeDownloadManager.ORG)
Free Excel Viewer V2 (HKLM-x32\...\Free Excel Viewer_is1) (Version: - hxxps://www.PDFZilla.com/free-excel-viewer.html/free-excel-viewer.html)
FVD Downloader Module (HKLM-x32\...\{A3F74A3C-6824-4878-AB46-21280389D09F}) (Version: 1.0.8 - Nimbus)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.49.5311 - GOM & Company)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
HandBrake 1.3.2 (HKLM-x32\...\HandBrake) (Version: 1.3.2 - )
Hangul 2002 SE (HKLM-x32\...\{CECBC29F-6D3A-4ED6-A686-7220EF9B69CC}) (Version: 5.7.5.3007 - Haansoft)
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IrfanView 4.53 (64-bit) (HKLM\...\IrfanView64) (Version: 4.53 - Irfan Skiljan)
IrfanView 4.54 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.54 - Irfan Skiljan)
KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 3.1.2.2472 - Kakao Corp.)
K-Lite Mega Codec Pack 15.4.4 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.4.4 - KLCP)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
MKVToolNix 46.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 46.0.0 - Moritz Bunkus)
Movavi Video Suite 2020 (HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\Movavi Video Suite 2020) (Version: 20.0.0 - Movavi)
Mozilla Firefox 76.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 76.0.1 (x64 en-US)) (Version: 76.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 71.0 - Mozilla)
Nero Burning ROM 2014 (HKLM-x32\...\{B0E4ACBC-4CFA-4B6D-9B7B-E13C171BCC23}) (Version: 15.0.05300 - Nero AG)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.8 - OBS Project)
paint.net (HKLM\...\{15BCA3AB-444B-4AC5-A04F-F2AD0F7AD3EC}) (Version: 4.2.10 - dotPDN LLC)
PicosmosTools 2.4.0.1 (HKLM-x32\...\PicosmosTools) (Version: 2.4.0.1 - Free Time)
Prerequisite installer (HKLM-x32\...\{5909A89E-C97F-407C-AE2B-47BDED86BF5D}) (Version: 15.0.0005 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.107.323.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RogueKiller version 14.4.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.4.2.0 - Adlice Software)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1048 - SUPERAntiSpyware.com)
TreeSize Free V4.4.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.4.1 - JAM Software)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.10 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-04] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [PicosmosShell] -> {A3888921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\PicosmosTools\ShellEx64_102.dll [2019-08-06] (Free Time) [File not signed]
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-04] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] (Empty Loop -> )
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-04] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] (Empty Loop -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => C:\Windows\system32\huffyuv.dll [55296 2005-01-21] () [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [310784 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [126976 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => C:\Windows\SysWOW64\huffyuv.dll [39936 2004-05-18] (Disappearing Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284160 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [473088 2015-02-25] (hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Daniel M. Burkus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CloneSpy\Website.lnk -> hxxp://www.clonespy.com

==================== Loaded Modules (Whitelisted) =============

2020-01-13 02:33 - 2020-01-13 02:33 - 001506304 _____ () [File not signed] C:\Program Files (x86)\GRETECH\GOMPlayer\libass.dll
2019-07-08 14:53 - 2017-04-13 11:42 - 012242432 _____ () [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avcodec-57.dll
2019-07-08 14:53 - 2017-04-13 11:42 - 001825792 _____ () [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avfilter-6.dll
2019-07-08 14:53 - 2017-04-13 11:42 - 002158592 _____ () [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avformat-57.dll
2019-07-08 14:53 - 2017-04-13 11:42 - 000485376 _____ () [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avutil-55.dll
2019-07-08 14:53 - 2017-04-13 11:46 - 069740544 _____ () [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libcef.dll
2019-07-08 14:53 - 2018-05-15 06:32 - 000015360 _____ () [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libegl.dll
2019-07-08 14:53 - 2018-05-15 06:32 - 002521088 _____ () [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libglesv2.dll
2019-07-08 14:53 - 2017-04-13 11:42 - 000138752 _____ () [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\swresample-2.dll
2019-07-08 14:53 - 2017-04-13 11:42 - 000662016 _____ () [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\swscale-4.dll
2019-07-15 15:36 - 2012-07-21 03:55 - 000180736 _____ (fccHandler) [File not signed] C:\Windows\system32\ac3acm.acm
2020-01-13 02:33 - 2020-01-13 02:33 - 014108592 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\GRETECH\GOMPlayer\modules\avcodec-gp-57.dll
2020-01-13 02:33 - 2020-01-13 02:33 - 004189666 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\GRETECH\GOMPlayer\modules\avformat-gp-57.dll
2020-01-13 02:33 - 2020-01-13 02:33 - 001515893 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\GRETECH\GOMPlayer\modules\avutil-gp-55.dll
2020-01-13 02:33 - 2020-01-13 02:33 - 000608575 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\GRETECH\GOMPlayer\modules\swresample-gp-2.dll
2020-01-13 02:33 - 2020-01-13 02:33 - 001089978 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\GRETECH\GOMPlayer\modules\swscale-gp-4.dll
2019-07-08 14:52 - 2019-01-30 21:59 - 000436224 _____ (FreeDownloadManager.org) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\common.dll
2019-07-08 14:52 - 2019-01-30 21:59 - 000110080 _____ (FreeDownloadManager.org) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\mediahelper.dll
2019-07-08 14:52 - 2019-01-30 21:59 - 000676864 _____ (FreeDownloadManager.org) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\wba.dll
2020-01-13 02:32 - 2020-01-13 02:32 - 000177152 _____ (GOM & Company) [File not signed] C:\Program Files (x86)\GRETECH\GOMPlayer\CrashDumpCollector.dll
2020-01-13 02:33 - 2020-01-13 02:33 - 000119808 _____ (GOM & Company) [File not signed] C:\Program Files (x86)\GRETECH\GOMPlayer\modules\GifMaker.dll
2020-01-13 02:33 - 2020-01-13 02:33 - 003296768 _____ (GOM & Company) [File not signed] C:\Program Files (x86)\GRETECH\GOMPlayer\modules\Subtitle.dll
2020-01-13 02:33 - 2020-01-13 02:33 - 001310720 _____ (GOM & Company.) [File not signed] C:\Program Files (x86)\GRETECH\GOMPlayer\modules\gaf.ax
2020-01-13 02:33 - 2020-01-13 02:33 - 001943040 _____ (GOM & Company.) [File not signed] C:\Program Files (x86)\GRETECH\GOMPlayer\modules\grfu.ax
2020-01-13 02:32 - 2020-01-13 02:32 - 003599872 _____ (GOM & Company.) [File not signed] C:\Program Files (x86)\GRETECH\GOMPlayer\modules\gvf.ax
2020-01-13 02:33 - 2020-01-13 02:33 - 004131328 _____ (GOM & Company.) [File not signed] C:\Program Files (x86)\GRETECH\GOMPlayer\modules\MediaSource.ax
2019-07-08 14:53 - 2017-04-13 11:42 - 001712640 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\LIBEAY32.dll
2019-07-08 14:53 - 2017-04-13 11:42 - 000351744 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\SSLEAY32.dll
2019-07-08 14:53 - 2018-05-15 06:39 - 000049152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\bearer\qgenericbearer.dll
2019-07-08 14:53 - 2018-05-15 06:38 - 000032768 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\imageformats\qgif.dll
2019-07-08 14:53 - 2018-05-15 06:48 - 000041984 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\imageformats\qicns.dll
2019-07-08 14:53 - 2018-05-15 06:38 - 000033280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\imageformats\qico.dll
2019-07-08 14:53 - 2018-05-15 06:39 - 000331264 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\imageformats\qjpeg.dll
2019-07-08 14:53 - 2018-05-15 06:48 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\imageformats\qtga.dll
2019-07-08 14:53 - 2018-05-15 06:48 - 000371712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\imageformats\qtiff.dll
2019-07-08 14:53 - 2018-05-15 06:48 - 000024064 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\imageformats\qwbmp.dll
2019-07-08 14:53 - 2018-05-15 06:48 - 000478720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\imageformats\qwebp.dll
2019-07-08 14:53 - 2018-05-15 06:40 - 001439744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\platforms\qwindows.dll
2019-07-08 14:52 - 2019-01-30 22:01 - 005938176 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\Qt5Core.dll
2019-07-08 14:53 - 2018-05-15 06:35 - 006345216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\Qt5Gui.dll
2019-07-08 14:53 - 2018-05-15 06:35 - 001256960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\Qt5Network.dll
2019-07-08 14:53 - 2018-05-15 06:33 - 000207360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\Qt5Sql.dll
2019-07-08 14:53 - 2018-05-15 06:38 - 005515264 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\Qt5Widgets.dll
2019-07-08 14:53 - 2018-05-15 06:39 - 001121280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\sqldrivers\qsqlite.dll
2019-07-08 14:53 - 2018-05-15 06:39 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\styles\qwindowsvistastyle.dll
2019-07-15 15:36 - 2019-12-19 07:58 - 001805824 _____ (xy-VSFilter Team) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Filters\DirectVobSub\vsfilter.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\27177577.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\27177577.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7941 more sites.

IE restricted site: HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\...\123simsen.com -> www.123simsen.com

There are 7941 more sites.

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2020-05-12 19:50 - 016583274 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2181456502-4158230203-1033552464-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel M. Burkus\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 210.220.163.82 - 219.250.36.130
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B8AFFE4A-5BB0-4990-87BC-A1E759E70F4E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8CD5A309-B013-42E5-B680-5C452CAC6B84}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4BE02C49-572C-4BF4-9028-42BD9A4D1672}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{A551BA96-4373-46D6-911D-5F0279B2A6D0}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{7F1AD1DC-41EF-459F-8070-0AD12BD4645B}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe (FreeDownloadManager.org) [File not signed]
FirewallRules: [{4820D31C-8A0D-4EC8-B995-1E0497012F83}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe (FreeDownloadManager.org) [File not signed]
FirewallRules: [TCP Query User{3F8BF312-92B5-4724-9EB1-14DB380A2980}C:\program files\freedownloadmanager.org\free download manager\fdm.exe] => (Allow) C:\program files\freedownloadmanager.org\free download manager\fdm.exe (FreeDownloadManager.org) [File not signed]
FirewallRules: [UDP Query User{A5DC9F4F-FD05-4E99-95DC-2F8B702A495E}C:\program files\freedownloadmanager.org\free download manager\fdm.exe] => (Allow) C:\program files\freedownloadmanager.org\free download manager\fdm.exe (FreeDownloadManager.org) [File not signed]
FirewallRules: [{69A73AAE-629C-41EA-B015-3BEE21D4C02A}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

14-05-2020 00:14:50 Windows Update

==================== Faulty Device Manager Devices ============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: ========================

Application errors:
==================
Error: (05/14/2020 07:28:00 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/14/2020 07:28:00 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/14/2020 07:28:00 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/14/2020 07:28:00 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (05/14/2020 07:28:00 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/14/2020 07:27:59 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (05/14/2020 07:27:59 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/14/2020 07:27:59 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (05/15/2020 12:03:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Foxit Reader Update Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/15/2020 11:12:37 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (05/15/2020 11:09:47 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (05/15/2020 11:07:32 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (05/15/2020 11:07:15 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (05/15/2020 08:37:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMChameleon service failed to start due to the following error:
The system cannot find the file specified.

Error: (05/15/2020 08:37:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMChameleon service failed to start due to the following error:
The system cannot find the file specified.

Error: (05/14/2020 10:07:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMChameleon service failed to start due to the following error:
The system cannot find the file specified.

Windows Defender:
===================================
Date: 2020-03-11 17:43:34.032
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{64DA1F07-B4C0-4677-BC34-84380A8B3D3D}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2020-03-11 17:43:11.896
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{E200BA57-4726-4E2F-801F-5A64553AA45C}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2019-10-05 08:41:27.803
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{85B61DC9-54EB-4985-A95D-428D49299793}
Scan Type:AntiSpyware
Scan Parameters:Full Scan

Date: 2019-10-05 08:07:13.543
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{854549B5-C4CF-4CDD-B2E4-62F03B6A53EA}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2019-07-26 20:31:55.726
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

==================== Memory info ===========================

BIOS: SAMSUNG ELECTRONICS CO.,LTD 09JS 02/16/2012
Motherboard: SAMSUNG ELECTRONICS CO.,LTD Samsung DeskTop System
Processor: Intel(R) Pentium(R) CPU G630 @ 2.70GHz
Percentage of memory in use: 96%
Total physical RAM: 4006.48 MB
Available physical RAM: 122 MB
Total Virtual: 8011.11 MB
Available Virtual: 3099.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:28.71 GB) NTFS
Drive d: (D-drive) (Fixed) (Total:465.76 GB) (Free:34.05 GB) NTFS
Drive f: (EasySuitecc) (CDROM) (Total:0 GB) (Free:0 GB) CDFS

\\?\Volume{9d32bbca-9dc6-11e9-814b-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 368B3D91)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 4867EFF2)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Broni · May 15, 2020

I see nothing malicious there.
As for the images...did you try different browser to see if it has same issue?
As for SAS, did you try to reinstall it?

Daniel Burkus · May 15, 2020

Ok, thank you very much Broni. No, I did not try a different browser, nor reinstalling Super AntiSpyware. I will try those suggestions now. Maybe it is just the local internet being overwhelmed due to many people being at home on account of the coronavirus.

Thank you very much for your help!

-- Daniel M. Burkus

Daniel Burkus · May 15, 2020

Ok, Broni, I uninstalled and then reinstalled Super AntiSpyware, but there is not really much difference -- it is updating very slowly (first attempt failed). Also, I installed Chrome, but the behavior is similar to Firefox -- .jpg files loading very slowly, or only partially. So I guess it must be the local internet.

Again, thank you for your help. I guess this query can be marked "Solved."

-- Daniel M. Burkus

Broni · May 15, 2020

Sure thing

Good luck

Solved PC often not displaying JPG images and cannot update software (like Super AntiSpyware).

Daniel Burkus

Posts: 161 +7

Broni

Posts: 56,041 +516

Daniel Burkus

Posts: 161 +7

Daniel Burkus

Posts: 161 +7

Daniel Burkus

Posts: 161 +7

Broni

Posts: 56,041 +516

Daniel Burkus

Posts: 161 +7

Daniel Burkus

Posts: 161 +7

Broni

Posts: 56,041 +516

Similar threads

Latest posts