JustPaste.it - Share Text & Images the Easy Way

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by adam (14-12-2018 11:58:57)
Running from D:\Downloads
Windows 8.1 Pro (Update) (X64) (2018-12-06 19:06:43)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

adam (S-1-5-21-537903363-2798869277-3563865902-1001 - Administrator - Enabled) => C:\Users\adam
Administrator (S-1-5-21-537903363-2798869277-3563865902-500 - Administrator - Disabled)
Guest (S-1-5-21-537903363-2798869277-3563865902-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {8D637332-9C08-995E-98D7-8237936B0E9F}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 3.0.14 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0050 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 5.50 - Piriform)
Check Point SBA (HKLM\...\{B212ABB9-E151-444B-975C-8A3EA9DC8EFB}) (Version: 86.4.9056 - Check Point Software Technologies Ltd.) Hidden
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 417.22 - NVIDIA Corporation) Hidden
eM Client (HKLM-x32\...\{E1A91386-A21E-484E-8FED-47BA87671427}) (Version: 7.2.34062.0 - eM Client Inc.)
FastStone Image Viewer 6.7 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.7 - FastStone Soft)
FontBase 2.6.6 (HKU\S-1-5-21-537903363-2798869277-3563865902-1001\...\ffc1e284-e25b-515d-b453-93eb9fe955eb) (Version: 2.6.6 - Dominik Levitsky Studio)
foobar2000 v1.4.1 (HKLM-x32\...\foobar2000) (Version: 1.4.1 - Peter Pawlowski)
HD Video Converter Factory Pro 17.0 (HKLM-x32\...\HD Video Converter Factory Pro) (Version: 17.0 - WonderFox Soft, Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4385 - Intel Corporation)
jAlbum (HKLM\...\{EB433E79-52E8-455C-9140-1F8068A3ACCC}) (Version: 13.3 - Jalbum AB)
Jing (HKLM-x32\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith Corporation)
KeePass Password Safe 2.40 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.40 - Dominik Reichl)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Mediatek Bluetooth (HKLM\...\{1C41AEAE-7DD5-29D6-FA5F-D1E8A12ECE4E}) (Version: 11.0.760.0 - Mediatek)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.11029.20108 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-537903363-2798869277-3563865902-1001\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 64.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 64.0 (x64 en-GB)) (Version: 64.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.6 - Notepad++ Team)
NVIDIA Graphics Driver 417.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 417.22 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11029.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11029.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11029.20108 - Microsoft Corporation) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 5.0.55.0 - Ralink)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.3.0.1910 - Samsung Electronics)
Sandboxie 5.26 (64-bit) (HKLM\...\Sandboxie) (Version: 5.26 - Sandboxie Holdings, LLC)
Skype version 8.36 (HKLM-x32\...\Skype_is1) (Version: 8.36 - Skype Technologies S.A.)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
WhereIsIt? 2014 (HKLM-x32\...\whereisit-wii_is1) (Version: 2014 - Robert Galle)
Windows Driver Package - ASUS (ATP) Mouse (01/13/2015 1.0.0.233) (HKLM\...\8335D73177E6D80E7ADC00FED2275758BD28AEFB) (Version: 01/13/2015 1.0.0.233 - ASUS)
ZoneAlarm Anti-Ransomware (HKLM-x32\...\{0B8C3231-9818-4CB9-8213-4AB839836791}) (Version: 1.001.0704 - Check Point Software) Hidden
ZoneAlarm Firewall (HKLM-x32\...\{6F277433-5A52-4DC5-AA23-ECE8FD045EBD}) (Version: 15.4.062.17802 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.4.062.17802 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{37F2A556-851C-46BA-BDD4-48745E7A106B}) (Version: 15.4.062.17802 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-537903363-2798869277-3563865902-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> [CC]{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-11-12] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-03-01] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-11-29] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> [CC]{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {034FB27D-AA4D-43F1-9F9C-FD0BE330C7A1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-28] (Piriform Ltd)
Task: {05C3BA7C-32B0-4910-ADFD-7FCC2A83AB12} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-11-29] (NVIDIA Corporation)
Task: {0A17BEB1-8AD8-41BF-8117-6F5637211AC3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {115695B8-AA5B-4B2A-BD6F-E09E56930866} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-28] (Piriform Software Ltd)
Task: {12348269-B60D-4B06-86D7-2D54C2F8E920} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-07] (Microsoft Corporation)
Task: {146A32B3-5DA2-42E9-9D14-363D075E75D6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-12-08] (Microsoft Corporation)
Task: {15840BBA-F7A3-4F9E-BE35-7E59B1CE4EC4} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-04-13] (Realtek Semiconductor)
Task: {1FD07CA2-819E-41C3-9F10-0868260EA0C5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {2D3958C9-B35C-4A0A-BDD1-47687F575772} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-07] (Microsoft Corporation)
Task: {2D580328-B726-4F60-A8B1-4E3639D88A75} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-14] (Microsoft Corporation)
Task: {307F9EF6-4C15-4861-864A-F9314F3AA343} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {311A5163-7422-4510-95E6-07DB510184F7} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2018-12-14] (Microsoft Corporation)
Task: {315D7CFC-6418-41AD-BAFE-345F22281D88} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-11-29] (NVIDIA Corporation)
Task: {38969C6B-6754-489B-9420-F63A77B08A6C} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {6649CAFD-6DDC-4782-B6FB-A069AF0AFF20} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-14] (Microsoft Corporation)
Task: {6ACF899D-3B83-4A55-9CAF-DFA82A2C88EA} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2018-10-05] (Samsung Electronics Co. Ltd.)
Task: {82E3B68D-2CAC-4277-8A64-947F3BA3758E} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-11-29] (NVIDIA Corporation)
Task: {830616B5-6B3D-4EE8-BB56-071FB541EA81} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-03-18] (AsusTek)
Task: {83129F0D-45BA-4EED-9F5B-DCA2AFCEB2DF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2018-12-14] (Microsoft Corporation)
Task: {89059439-0E15-4FC9-B39A-6999438BA962} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {8A1B5E02-D441-4547-9623-B4B8CB82AC1C} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-11-29] (NVIDIA Corporation)
Task: {8A8AB9E9-5FAA-4EA6-8737-4445ADA1AAB2} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-11-29] (NVIDIA Corporation)
Task: {A3107D51-F0B8-4BB7-A82C-052561856C66} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-04-13] (Realtek Semiconductor)
Task: {A92EA702-50DC-40D9-87A8-A546440A7F8C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-12-08] (Microsoft Corporation)
Task: {AE8A1BD7-8A8D-4F4F-A1E0-815E5B60202D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-11-29] (NVIDIA Corporation)
Task: {B5D6C8A1-A0D1-4035-A711-C1B33444BE39} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-11-29] (NVIDIA Corporation)
Task: {DB10FEC2-F0BD-407A-8D78-7EC1D87DAD3C} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {DD8856BA-FB7C-4BD6-AEC6-78707A9ADA20} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-12-14] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2018-12-06 20:55 - 2016-03-01 03:48 - 000400880 _____ () C:\Windows\system32\igfxTray.exe
2018-11-12 23:35 - 2018-11-12 23:35 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2018-10-25 02:39 - 2018-10-25 02:39 - 000033016 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
2018-10-25 01:44 - 2018-10-25 01:44 - 000163576 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\TPCommonCLI.dll
2018-08-29 15:21 - 2018-08-29 15:21 - 000095992 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationProxyWrapperLib.dll
2018-09-05 11:11 - 2018-09-05 11:11 - 000104184 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Reputation\ReputationProviderCLI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2013-08-22 13:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-537903363-2798869277-3563865902-1001\Control Panel\Desktop\\Wallpaper -> D:\Documents\Dzogczen\A.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-537903363-2798869277-3563865902-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-537903363-2798869277-3563865902-1001\...\StartupApproved\Run: => "Uninstall 18.151.0729.0013"
HKU\S-1-5-21-537903363-2798869277-3563865902-1001\...\StartupApproved\Run: => "Uninstall 18.151.0729.0013\amd64"
HKU\S-1-5-21-537903363-2798869277-3563865902-1001\...\StartupApproved\Run: => "Lync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{77F3ECB4-0A40-4D64-8CA8-081929B6B83D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4D8B1072-8B09-49B4-B673-6EFB74B080FF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0E34502E-2944-4480-9B96-225E1C8D14E1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{FCDB8CB7-322F-42C9-A88E-618C45888497}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{A07778EB-7A17-44B9-AF59-7030D9298F97}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FCB3F1DE-794C-49B6-806E-6B18CAC06AE7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{95F137AD-C3BB-4376-AF7B-77A62FEA7363}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{C9889982-F0F1-4EE0-B803-EE0B398CCD90}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{E423DCDA-E434-4DDE-9716-E3C0C5BCA400}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{7F9E91CC-BE13-412A-8527-C69EF39216A6}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{8E34D195-C425-4D9A-BE0E-F1CF20F54C5E}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{FC25DDA0-5356-40F0-BCC9-05FBA7BCE3D1}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{BAD0CE86-4BD6-450B-87C7-970F92EF5722}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{D3B98615-D1B5-4ECE-8E62-33AA05D8047C}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{9207AA93-7846-478A-9047-9B80E7B74160}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

==================== Restore Points =========================

09-12-2018 22:48:55 Installed Adobe Photoshop Lightroom 5.7 64-bit.
13-12-2018 22:09:28 Installed SpeechRedist

==================== Faulty Device Manager Devices =============

Name: Intel(R) Atom(TM)/Celeron(R)/Pentium(R) Processor Intel DPTF Thermal Framework Device - 3400
Description: Intel(R) Atom(TM)/Celeron(R)/Pentium(R) Processor Intel DPTF Thermal Framework Device - 3400
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Mobile 5th Generation Intel(R) Core(TM) Camarillo Device - 1603
Description: Mobile 5th Generation Intel(R) Core(TM) Camarillo Device - 1603
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/13/2018 10:26:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/13/2018 10:26:02 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat 10.0\Designer 9.0\FileSystemBrowser.dll".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/13/2018 10:26:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat 10.0\Designer 9.0\FormDesigner.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/13/2018 10:09:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Setup.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1418

Start Time: 01d493302ee3eae7

Termination Time: 3

Application Path: H:\CD1\System\Setup.exe

Report Id: d10f9706-ff23-11e8-825d-f832e435d21b

Faulting package full name:

Faulting package-relative application ID:

Error: (12/13/2018 09:49:01 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhostex (4172) WebCacheLocal: Database recovery/restore failed with unexpected error -1032.

Error: (12/13/2018 09:49:01 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostex (4172) WebCacheLocal: An attempt to open the file "C:\Users\adam\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (12/13/2018 09:30:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program pssetup.exe version 3.0.0.11 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 818

Start Time: 01d4932ad3e75eeb

Termination Time: 0

Application Path: C:\TEMP\pssetup.exe

Report Id: 3c6fc9dc-ff1e-11e8-825d-f832e435d21b

Faulting package full name:

Faulting package-relative application ID:

Error: (12/13/2018 08:48:19 AM) (Source: Microsoft-Windows-EapHost) (EventID: 3002) (User: NT AUTHORITY)
Description: Could not find the requested EapMethod: TypeId(0), AuthorId(0), VendorId(0), VendorType(0)

System errors:
=============
Error: (12/14/2018 11:53:52 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 3 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (12/14/2018 11:53:52 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (12/14/2018 11:53:52 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 2 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (12/14/2018 11:53:52 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (12/14/2018 11:53:50 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (12/14/2018 10:56:44 AM) (Source: DCOM) (EventID: 10010) (User: ak)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (12/14/2018 10:56:14 AM) (Source: DCOM) (EventID: 10010) (User: ak)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (12/14/2018 10:50:46 AM) (Source: DCOM) (EventID: 10010) (User: ak)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Windows Defender:
===================================
Date: 2018-12-14 10:56:52.509
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {DA58425A-FE19-494F-939A-C151E083E41B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-12-14 10:51:22.445
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {D9297ADF-52DD-4222-AE98-A919CC5AD424}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-12-12 15:57:27.076
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {98237EA2-ECEF-4A0B-AE17-EBDCB159850F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-12-12 15:40:12.519
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {2E539C52-7059-4965-B120-EAD237E05A04}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-12-11 23:01:13.488
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {6782EE4D-09E0-422D-B21F-31B95CEFB9E2}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-12-10 21:25:08.631
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

Date: 2018-12-08 16:32:42.126
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80073aba
Error description: The resource is too old to be compatible.
Signature version: 1.155.266.0;1.155.266.0
Engine version: 1.1.9700.0

Date: 2018-12-08 15:28:46.275
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version: 1.1.15500.2
Previous Engine Version: 1.1.9700.0
Error Code: 0x8050800c
Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support.

Date: 2018-12-07 12:38:32.708
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

Date: 2018-12-07 08:40:40.333
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2018-12-14 10:50:07.683
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvdlistx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-11 08:32:10.311
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvdlistx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-08 10:52:10.826
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvdlistx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-07 08:40:33.582
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvdlistx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 17%
Total physical RAM: 12187.36 MB
Available physical RAM: 10087.68 MB
Total Virtual: 12187.36 MB
Available Virtual: 9732.86 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:100.53 GB) (Free:49.1 GB) NTFS
Drive d: (Dane) (Fixed) (Total:131.83 GB) (Free:58.98 GB) NTFS

\\?\Volume{1fabe3ec-4883-4953-a60f-8c9889add6e5}\ (Odzyskiwanie) (Fixed) (Total:0.29 GB) (Free:0.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================