Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-03-2017 Ran by Keylor Mo (09-03-2017 19:03:43) Running from C:\Users\Keylor Mo\Desktop Microsoft Windows 10 Pro Version 1607 (X86) (2016-10-02 15:54:11) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1925041687-3826732043-3313555696-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1925041687-3826732043-3313555696-503 - Limited - Disabled) Guest (S-1-5-21-1925041687-3826732043-3313555696-501 - Limited - Disabled) Keylor Mo (S-1-5-21-1925041687-3826732043-3313555696-1002 - Administrator - Enabled) => C:\Users\Keylor Mo ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) . . . (Version: 2.6.2.4 - Intel) Hidden µTorrent (HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.) Adblock Plus for IE (32-bit) (HKLM\...\{E93152F1-E3AE-4B2A-9BAC-F770203F67E5}) (Version: 1.5 - Eyeo GmbH) Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.) Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated) Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Photoshop CS5 (HKLM\...\{3EB745BA-194F-4475-9164-B20BB2172395}) (Version: 12.0 - Adobe Systems Incorporated) Bandicam (HKLM\...\Bandicam) (Version: 3.1.1.1073 - Bandisoft.com) CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform) Counter-Strike 1.6 (HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\Counter-Strike 1.6) (Version: - ) Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) Intel® Driver Update Utility (HKLM\...\{66e8e99a-eb6f-4403-9fc2-0ddd4d6f353e}) (Version: 2.6.2.4 - Intel) Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.) League client alpha (HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\League client alpha 1.0) (Version: 1.0 - Riot Games, Inc) League of Legends (HKLM\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games) League of Legends (Version: 4.1.2 - Riot Games) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Modem HDM EC156 (HKLM\...\Modem HDM EC156) (Version: 21.005.20.03.649 - Huawei Technologies Co.,Ltd) NetCut 2.1.4 (HKLM\...\NetCut_is1) (Version: - arcai.com) Node.js (HKLM\...\{47840698-D4F5-414F-A3A9-9A23BF6C6A1A}) (Version: 4.4.3 - Node.js Foundation) Notepad++ (HKLM\...\Notepad++) (Version: 6.9.1 - Notepad++ Team) NVIDIA PhysX (HKLM\...\{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}) (Version: 9.13.0725 - NVIDIA Corporation) PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.) Security Task Manager 2.1i (HKLM\...\Security Task Manager) (Version: 2.1i - Neuber Software) Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH) WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0B6A8048-AC2F-42D1-A341-9F2F6F00DC2F} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-keylormo@outlook.com => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated) Task: {2D42E3FB-F3B8-4B39-82BC-A1FB43224CD6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-11] (Google Inc.) Task: {3AF4B9E6-F405-4D0D-8C0C-FBFBEDC2C448} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd) Task: {47C402C7-F033-4894-BA1B-0418CF56CC38} - System32\Tasks\{2E3FD621-58EF-4CAB-AEBA-A4E4CBB54E59} => launchwinapp.exe hxxp://ui.skype.com/ui/0/7.16.0.101/en/abandoninstall?source=lightinstaller&page=tsInstall Task: {6BC28B8E-69D6-477B-B4FE-E1F4508A9199} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-11] (Google Inc.) Task: {A33E1E70-6E1F-4F26-A418-93F9B5FFC21C} - System32\Tasks\{EB027DF4-EF5F-4BCA-8582-E2AFEABC560A} => pcalua.exe -a "E:\Driver\8187Driver\8187-Win XP\Setup.exe" -d "E:\Driver\8187Driver\8187-Win XP" Task: {C2918BC0-5EBF-45DC-9F60-3AADA2759A31} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-12] (Adobe Systems Incorporated) Task: {CC38EBDC-3B1D-4D44-A483-09F3333885C1} - System32\Tasks\DriverToolkit Autorun => C:\Program Files\DriverToolkit\DriverToolkit.exe Task: {F5A5F1A8-81B4-4C3C-87C7-6673BC89B02B} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2016-11-07] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => C:\Program Files\DriverToolkit\DriverToolkit.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 08:25 - 2016-07-16 08:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-17 16:41 - 2016-12-09 10:11 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2011-03-14 15:27 - 2011-03-14 15:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe 2016-11-30 11:01 - 2016-12-29 18:57 - 00655712 _____ () C:\ProgramData\Modem HDM EC156\OnlineUpdate\ouc.exe 2016-11-30 11:01 - 2016-11-29 20:27 - 00011362 _____ () C:\ProgramData\Modem HDM EC156\OnlineUpdate\mingwm10.dll 2016-11-30 11:01 - 2016-11-29 20:27 - 00043008 _____ () C:\ProgramData\Modem HDM EC156\OnlineUpdate\libgcc_s_dw2-1.dll 2016-11-30 11:01 - 2016-11-29 20:27 - 02415104 _____ () C:\ProgramData\Modem HDM EC156\OnlineUpdate\QtCore4.dll 2016-11-30 11:01 - 2016-11-29 20:27 - 01148416 _____ () C:\ProgramData\Modem HDM EC156\OnlineUpdate\QtNetwork4.dll 2016-11-30 11:01 - 2016-11-29 20:27 - 00843264 _____ () C:\ProgramData\Modem HDM EC156\OnlineUpdate\QueryStrategy.dll 2016-11-30 11:01 - 2016-11-29 20:27 - 00398336 _____ () C:\ProgramData\Modem HDM EC156\OnlineUpdate\QtXml4.dll 2016-12-17 16:41 - 2016-12-09 10:11 - 02048496 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-10-02 23:36 - 2016-10-02 23:37 - 00679624 _____ () C:\Users\Keylor Mo\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll 2016-03-28 18:07 - 2016-03-28 18:07 - 00267952 _____ () C:\Program Files\Notepad++\NppShell_06.dll 2016-07-16 08:25 - 2016-07-16 08:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-11 05:37 - 2016-12-21 04:42 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-01-11 05:37 - 2016-12-21 04:41 - 00492032 _____ () C:\Windows\ShellExperiences\MtcUvc.dll 2017-01-11 05:36 - 2016-12-21 04:25 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-01-11 05:36 - 2016-12-21 04:21 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-10-03 00:11 - 2016-10-03 00:11 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-01-11 05:36 - 2016-12-21 04:21 - 00779776 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-01-11 05:36 - 2016-12-21 04:22 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-01-11 05:36 - 2016-12-21 04:24 - 03158016 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-03-02 18:17 - 2017-03-02 18:25 - 00019968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe 2017-03-02 18:17 - 2017-03-02 18:25 - 17431552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.dll 2017-03-02 18:17 - 2017-03-02 18:25 - 04697600 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x86__8wekyb3d8bbwe\MediaEngine.dll 2016-06-24 18:24 - 2016-06-24 18:25 - 00541696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x86__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2017-03-02 18:17 - 2017-03-02 18:25 - 00250880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x86__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 2017-03-02 18:17 - 2017-03-02 18:25 - 00645632 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x86__8wekyb3d8bbwe\Microsoft.Sharing.dll 2016-03-03 20:07 - 2016-03-03 20:40 - 00180224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x86__8wekyb3d8bbwe\StoreRatingPromotion.dll 2017-02-22 16:25 - 2017-02-22 16:34 - 00064512 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x86__kzf8qxf38zg5c\SkypeHost.exe 2017-02-22 16:25 - 2017-02-22 16:34 - 00153088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-02-22 16:25 - 2017-02-22 16:34 - 30889472 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x86__kzf8qxf38zg5c\SkyWrap.dll 2017-02-07 21:33 - 2017-02-07 22:01 - 01733120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x86__kzf8qxf38zg5c\roottools.dll 2017-02-22 16:25 - 2017-02-22 16:34 - 00098816 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x86__kzf8qxf38zg5c\SkypeHost.Proxies.dll 2016-06-23 11:02 - 2016-06-23 11:02 - 00149272 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll 2016-06-23 11:02 - 2016-06-23 11:02 - 00089880 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win32.dll 2016-06-23 11:02 - 2016-06-23 11:02 - 00103192 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll 2016-06-23 11:02 - 2016-06-23 11:02 - 00259352 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll 2017-02-25 23:13 - 2011-08-23 19:09 - 00118872 _____ () C:\Users\Keylor Mo\Desktop\Half-Life(www.fullypcgames.net)\filesystem_stdio.dll 2017-02-25 23:13 - 2011-08-23 19:09 - 01840440 _____ () C:\Users\Keylor Mo\Desktop\Half-Life(www.fullypcgames.net)\hw.dll 2017-02-25 23:16 - 2011-08-23 19:09 - 00352256 _____ () C:\Users\Keylor Mo\Desktop\Half-Life(www.fullypcgames.net)\vgui.dll 2017-02-25 23:13 - 2011-08-23 19:09 - 00351744 _____ () C:\Users\Keylor Mo\Desktop\Half-Life(www.fullypcgames.net)\mss32.dll 2017-02-25 23:13 - 2011-02-05 16:43 - 00207872 _____ () c:\users\keylor mo\desktop\half-life(www.fullypcgames.net)\steamclient.dll 2017-02-25 23:13 - 2011-08-23 19:09 - 00081920 _____ () c:\users\keylor mo\desktop\half-life(www.fullypcgames.net)\valve\cl_dlls\particleman.dll 2017-02-25 23:16 - 2011-08-23 19:09 - 00245819 _____ () C:\Users\Keylor Mo\Desktop\Half-Life(www.fullypcgames.net)\vgui2.dll 2017-02-25 23:13 - 2011-08-23 19:09 - 00845112 _____ () c:\users\keylor mo\desktop\half-life(www.fullypcgames.net)\valve\cl_dlls\GameUI.dll 2017-02-25 23:13 - 2011-08-23 19:09 - 00125952 _____ () C:\Users\Keylor Mo\Desktop\Half-Life(www.fullypcgames.net)\Mp3dec.asi 2017-02-25 23:13 - 2011-08-23 19:09 - 00142848 _____ () C:\Users\Keylor Mo\Desktop\Half-Life(www.fullypcgames.net)\Mssv12.asi 2017-02-25 23:13 - 2011-08-23 19:09 - 00161792 _____ () C:\Users\Keylor Mo\Desktop\Half-Life(www.fullypcgames.net)\Mssv29.asi 2017-02-25 23:16 - 2011-08-23 19:09 - 00053248 _____ () C:\Users\Keylor Mo\Desktop\Half-Life(www.fullypcgames.net)\voice_miles.dll 2017-02-25 23:13 - 2011-08-23 19:09 - 00090112 _____ () C:\Users\Keylor Mo\Desktop\Half-Life(www.fullypcgames.net)\demoplayer.dll 2017-02-25 23:13 - 2011-08-23 19:09 - 00258106 _____ () C:\Users\Keylor Mo\Desktop\Half-Life(www.fullypcgames.net)\core.dll 2017-02-25 23:13 - 2011-08-23 19:09 - 00535552 _____ () c:\users\keylor mo\desktop\half-life(www.fullypcgames.net)\platform\Servers\serverbrowser.dll 2017-02-25 23:13 - 2011-08-23 19:09 - 00344064 _____ () C:\Users\Keylor Mo\Desktop\Half-Life(www.fullypcgames.net)\tier0.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 08:28 - 2016-02-24 22:28 - 00001236 ___RA C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 thislineskipsanyemptylines 127.0.0.1 mirillis.com 127.0.0.1 www.mirillis.com 127.0.0.1 serwer2.paka-service.com 127.0.0.1 ns386119.ovh.net 127.0.0.1 mirillis.pl 127.0.0.1 www.ovh.com 127.0.0.1 176.31.241.10 127.0.0.1 91.121.143.139 ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Keylor Mo\Desktop\422954_379568645388594_4256134_n.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "RtHDVBg" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run: => "SynTPEnh" HKLM\...\StartupApproved\Run: => "Baidu PC Faster 5.1.0.0" HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\StartupApproved\StartupFolder: => "PalTalk.lnk" HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\StartupApproved\StartupFolder: => "Curse.lnk" HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\StartupApproved\Run: => "IDMan" HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\StartupApproved\Run: => "EagleGet" HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_6B082E3ECDAA2487AA2D9D07650D2274" HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\StartupApproved\Run: => "BlueStacks Agent" HKU\S-1-5-21-1925041687-3826732043-3313555696-1002\...\StartupApproved\Run: => "Discord" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{43E1A9CD-0BF3-4CCD-BC6E-37B670958620}C:\users\keylor mo\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\keylor mo\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{D1DCC661-5EDE-4C2A-8B95-F3968B9F7763}C:\users\keylor mo\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\keylor mo\appdata\roaming\utorrent\utorrent.exe FirewallRules: [TCP Query User{D52BAE50-03C7-427E-B74F-5DAB1CB8BA86}C:\program files\counter-strike 1.6 omonas\hl.exe] => (Allow) C:\program files\counter-strike 1.6 omonas\hl.exe FirewallRules: [UDP Query User{A185A841-226B-4484-9509-4C83C04D06FB}C:\program files\counter-strike 1.6 omonas\hl.exe] => (Allow) C:\program files\counter-strike 1.6 omonas\hl.exe FirewallRules: [TCP Query User{EE74611E-98A8-4F3E-A4FA-9DCC0A99A3FD}C:\users\keylor mo\desktop\half-life(www.fullypcgames.net)\hl.exe] => (Allow) C:\users\keylor mo\desktop\half-life(www.fullypcgames.net)\hl.exe FirewallRules: [UDP Query User{16CF5B43-7295-4B94-B25F-B76E8E64C6D0}C:\users\keylor mo\desktop\half-life(www.fullypcgames.net)\hl.exe] => (Allow) C:\users\keylor mo\desktop\half-life(www.fullypcgames.net)\hl.exe FirewallRules: [{22232E71-0E4C-40DA-803D-3E587E81A922}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [{A4EB1D2F-3A11-439B-90EC-B5EE5B95C3A9}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [{E6DF524C-B670-483B-B113-795922D58A35}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{16DA58C8-579B-4005-8D0C-067CA8553560}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe ==================== Restore Points ========================= 21-02-2017 01:26:00 Intel® Driver Update Utility 24-02-2017 07:58:04 Windows Update 03-03-2017 12:42:27 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/09/2017 05:30:03 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: Activation context generation failed for "c:\program files\common files\adobe air\versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\program files\common files\adobe air\versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (03/09/2017 05:29:19 PM) (Source: ESENT) (EventID: 490) (User: ) Description: wuaueng.dll (1116) SUS20ClientDataStore: An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (03/09/2017 04:41:06 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LeagueClientUx.exe version 7.5.178.8497 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 7b4 Start Time: 01d298ead3682990 Termination Time: 4294967295 Application Path: C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.56\deploy\LeagueClientUx.exe Report Id: 2f13c761-04e7-11e7-951d-b4b52f347934 Faulting package full name: Faulting package-relative application ID: Error: (03/09/2017 04:49:09 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WiFiTask.exe, version: 10.0.14393.187, time stamp: 0x57cf9d82 Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x58256cad Exception code: 0xc0000005 Fault offset: 0x00056af8 Faulting process id: 0x1250 Faulting application start time: 0x01d298906f8e42b0 Faulting application path: C:\WINDOWS\System32\WiFiTask.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 841db25f-91b8-4381-b4ed-c361e1b0f2d8 Faulting package full name: Faulting package-relative application ID: Error: (03/09/2017 03:56:12 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: Activation context generation failed for "c:\program files\common files\adobe air\versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\program files\common files\adobe air\versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (03/08/2017 05:01:33 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.14393.447, time stamp: 0x5819c280 Faulting module name: Windows.UI.Xaml.dll, version: 10.0.14393.594, time stamp: 0x5850ccd7 Exception code: 0xc000027b Fault offset: 0x0070d26c Faulting process id: 0x1b48 Faulting application start time: 0x01d297a8612c83fd Faulting application path: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll Report Id: 587364dd-bad2-4569-b964-c63a0143cc56 Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App Error: (03/08/2017 01:07:35 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.14393.447, time stamp: 0x5819c280 Faulting module name: Windows.UI.Xaml.dll, version: 10.0.14393.594, time stamp: 0x5850ccd7 Exception code: 0xc000027b Fault offset: 0x0070d26c Faulting process id: 0x9c8 Faulting application start time: 0x01d297919de299be Faulting application path: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll Report Id: c54535b6-b5a3-4cde-81a1-31d9d7fdef56 Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App Error: (03/07/2017 09:19:12 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LeagueClientUx.exe version 7.4.176.9146 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: afc Start Time: 01d297881d667e36 Termination Time: 4294967295 Application Path: C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.55\deploy\LeagueClientUx.exe Report Id: b42d7c25-037b-11e7-951b-b4b52f347934 Faulting package full name: Faulting package-relative application ID: Error: (03/07/2017 01:12:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.14393.447, time stamp: 0x5819c280 Faulting module name: combase.dll, version: 10.0.14393.479, time stamp: 0x58256dbb Exception code: 0xc000027b Fault offset: 0x001a5741 Faulting process id: 0x1eb4 Faulting application start time: 0x01d2971628bf69ba Faulting application path: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Faulting module path: C:\WINDOWS\System32\combase.dll Report Id: 5dae8fe5-51ea-4b4f-b725-da240ad8dc4c Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App Error: (03/06/2017 11:13:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Music.UI.exe, version: 10.17012.1030.0, time stamp: 0x58a42d97 Faulting module name: Music.UI.exe, version: 10.17012.1030.0, time stamp: 0x58a42d97 Exception code: 0x80000003 Fault offset: 0x00035d48 Faulting process id: 0x23a4 Faulting application start time: 0x01d296cb327c6a14 Faulting application path: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17012.10301.0_x86__8wekyb3d8bbwe\Music.UI.exe Faulting module path: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17012.10301.0_x86__8wekyb3d8bbwe\Music.UI.exe Report Id: 54c71466-393c-406d-9994-e880429cef13 Faulting package full name: Microsoft.ZuneMusic_10.17012.10301.0_x86__8wekyb3d8bbwe Faulting package-relative application ID: Microsoft.ZuneMusic System errors: ============= Error: (03/09/2017 05:36:11 PM) (Source: DCOM) (EventID: 10016) (User: INCONNU-4C-0F-C) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} and APPID {9E175B9C-F52A-11D8-B9A5-505054503030} to the user INCONNU-4C-0F-C\Keylor Mo SID (S-1-5-21-1925041687-3826732043-3313555696-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool. Error: (03/09/2017 05:35:54 PM) (Source: DCOM) (EventID: 10016) (User: INCONNU-4C-0F-C) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} and APPID {9E175B9C-F52A-11D8-B9A5-505054503030} to the user INCONNU-4C-0F-C\Keylor Mo SID (S-1-5-21-1925041687-3826732043-3313555696-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool. Error: (03/09/2017 05:31:08 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout. Error: (03/09/2017 05:29:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Update service terminated with the following error: %%3355444232 Error: (03/09/2017 03:58:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/09/2017 03:58:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/09/2017 03:58:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/09/2017 03:58:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/09/2017 04:48:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/09/2017 04:47:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Modem HDM EC156. RunOuc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. CodeIntegrity: =================================== Date: 2016-10-19 13:43:30.298 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-19 13:43:29.507 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU B970 @ 2.30GHz Percentage of memory in use: 77% Total physical RAM: 1942.36 MB Available physical RAM: 439.85 MB Total Virtual: 4118.36 MB Available Virtual: 1605.71 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:145.71 GB) (Free:102.93 GB) NTFS Drive d: () (Fixed) (Total:151.51 GB) (Free:137.78 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: ABA1A315) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=145.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=792 MB) - (Type=27) Partition 4: (Not Active) - (Size=151.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================