Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016 Ran by Damian (24-10-2016 14:10:44) Running from C:\Users\Damian\Downloads Windows 7 Professional Service Pack 1 (X64) (2016-10-19 11:15:30) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-938549846-2126480309-1688900008-500 - Administrator - Disabled) Damian (S-1-5-21-938549846-2126480309-1688900008-1001 - Administrator - Enabled) => C:\Users\Damian Guest (S-1-5-21-938549846-2126480309-1688900008-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-938549846-2126480309-1688900008-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-938549846-2126480309-1688900008-1001\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.) ACP Application (Version: 2016.1004.2140.45 - Advanced Micro Devices, Inc.) Hidden AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB) Catalyst Control Center Next Localization BR (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2016.1004.2153.37567 - Advanced Micro Devices, Inc.) Hidden Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.1.0.0333 - DT Soft Ltd) Demolish.and.Build.Company.2017.REPACK-KaOs Uninstaller v3.0 (HKLM-x32\...\Demolish.and.Build.Company.2017.REPACK-KaOs_is1) (Version: 3.0 - KaOsKrew) Dota 2 (HKLM\...\Steam App 570) (Version: - Valve) GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.59 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) KHOLAT (HKLM\...\Steam App 343710) (Version: - IMGN.PRO) League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games) League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden Malwarebytes Anti-Malware wersja 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) Origin (HKLM-x32\...\Origin) (Version: 10.1.1.35466 - Electronic Arts, Inc.) Pro Evolution Soccer 2016 myClub (HKLM\...\Steam App 407250) (Version: - Konami Digital Entertainment) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.) Rust (HKLM\...\Steam App 252490) (Version: - Facepunch Studios) SHU (HKLM-x32\...\{DF11DD92-DBB8-4F3F-9564-A8BBDBE986F5}_is1) (Version: 1.0 - ScreenShu Software) Spotify (HKU\S-1-5-21-938549846-2126480309-1688900008-1001\...\Spotify) (Version: 1.0.39.157.g674ae377 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKU\S-1-5-21-938549846-2126480309-1688900008-1001\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH) The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.) The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.0.0 - GOG.com) WinRAR 5.01 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) Worms W.M.D. (HKLM-x32\...\Worms W.M.D._is1) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {41BE66A4-A49C-4BE1-AAA3-9B94EEE82D70} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-19] (Google Inc.) Task: {7C8CD26E-6569-4FB0-90AD-284763AAFCC7} - System32\Tasks\4b61d06ef0356dc7e0a79eadfc7c48a5 => Rundll32.exe "C:\Program Files (x86)\AMD\dp0irx.dll",e62dc6c6547f46bda862da2d05af6862 Task: {D8D9656E-EB32-44EA-88C1-77841E0EDF28} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-10-04] (Advanced Micro Devices, Inc.) Task: {DD522736-F3D0-49FC-9179-506C4B1FC4CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-19] (Google Inc.) Task: {E373130B-FB5C-4E8C-A6F7-BEAAC30B39A4} - \Fekutain Renew -> No File <==== ATTENTION Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic Shortcut: C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic Shortcut: C:\Users\Damian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic Shortcut: C:\Users\Damian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic Shortcut: C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic ==================== Loaded Modules (Whitelisted) ============== 2016-10-23 16:51 - 2016-10-23 16:51 - 00142848 ____H () C:\Program Files (x86)\Youtube AdBlock_\local64spl.dll 2016-10-23 16:51 - 2016-10-23 16:51 - 00142848 ____H () C:\Users\Damian\AppData\LocalLow\Youtube AdBlock_\local64spl.dll 2016-10-23 16:51 - 2016-10-23 16:51 - 00142848 ____H () C:\Users\Damian\AppData\Local\Google\Chrome\User Data\local64spl.dll 2016-10-23 16:51 - 2016-10-23 16:51 - 00142848 ____H () C:\Users\Damian\AppData\Local\Google\Chrome\User Data_\local64spl.dll 2016-10-23 16:51 - 2016-10-23 16:51 - 00142848 ____H () C:\Users\Damian\AppData\Local\Temp_\local64spl.dll 2016-10-23 16:51 - 2016-10-23 16:51 - 00142848 ____H () C:\Windows\Temp\local64spl.dll 2016-10-23 16:51 - 2016-10-23 16:51 - 00142848 ____H () C:\Windows\Temp_\local64spl.dll 2016-10-23 16:51 - 2016-10-23 16:51 - 00142848 ____H () D:\Games\local64spl.dll 2016-10-23 16:51 - 2016-10-23 16:51 - 00142848 ____H () D:\Games_\local64spl.dll 2016-10-23 16:51 - 2016-10-23 16:51 - 00142848 ____H () D:\Program Files (x86)\local64spl.dll 2016-10-23 16:51 - 2016-10-23 16:51 - 00142848 ____H () D:\Program Files (x86)_\local64spl.dll 2016-10-23 16:51 - 2016-10-23 16:51 - 00142848 ____H () D:\Program Files\local64spl.dll 2016-10-23 16:51 - 2016-10-23 16:51 - 00142848 ____H () D:\Program Files_\local64spl.dll 2016-10-23 16:51 - 2016-10-23 16:51 - 00142848 ____H () D:\WarThunder\local64spl.dll 2016-10-23 16:51 - 2016-10-23 16:51 - 00142848 ____H () D:\WarThunder_\local64spl.dll 2016-09-13 21:51 - 2016-09-13 21:51 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll 2016-09-13 21:51 - 2016-09-13 21:51 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll 2016-09-13 21:51 - 2016-09-13 21:51 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll 2016-09-13 21:51 - 2016-09-13 21:51 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll 2016-09-13 21:48 - 2016-09-13 21:48 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll 2016-09-13 21:48 - 2016-09-13 21:48 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2016-10-20 22:40 - 2016-10-20 22:40 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe 2016-10-19 13:43 - 2016-10-12 07:56 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\libglesv2.dll 2016-10-19 13:43 - 2016-10-12 07:56 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\libegl.dll 2016-04-01 12:30 - 2016-10-19 15:05 - 01294336 _____ () D:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe 2016-10-19 15:05 - 2016-10-19 15:05 - 02790904 _____ () D:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.30\deploy\LoLLauncher.exe 2016-10-19 15:06 - 2016-10-19 15:06 - 04933112 _____ () D:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.70\deploy\LoLPatcher.exe 2016-10-19 15:08 - 2016-10-19 15:08 - 00074752 _____ () D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.226\deploy\LolClient.exe 2016-10-19 14:10 - 2016-10-19 19:03 - 51889264 _____ () C:\Users\Damian\AppData\Roaming\Spotify\libcef.dll 2016-10-22 19:36 - 2006-06-06 06:06 - 00002560 _____ () d:\Program Files (x86)\DAEMON Tools Pro\MSIMG32.dll 2016-10-19 14:10 - 2016-10-19 19:03 - 01803888 _____ () C:\Users\Damian\AppData\Roaming\Spotify\libglesv2.dll 2016-10-19 14:10 - 2016-10-19 19:03 - 00086128 _____ () C:\Users\Damian\AppData\Roaming\Spotify\libegl.dll 2016-10-19 15:06 - 2016-10-19 15:06 - 00610808 _____ () D:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.70\deploy\RiotLauncher.dll 2016-10-19 15:06 - 2016-10-19 15:06 - 04887216 _____ () D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.226\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll 2016-10-19 15:06 - 2016-10-19 15:06 - 19397808 _____ () D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.226\deploy\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll 2016-10-24 14:10 - 2016-10-24 14:10 - 00380928 _____ () C:\Users\Damian\Downloads\wfjdcgwn.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2016-10-23 14:23 - 00001038 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-938549846-2126480309-1688900008-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 92.63.32.2 - 92.63.32.3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{6D8CF3C6-DF9F-4ECB-8064-C464FFCC1FC7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{6AD5FBBD-950D-4C10-ACF3-57A4F55A8F04}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{F3E82FF3-4037-4985-B667-573290A7EE75}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{FCE7826F-C915-4E2E-AFED-9AA1F117F889}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{650541D5-EDDF-4788-A3BE-A75324E1F7F4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [TCP Query User{2F96C13D-F78E-46F8-BBBB-28FE10C1FCBC}C:\users\damian\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\damian\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{0AE210CD-EF73-4ED8-AC07-F2853AA2BCF0}C:\users\damian\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\damian\appdata\roaming\spotify\spotify.exe FirewallRules: [{87AC6CED-8B15-4E6F-89F7-9ED703F9E9C5}] => (Allow) C:\Users\Damian\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{2F2CA823-7486-4DE9-9876-C023D1C26220}] => (Allow) C:\Users\Damian\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{82EE1159-958B-46A7-910D-8953218B7170}] => (Allow) C:\Users\Damian\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{CF5D1805-87CC-44F5-906B-F8D5FD8269F0}] => (Allow) C:\Users\Damian\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{1CC2E5A7-3846-4736-9CBE-DB2BC5262D48}] => (Allow) C:\Users\Damian\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{5EB497BE-31B0-46B8-8E7F-28DAE47783A4}] => (Allow) C:\Users\Damian\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{29CAA270-8F46-4446-8210-54DC312E86CD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe FirewallRules: [{3BB5E5A1-9204-445C-B92A-2F3B27259A66}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe FirewallRules: [{6E161EDE-C429-48C3-9662-DD27E289638D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{B5757768-AE2B-4AAF-AC75-19730F326652}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{D71347C3-F664-4B8B-9563-8652B1BD407B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{F264AD57-2CBB-45BB-A194-C55A6CA0FB1B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{1A565979-B2BF-49AE-9D83-424C2D4585A5}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Pro Evolution Soccer 2016 myClub\PES2016.exe FirewallRules: [{178AC906-2209-4F47-BEC1-EA035D353F10}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Pro Evolution Soccer 2016 myClub\PES2016.exe FirewallRules: [{5A49DFAF-A85A-4023-9E32-7E50966ADE88}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{FB475EA4-7B47-44B2-B8F1-4839C9D0F36A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{D82FF743-C447-4DA3-8280-B7F3CE5D8359}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\KHOLAT\Kholat.exe FirewallRules: [{505176F6-6B0B-44A1-8FAF-DF8846F21F35}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\KHOLAT\Kholat.exe FirewallRules: [{2251D8A3-69A1-4FFA-8EF5-33C213399695}] => (Allow) LPort=80 FirewallRules: [{E8984D22-F4A7-42A8-9C09-DF995D996E0D}] => (Allow) LPort=443 FirewallRules: [{573A6B17-1D2C-4434-9FC3-2C512A513C3A}] => (Allow) LPort=20010 FirewallRules: [{73B12210-A8F5-4FD8-AF89-49B3D31515B0}] => (Allow) LPort=3478 FirewallRules: [{01EA7BF9-80C2-4076-A887-BE9A7D7E6905}] => (Allow) LPort=7850 FirewallRules: [{40F6DD01-197F-4942-B602-EBDFBCBB9951}] => (Allow) LPort=7852 FirewallRules: [{E947B231-BFB5-42D3-A2DB-8830DB5C6F6B}] => (Allow) LPort=7853 FirewallRules: [{908053FE-D75A-4CE2-B3F8-C18F3BE70DCF}] => (Allow) LPort=27022 FirewallRules: [{4197616E-DA3D-4409-84E5-F79DBFAB836B}] => (Allow) LPort=6881 FirewallRules: [{77B1ABF3-DFD7-49F4-80AF-35F134D86EC2}] => (Allow) LPort=33333 FirewallRules: [{707177A6-A41F-4385-9479-B418A9448650}] => (Allow) LPort=20443 FirewallRules: [{AF0ECCF8-3BB0-4A2A-A595-76964E169AD4}] => (Allow) LPort=8090 FirewallRules: [{5D855137-5254-414D-8BC6-ADC8758D9D1B}] => (Allow) C:\Users\Damian\AppData\Local\Temp\inst_buychannel_06.exe FirewallRules: [{0D16B8FC-99B6-4962-9957-BD61934C36FF}] => (Allow) C:\Users\Damian\AppData\Local\Temp\inst_buychannel_06.exe FirewallRules: [{986E6527-B981-47D6-98FB-7FBC5DA624AD}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe FirewallRules: [{05CF36B6-88E4-40ED-8CF7-D6CCA9CBF2C9}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe FirewallRules: [{8D94BE24-F257-4E2D-950C-8EAE91C136F9}] => (Allow) C:\Program Files (x86)\LdsLite\Utils\MiniNews.exe FirewallRules: [{D7561B3B-45C9-451C-8E2A-19A4D07C3CF5}] => (Allow) C:\Program Files (x86)\LdsLite\Utils\MiniNews.exe FirewallRules: [{F29BC91F-7C4A-451B-9FDE-48D12EDA226B}] => (Allow) D:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{8A91B46B-D0DF-41CA-B81E-00A19E9066A3}] => (Allow) D:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{C715949E-79FC-44F8-8DD6-0113D56DF743}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{DF15D57B-2ECC-43B1-A432-4794587CB7E0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{BF8D5192-55B4-4B43-ACC6-8693E1AB3359}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{E3548C6A-20A0-4706-A973-B70B76161807}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe ==================== Restore Points ========================= 23-10-2016 20:02:20 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 23-10-2016 20:02:32 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 23-10-2016 20:02:38 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 23-10-2016 20:29:28 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 23-10-2016 20:30:41 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 23-10-2016 20:31:22 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 23-10-2016 20:36:28 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 23-10-2016 21:31:43 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 23-10-2016 21:33:51 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 23-10-2016 21:34:36 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 23-10-2016 21:35:59 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 23-10-2016 21:36:14 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 23-10-2016 21:36:58 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/24/2016 01:11:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: witcher3.exe, version: 3.0.9.26022, time stamp: 0x575adba7 Faulting module name: ntdll.dll, version: 6.1.7601.23418, time stamp: 0x5708a857 Exception code: 0xc0000005 Fault offset: 0x000000000001815d Faulting process id: 0x54c Faulting application start time: 0x01d22de557d5ffaa Faulting application path: D:\GOG Games\The Witcher 3 Wild Hunt\bin\x64\witcher3.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 9e37d61c-99da-11e6-a056-6c626de0e9f1 Error: (10/24/2016 12:02:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/24/2016 05:20:29 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/24/2016 12:46:34 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: steamwebhelper.exe, version: 3.65.13.80, time stamp: 0x57fed9f2 Faulting module name: steamwebhelper.exe, version: 3.65.13.80, time stamp: 0x57fed9f2 Exception code: 0xc0000005 Fault offset: 0x00037b59 Faulting process id: 0xb14 Faulting application start time: 0x01d22d7584bb1fd4 Faulting application path: D:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe Faulting module path: D:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe Report Id: 8c2007ab-9972-11e6-bdca-6c626de0e9f1 Error: (10/23/2016 10:07:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.18933, time stamp: 0x55a6a1d1 Exception code: 0xc0000005 Fault offset: 0x0000000000017ee1 Faulting process id: 0x80 Faulting application start time: 0x01d22d472afaaaaf Faulting application path: C:\Windows\System32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll Report Id: 49eb350c-995c-11e6-bdca-6c626de0e9f1 Error: (10/23/2016 06:06:18 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/23/2016 05:18:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: steamwebhelper.exe, version: 3.65.13.80, time stamp: 0x57fed9f2 Faulting module name: steamwebhelper.exe, version: 3.65.13.80, time stamp: 0x57fed9f2 Exception code: 0xc0000005 Fault offset: 0x00037b59 Faulting process id: 0x5c4 Faulting application start time: 0x01d22d3f54f08b7f Faulting application path: D:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe Faulting module path: D:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe Report Id: 00e5f087-9934-11e6-a146-6c626de0e9f1 Error: (10/23/2016 02:10:20 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/23/2016 01:17:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/23/2016 03:55:50 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (10/24/2016 12:01:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Origin Web Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (10/24/2016 12:01:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect. Error: (10/24/2016 05:19:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Origin Web Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (10/24/2016 05:19:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect. Error: (10/23/2016 10:07:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (10/23/2016 10:07:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (10/23/2016 10:07:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/23/2016 10:07:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/23/2016 10:07:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. Error: (10/23/2016 10:07:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. ==================== Memory info =========================== Processor: AMD Phenom(tm) II X4 840 Processor Percentage of memory in use: 56% Total physical RAM: 8191.18 MB Available physical RAM: 3576.48 MB Total Virtual: 16380.54 MB Available Virtual: 11770.55 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:119.14 GB) (Free:63.21 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:465.76 GB) (Free:369.28 GB) NTFS Drive f: (GRMSP1.1_DVD) (CDROM) (Total:1.91 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6CC06CC0) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 0FC97FB4) Partition 1: (Active) - (Size=119.1 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================