Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2019 Ran by Krucyfuks (23-10-2019 01:50:09) Running from D:\uzytki Windows 7 Home Premium Service Pack 1 (X64) (2019-10-13 22:15:51) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2483584445-2474970256-2882493408-500 - Administrator - Disabled) Guest (S-1-5-21-2483584445-2474970256-2882493408-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2483584445-2474970256-2882493408-1002 - Limited - Enabled) Krucyfuks (S-1-5-21-2483584445-2474970256-2882493408-1000 - Administrator - Enabled) => C:\Users\Krucyfuks ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 19.021.20048 - Adobe Systems Incorporated) Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.) CCleaner (HKLM\...\{DCC7ED81-4222-4555-87F4-AE3E8B0C10D6}_is1) (Version: 5.55.7108 - Piriform) Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.11.0.0948 - Disc Soft Ltd) FM Genie Scout 19g FREE version 1.2.1 19.3.6 (HKLM\...\FM Genie Scout 19g FREE_is1) (Version: 1.2.1 19.3.6 - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.70 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) K-Lite Codec Pack 15.2.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.2.0 - KLCP) Malwarebytes (wersja 3.8.3.2965) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) Microsoft .NET Framework 4.8 (HKLM\...\{16735AF7-1D8D-3681-94A5-C578A61EC832}) (Version: 4.8.03761 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 69.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 69.0.3 (x64 en-US)) (Version: 69.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.3 - Mozilla) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden qBittorrent 4.1.8 (HKLM-x32\...\qBittorrent) (Version: 4.1.8 - The qBittorrent project) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39029 - Realtek Semiconductor Corp.) Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.60 (2015-03-17) - Samsung Electronics Co., Ltd.) Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.45.00(2014-05-23) - Samsung Electronics Co., Ltd.) Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.0.17 - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Samsung Scan Process Machine (HKLM-x32\...\Samsung Scan Process Machine) (Version: 1.03.05.25 - Samsung Electronics Co., Ltd.) Hidden Samsung SCX-3400 Series (HKLM-x32\...\Samsung SCX-3400 Series) (Version: 1.30 (2017-07-27) - Samsung Electronics Co., Ltd.) SilentSetup (HKLM-x32\...\{BA073B32-292B-424A-97E1-70C25CD1075F}) (Version: 1.0.0 - Default Company Name) Hidden SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.0.0 - Synaptics Incorporated) WinRAR 5.71 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.1 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-06] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-06] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-10-14] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-10-14] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-06] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-06] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ==================== Loaded Modules (Whitelisted) ============== 2019-10-14 00:30 - 2011-02-18 08:16 - 000058880 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2019-10-14 01:05 - 2018-08-05 14:54 - 000002560 _____ () [File not signed] C:\Program Files\CCleaner\version.DLL 2019-10-14 00:46 - 2019-10-14 00:46 - 000169984 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\15f1b6267af10cbc90476df5d7e56731\IsdiInterop.ni.dll 2019-10-17 14:47 - 2017-07-14 06:40 - 000022528 _____ () [File not signed] C:\Windows\System32\ssm1mlm.dll 2019-10-14 00:45 - 2010-10-06 11:43 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll 2019-10-14 00:46 - 2019-10-14 00:46 - 000014336 _____ (Intel Corp.) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6ee4568b5e2cb5df23725432f47d73f4\IAStorCommon.ni.dll 2019-10-14 00:45 - 2010-10-06 11:38 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll 2019-10-14 00:30 - 2011-02-18 08:16 - 000165376 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUIHelper.dll 2019-10-14 00:30 - 2011-02-18 08:16 - 001109504 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IntelVisualDesign.dll 2019-10-14 00:30 - 2011-02-18 08:13 - 000275456 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\ISDI.dll 2019-10-14 00:46 - 2019-10-14 00:46 - 000219136 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\cd49e7a11058118f262a24faa32e2deb\IAStorDataMgr.ni.dll 2019-10-14 00:46 - 2019-10-14 00:46 - 000475648 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\9fe8e6f08fe9a37b33d736835e3db50b\IAStorUtil.ni.dll 2019-08-19 15:53 - 2019-08-19 15:53 - 002651136 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wuaueng2.dll 2019-10-17 14:51 - 2019-10-17 14:51 - 000225280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll 2013-11-26 11:07 - 2013-11-26 11:07 - 000112128 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Easy Printer Manager\SmartScreenPrint\CDAKEYMonitor.dll 2014-04-10 08:25 - 2014-04-10 08:25 - 002501120 _____ (TODO: ) [File not signed] C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAScan2PCMonitor.dll 2019-10-17 14:47 - 2017-07-14 06:40 - 000043520 _____ (Windows (R) Codename Longhorn DDK provider) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\ssm1mpc.dll ==================== Alternate Data Streams (Whitelisted) ========= ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2483584445-2474970256-2882493408-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Krucyfuks\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 62.179.1.61 - 62.179.1.63 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{8EA32E80-2CA0-4949-93C6-52B5D7D03FF6}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed] FirewallRules: [{D4D4FF13-64DA-4A7D-822C-F5D474395624}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed] FirewallRules: [{997E3FF7-6621-4873-B02C-3EB19D4C91D7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{1DE5DA0C-4C95-49B8-A0A1-04633CDCC565}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{3CC8EDAA-FFA4-41A9-AB3C-92C3B891A540}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{05882BCD-3D21-4528-BB6B-C0154E65C4DB}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{5C503632-D853-4CCB-B188-8984BF40E238}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{0AA6CCB7-2F42-49D4-ACC6-CC60924B6404}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{3E9254DA-D7F7-4FE8-B00A-9551D26D0E1E}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{CF20EFF3-3ADD-4D85-8BE2-1667FA6E476B}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{16274D15-1885-4E3B-A75C-78A051F12854}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed] FirewallRules: [UDP Query User{050CC05F-D233-42F7-A08C-B7D984D32123}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed] FirewallRules: [{15A3DB27-929A-4EDE-BC70-AE0D8D4DE8AA}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) FirewallRules: [{B47033D6-36F9-4373-B86A-15C481D5F8E7}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) FirewallRules: [{F66D59BB-4A8C-4D70-A95D-9A359CDD2ED1}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{0813FA4E-48B4-4821-8E3D-2C7AFBAD2CB4}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{7ED28774-7E5A-404C-9101-FE8B8CEC4A04}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{4DF8AD7C-1850-4C49-ADE5-338F22CCEC7C}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{98D091FF-E56E-47BD-AFE7-48EA3E7CF3AA}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) FirewallRules: [{4A57A47C-9057-43AE-BA5C-19E044CC4142}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) FirewallRules: [{565692CD-20B6-4F85-9932-9F43EE3012D1}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) FirewallRules: [{FFBD0261-A94C-4038-B1D7-BFEDEE4B6451}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) FirewallRules: [{3CCC0777-DE89-46D6-A651-0C5D254FD584}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) FirewallRules: [{B54A5BE3-51B9-4E62-8EE8-C5DE979E8A59}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) FirewallRules: [{40FE668A-69D7-41F2-B017-8D25798EB0F9}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe (Samsung Electronics Co., Ltd.) [File not signed] FirewallRules: [{ADFC4EF9-D559-49B2-AC9F-2A683FE86064}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe (Samsung Electronics Co., Ltd.) [File not signed] FirewallRules: [{9BF53D4E-0BE8-4BB4-87F8-62FD94295442}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) FirewallRules: [{4E4349D8-4536-4462-9B97-33C8359B19FA}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) FirewallRules: [{57F61665-1816-42B0-96C1-E9360B27E50A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe (Samsung Electronics CO., LTD. -> ScanProcess) FirewallRules: [{35767504-AC21-4095-8849-5427BA7230CB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe (Samsung Electronics CO., LTD. -> ScanProcess) FirewallRules: [{CFD0D678-11AF-45CF-8E40-F1E6CAD7DD66}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe (Samsung Electronics CO., LTD. -> Scan2PCNotify) FirewallRules: [{B10FAC89-97A2-465B-B630-7C14106E9AF7}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe (Samsung Electronics CO., LTD. -> Scan2PCNotify) FirewallRules: [{24808BC4-C61A-45F8-989B-3B449652B156}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{9B24E47F-3972-4F3D-AE7F-9D7261E1AC68}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{CE6BE264-151F-4F3C-96F0-3065EC23DD7B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{3B0E4709-260F-479F-A50E-5669C7EAD00B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{5E35CF70-4EBD-4871-BF56-3E6ED66E635B}] => (Allow) LPort=62458 FirewallRules: [{B091A37B-C513-4DAB-9075-78D7E3656CB1}] => (Allow) LPort=62458 FirewallRules: [{D2FE900F-F692-44D2-A05C-E9B50EB14157}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Standard VGA Graphics Adapter Description: Standard VGA Graphics Adapter Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard display types) Service: vga Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (10/23/2019 01:09:45 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AdwCleaner.exe, version: 7.4.1.0, time stamp: 0x5d6ff0ef Faulting module name: AdwCleaner.exe, version: 7.4.1.0, time stamp: 0x5d6ff0ef Exception code: 0xc0000005 Fault offset: 0x0041d7cb Faulting process id: 0xe8c Faulting application start time: 0x01d5892dc5bcfe70 Faulting application path: D:\uzytki\AdwCleaner.exe Faulting module path: D:\uzytki\AdwCleaner.exe Report Id: 08d3bd57-f521-11e9-9aee-b870f4234fa9 Error: (10/23/2019 01:08:18 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/23/2019 01:06:54 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Krucyfuks-PC) Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Error: (10/23/2019 01:06:54 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Krucyfuks-PC) Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on. Error: (10/23/2019 01:06:54 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Krucyfuks-PC) Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. DETAIL - The process cannot access the file because it is being used by another process. Error: (10/23/2019 01:06:54 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY) Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. DETAIL - The process cannot access the file because it is being used by another process. for C:\Users\Krucyfuks\ntuser.dat Error: (10/23/2019 12:35:01 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AdwCleaner.exe, version: 7.4.1.0, time stamp: 0x5d6ff0ef Faulting module name: AdwCleaner.exe, version: 7.4.1.0, time stamp: 0x5d6ff0ef Exception code: 0xc0000005 Fault offset: 0x0041d7cb Faulting process id: 0xfec Faulting application start time: 0x01d58928edacd4e6 Faulting application path: D:\uzytki\AdwCleaner.exe Faulting module path: D:\uzytki\AdwCleaner.exe Report Id: 2f1a2f01-f51c-11e9-8311-b870f4234fa9 Error: (10/23/2019 12:32:24 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AdwCleaner.exe, version: 7.4.1.0, time stamp: 0x5d6ff0ef Faulting module name: AdwCleaner.exe, version: 7.4.1.0, time stamp: 0x5d6ff0ef Exception code: 0xc0000005 Fault offset: 0x0041d7cb Faulting process id: 0x1450 Faulting application start time: 0x01d58928906fc602 Faulting application path: D:\uzytki\AdwCleaner.exe Faulting module path: D:\uzytki\AdwCleaner.exe Report Id: d0faf243-f51b-11e9-8311-b870f4234fa9 System errors: ============= Error: (10/23/2019 01:16:05 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (10/23/2019 01:16:05 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (10/23/2019 01:15:57 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (10/23/2019 01:15:57 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (10/23/2019 01:10:00 AM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (10/21/2019 11:15:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (10/21/2019 11:15:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473535. Error: (10/21/2019 11:07:32 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. ==================== Memory info =========================== BIOS: LENOVO 40CN33WW(V2.19) 08/14/2012 Motherboard: LENOVO Base Board Product Name Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz Percentage of memory in use: 50% Total physical RAM: 8135.86 MB Available physical RAM: 4014.61 MB Total Virtual: 16269.86 MB Available Virtual: 11940.66 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:34.57 GB) (Free:6.27 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:664.06 GB) (Free:393.91 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: C3FFC3FF) Partition 1: (Active) - (Size=34.6 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=664.1 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================