timothycovenant Posted October 22, 2017 ID:1174996 Share Posted October 22, 2017 Hello, I have had Malwarebytes for a while and have had it detect many threats with no issues. However, my browsers have become infected by this particular web page. It is being blocked but I would prefer to remove it from the system for I do not know when it might cause damage. I have run the anti-rootkit software and run the system scans and have still have been unable to remove such. How can I get rid of it before it becomes a major issue? Link to post Share on other sites More sharing options...
kevinf80 Posted October 22, 2017 ID:1175014 Share Posted October 22, 2017 Hello timothycovenant and welcome to Malwarebytes, Continue with the following: Please open Malwarebytes Anti-Malware. On the Settings tab > Protection Scroll to and make sure the following are selected:Scan for RootkitsScan within Archives Scroll further to Potential Threat Protection make sure the following are set as follows:Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended) Click on the Scan make sure Threat Scan is selected, A Threat Scan will begin. With some infections, you may or may not see this message box.'Could not load DDA driver' Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions. When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab If asked to restart your computer to complete the removal, please do so When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more to retrieve the log. To get the log from Malwarebytes do the following: Click on the Reports tab > from main interface. Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Please download Zemana AntiMalware and save it to your Desktop. Install the program and once the installation is complete it will start automatically. Without changing any options, press Scan to begin. After the short scan is finished, if threats are detected press Next to remove them.Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually. Open Zemana AntiMalware again. Click on icon and double click the latest report. Now click File > Save As and choose your Desktop before pressing Save. Attach saved report in your next message. Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin. Link to post Share on other sites More sharing options...
timothycovenant Posted October 22, 2017 Author ID:1175024 Share Posted October 22, 2017 Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/22/17 Scan Time: 6:55 PM Log File: 264f6f8a-b77c-11e7-9e5c-fcaa14935a20.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.212 Update Package Version: 1.0.3071 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Covenant-PC\Covenant -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 411823 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 2 min, 32 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) 2017.10.22-19.04.46-i0-t92-d2.txt Link to post Share on other sites More sharing options...
timothycovenant Posted October 22, 2017 Author ID:1175027 Share Posted October 22, 2017 Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/22/17 Scan Time: 6:55 PM Log File: 264f6f8a-b77c-11e7-9e5c-fcaa14935a20.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.212 Update Package Version: 1.0.3071 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Covenant-PC\Covenant -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 411823 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 2 min, 32 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- # AdwCleaner 7.0.3.1 - Logfile created on Sun Oct 22 23:18:28 2017 # Updated on 2017/29/09 by Malwarebytes # Running on Windows 7 Ultimate (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\Users\Covenant\AppData\Local\Assistant ***** [ Files ] ***** Deleted: C:\END Deleted: C:\Users\Covenant\AppData\Roaming\Microsoft\Windows\Start Menu\Youtube.lnk ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\SearchUrl|Default [http:\\www.safesear.ch\web\?type=20160824-155-sshome-ie-df&q={searchTerms}] Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC} Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [1580 B] - [2017/10/22 23:17:52] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## ---------------------------------------------------------------------------------------------------------------------------------------------------- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2017 Ran by Covenant (22-10-2017 19:24:51) Running from C:\Users\Covenant\Downloads Windows 7 Ultimate Service Pack 1 (X64) (2016-03-13 02:28:27) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3109899598-285666356-3721746433-500 - Administrator - Disabled) Covenant (S-1-5-21-3109899598-285666356-3721746433-1000 - Administrator - Enabled) => C:\Users\Covenant Guest (S-1-5-21-3109899598-285666356-3721746433-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) @BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.34 - GIGABYTE) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Active Directory Authentication Library for SQL Server (HKLM\...\{E646D196-A17B-4F14-BE7B-F774527FE5E0}) (Version: 13.0.1100.286 - Microsoft Corporation) Hidden Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{44DC843A-C591-4064-BE1F-2BDC177AF50C}) (Version: 13.0.1100.286 - Microsoft Corporation) Hidden Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated) Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.) Anime Studio Pro 6.0 (HKLM-x32\...\Anime Studio Pro_is1) (Version: - Smith Micro Software, Inc.) ANT Drivers Installer x64 (HKLM\...\{240AA00C-0F18-4496-9FAF-41BFA956655B}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{981F324E-98F4-4784-B76F-04E92039F3F6}) (Version: 5.2.60328.3 - Microsoft Corporation) Application Profiles (HKLM-x32\...\{F706E89E-A55A-CEA8-C608-287D9C659CDA}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Belkin USB Wireless Adapter (HKLM-x32\...\{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin) Hidden Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin) BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC) Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.3.3 - Canon Inc.) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.6.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.15.23 - Canon Inc.) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.3.0 - Canon Inc.) Canon MX490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX490_series) (Version: 1.02 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.) Catalyst Control Center Next Localization BR (HKLM\...\{3BE011C0-F2D9-9F6B-25E1-587259644A94}) (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization BR (HKLM\...\{6A69EDE3-D163-A85B-EFF5-B6BFD8EF5939}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (HKLM\...\{4F486CF2-F8AF-2DD4-BA15-82BD71BC3035}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (HKLM\...\{C3F79F99-C09E-7914-A9C4-BF1761285A06}) (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (HKLM\...\{08E3C0C2-26E9-9DDF-0FBD-A4A71C970D75}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (HKLM\...\{C6BC8342-0973-A829-D49F-8B3039E01D8F}) (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (HKLM\...\{9A4F2F48-9EC0-8AA0-AC80-1BD761537A1A}) (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (HKLM\...\{E8ED0DBD-DAC0-1BC5-87A7-5FC3BEAD33AB}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (HKLM\...\{2802B62A-05D9-356B-9DB6-AFEE51E9EF5E}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (HKLM\...\{2D92AB66-1EFA-8239-F226-53341E2BD245}) (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (HKLM\...\{27E4863C-0002-3B6A-2D7D-CF98C1019272}) (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (HKLM\...\{8E1F1F1A-38D8-DC76-FE6C-B8412AF9396D}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (HKLM\...\{4BD4B445-F149-D47E-006B-0B705152110D}) (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (HKLM\...\{D3376CD8-E366-C5F5-B9D1-2B8017C4F1C5}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (HKLM\...\{C8013991-2166-AFC4-B75B-7E58FBEF02AF}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (HKLM\...\{F97EB77D-3343-7A62-0E92-48D2A0D97ED6}) (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (HKLM\...\{10AF885E-F96E-2718-9CC7-3F4A32EA2316}) (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (HKLM\...\{3CB92C15-57A0-E469-1CE3-236BB1569F88}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (HKLM\...\{5F54D971-F27A-8666-B33D-B8CF0B81ED10}) (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (HKLM\...\{D9E8F7A4-5D65-FA27-F201-F5F0FD82D035}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (HKLM\...\{60821F44-17A1-0286-10E7-3FE3956D3B85}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (HKLM\...\{F8D60F8D-EB56-6785-5A3F-89AF111675B2}) (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (HKLM\...\{04E38C1D-A2B0-1419-8ACC-98B6FEAD2AE3}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (HKLM\...\{DCB70A99-1143-1A59-DC16-B5404742E80A}) (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (HKLM\...\{082B8683-4ED5-212D-33E6-7F0993292B6D}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (HKLM\...\{AE16A85A-BC40-63F6-6B70-F99ABB7D7742}) (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (HKLM\...\{167789D4-E6F4-B19F-6770-BFC20C3FC13D}) (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (HKLM\...\{CBE7BA08-EAC5-DE2B-440F-F4D8BEB70AF0}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (HKLM\...\{0B3B12AC-956C-3D2B-E375-CA8A210A8B3C}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (HKLM\...\{58FB3574-D67D-234C-A59C-7B615651C274}) (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (HKLM\...\{7443BBA4-32DB-B648-5092-0C52676507CD}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (HKLM\...\{D9FD8784-6410-7DB7-C641-266AD8676284}) (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (HKLM\...\{B3173724-EC46-4B89-6EDC-59032E1A3D2E}) (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (HKLM\...\{D519CA66-2A8D-EA88-7904-0ADF96FC975B}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (HKLM\...\{591B77CA-0AE6-A405-5A73-D5600D45F9E8}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (HKLM\...\{93A870AC-3B36-D648-7A45-547B4DA40315}) (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (HKLM\...\{267258CB-876B-958B-9214-D4924847C146}) (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (HKLM\...\{FB81D531-71CC-69A0-F776-95C2498492F0}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (HKLM\...\{31BA3CC8-6A73-126C-B424-16A56B64C75F}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (HKLM\...\{41698BE7-59FF-D322-610A-FBAE703917B7}) (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (HKLM\...\{203DA8C6-D37D-632D-6606-187E3BEAB254}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (HKLM\...\{E0110488-ACE4-B3B1-18F5-FA087ECFE73C}) (Version: 2016.1123.1856.34070 - Advanced Micro Devices, Inc.) Hidden DC Universe Online Live (HKU\S-1-5-21-3109899598-285666356-3721746433-1000\...\DG0-DC Universe Online Live) (Version: - Sony Online Entertainment) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Dotfuscator and Analytics Community Edition 5.19.1 (HKLM-x32\...\{2A7F99F6-88A4-4B44-B350-41C0B147A39C}) (Version: 5.19.1.3091 - PreEmptive Solutions) Hidden Elevated Installer (HKLM-x32\...\{320C7CDF-4A4B-461B-9813-DE10727550CA}) (Version: 5.6.2.0 - Garmin Ltd or its subsidiaries) Hidden Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.2.0.2051 - Foxit Software Inc.) FreeCAD 0.16 - A free open source CAD system (HKLM\...\FreeCAD 0.16) (Version: 0.16.6700 - Juergen Riegel) Garmin Express (HKLM-x32\...\{9aeca0eb-4419-4529-9931-5ff4b8a9b17c}) (Version: 5.6.2.0 - Garmin Ltd or its subsidiaries) Garmin Express Tray (HKLM-x32\...\{54E23F88-007A-45D9-A0E2-AE0E8E37A9B0}) (Version: 5.6.2.0 - Garmin Ltd or its subsidiaries) Hidden GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team) Git version 2.11.0 (HKLM\...\Git_is1) (Version: 2.11.0 - The Git Development Community) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.) IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation) Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation) Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation) Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25123 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Server Speech Platform Runtime (x86) (HKLM-x32\...\{22CB8ED7-DF57-4864-BD04-F63B9CE4B494}) (Version: 11.0.7400.345 - Microsoft Corporation) Microsoft Server Speech Text to Speech Voice (en-US, ZiraPro) (HKLM-x32\...\{C7CDC27F-0952-4DF1-9E41-B75140933BC6}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2016 LocalDB RC0 (HKLM\...\{9CED5D08-5664-4668-A927-CD6C60C4175D}) (Version: 13.0.1100.286 - Microsoft Corporation) Microsoft SQL Server 2016 Management Objects RC0 (HKLM-x32\...\{948B5F49-A57E-46B4-9F1E-145D7A9E66D7}) (Version: 13.0.1100.286 - Microsoft Corporation) Microsoft SQL Server 2016 Management Objects RC0 (x64) (HKLM\...\{F6F8053F-D328-4ACA-93A1-A49E495899F2}) (Version: 13.0.1100.286 - Microsoft Corporation) Microsoft SQL Server 2016 T-SQL Language Service RC0 (HKLM-x32\...\{1852BD30-570B-4E47-8752-461448E8E250}) (Version: 13.0.12000.52 - Microsoft Corporation) Microsoft SQL Server 2016 T-SQL ScriptDom RC0 (HKLM\...\{D9F55D00-A8AB-4518-A56E-D9D5E615542A}) (Version: 13.0.1100.286 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (14.0.60311.1) (HKLM-x32\...\{28292CA9-8D65-4E37-95A3-753EEB38F122}) (Version: 14.0.60311.1 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2016 RC0 (HKLM\...\{495CC0B4-D4C3-4D87-8317-F66BA48C5552}) (Version: 13.0.1100.286 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2016 RC0 (HKLM-x32\...\{3A87F9F2-D65D-4BA9-8459-E5BBE31EA64D}) (Version: 13.0.1100.286 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{E02DF945-0531-4E5E-9C6B-2B660C0AE66D}) (Version: 2.8.0.0 - Microsoft Corporation) Microsoft Visual Studio Community 2015 with Update 2 (HKLM-x32\...\{04fa3a35-1f49-4510-8051-819cdc1e6e01}) (Version: 14.0.25123.0 - Microsoft Corporation) Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla) MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{13FE8B50-B340-4FDA-BB6E-AA1F5FAB8205}) (Version: 14.0.25123 - Microsoft Corporation) Hidden Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation) Prerequisites for SSDT RC0 (HKLM-x32\...\{AB72EB1C-9CF4-4274-984D-5EDA8BF37A08}) (Version: 13.0.1100.286 - Microsoft Corporation) Python 3.6.1 (32-bit) (HKU\S-1-5-21-3109899598-285666356-3721746433-1000\...\{1babc3bc-6a32-44f7-bf4d-60eec36c9ad1}) (Version: 3.6.1150.0 - Python Software Foundation) Python 3.6.1 Add to Path (32-bit) (HKLM-x32\...\{ED8BD450-5015-4CB3-95B5-2D93F23E111B}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden Python 3.6.1 Core Interpreter (32-bit) (HKLM-x32\...\{E63E60CA-437B-4894-8395-81F2F66483B0}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden Python 3.6.1 Development Libraries (32-bit) (HKLM-x32\...\{3029D656-0C32-4AC9-84FB-A15056F356CC}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden Python 3.6.1 Documentation (32-bit) (HKLM-x32\...\{D1198C40-C6F5-4FFB-B98C-79BF1FE706C1}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden Python 3.6.1 Executables (32-bit) (HKLM-x32\...\{A7036382-80F1-4FC1-B244-D31AA50337F4}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden Python 3.6.1 pip Bootstrap (32-bit) (HKLM-x32\...\{899F7F28-F6D3-4E5B-8FBE-F7929036172A}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden Python 3.6.1 Standard Library (32-bit) (HKLM-x32\...\{3BCCB89B-CD98-4F78-8436-78847FABFD68}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden Python 3.6.1 Tcl/Tk Support (32-bit) (HKLM-x32\...\{F6ED0771-FE83-4A1C-BE65-A06CB65B46D5}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden Python 3.6.1 Test Suite (32-bit) (HKLM-x32\...\{F44EF183-905E-48BB-998E-53FC99B36FE3}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden Python 3.6.1 Utility Scripts (32-bit) (HKLM-x32\...\{2AA7DAB3-6778-42A7-9F33-22615234540E}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{323AC113-C6CE-4F99-842F-4936332D055A}) (Version: 3.6.5923.0 - Python Software Foundation) Python Tools 2.2.3 for Visual Studio 2015 (HKLM-x32\...\{FDCEC41C-35DA-421C-A520-53D185BC43FA}) (Version: 2.2.40315.00 - Microsoft Corporation) Raptr (HKLM-x32\...\Raptr) (Version: 5.2.10-r123135-release - Raptr, Inc) Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.26 - Razer Inc.) Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.00.830 - Razer Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek) RIFT (HKLM-x32\...\{D7A0A22A-C132-4B6F-8D68-67B95117DE93}) (Version: 1.0.0 - Trion Worlds, Inc.) Hidden Roslyn Language Services - x86 (HKLM-x32\...\{263EF873-F5D0-3134-A962-356C21A3510F}) (Version: 14.0.25126 - Microsoft Corporation) Hidden Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SOLIDWORKS 2016 x64 Edition SP02 (HKLM\...\{768F3B65-1695-47B7-9002-B11400CB111D}) (Version: 24.120.50 - Dassault Systemes SolidWorks Corp) Hidden SOLIDWORKS 2016 x64 Edition SP02 (HKLM-x32\...\SolidWorks Installation Manager 20160-40200-1100-100) (Version: 24.2.0.50 - SolidWorks Corporation) SOLIDWORKS Composer Player 2016 SP02 x64 Edition (HKLM\...\{8537E059-C18B-4DE6-AED6-CD9B90240C35}) (Version: 24.20.50 - Dassault Systemes SolidWorks Corp) Hidden SOLIDWORKS eDrawings 2016 x64 Edition SP02 (HKLM\...\{BCB9F00D-D23D-465C-B7BB-629900B7FF51}) (Version: 16.2.0030 - Dassault Systèmes SolidWorks Corp) Hidden Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) T.Flight Hotas drivers (HKLM-x32\...\{E08E6F77-E66C-47FC-8565-0AA3389D48C8}) (Version: 1.TFHT.2015 - Thrustmaster) Team Explorer for Microsoft Visual Studio 2015 Update 2 (HKLM-x32\...\{7932CD6F-86D3-3EE4-8A02-B954404D1FFC}) (Version: 14.95.25118 - Microsoft) Hidden Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden TypeScript Power Tool (HKLM-x32\...\{60890089-588B-4362-B9C5-A9C11D6E5DD1}) (Version: 1.8.9.0 - Microsoft Corporation) Hidden TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{DD51688B-194A-4A10-83D8-40AD1D9954A1}) (Version: 1.8.30.0 - Microsoft Corporation) Hidden Unity Web Player (HKU\S-1-5-21-3109899598-285666356-3721746433-1000\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS) Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{284FA9A0-CEDD-81D3-5A19-5858E95FD0C4}) (Version: 10.0.10150 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{ABD37F71-FC3F-F525-C7B3-BDD95F684C51}) (Version: 10.0.10150 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Tools x64 (HKLM\...\{33952D66-D503-10CA-DD8E-E365C15EB4E0}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Tools x86 (HKLM-x32\...\{B048B812-32DE-3474-FA64-223B6A63AD47}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Visual Studio 2015 Update 2 (KB3022398) (HKLM-x32\...\{78c1b501-a6eb-4f29-88c5-84189564827e}) (Version: 14.0.25123 - Microsoft Corporation) VS Update core components (HKLM-x32\...\{6A878817-D626-305A-BE8D-94C93F70E27A}) (Version: 14.0.25123 - Microsoft Corporation) Hidden Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-3) (Version: 1.0.26.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-4) (Version: 1.0.26.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-2) (Version: 1.0.39.1 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0) (Version: 1.0.54.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0-2) (Version: 1.0.54.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0-3) (Version: 1.0.54.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0-4) (Version: 1.0.54.0 - LunarG, Inc.) WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (01/18/2013 2.08.28) (HKLM\...\9E24492CE9279512BD465F61DB8523641BB7BBFC) (Version: 01/18/2013 2.08.28 - FTDI) Windows Driver Package - FTDI CDM Driver Package - VCP Driver (01/18/2013 2.08.28) (HKLM\...\E61B77ECE57113AE1CA028BC7A8AD6C137BD13DD) (Version: 01/18/2013 2.08.28 - FTDI) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft) XCom Long War EW Mod version 1.0 (HKLM-x32\...\{860C3266-65B9-4BF2-937A-1778483046B5}_is1) (Version: 1.0 - JohnnyLump) Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org) yWriter5 (HKLM-x32\...\yWriter5_is1) (Version: - Spacejock Software) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Users\Covenant\Desktop\Zemana AntiMalware\ZAMShellExt64.dll [2017-10-22] () ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => G:\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => G:\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2016-12-23] (Foxit Software Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => G:\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers4: [Convert] -> {9f95ca1a-e80e-4c0f-acd1-4c9b7900b982} => C:\Program Files (x86)\Microsoft DirectX SDK (June 2010)\Utilities\bin\x64\TxView.dll [2010-06-02] (Microsoft Corporation) ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Users\Covenant\Desktop\Zemana AntiMalware\ZAMShellExt64.dll [2017-10-22] () ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => G:\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => G:\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2016-12-23] (Foxit Software Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {027DE2FC-744A-44C1-9074-76F623D30990} - System32\Tasks\{99A900DF-8D6A-417B-B9EE-7C0CA6A692AD} => C:\Windows\system32\pcalua.exe -a "J:\SteamLibrary\steamapps\common\Fallout 3 goty\Fallout3 - Garden of Eden Creation Kit.exe" -d "J:\SteamLibrary\steamapps\common\Fallout 3 goty" Task: {12D7905C-7D4A-4F8A-92DD-2A5F890150F6} - System32\Tasks\{AA8A38B7-13C7-4170-94ED-8D524C322528} => C:\Windows\system32\pcalua.exe -a D:\PLAYD2.EXE -d D:\ Task: {14ADD72B-6B24-450B-88F9-1960A38C7205} - System32\Tasks\{C03413E5-0E15-4061-B330-EC38B00B8050} => C:\Windows\system32\pcalua.exe -a C:\Users\Covenant\Downloads\Setup(1).exe -d C:\Users\Covenant\Downloads Task: {3231464E-211A-495D-9C10-6C81C48ED683} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => G:\Visual Studio 2015\Common7\IDE\VSIXAutoUpdate.exe [2016-03-22] (Microsoft Corporation) Task: {50540C76-A1DF-4CD4-B7A0-A4E58C7FE734} - System32\Tasks\{676219A2-B71C-43DB-9EA2-E19A13486E77} => J:\SteamLibrary\steamapps\common\Fallout 3 goty\Fallout3.exe Task: {5CFA1A14-6EF0-4F35-9051-F5183DE05229} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {6161EFBF-E1D5-42FB-982A-0AA2A2CF9175} - System32\Tasks\{EFF846B8-4D54-4AC5-9CE1-06C5A59C4575} => C:\Windows\system32\pcalua.exe -a D:\SETUP.EXE -d D:\ Task: {68FBB0E0-9B3A-438B-A0A2-468A4A436D0B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-16] (Adobe Systems Incorporated) Task: {71B92948-B555-42EF-B1CA-81271059A54A} - System32\Tasks\{EE5C943E-C347-4500-B470-C60791AA983B} => J:\SteamLibrary\steamapps\common\Fallout 3 goty\Fallout3.exe Task: {7894AC16-F653-41DD-A3A0-84B3AB6DEC27} - System32\Tasks\{062EF0FE-6E88-4A95-8FDD-9D39E68B3FD0} => C:\Windows\system32\pcalua.exe -a D:\display\DRIVERS\Installation\Setup.exe -d D:\display\DRIVERS\Installation Task: {91FF90EF-0356-4AA5-8201-413622F48D3F} - System32\Tasks\{8AD6ED4A-3D80-4412-B5CD-72F69CBAED5A} => C:\Windows\system32\pcalua.exe -a D:\SETUP.EXE -d D:\ Task: {93BBBEC4-BCF1-4267-9B0F-95DF9CDA8915} - System32\Tasks\{55D289DC-EBD7-45AD-B9A3-D8E96087487E} => G:\SteamLibrary\steamapps\common\Avorion\bin\Avorion.exe Task: {99890A7D-5266-4F94-9FFD-1586A0042B7C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-12] (Google Inc.) Task: {A3DAF292-916F-4659-B27F-664F694FE52E} - System32\Tasks\{6C983683-716F-4BD5-930A-6BCD275BB169} => J:\SteamLibrary\steamapps\common\Fallout 3 goty\Fallout3.exe Task: {AC647E97-1028-41DF-9E75-52B0465F9244} - System32\Tasks\{059ECB71-6AEB-4453-9A69-124B05E8E0AE} => G:\SteamLibrary\steamapps\common\Avorion\bin\Avorion.exe Task: {AF7592DA-A05F-4AF7-BDDC-B8DDC6C5EBE3} - System32\Tasks\{1D42C9C3-1540-4718-8CBD-4FF116FF008B} => J:\SteamLibrary\steamapps\common\Fallout 3 goty\FalloutLauncher.exe Task: {BD19D8D8-9092-4522-8507-8FBA0CFBD032} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe Task: {DFF54AF7-72AF-4A43-B5BB-3DBAFF2F57B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-12] (Google Inc.) Task: {E175E15F-5E94-49CE-A4AA-590249260711} - System32\Tasks\{2A15AEF8-4C5D-4646-84A8-62FEA92CA7DD} => J:\SteamLibrary\steamapps\common\Fallout 3 goty\FalloutLauncher.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-05-06 01:45 - 2015-05-06 01:45 - 000214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 11:08 - 2014-02-11 11:08 - 000817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll 2014-02-11 11:08 - 2014-02-11 11:08 - 003650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll 2015-05-06 01:45 - 2015-05-06 01:45 - 000127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2017-10-11 19:19 - 2014-05-15 19:25 - 000084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 2017-07-19 18:09 - 2017-07-19 18:09 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2017-03-07 03:04 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2016-02-10 22:27 - 2016-02-10 22:27 - 000267672 _____ () C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldBodyDiffu.dll 2017-09-26 15:34 - 2017-09-21 03:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll 2017-09-26 15:34 - 2017-09-21 03:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll 2017-08-17 22:15 - 2017-08-17 22:15 - 000143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3109899598-285666356-3721746433-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Covenant\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\startupreg: Raptr => "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{8CF79774-29E7-4516-81B1-137AEDFE3F3B}] => (Allow) H:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{46E53AED-0808-4067-ABE8-006EF7F8CC95}] => (Allow) H:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{9C46AAC0-1C9F-4573-B265-DCC0901DEDA5}] => (Allow) H:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{563EB453-2D4B-49E1-A4CC-49FCA7120751}] => (Allow) H:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{D9FA0C28-20A9-4283-BE60-C3A1B699AC55}] => (Allow) E:0\SteamLibrary\SteamApps\common\Kerbal Space Program\KSP.exe FirewallRules: [{29DA4915-43DC-4746-BD10-87883C6C58BB}] => (Allow) E:0\SteamLibrary\SteamApps\common\Kerbal Space Program\KSP.exe FirewallRules: [TCP Query User{846CF612-DFA2-41CC-867C-AB52A0B2D5BE}H:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) H:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe FirewallRules: [UDP Query User{7C6703F9-6557-4B5F-AE7B-5DEBDE2EC306}H:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) H:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe FirewallRules: [{11DA6AEE-56B5-48E5-8283-03CDE7CD55BB}] => (Allow) I:\SteamLibrary\SteamApps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe FirewallRules: [{CEB32BA4-4DB8-4C32-8B58-B72EB01C239C}] => (Allow) I:\SteamLibrary\SteamApps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe FirewallRules: [TCP Query User{064343BC-A07A-40EE-B234-BC8739496DD0}E:0\steamlibrary\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) E:0\steamlibrary\steamapps\common\xcom 2\binaries\win64\xcom2.exe FirewallRules: [UDP Query User{6562A355-586B-4C3A-8B4B-DC4F48B08B8A}E:0\steamlibrary\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) E:0\steamlibrary\steamapps\common\xcom 2\binaries\win64\xcom2.exe FirewallRules: [{DD708AA7-B5C8-45A6-8028-4F8EA13B5664}] => (Allow) E:0\SteamLibrary\SteamApps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe FirewallRules: [{41B16CF0-93FF-420B-AB8F-576D07D365DC}] => (Allow) E:0\SteamLibrary\SteamApps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe FirewallRules: [{A2B64479-082F-45E2-A1A0-BDD08F7D4631}] => (Allow) H:\Program Files (x86)\Steam\steamapps\common\X3 Terran Conflict\X3AP.exe FirewallRules: [{B838731F-1DDC-480F-936E-7788AA5DE1D6}] => (Allow) H:\Program Files (x86)\Steam\steamapps\common\X3 Terran Conflict\X3AP.exe FirewallRules: [{660DAA29-30B4-4B4B-A790-DF53855C81A4}] => (Allow) E:0\SteamLibrary\SteamApps\common\MinerWars\MinerWars.exe FirewallRules: [{21D3324A-7C00-46A5-95C1-C45D5EE03AF3}] => (Allow) E:0\SteamLibrary\SteamApps\common\MinerWars\MinerWars.exe FirewallRules: [{12AAD23D-3359-4A9C-8842-47BC1184F4BF}] => (Allow) E:0\SteamLibrary\SteamApps\common\LogicBots\LogicBots.exe FirewallRules: [{95332337-569E-4EE6-9068-1B08DF8515E6}] => (Allow) E:0\SteamLibrary\SteamApps\common\LogicBots\LogicBots.exe FirewallRules: [TCP Query User{E0F169D4-9B5C-4745-B610-A2C5855D0FF0}G:\diablo iii\diablo iii.exe] => (Allow) G:\diablo iii\diablo iii.exe FirewallRules: [UDP Query User{D8F51B7A-0BEE-441F-A68F-CAD092AD815B}G:\diablo iii\diablo iii.exe] => (Allow) G:\diablo iii\diablo iii.exe FirewallRules: [{257BCEBE-C561-4E2B-BED2-EC5EEA717D23}] => (Allow) E:0\SteamLibrary\SteamApps\common\Knights of the Old Republic II\swkotor2.exe FirewallRules: [{E194CE7F-039F-4DE1-8842-981FDF1248BE}] => (Allow) E:0\SteamLibrary\SteamApps\common\Knights of the Old Republic II\swkotor2.exe FirewallRules: [{FDCBEC02-6A69-46FC-B28A-A02CC49A32F7}] => (Allow) E:0\SteamLibrary\SteamApps\common\Interstellar Rift\Build\IR.exe FirewallRules: [{9CB420A7-F712-41A8-86A7-89D14828DE62}] => (Allow) E:0\SteamLibrary\SteamApps\common\Interstellar Rift\Build\IR.exe FirewallRules: [{E5854439-8AF1-4E49-8992-F037347812E8}] => (Allow) E:1\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe FirewallRules: [{DF3F10E5-6E9B-45FC-B1CE-45230997AA8A}] => (Allow) E:1\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe FirewallRules: [{CEA60991-9A6E-41E8-A413-5E7A3565B18D}] => (Allow) E:1\SteamLibrary\steamapps\common\Stonehearth\Stonehearth.exe FirewallRules: [{DDA7C400-06E0-46C0-AB7D-83A32E241EF5}] => (Allow) E:1\SteamLibrary\steamapps\common\Stonehearth\Stonehearth.exe FirewallRules: [{364C6463-C03B-420A-8C22-2E62E6172F5F}] => (Allow) E:1\SteamLibrary\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe FirewallRules: [{53AFE36E-788A-40F4-9935-F01F8F46AD0D}] => (Allow) E:1\SteamLibrary\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe FirewallRules: [{D84F3C0E-E6EB-4655-B417-58504A27254B}] => (Allow) H:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\Revision.exe FirewallRules: [TCP Query User{EECB39BC-500E-4CD0-A73B-B488E302EF09}E:1\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) E:1\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe FirewallRules: [UDP Query User{A8ECE784-6F97-464C-91FC-CD7613FF458B}E:1\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) E:1\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe FirewallRules: [{A51B620A-B541-430D-B590-E4C05E91D9FE}] => (Allow) E:1\SteamLibrary\steamapps\common\Factorio\bin\x64\Factorio.exe FirewallRules: [{74009F9F-5FE3-4BD4-8883-94CE9BADF680}] => (Allow) E:1\SteamLibrary\steamapps\common\Factorio\bin\x64\Factorio.exe FirewallRules: [{FD60F3E6-E405-4C2A-A9EE-26F901689394}] => (Allow) E:1\SteamLibrary\steamapps\common\The Mystery of a Lost Planet\Planet.exe FirewallRules: [{016256B7-778B-49FF-8837-16DFE04BAF7B}] => (Allow) E:1\SteamLibrary\steamapps\common\The Mystery of a Lost Planet\Planet.exe FirewallRules: [{E4F49A5F-D953-4602-8A88-25EF1EBB60DD}] => (Allow) E:0\SteamLibrary\SteamApps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe FirewallRules: [{3FE9DDAA-9C06-4208-9FEF-B54E2CF0B9C6}] => (Allow) E:0\SteamLibrary\SteamApps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe FirewallRules: [{C1740F42-CFCE-4DA7-9A49-9794993AFCC9}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{A0E060FF-906C-4BCC-8EE0-344753BD3436}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [TCP Query User{E60902D4-C17F-4EBD-BC3A-A1A463403EB8}H:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) H:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe FirewallRules: [UDP Query User{A4E6AA4B-955C-492F-85E7-08CD57FA3BD3}H:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) H:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe FirewallRules: [{F4D32678-C943-4F6D-B155-3883FA5CB6A1}] => (Allow) E:0\SteamLibrary\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe FirewallRules: [{7AD4C2BF-E044-4442-93EE-CD11F1D5F412}] => (Allow) E:0\SteamLibrary\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe FirewallRules: [{825AFAC5-E918-48E9-B0A6-CA2E98EFAC89}] => (Allow) E:0\SteamLibrary\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe FirewallRules: [{FBB55E0D-66BA-40F7-9CA6-4DF8493745CD}] => (Allow) E:0\SteamLibrary\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe FirewallRules: [{A7390E95-FD9A-45BA-B703-864467E0089D}] => (Allow) H:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe FirewallRules: [{69C4D834-BF18-4B1E-8E97-111E747C5A17}] => (Allow) H:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe FirewallRules: [{E1729746-B2D8-499B-B552-FA65411ADF6B}] => (Allow) C:\Program files (x86)\raidxpert2\apache\bin\httpd.exe FirewallRules: [{03A8B162-9480-4CE1-98D0-CA026729B5B2}] => (Allow) E:0\SteamLibrary\SteamApps\common\InvisibleInc\invisibleinc.exe FirewallRules: [{CC7B5901-0E89-4382-9FAF-C95F92A278A2}] => (Allow) E:0\SteamLibrary\SteamApps\common\InvisibleInc\invisibleinc.exe FirewallRules: [{3759B6AD-DF88-44B0-85CA-A59DA01467E3}] => (Allow) H:\Program Files (x86)\Steam\steamapps\common\star trek online\Star Trek Online.exe FirewallRules: [{5CB36B00-48AB-4C56-BD71-E26ACE9762DC}] => (Allow) H:\Program Files (x86)\Steam\steamapps\common\star trek online\Star Trek Online.exe FirewallRules: [{D387367A-8C90-40D5-9CD9-0D27088F4F10}] => (Allow) E:0\SteamLibrary\SteamApps\common\Automation\Automation Launcher Steam.exe FirewallRules: [{AEA16522-F37E-418B-9F36-D9945424DCDB}] => (Allow) E:0\SteamLibrary\SteamApps\common\Automation\Automation Launcher Steam.exe FirewallRules: [{A80B9659-763E-4562-B67E-7D3B57C44E95}] => (Allow) E:0\SteamLibrary\SteamApps\common\Automation\Automation_Shipping_Steam.exe FirewallRules: [{103CC239-342C-43CF-800E-EEC05BD01743}] => (Allow) E:0\SteamLibrary\SteamApps\common\Automation\Automation_Shipping_Steam.exe FirewallRules: [{B81CEC93-88C6-4A42-9428-F3FA4270E539}] => (Allow) E:0\SteamLibrary\SteamApps\common\Empyrion - Galactic Survival\Empyrion.exe FirewallRules: [{8D6B2AE6-9A57-4898-A281-2A9F71C42AE0}] => (Allow) E:0\SteamLibrary\SteamApps\common\Empyrion - Galactic Survival\Empyrion.exe FirewallRules: [{30476428-D37C-4C80-8559-BC3A04292256}] => (Allow) E:0\SteamLibrary\SteamApps\common\Kerbal Space Program\KSP.exe FirewallRules: [{331B974B-9FFC-42C8-A950-094FB0E7AE99}] => (Allow) E:0\SteamLibrary\SteamApps\common\Kerbal Space Program\KSP.exe FirewallRules: [{DE74F6BD-2D7C-40AB-961D-8F124A257191}] => (Allow) E:0\SteamLibrary\SteamApps\common\Kerbal Space Program\KSP_x64.exe FirewallRules: [{14B48905-C3B0-4DF0-9E5A-5D0F6674F5A0}] => (Allow) E:0\SteamLibrary\SteamApps\common\Kerbal Space Program\KSP_x64.exe FirewallRules: [{1BA9F6C7-C2C5-4EC3-A191-3A6CB7A9CE43}] => (Allow) E:0\SteamLibrary\SteamApps\common\7 Days To Die\7DaysToDie_EAC.exe FirewallRules: [{4EA59333-9CB7-4083-802F-DAF294ACBCF0}] => (Allow) E:0\SteamLibrary\SteamApps\common\7 Days To Die\7DaysToDie_EAC.exe FirewallRules: [{EF856769-1FB1-4A2B-BC04-F1B0896A687F}] => (Allow) E:0\SteamLibrary\SteamApps\common\7 Days To Die\7DaysToDie.exe FirewallRules: [{F99E86C4-2C70-49AF-A248-204E5A075926}] => (Allow) E:0\SteamLibrary\SteamApps\common\7 Days To Die\7DaysToDie.exe FirewallRules: [{F82AD078-7AA5-43F0-8336-4110DE91DB6E}] => (Allow) G:\Visual Studio 2015\Common7\IDE\devenv.exe FirewallRules: [TCP Query User{025DB0F1-447C-4F76-A8AA-640DE7996652}C:\program files (x86)\microsoft directx sdk (june 2010)\utilities\bin\x86\audconsole3.exe] => (Block) C:\program files (x86)\microsoft directx sdk (june 2010)\utilities\bin\x86\audconsole3.exe FirewallRules: [UDP Query User{9284A00A-45E0-42D2-92DD-A65EC139E382}C:\program files (x86)\microsoft directx sdk (june 2010)\utilities\bin\x86\audconsole3.exe] => (Block) C:\program files (x86)\microsoft directx sdk (june 2010)\utilities\bin\x86\audconsole3.exe FirewallRules: [TCP Query User{9A4BE1B6-D909-40B1-95F9-787A5A8ED11B}G:\diablo iii\diablo iii.exe] => (Allow) G:\diablo iii\diablo iii.exe FirewallRules: [UDP Query User{4C4A8867-EAC2-4116-BFA2-FC2940B13211}G:\diablo iii\diablo iii.exe] => (Allow) G:\diablo iii\diablo iii.exe FirewallRules: [{57A5DF57-954B-4CC6-A297-6933B6356F23}] => (Allow) E:0\SteamLibrary\SteamApps\common\Firefall\system\bin\FirefallClient.exe FirewallRules: [{54918C13-0C9C-4CAA-8DF6-EECA4DDABFD5}] => (Allow) E:0\SteamLibrary\SteamApps\common\Firefall\system\bin\FirefallClient.exe FirewallRules: [{4E94DD60-F324-4907-95AC-6B0F3B2AF737}] => (Allow) G:\Star Wars-The Old Republic\launcher.exe FirewallRules: [{56E37889-BD3F-4E61-BD9F-B67E87A8EA00}] => (Allow) G:\Star Wars-The Old Republic\launcher.exe FirewallRules: [{B2DC2A61-4AC3-446A-9200-1A8E5DBF732F}] => (Allow) G:\Star Wars-The Old Republic\launcher.exe FirewallRules: [{20D5ADE7-AF8A-4479-8BE3-EE4CE489CA92}] => (Allow) G:\Star Wars-The Old Republic\launcher.exe FirewallRules: [{12A3F7B2-B3F7-434A-85AE-D508DFB8C518}] => (Allow) J:\SteamLibrary\steamapps\common\Naval Action\Client.exe FirewallRules: [{368D13D7-141D-4812-9F0F-66A0E065DDE8}] => (Allow) J:\SteamLibrary\steamapps\common\Stellaris\stellaris.exe FirewallRules: [{8473DB9D-A5C3-48E9-8736-3D45E6C44AAB}] => (Allow) J:\SteamLibrary\steamapps\common\Stellaris\stellaris.exe FirewallRules: [{F3BCCEAD-DC02-4B8B-B15A-A268EA853177}] => (Allow) E:1\SteamLibrary\steamapps\common\Stonehearth\Stonehearth.exe FirewallRules: [{C7460B2E-F309-4B5C-8983-E141AA652166}] => (Allow) E:1\SteamLibrary\steamapps\common\Stonehearth\Stonehearth.exe FirewallRules: [{259717A3-C37E-41FF-9B63-77D4583AE34B}] => (Allow) E:1\SteamLibrary\steamapps\common\Evochron Legacy\EvochronLegacy.exe FirewallRules: [{EA0163FF-F051-452C-9F00-CF18EE3F587C}] => (Allow) E:1\SteamLibrary\steamapps\common\Evochron Legacy\EvochronLegacy.exe FirewallRules: [{20B8D08A-2AAB-403F-9553-E34B4192D8B1}] => (Allow) E:0\SteamLibrary\SteamApps\common\From The Depths\From_The_Depths.exe FirewallRules: [{E48C3D32-EA3D-478F-8C2E-6E84B0434E70}] => (Allow) E:0\SteamLibrary\SteamApps\common\From The Depths\From_The_Depths.exe FirewallRules: [{2B9D99E8-B03A-4033-9859-3DA35282C91A}] => (Allow) E:1\SteamLibrary\steamapps\common\Parkitect\Parkitect.exe FirewallRules: [{F8041AB2-2567-4B3C-92D9-872F26D2A447}] => (Allow) E:1\SteamLibrary\steamapps\common\Parkitect\Parkitect.exe FirewallRules: [{8BC8420B-37AA-42C4-AACA-21F7A967FEE6}] => (Allow) E:0\SteamLibrary\SteamApps\common\Age2HD\Launcher.exe FirewallRules: [{9C247F0E-F8D8-4516-AD91-2F3C70434860}] => (Allow) E:0\SteamLibrary\SteamApps\common\Age2HD\Launcher.exe FirewallRules: [{965ED780-5A27-495E-846E-DCE29E8A0F20}] => (Allow) E:0\SteamLibrary\SteamApps\common\FortressCraft\64\FC_64.exe FirewallRules: [{3C431B6E-FF96-43D8-BA84-74DDC96766F8}] => (Allow) E:0\SteamLibrary\SteamApps\common\FortressCraft\64\FC_64.exe FirewallRules: [{C0494129-2F1A-4689-9BE7-A8F9B7ED41B3}] => (Allow) E:1\SteamLibrary\steamapps\common\Subnautica\Subnautica.exe FirewallRules: [{628D2E42-2B99-4406-8EC3-1A498BCEF4B6}] => (Allow) E:1\SteamLibrary\steamapps\common\Subnautica\Subnautica.exe FirewallRules: [{A26372C1-445A-4CDE-9B38-761476372EF1}] => (Allow) E:1\SteamLibrary\steamapps\common\Sirius Online\ExeFile.exe FirewallRules: [{A9A9EFEF-57FB-4FC2-A746-34E74676CF3F}] => (Allow) E:1\SteamLibrary\steamapps\common\Sirius Online\ExeFile.exe FirewallRules: [{FB2F8D6E-E1DB-4243-961F-77F2A5FE25F0}] => (Allow) E:1\SteamLibrary\steamapps\common\Factorio\bin\x64\Factorio.exe FirewallRules: [{820DEA66-51B9-4D1A-B955-F4174C3397C5}] => (Allow) E:1\SteamLibrary\steamapps\common\Factorio\bin\x64\Factorio.exe FirewallRules: [{6958D42A-E905-4CF8-9FBB-8AF68D125F68}] => (Allow) E:0\SteamLibrary\SteamApps\common\Kingdoms\Kingdoms.exe FirewallRules: [{FEB60C08-6C6A-44BA-ADCA-3C1E662B91E7}] => (Allow) E:0\SteamLibrary\SteamApps\common\Kingdoms\Kingdoms.exe FirewallRules: [{5CD5369D-0116-4E04-9999-1375138A3C56}] => (Allow) E:1\SteamLibrary\steamapps\common\Planetbase\Planetbase.exe FirewallRules: [{AD22409B-66D9-4965-96AD-69CFF01C8AA3}] => (Allow) E:1\SteamLibrary\steamapps\common\Planetbase\Planetbase.exe FirewallRules: [{7406B401-9177-4F8E-B909-BFE806DD6950}] => (Allow) E:1\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe FirewallRules: [{1CD909A0-4034-4F80-816A-8E4235321A6D}] => (Allow) E:1\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe FirewallRules: [{BD3C21D8-4A08-4239-9D22-A142BFAA7CAA}] => (Allow) E:0\SteamLibrary\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe FirewallRules: [{97098E50-2794-4D9C-98E5-FA1E63D0DA84}] => (Allow) E:0\SteamLibrary\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe FirewallRules: [{3BA771A7-ED6A-40A2-B55B-C268250ABCAE}] => (Allow) E:0\SteamLibrary\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe FirewallRules: [{F83CBD2F-597B-469F-8083-17DBF0D3AA37}] => (Allow) E:0\SteamLibrary\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe FirewallRules: [{84424B9D-545C-4D3C-990C-A48D911BB351}] => (Allow) E:0\SteamLibrary\SteamApps\common\LogicBots\LogicBots.exe FirewallRules: [{C7BD3706-2846-440B-A658-92509291F5AB}] => (Allow) E:0\SteamLibrary\SteamApps\common\LogicBots\LogicBots.exe FirewallRules: [{37752F3A-F6A2-4D56-AF7D-A9FF214708B0}] => (Allow) E:0\SteamLibrary\SteamApps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe FirewallRules: [{82CC2827-F88D-4E4B-8B6B-12DB599044D3}] => (Allow) E:0\SteamLibrary\SteamApps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe FirewallRules: [{79C5C59B-E659-417B-ADAA-54B61BB042F2}] => (Allow) E:0\SteamLibrary\SteamApps\common\Interstellar Rift\Build\IR.exe FirewallRules: [{F70CAB6F-3F12-4F66-B18F-7E2DAD2A7999}] => (Allow) E:0\SteamLibrary\SteamApps\common\Interstellar Rift\Build\IR.exe FirewallRules: [{6EE96A65-230B-4D64-A07F-92F6CE6D0827}] => (Allow) J:\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe FirewallRules: [{D4DB5416-9F35-4AB3-A7AC-29DEB4D16DA1}] => (Allow) J:\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe FirewallRules: [{1187FF94-1CD3-48FF-89D6-A634F5AFBB9D}] => (Allow) I:\SteamLibrary\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe FirewallRules: [{14A29533-4D45-4CA6-861F-9B052C4672E2}] => (Allow) I:\SteamLibrary\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe FirewallRules: [{062A9FB3-D8EB-4C36-9231-A382F468A73D}] => (Allow) I:\SteamLibrary\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe FirewallRules: [{65E882DC-CA6F-4113-856C-160B0166ABC3}] => (Allow) I:\SteamLibrary\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe FirewallRules: [{7EE06EBC-4F43-479B-8857-D12A2EE97D20}] => (Allow) J:\SteamLibrary\steamapps\common\Planetbase\Planetbase.exe FirewallRules: [{5A542976-6EEF-4E95-81E2-837CFD3412CD}] => (Allow) J:\SteamLibrary\steamapps\common\Planetbase\Planetbase.exe FirewallRules: [{6888974E-B010-48BD-8BA5-C2C18D22DE9C}] => (Allow) I:\SteamLibrary\SteamApps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe FirewallRules: [{0F9086CA-65A6-4557-A3F0-0E4C1D21D7DE}] => (Allow) I:\SteamLibrary\SteamApps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe FirewallRules: [{BBA93FA3-DE5A-4AB9-BF5D-2F8EBF07F6D5}] => (Allow) I:\SteamLibrary\SteamApps\common\LogicBots\LogicBots.exe FirewallRules: [{D3119DD3-15A6-472C-B1DD-2EA44D1B2E85}] => (Allow) I:\SteamLibrary\SteamApps\common\LogicBots\LogicBots.exe FirewallRules: [{803F85D3-5A3F-449B-8CE5-AB7D93EB0670}] => (Allow) I:\SteamLibrary\SteamApps\common\Kingdoms\Kingdoms.exe FirewallRules: [{AB0FD7A7-E6BE-4E2A-95EB-ED75244C9718}] => (Allow) I:\SteamLibrary\SteamApps\common\Kingdoms\Kingdoms.exe FirewallRules: [{8086EEC2-B950-46AF-94CA-9E888849C408}] => (Allow) I:\SteamLibrary\SteamApps\common\From The Depths\From_The_Depths.exe FirewallRules: [{A0F7055D-A776-4835-8BF9-A88CC578B61A}] => (Allow) I:\SteamLibrary\SteamApps\common\From The Depths\From_The_Depths.exe FirewallRules: [TCP Query User{92872A42-1702-40C9-A641-D81BA3BC8DAE}I:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) I:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe FirewallRules: [UDP Query User{8C97A503-2487-4906-A5BC-BC4E8577150D}I:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) I:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe FirewallRules: [{F954042D-6C84-47FE-B999-7C2C3793709F}] => (Allow) J:\SteamLibrary\steamapps\common\Parkitect\Parkitect.exe FirewallRules: [{D28B0EA9-C0DA-48AD-8C67-F65F7A8CC4BA}] => (Allow) J:\SteamLibrary\steamapps\common\Parkitect\Parkitect.exe FirewallRules: [{5F2C40D9-A8AB-4531-8475-9B3E581613BE}] => (Allow) I:\SteamLibrary\SteamApps\common\Automation\Automation Launcher Steam.exe FirewallRules: [{7BF83F49-01E3-45FA-AB33-D41B563715ED}] => (Allow) I:\SteamLibrary\SteamApps\common\Automation\Automation Launcher Steam.exe FirewallRules: [{068AE47A-181D-4BC6-868C-7A15D163ECA0}] => (Allow) I:\SteamLibrary\SteamApps\common\Automation\Automation_Shipping_Steam.exe FirewallRules: [{A072E021-67DD-45A7-A00A-7997EBC17466}] => (Allow) I:\SteamLibrary\SteamApps\common\Automation\Automation_Shipping_Steam.exe FirewallRules: [TCP Query User{94EC18EE-E192-45AD-A293-8CAAA4D19DAC}J:\steamlibrary\steamapps\common\sirius online\exefile.exe] => (Allow) J:\steamlibrary\steamapps\common\sirius online\exefile.exe FirewallRules: [UDP Query User{2A08C673-398E-4253-A7C1-BC486382495B}J:\steamlibrary\steamapps\common\sirius online\exefile.exe] => (Allow) J:\steamlibrary\steamapps\common\sirius online\exefile.exe FirewallRules: [{4CC4D121-6773-4871-8575-4916A629DDD9}] => (Allow) I:\SteamLibrary\SteamApps\common\X3 Terran Conflict\X3TC.exe FirewallRules: [{DAECB3BD-8779-46FE-8D0F-08A3307F8EB1}] => (Allow) I:\SteamLibrary\SteamApps\common\X3 Terran Conflict\X3TC.exe FirewallRules: [TCP Query User{D81107CA-4CD0-447F-BF4E-8966C85BC481}H:\program files (x86)\steam\steamapps\common\landmark\landmark64.exe] => (Allow) H:\program files (x86)\steam\steamapps\common\landmark\landmark64.exe FirewallRules: [UDP Query User{57BC575C-EED3-4374-B500-5DF6F341BA97}H:\program files (x86)\steam\steamapps\common\landmark\landmark64.exe] => (Allow) H:\program files (x86)\steam\steamapps\common\landmark\landmark64.exe FirewallRules: [{6980092A-B996-45A5-AA13-4286F7664A14}] => (Allow) J:\SteamLibrary\steamapps\common\Stonehearth\Stonehearth.exe FirewallRules: [{FD594D78-EAD2-42BE-8113-3FA9E90642D7}] => (Allow) J:\SteamLibrary\steamapps\common\Stonehearth\Stonehearth.exe FirewallRules: [TCP Query User{AAC30BFA-EAEB-4BA6-88EC-8D9A8190FC0E}H:\program files (x86)\steam\steamapps\common\spaceengineers\dedicatedserver64\spaceengineersdedicated.exe] => (Allow) H:\program files (x86)\steam\steamapps\common\spaceengineers\dedicatedserver64\spaceengineersdedicated.exe FirewallRules: [UDP Query User{93E99BFC-2B76-427F-8597-646AC7EBEC78}H:\program files (x86)\steam\steamapps\common\spaceengineers\dedicatedserver64\spaceengineersdedicated.exe] => (Allow) H:\program files (x86)\steam\steamapps\common\spaceengineers\dedicatedserver64\spaceengineersdedicated.exe FirewallRules: [TCP Query User{8410D56A-DB3F-46A4-B2C6-28D73D357613}I:\steamlibrary\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) I:\steamlibrary\steamapps\common\empyrion - galactic survival\empyrion.exe FirewallRules: [UDP Query User{02114CDA-4F9D-4F90-BB75-11A1FD25A3B1}I:\steamlibrary\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) I:\steamlibrary\steamapps\common\empyrion - galactic survival\empyrion.exe FirewallRules: [{67FD0791-6B5D-405C-84DF-28ECE15B4731}] => (Allow) J:\SteamLibrary\steamapps\common\Champions Online\Champions Online.exe FirewallRules: [{62839B28-F3F7-46FB-A50F-BEA486864E3A}] => (Allow) J:\SteamLibrary\steamapps\common\Champions Online\Champions Online.exe FirewallRules: [TCP Query User{860F7EAC-7435-4C1C-BAB5-302FABA68BD4}J:\steamlibrary\steamapps\common\champions online\champions online\live\gameclient.exe] => (Allow) J:\steamlibrary\steamapps\common\champions online\champions online\live\gameclient.exe FirewallRules: [UDP Query User{0680D188-2374-4739-B52E-BF9AD485C90E}J:\steamlibrary\steamapps\common\champions online\champions online\live\gameclient.exe] => (Allow) J:\steamlibrary\steamapps\common\champions online\champions online\live\gameclient.exe FirewallRules: [TCP Query User{B72C42F0-949C-4AE9-BF05-0C8114F77351}J:\dc_universe\unreal3\binaries\win32\dcgame.exe] => (Allow) J:\dc_universe\unreal3\binaries\win32\dcgame.exe FirewallRules: [UDP Query User{10391DB3-BCBE-42C5-9A36-DAF0AABC1DA9}J:\dc_universe\unreal3\binaries\win32\dcgame.exe] => (Allow) J:\dc_universe\unreal3\binaries\win32\dcgame.exe FirewallRules: [{6BF66CBB-3740-45B6-84A4-961B5D6D3768}] => (Allow) J:\SteamLibrary\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe FirewallRules: [{D251E3D5-1C26-4EE4-9654-D5480E54A1C1}] => (Allow) J:\SteamLibrary\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe FirewallRules: [{869962CC-15D7-4EF7-B86F-284D52D36A29}] => (Allow) I:\SteamLibrary\SteamApps\common\MountBlade Warband\mb_warband.exe FirewallRules: [{3C1EBFA1-0FF1-4ED3-9207-83B573CBC29A}] => (Allow) I:\SteamLibrary\SteamApps\common\MountBlade Warband\mb_warband.exe FirewallRules: [{3990CF70-F694-422C-A98E-837DE15C3E42}] => (Allow) J:\SteamLibrary\steamapps\common\SimplePlanes\SimplePlanes.exe FirewallRules: [{EA394CF6-DF6C-4381-ACCD-F8EFFAFE9E5F}] => (Allow) J:\SteamLibrary\steamapps\common\SimplePlanes\SimplePlanes.exe FirewallRules: [TCP Query User{1C02D68B-859A-4064-BBC7-FAEA9D926FC2}H:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) H:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{97D8C39A-29AB-4F5D-B561-19660600E260}H:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) H:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{58E296A1-1F26-400E-9D9D-37916ED60A53}E:2\portal 2\portal2.exe] => (Allow) E:2\portal 2\portal2.exe FirewallRules: [UDP Query User{8FA28EA5-637E-4182-A49B-9A5BCC311F8A}E:2\portal 2\portal2.exe] => (Allow) E:2\portal 2\portal2.exe FirewallRules: [TCP Query User{7FA72263-A060-4961-8F1E-C2ACE5156BBA}L:\nox\game.exe] => (Allow) L:\nox\game.exe FirewallRules: [UDP Query User{A8F629FA-A347-4AAF-8A7F-0C705F81F26C}L:\nox\game.exe] => (Allow) L:\nox\game.exe FirewallRules: [{F9E07C59-B7E1-4E6B-B585-B30B9C04E42D}] => (Allow) J:\SteamLibrary\steamapps\common\Kerbal Space Program\KSP.exe FirewallRules: [{E942066A-156B-46EC-9E4B-D45BB6480025}] => (Allow) J:\SteamLibrary\steamapps\common\Kerbal Space Program\KSP.exe FirewallRules: [{3F15F972-1EB5-42CE-B1D0-AF329ACBA5CA}] => (Allow) J:\SteamLibrary\steamapps\common\Kerbal Space Program\KSP_x64.exe FirewallRules: [{455B790B-CC9F-44A3-9865-E3BCFCE8BEF2}] => (Allow) J:\SteamLibrary\steamapps\common\Kerbal Space Program\KSP_x64.exe FirewallRules: [{C030012C-1768-4492-87F6-6836B179BA40}] => (Block) I:\steamlibrary\steamapps\common\divinity original sin enhanced edition\shipping\eocapp.exe FirewallRules: [{B6AB4D72-017A-4B1B-BEBD-AE0D7CCA3DC0}] => (Block) I:\steamlibrary\steamapps\common\divinity original sin enhanced edition\shipping\eocapp.exe FirewallRules: [{03C85560-DC45-46CB-9029-1B0447399D01}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{AB0B8EA2-70A4-4CD8-ADB1-7C4F89CBA08A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{5C2EA185-98AE-4EF2-B38B-E975D5EC8835}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{090F48F1-3DB5-4942-B3F0-4487B214DF3A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [TCP Query User{FBCD1FCE-D1E8-498D-BC04-A91840C65C5A}J:\steamlibrary\steamapps\common\unloved\unloved\binaries\win32\unloved-win32-shipping.exe] => (Allow) J:\steamlibrary\steamapps\common\unloved\unloved\binaries\win32\unloved-win32-shipping.exe FirewallRules: [UDP Query User{5F444DDD-65CE-40ED-8458-92E128DF8511}J:\steamlibrary\steamapps\common\unloved\unloved\binaries\win32\unloved-win32-shipping.exe] => (Allow) J:\steamlibrary\steamapps\common\unloved\unloved\binaries\win32\unloved-win32-shipping.exe FirewallRules: [{42B90632-FD63-4D78-8AB8-D99A37AE48D4}] => (Block) J:\steamlibrary\steamapps\common\unloved\unloved\binaries\win32\unloved-win32-shipping.exe FirewallRules: [{E9BE7BDA-5D82-4E1A-B7BC-AC0627D66B74}] => (Block) J:\steamlibrary\steamapps\common\unloved\unloved\binaries\win32\unloved-win32-shipping.exe FirewallRules: [TCP Query User{2A0CADC6-966E-4CDB-B209-9B7E7BCA312A}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe FirewallRules: [UDP Query User{C2CA5D69-1546-4C2D-AB39-AFBB6174949E}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe FirewallRules: [TCP Query User{5636AD82-9265-44B2-8A6B-F1CD37B5003F}I:\steamlibrary\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) I:\steamlibrary\steamapps\common\empyrion - galactic survival\empyrion.exe FirewallRules: [UDP Query User{F9129F5D-4F28-4092-9849-8382D280B115}I:\steamlibrary\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) I:\steamlibrary\steamapps\common\empyrion - galactic survival\empyrion.exe FirewallRules: [{AE406F42-2F2F-4ACC-83F3-B1907CE2C417}] => (Allow) H:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe FirewallRules: [{B9A35329-99E0-4799-9B27-3BDAFADF57E8}] => (Allow) H:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe FirewallRules: [TCP Query User{C92843CB-BB6B-4BE4-AC83-5032E2AC4CFD}J:\steamlibrary\steamapps\common\gauntlet\binaries\gauntlet.exe] => (Block) J:\steamlibrary\steamapps\common\gauntlet\binaries\gauntlet.exe FirewallRules: [UDP Query User{8B99007D-B4EF-45DC-9E0A-A9B5ADF6E01D}J:\steamlibrary\steamapps\common\gauntlet\binaries\gauntlet.exe] => (Block) J:\steamlibrary\steamapps\common\gauntlet\binaries\gauntlet.exe FirewallRules: [TCP Query User{CFA8A005-EB8D-489C-B6A3-0A2A71578C24}I:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) I:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe FirewallRules: [UDP Query User{32E14827-CE1B-42A7-A739-9469114507E2}I:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) I:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe FirewallRules: [TCP Query User{6FD99A1A-FB2D-4604-B03E-5AED5564FC01}H:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe] => (Allow) H:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe FirewallRules: [UDP Query User{4338A063-A518-4865-AEE8-C9662CC095B3}H:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe] => (Allow) H:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe FirewallRules: [{D11D406A-86BB-4618-B673-173FB482FAF2}] => (Allow) I:\SteamLibrary\SteamApps\common\ContraptionMaker\ContraptionMaker.exe FirewallRules: [{62E62F63-72F3-4D36-B0CA-A3DFE7C4C50B}] => (Allow) I:\SteamLibrary\SteamApps\common\ContraptionMaker\ContraptionMaker.exe FirewallRules: [{230C1662-42B3-4924-B23A-3E618907430B}] => (Allow) J:\SteamLibrary\steamapps\common\Path of Exile\PathOfExile_x64Steam.exe FirewallRules: [{4FF852AF-3909-472D-8384-9D318E761C29}] => (Allow) J:\SteamLibrary\steamapps\common\Path of Exile\PathOfExile_x64Steam.exe FirewallRules: [{BFFC8064-0284-45D6-A541-6987BA862AE0}] => (Allow) J:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe FirewallRules: [{1CAA1D4A-8C54-4DC9-A621-28903C687405}] => (Allow) J:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe FirewallRules: [{8156352A-4877-4BDB-A242-54A0EEE29157}] => (Allow) H:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{4935AF78-3BDB-460D-9F05-EEED2F465898}] => (Allow) H:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [TCP Query User{9E4BFA4D-7BAD-425A-8F96-EC9DC397FF72}J:\steamlibrary\steamapps\common\sirius online\siriusonline.exe] => (Allow) J:\steamlibrary\steamapps\common\sirius online\siriusonline.exe FirewallRules: [UDP Query User{3038BCFC-D5FC-4791-AB3E-DE56ECCB0EE6}J:\steamlibrary\steamapps\common\sirius online\siriusonline.exe] => (Allow) J:\steamlibrary\steamapps\common\sirius online\siriusonline.exe FirewallRules: [{9E8A608A-0D0F-4615-82C9-0B405ED29555}] => (Block) J:\steamlibrary\steamapps\common\sirius online\siriusonline.exe FirewallRules: [{5DC9D2C4-294F-4E00-B764-7547C793412C}] => (Block) J:\steamlibrary\steamapps\common\sirius online\siriusonline.exe FirewallRules: [TCP Query User{BB02D2F2-CEFE-446D-A02D-E1B31209A298}G:\steamlibrary\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) G:\steamlibrary\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe FirewallRules: [UDP Query User{FBC137B5-4C2B-4A71-9A5C-28F26C253D9C}G:\steamlibrary\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) G:\steamlibrary\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe FirewallRules: [TCP Query User{7D4051BD-49A4-4F5F-A656-8B8748786DB4}C:\users\covenant\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\covenant\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{826E6797-15D1-4308-917C-390AD172F586}C:\users\covenant\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\covenant\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{57DC5B0E-B21F-429E-BBCE-360AB3CFEF64}] => (Block) C:\users\covenant\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{CD5AA8F0-E208-48B0-BD85-B6780F99E12F}] => (Block) C:\users\covenant\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{E16E67DE-B5EE-4653-9024-2F650E923BA3}] => (Allow) I:\SteamLibrary\SteamApps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe FirewallRules: [{6129284F-34A3-4091-9CC6-9F807A2BA412}] => (Allow) I:\SteamLibrary\SteamApps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe FirewallRules: [TCP Query User{68DD94F6-9320-4DD7-8FC3-2A550A7828D4}G:\diablo iii\x64\diablo iii64.exe] => (Allow) G:\diablo iii\x64\diablo iii64.exe FirewallRules: [UDP Query User{8532D498-C417-4041-8B29-4F20702B36B4}G:\diablo iii\x64\diablo iii64.exe] => (Allow) G:\diablo iii\x64\diablo iii64.exe FirewallRules: [TCP Query User{CC71569A-2C62-4947-A3E4-39925813FBA2}C:\users\covenant\unity\editor\unity.exe] => (Block) C:\users\covenant\unity\editor\unity.exe FirewallRules: [UDP Query User{DF5A6DEC-5B75-49F0-8E2E-27468FFA0183}C:\users\covenant\unity\editor\unity.exe] => (Block) C:\users\covenant\unity\editor\unity.exe FirewallRules: [{B7BCF644-25AA-4798-A67B-93B6BC796351}] => (Allow) G:\SteamLibrary\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe FirewallRules: [{DFBC3E2F-2E57-49CA-95A3-806391D1E64E}] => (Allow) G:\SteamLibrary\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe FirewallRules: [{21356C4A-4703-46C9-9E97-1369281AD113}] => (Allow) G:\SteamLibrary\steamapps\common\Subnautica\Subnautica.exe FirewallRules: [{28E49C3F-3E0C-49DF-9B5A-7E52D3970BE9}] => (Allow) G:\SteamLibrary\steamapps\common\Subnautica\Subnautica.exe FirewallRules: [TCP Query User{10434555-6CC1-482B-8DB8-88D8CDB97BBA}G:\steamlibrary\steamapps\common\avorion\bin\avorionserver.exe] => (Allow) G:\steamlibrary\steamapps\common\avorion\bin\avorionserver.exe FirewallRules: [UDP Query User{979966E4-4779-413E-AF97-278692BAA8CE}G:\steamlibrary\steamapps\common\avorion\bin\avorionserver.exe] => (Allow) G:\steamlibrary\steamapps\common\avorion\bin\avorionserver.exe FirewallRules: [{99636503-6F90-46C3-BD8D-6FDD8FFB3B8F}] => (Allow) G:\SteamLibrary\steamapps\common\Industry Giant 2\ig2_AddOn.exe FirewallRules: [{B9D24AAF-4C6F-4EB0-B74E-AD030A00D473}] => (Allow) G:\SteamLibrary\steamapps\common\Industry Giant 2\ig2_AddOn.exe FirewallRules: [TCP Query User{8364DE87-72D9-4494-BBE3-5E9FF50AA82D}E:3\nox\game.exe] => (Block) E:3\nox\game.exe FirewallRules: [UDP Query User{4DB5A9D5-6F68-48F6-B871-2E3660EBD7AC}E:3\nox\game.exe] => (Block) E:3\nox\game.exe FirewallRules: [TCP Query User{708D14D9-1632-4AF7-AF07-233222F4A302}G:\steamlibrary\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) G:\steamlibrary\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe FirewallRules: [UDP Query User{0E060D0D-8341-4608-A737-6DDA5C1BE200}G:\steamlibrary\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) G:\steamlibrary\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe FirewallRules: [TCP Query User{EC3089C0-27D5-4161-AA6A-A600F3B32CD0}H:\program files (x86)\smith micro\poser 8\poser.exe] => (Allow) H:\program files (x86)\smith micro\poser 8\poser.exe FirewallRules: [UDP Query User{92B572B3-369D-41E1-8609-9D6472910CB6}H:\program files (x86)\smith micro\poser 8\poser.exe] => (Allow) H:\program files (x86)\smith micro\poser 8\poser.exe FirewallRules: [TCP Query User{B77A8361-E38B-445B-B67C-07BD11506C9B}M:\portal 2\portal2.exe] => (Block) M:\portal 2\portal2.exe FirewallRules: [UDP Query User{2AE5E58A-1558-4BE1-AC53-9D16177DCFE0}M:\portal 2\portal2.exe] => (Block) M:\portal 2\portal2.exe FirewallRules: [{6472B73E-E812-4ED7-9D09-44267D3AC1BB}] => (Allow) G:\SteamLibrary\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe FirewallRules: [{F6F00D5D-9745-4325-9011-1A5EB19554E7}] => (Allow) G:\SteamLibrary\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe FirewallRules: [TCP Query User{D4A3EC0B-6BDE-4AA9-AE99-6E3F27F49D7F}G:\steamlibrary\steamapps\common\war for the overworld\wftogame.exe] => (Block) G:\steamlibrary\steamapps\common\war for the overworld\wftogame.exe FirewallRules: [UDP Query User{F093703E-32DC-4138-891D-F6E104C22DDA}G:\steamlibrary\steamapps\common\war for the overworld\wftogame.exe] => (Block) G:\steamlibrary\steamapps\common\war for the overworld\wftogame.exe FirewallRules: [{1CA07DDF-EEC2-4F97-9613-EB8D58B893F2}] => (Allow) C:\Program Files (x86)\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe FirewallRules: [{DB519CC5-11D4-4809-A34A-D30E62041AC5}] => (Allow) C:\Program Files (x86)\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe FirewallRules: [{8026D4D2-B6B0-4DD6-B0E4-4BB17F82EDEE}] => (Allow) LPort=1542 FirewallRules: [{B6D7D4B9-FDF3-4F3E-9CC7-117F58F27D33}] => (Allow) LPort=1542 FirewallRules: [{E9568554-5DEB-4679-A198-CFCB4254CC43}] => (Allow) LPort=53 FirewallRules: [{5755801A-D761-4139-9726-7E1FCE0B42C6}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe FirewallRules: [{4F793AA8-70D6-4B95-9544-FC389CF222EE}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe FirewallRules: [TCP Query User{4CA8FF25-E75C-48C8-8E74-8820C469FABA}H:\program files (x86)\skype\phone\skype.exe] => (Allow) H:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{56E00878-560B-4775-B85A-CB37EFAC400E}H:\program files (x86)\skype\phone\skype.exe] => (Allow) H:\program files (x86)\skype\phone\skype.exe FirewallRules: [{B7F846A0-4019-4694-91AE-824BCAB7C99C}] => (Allow) I:\SteamLibrary\SteamApps\common\Kingdoms\News Tycoon.exe FirewallRules: [{305299E0-67CE-4A2F-943F-9268BD019527}] => (Allow) I:\SteamLibrary\SteamApps\common\Kingdoms\News Tycoon.exe FirewallRules: [{869231E9-F157-4C70-94AF-C2D2E568EF7B}] => (Allow) G:\SteamLibrary\steamapps\common\Offworld Trading Company\StardockLauncher.exe FirewallRules: [{906B9D3E-DC71-4A4C-A107-335D5FE57F3C}] => (Allow) G:\SteamLibrary\steamapps\common\Offworld Trading Company\StardockLauncher.exe FirewallRules: [TCP Query User{F5B37BA7-8462-435D-9395-FA69A0F7B330}G:\2017\left4dead\left4dead\l4d on krystal\left4dead.exe] => (Allow) G:\2017\left4dead\left4dead\l4d on krystal\left4dead.exe FirewallRules: [UDP Query User{0023F6DC-A587-44B8-9511-C3C048325A79}G:\2017\left4dead\left4dead\l4d on krystal\left4dead.exe] => (Allow) G:\2017\left4dead\left4dead\l4d on krystal\left4dead.exe FirewallRules: [TCP Query User{29149A73-7CE1-49A6-9204-CA7639FAA4DF}J:\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) J:\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe FirewallRules: [UDP Query User{D0E8311A-84F8-4D28-81F2-092813218D47}J:\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) J:\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe FirewallRules: [{C4FA9357-AD1D-402B-80BF-EFA8F111D2F3}] => (Allow) I:\SteamLibrary\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe FirewallRules: [{985ACF5F-ADC1-42F3-B7FD-AFFC79BF0B19}] => (Allow) I:\SteamLibrary\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe FirewallRules: [{E837ED62-F620-4621-9E27-775DEB37CDA6}] => (Allow) G:\SteamLibrary\steamapps\common\RIFT\riftpatchlive.exe FirewallRules: [{E9905E6D-E86F-467E-BBF2-5EB2AD5867B0}] => (Allow) G:\SteamLibrary\steamapps\common\RIFT\riftpatchlive.exe FirewallRules: [{5C373CAF-1744-4E3D-BE6B-799457657528}] => (Allow) I:\SteamLibrary\SteamApps\common\Interstellar Rift\Build\IR.exe FirewallRules: [{1AB54468-135E-414E-B9B1-7A624923300B}] => (Allow) I:\SteamLibrary\SteamApps\common\Interstellar Rift\Build\IR.exe FirewallRules: [{C016169B-CC09-4343-8452-043EA5990BD6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0FA803D1-FB70-4CAD-98B6-F65EBB823C52}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5FEDA8E8-B75E-4224-A33E-DDAA583B1B07}] => (Allow) I:\SteamLibrary\SteamApps\common\The Secret World\ClientPatcher.exe FirewallRules: [{40C3B837-76E3-4A71-8811-02A770EC78C2}] => (Allow) I:\SteamLibrary\SteamApps\common\The Secret World\ClientPatcher.exe FirewallRules: [{D55FB351-04EE-4F87-996D-D8D436840FF0}] => (Allow) J:\SteamLibrary\steamapps\common\Naval Action\Client.exe FirewallRules: [{40FF64EF-0127-4905-81EE-E5EB44B39B7D}] => (Allow) J:\SteamLibrary\steamapps\common\Naval Action\Client.exe FirewallRules: [{EC4067F4-D27E-42EE-9884-4D8780009385}] => (Allow) J:\SteamLibrary\steamapps\common\Naval Action\Client_.exe FirewallRules: [{93DC51B0-85BC-4865-89CA-FAA62093664D}] => (Allow) J:\SteamLibrary\steamapps\common\Naval Action\Client_.exe FirewallRules: [{A6897C3D-E62E-43E3-B48B-77CE0D9A539A}] => (Allow) J:\SteamLibrary\steamapps\common\Naval Action\NavalActionCrashSender.exe FirewallRules: [{A663928B-3140-4BB5-ACD4-A68C44181B8C}] => (Allow) J:\SteamLibrary\steamapps\common\Naval Action\NavalActionCrashSender.exe FirewallRules: [{6E6ADF00-A264-4EDB-9A24-AAA0E389993D}] => (Allow) J:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe FirewallRules: [{E6D137B8-71B2-4618-8D11-B29B65D5A129}] => (Allow) J:\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe FirewallRules: [{142E6502-D524-4ADD-B93B-801B16FA34F9}] => (Allow) I:\SteamLibrary\SteamApps\common\Age2HD\Launcher.exe FirewallRules: [{E7BCA2B6-58A2-4EAD-963E-3541EC28823A}] => (Allow) I:\SteamLibrary\SteamApps\common\Age2HD\Launcher.exe FirewallRules: [TCP Query User{1F443E8D-4306-4224-B28D-4D4CE327D1BC}I:\steamlibrary\steamapps\common\starmade\dep\java\jre1.7.0_80\bin\javaw.exe] => (Allow) I:\steamlibrary\steamapps\common\starmade\dep\java\jre1.7.0_80\bin\javaw.exe FirewallRules: [UDP Query User{18BD6D49-386D-455F-8829-642A57642692}I:\steamlibrary\steamapps\common\starmade\dep\java\jre1.7.0_80\bin\javaw.exe] => (Allow) I:\steamlibrary\steamapps\common\starmade\dep\java\jre1.7.0_80\bin\javaw.exe FirewallRules: [{122E4C20-3A4F-41D8-A7C5-C80C9A0846AA}] => (Allow) G:\SteamLibrary\steamapps\common\Avorion\bin\Avorion.exe FirewallRules: [{29B1EC21-8EB7-4FD8-BAE0-5736FD8C291B}] => (Allow) G:\SteamLibrary\steamapps\common\Avorion\bin\Avorion.exe FirewallRules: [{D77DC128-1785-4C3C-A23F-E6B0A417466E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{28D82CE1-03DC-41DF-A8B9-0A18215DA60C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{67651B18-BBB9-4081-89AE-B12E09B16C58}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{E84F42EB-B7A1-42AB-9537-3AC49DCA3FFC}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [TCP Query User{9D697FAF-2554-4C1A-BE49-460700221DF1}J:\steamlibrary\steamapps\common\avorion\bin\avorionserver.exe] => (Allow) J:\steamlibrary\steamapps\common\avorion\bin\avorionserver.exe FirewallRules: [UDP Query User{34731448-A7B6-404A-8ACB-7710B6F34B96}J:\steamlibrary\steamapps\common\avorion\bin\avorionserver.exe] => (Allow) J:\steamlibrary\steamapps\common\avorion\bin\avorionserver.exe FirewallRules: [{F868550A-57F1-4FF6-8CD4-68083C6AC3A7}] => (Allow) G:\SteamLibrary\steamapps\common\Deserts of Kharak\DesertsOfKharak64.exe FirewallRules: [{D45E947A-895A-49DC-BF0A-68E88B3615EC}] => (Allow) G:\SteamLibrary\steamapps\common\Deserts of Kharak\DesertsOfKharak64.exe FirewallRules: [{1760B5A4-286D-4A3E-9A2D-035D0AD050D7}] => (Allow) G:\SteamLibrary\steamapps\common\Deserts of Kharak\TechnicalManual\DoK_Manual.exe FirewallRules: [{ED808C3B-8B6D-44D8-9EF6-2158EA2278C1}] => (Allow) G:\SteamLibrary\steamapps\common\Deserts of Kharak\TechnicalManual\DoK_Manual.exe FirewallRules: [TCP Query User{A4C4AF44-4794-4A0F-9C45-365CA4FF776D}I:\steamlibrary\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) I:\steamlibrary\steamapps\common\xcom 2\binaries\win64\xcom2.exe FirewallRules: [UDP Query User{964CF8D1-BC6D-49BA-9FAF-7D15ED88191B}I:\steamlibrary\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) I:\steamlibrary\steamapps\common\xcom 2\binaries\win64\xcom2.exe FirewallRules: [{6B0B7AA3-BBC4-4DF7-BF6D-F2FD127A02A3}] => (Allow) I:\SteamLibrary\SteamApps\common\7 Days To Die\7dLauncher.exe FirewallRules: [{80C0D592-CFB3-46B9-9D98-A3055E6EC507}] => (Allow) I:\SteamLibrary\SteamApps\common\7 Days To Die\7dLauncher.exe FirewallRules: [{52E085DA-EF14-4ABD-A3F0-4D737A515C6C}] => (Allow) H:\Program Files (x86)\Steam\steamapps\common\Deus Ex\Revision\System\Revision.exe FirewallRules: [{5E190CA5-DF48-44C6-8F1F-90BF0A248CAB}] => (Allow) H:\Program Files (x86)\Steam\steamapps\common\Deus Ex\Revision\System\Revision.exe FirewallRules: [{666D8C5D-F316-438A-B7F1-10E8E35ACE5D}] => (Allow) J:\SteamLibrary\steamapps\common\DCSWorld\Run.exe FirewallRules: [{CB63AB5D-EA68-413B-9B20-B2D6D9EA8176}] => (Allow) J:\SteamLibrary\steamapps\common\DCSWorld\Run.exe FirewallRules: [TCP Query User{A74738D6-5C54-4A46-91EF-A96821E2BBF4}C:\program files (x86)\java\jre1.8.0_121\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\java.exe FirewallRules: [UDP Query User{84BF0D73-FA14-4D7D-B9FA-360635E22A3A}C:\program files (x86)\java\jre1.8.0_121\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\java.exe FirewallRules: [{3B8AC5C4-0FD5-49F7-A3B7-72ED2329F916}] => (Allow) J:\SteamLibrary\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe FirewallRules: [{765988C8-0AE2-4C8A-909B-7070C4C8DFAD}] => (Allow) J:\SteamLibrary\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe FirewallRules: [{B0A9CFC5-B81C-4B76-B353-B99A1DC2E5C1}] => (Allow) J:\SteamLibrary\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe FirewallRules: [{A95B7A52-9247-464D-B8C9-7C799578EECD}] => (Allow) J:\SteamLibrary\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe FirewallRules: [{13D6713C-B0DB-4839-BD09-9E789BDFF6F5}] => (Allow) J:\SteamLibrary\steamapps\common\Interstellar Transport Company\Interstellar_Transport_Company_win64.exe FirewallRules: [{943AFF10-19A8-49A2-A8F1-B41253FE47E1}] => (Allow) J:\SteamLibrary\steamapps\common\Interstellar Transport Company\Interstellar_Transport_Company_win64.exe FirewallRules: [TCP Query User{69B0D742-96BD-4569-A85C-4479350C55B5}I:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe] => (Block) I:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe FirewallRules: [UDP Query User{86455E04-8998-4B71-AF42-A64B58F62900}I:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe] => (Block) I:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe FirewallRules: [{B3F211B4-E53E-4FE1-B373-85C52FEF3052}] => (Allow) J:\SteamLibrary\steamapps\common\UNLOVED\Unloved.exe FirewallRules: [{D24CA961-443C-44C8-8031-F813C660A736}] => (Allow) J:\SteamLibrary\steamapps\common\UNLOVED\Unloved.exe FirewallRules: [{86DBF3A7-B07D-48CF-A8F2-5A15A9BD6BE6}] => (Allow) J:\SteamLibrary\steamapps\common\Infinifactory\infinifactory.exe FirewallRules: [{4B0E2C4C-F796-4DC4-A5F9-0E9D08DEFE6A}] => (Allow) J:\SteamLibrary\steamapps\common\Infinifactory\infinifactory.exe FirewallRules: [{40977EA4-3DDB-4156-B5F8-D2B4D5EF918A}] => (Allow) J:\SteamLibrary\steamapps\common\Wolcen\win_x64\Wolcen.exe FirewallRules: [{B2FC646B-21E9-41BA-831D-B543DA9A7CB6}] => (Allow) J:\SteamLibrary\steamapps\common\Wolcen\win_x64\Wolcen.exe FirewallRules: [{A619B774-EBC7-47F2-9555-64A815DC9AB2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{44BD9973-87CE-4FFB-952A-0780BB9B5740}] => (Allow) J:\SteamLibrary\steamapps\common\Avorion\bin\Avorion.exe FirewallRules: [{D202D3FD-6C41-4D48-8CE7-6B7222C0754B}] => (Allow) J:\SteamLibrary\steamapps\common\Avorion\bin\Avorion.exe FirewallRules: [{3A9CBB04-3D91-4241-B778-5680F99FCF51}] => (Allow) I:\SteamLibrary\SteamApps\common\Interstellar Rift\Build\IR.exe FirewallRules: [{0B313CE2-C032-42E8-BD77-1BF5D3900FCD}] => (Allow) I:\SteamLibrary\SteamApps\common\Interstellar Rift\Build\IR.exe FirewallRules: [{4339A7A3-FF0B-411D-8F8F-A4B5E45EEE18}] => (Allow) J:\SteamLibrary\steamapps\common\Starship Corporation\StarshipCorporation.exe FirewallRules: [{5C5BD793-7E8B-4FA7-B3F2-7DA2C6B91894}] => (Allow) J:\SteamLibrary\steamapps\common\Starship Corporation\StarshipCorporation.exe FirewallRules: [{7CC2E158-B593-4C10-A2B3-030C8B74E749}] => (Allow) J:\SteamLibrary\steamapps\common\Endless Sky\EndlessSky.exe FirewallRules: [{CF7686DD-DC97-4340-9B29-2BAC55916CDB}] => (Allow) J:\SteamLibrary\steamapps\common\Endless Sky\EndlessSky.exe FirewallRules: [{2CA25CAF-3D76-40EA-8645-C43F4E6937A4}] => (Allow) I:\SteamLibrary\SteamApps\common\Automation\WindowsNoEditor\AutomationGame.exe FirewallRules: [{54A19B33-3155-4367-9796-523D7971DB97}] => (Allow) I:\SteamLibrary\SteamApps\common\Automation\WindowsNoEditor\AutomationGame.exe FirewallRules: [{93966E61-EE7A-4042-8BA8-DF01B13659DE}] => (Allow) J:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe FirewallRules: [{DD014BBF-AB4A-4786-BA8B-A87BCDBE794B}] => (Allow) J:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe FirewallRules: [TCP Query User{6076989F-3A4F-420C-91D5-C66CB45ABE91}H:\program files (x86)\gstarcad2011standard\icad.exe] => (Allow) H:\program files (x86)\gstarcad2011standard\icad.exe FirewallRules: [UDP Query User{AB46D08E-3596-4B68-AC58-38A2DABF08D2}H:\program files (x86)\gstarcad2011standard\icad.exe] => (Allow) H:\program files (x86)\gstarcad2011standard\icad.exe FirewallRules: [{12B67704-5BB1-4D67-A09D-FA77B99C29CA}] => (Allow) J:\SteamLibrary\steamapps\common\Celestial Command\CelestialCommand.exe FirewallRules: [{CF4B30B2-2651-4F52-A036-9CD9DAF1CC62}] => (Allow) J:\SteamLibrary\steamapps\common\Celestial Command\CelestialCommand.exe FirewallRules: [{BD28C906-CB1D-4FF0-B962-6DFEDF24CB68}] => (Allow) I:\SteamLibrary\SteamApps\common\Automation\WindowsNoEditor\AutomationGame\Binaries\Win64\AutomationGame-Win64-Shipping.exe FirewallRules: [{3A38B966-7D1A-4F13-BDBF-0669AE695076}] => (Allow) I:\SteamLibrary\SteamApps\common\Automation\WindowsNoEditor\AutomationGame\Binaries\Win64\AutomationGame-Win64-Shipping.exe FirewallRules: [{3E9EA526-AAE1-47FB-8E6A-5082B6C79EF6}] => (Allow) J:\SteamLibrary\steamapps\common\DCSWorld\bin\DCS.exe FirewallRules: [{2062725F-43EA-4FF2-B542-D58C3E923A57}] => (Allow) J:\SteamLibrary\steamapps\common\DCSWorld\bin\DCS.exe FirewallRules: [{DA21BE6A-9887-482D-8934-0DF17BB96C40}] => (Allow) J:\SteamLibrary\steamapps\common\Divinity Original Sin 2\bin\SupportTool.exe FirewallRules: [{5D56BCC3-C8FC-46A3-9E5B-C91812174B92}] => (Allow) J:\SteamLibrary\steamapps\common\Divinity Original Sin 2\bin\SupportTool.exe FirewallRules: [TCP Query User{A49223F1-3236-4DEA-976A-8173F6F46A89}J:\steamlibrary\steamapps\common\divinity original sin 2\bin\eocapp.exe] => (Allow) J:\steamlibrary\steamapps\common\divinity original sin 2\bin\eocapp.exe FirewallRules: [UDP Query User{F76F62A7-8D54-4908-BA52-B112B723CCBD}J:\steamlibrary\steamapps\common\divinity original sin 2\bin\eocapp.exe] => (Allow) J:\steamlibrary\steamapps\common\divinity original sin 2\bin\eocapp.exe ==================== Restore Points ========================= 07-02-2016 20:00:11 Windows Backup 10-02-2016 00:53:22 Removed Apple Software Update 10-02-2016 00:55:39 Configured 3TB+Unlock B11.0411.1 14-02-2016 20:00:44 Windows Backup 17-02-2016 05:05:57 Windows Update 21-02-2016 20:00:37 Windows Backup 25-02-2016 03:43:57 Windows Update 28-02-2016 20:00:39 Windows Backup 01-03-2016 02:25:20 Installed DirectX 06-03-2016 20:00:42 Windows Backup 10-03-2016 02:28:03 Installed DirectX 10-03-2016 02:52:03 Installed DirectX 10-03-2016 04:21:05 Windows Update 30-09-2017 12:28:02 Scheduled Checkpoint 03-10-2017 12:02:20 Garmin Express 08-10-2017 18:35:36 Windows Update 09-10-2017 21:55:18 Restore Operation 09-10-2017 22:24:04 Garmin Express 18-10-2017 16:51:17 Scheduled Checkpoint 18-10-2017 18:06:14 Windows Update 22-10-2017 12:17:03 Restore Operation ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (10/22/2017 07:21:23 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/22/2017 07:12:47 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/22/2017 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (10/22/2017 06:54:29 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/22/2017 04:53:24 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/22/2017 03:52:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/22/2017 12:23:54 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/22/2017 12:23:09 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005. Error: (10/22/2017 09:12:55 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (10/22/2017 09:12:55 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\8.0\bin\x64\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (10/22/2017 07:19:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Routine run service failed to start due to the following error: The system cannot find the file specified. Error: (10/22/2017 07:19:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MBAMScheduler service failed to start due to the following error: Access is denied. Error: (10/22/2017 07:18:28 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (10/22/2017 07:18:27 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (10/22/2017 07:18:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (10/22/2017 07:18:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (10/22/2017 07:18:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Razer Game Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (10/22/2017 07:18:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Thrustmaster® Hotas Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/22/2017 07:18:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s). Error: (10/22/2017 07:18:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The RzSurroundVADStreamingService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. ==================== Memory info =========================== Processor: AMD FX(tm)-8320 Eight-Core Processor Percentage of memory in use: 12% Total physical RAM: 32728.74 MB Available physical RAM: 28710 MB Total Virtual: 65455.67 MB Available Virtual: 61457.55 MB ==================== Drives ================================ Drive c: (Root Drive Covenant) (Fixed) (Total:223.35 GB) (Free:55.64 GB) NTFS Drive d: (BAA_BAA_BLACK_SHEEP) (CDROM) (Total:7.83 GB) (Free:0 GB) UDF Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: () (Fixed) (Total:1071.34 GB) (Free:750.81 GB) NTFS Drive g: (G2) (Fixed) (Total:976.56 GB) (Free:855.53 GB) NTFS Drive h: (Covenant) (Fixed) (Total:934.79 GB) (Free:415.54 GB) NTFS Drive i: (Auxilary_I) (Fixed) (Total:488.55 GB) (Free:112.65 GB) NTFS Drive j: (Auxilary_J) (Fixed) (Total:439.45 GB) (Free:211.94 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 6A4C6368) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1071.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=976.6 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 223.6 GB) (Disk ID: F9160188) Partition: GPT. ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 99152B25) Partition: GPT. ==================== End of Addition.txt ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-10-2017 Ran by Covenant (administrator) on COVENANT-PC (22-10-2017 19:24:20) Running from C:\Users\Covenant\Downloads Loaded Profiles: Covenant (Available Profiles: Covenant) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Windows\System32\CISVC.EXE (Foxit Software Inc.) G:\FOXIT READER\FoxitConnectedPDFService.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (Razer Inc) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Thrustmaster®) G:\thrustmaster\drivers\amd64\tmHInstall.exe (Copyright 2017.) C:\Users\Covenant\Desktop\Zemana AntiMalware\ZAM.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Copyright 2017.) C:\Users\Covenant\Desktop\Zemana AntiMalware\ZAM.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Dassault Systèmes SolidWorks Corp.) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [ZAM] => C:\Users\Covenant\Desktop\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596664 2017-08-30] (Razer Inc.) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2017-05-30] (Raptr, Inc) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2014-07-30] (CANON INC.) HKU\S-1-5-21-3109899598-285666356-3721746433-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation) HKU\S-1-5-21-3109899598-285666356-3721746433-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-08-29] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-3109899598-285666356-3721746433-1000\...\MountPoints2: {7726d048-e8c2-11e5-a6b7-806e6f6e6963} - D:\setup.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2016 Fast Start.lnk [2017-04-19] ShortcutTarget: SOLIDWORKS 2016 Fast Start.lnk -> C:\Windows\Installer\{768F3B65-1695-47B7-9002-B11400CB111D}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC) CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{28FB02FD-3EC6-4600-A957-9253ED4834E1}: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{65F9C8BA-9C9D-40AA-9DC9-3D065792DFAA}: [DhcpNameServer] 162.150.8.37 162.150.21.37 162.150.21.37 Tcpip\..\Interfaces\{89971881-4E57-4164-8B81-665D89B4D716}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{A5D1997E-8CDD-4714-976F-62EC9767C87F}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{A5D1997E-8CDD-4714-976F-62EC9767C87F}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3109899598-285666356-3721746433-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-19] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-19] (Oracle Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: 81a4b5sf.default FF ProfilePath: C:\Users\Covenant\AppData\Roaming\Mozilla\Firefox\Profiles\81a4b5sf.default [2017-10-22] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\81a4b5sf.default -> SafeSearch FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\81a4b5sf.default -> SafeSearch FF SelectedSearchEngine: Mozilla\Firefox\Profiles\81a4b5sf.default -> SafeSearch FF Homepage: Mozilla\Firefox\Profiles\81a4b5sf.default -> about:home FF Keyword.URL: Mozilla\Firefox\Profiles\81a4b5sf.default -> hxxp://www.safesear.ch/web/?type=ss-ff-kw&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll [2017-10-16] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-16] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> G:\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> G:\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> G:\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> G:\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-19] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-09] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-09] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3109899598-285666356-3721746433-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Covenant\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS) Chrome: ======= CHR NewTab: Default -> Not-active:"chrome-extension://bmimlgceipnlnhclgiehpljbanpibbpi/newtab/newtab.html" CHR Profile: C:\Users\Covenant\AppData\Local\Google\Chrome\User Data\Default [2017-10-22] CHR Extension: (Adobe Acrobat) - C:\Users\Covenant\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03] CHR Extension: (Grammarly for Chrome) - C:\Users\Covenant\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-10-19] CHR Extension: (Chrome Web Store Payments) - C:\Users\Covenant\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-29] CHR Extension: (Chrome Media Router) - C:\Users\Covenant\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-28] CHR HKU\S-1-5-21-3109899598-285666356-3721746433-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-05-06] (Advanced Micro Devices, Inc.) [File not signed] S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-05-10] (BitRaider, LLC) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-07-31] (EasyAntiCheat Ltd) R2 FoxitReaderService; G:\FOXIT READER\FoxitConnectedPDFService.exe [1659592 2016-12-29] (Foxit Software Inc.) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed] R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2014-05-15] () R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes) R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] () R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4261344 2016-11-03] (Razer Inc) S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2017-04-19] (SolidWorks) [File not signed] S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed] R2 tmHInstall; G:\thrustmaster\drivers\amd64\tmHInstall.exe [48288 2015-12-10] (Thrustmaster®) S3 VSStandardCollectorService140; G:\Visual Studio 2015\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAMSvc; C:\Users\Covenant\Desktop\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) S2 MBAMScheduler; "\" [X] S2 Routine run; "H:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\DedicatedServer64\SpaceEngineersDedicated.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2017-03-19] (BitRaider) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-08-24] () S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-28] (Broadcom Corporation) R0 MBAMChameleon; C:\Windows\System32\drivers\MBAMChameleon.sys [192960 2017-09-02] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101824 2017-10-22] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-10-22] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253888 2017-10-22] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-10-22] (Malwarebytes) S3 MWAC; C:\Windows\system32\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder) S3 MWAC; C:\Windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder) R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50384 2015-10-26] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [43256 2017-07-18] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137208 2017-07-16] (Razer, Inc.) R3 RZSURROUNDVADService; C:\Windows\System32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Windows (R) Win 7 DDK provider) R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-10-22] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-10-22] (Zemana Ltd.) S3 EtronHub3; System32\Drivers\EtronHub3.sys [X] S3 EtronXHCI; System32\Drivers\EtronXHCI.sys [X] S3 RTL85n64; system32\DRIVERS\RTL85n64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-22 19:24 - 2017-10-22 19:24 - 000015676 _____ C:\Users\Covenant\Downloads\FRST.txt 2017-10-22 19:23 - 2017-10-22 19:24 - 000000000 ____D C:\FRST 2017-10-22 19:22 - 2017-10-22 19:22 - 002402816 _____ (Farbar) C:\Users\Covenant\Downloads\FRST64.exe 2017-10-22 19:16 - 2017-10-22 19:18 - 000000000 ____D C:\AdwCleaner 2017-10-22 19:15 - 2017-10-22 19:15 - 008250832 _____ (Malwarebytes) C:\Users\Covenant\Downloads\adwcleaner_7.0.3.1.exe 2017-10-22 19:13 - 2017-10-22 19:13 - 000001793 _____ C:\Users\Covenant\Desktop\2017.10.22-19.04.46-i0-t92-d2.txt 2017-10-22 19:04 - 2017-10-22 19:24 - 000091465 _____ C:\Windows\ZAM.krnl.trace 2017-10-22 19:04 - 2017-10-22 19:24 - 000018476 _____ C:\Windows\ZAM_Guard.krnl.trace 2017-10-22 19:04 - 2017-10-22 19:04 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys 2017-10-22 19:04 - 2017-10-22 19:04 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys 2017-10-22 19:04 - 2017-10-22 19:04 - 000001618 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2017-10-22 19:04 - 2017-10-22 19:04 - 000000000 ____D C:\Users\Covenant\Desktop\Zemana AntiMalware 2017-10-22 19:04 - 2017-10-22 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2017-10-22 19:03 - 2017-10-22 19:03 - 006625600 _____ (Zemana Ltd. ) C:\Users\Covenant\Downloads\Zemana.AntiMalware.Setup (1).exe 2017-10-22 19:03 - 2017-10-22 19:03 - 000000000 ____D C:\Users\Covenant\AppData\Local\Zemana 2017-10-22 19:02 - 2017-10-22 19:03 - 006625600 _____ (Zemana Ltd. ) C:\Users\Covenant\Downloads\Zemana.AntiMalware.Setup.exe 2017-10-19 19:29 - 2017-10-19 19:29 - 000000000 ____D C:\Users\Covenant\AppData\LocalLow\ScienceInteractive 2017-10-18 18:09 - 2017-10-18 18:09 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2017-10-18 18:05 - 2017-09-13 11:33 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2017-10-18 18:05 - 2017-09-13 11:32 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-10-18 18:05 - 2017-09-13 11:32 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2017-10-18 18:05 - 2017-09-13 11:32 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2017-10-18 18:05 - 2017-09-13 11:32 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2017-10-18 18:05 - 2017-09-13 11:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000886272 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2017-10-18 18:05 - 2017-09-13 11:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2017-10-18 18:05 - 2017-09-13 11:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2017-10-18 18:05 - 2017-09-13 11:10 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2017-10-18 18:05 - 2017-09-13 11:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2017-10-18 18:05 - 2017-09-13 11:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2017-10-18 18:05 - 2017-09-13 11:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2017-10-18 18:05 - 2017-09-13 11:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll 2017-10-18 18:05 - 2017-09-13 11:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll 2017-10-18 18:05 - 2017-09-13 11:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2017-10-18 18:05 - 2017-09-13 11:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2017-10-18 18:05 - 2017-09-13 11:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2017-10-18 18:05 - 2017-09-13 11:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2017-10-18 18:05 - 2017-09-13 11:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2017-10-18 18:05 - 2017-09-13 11:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2017-10-18 18:05 - 2017-09-13 11:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2017-10-18 18:05 - 2017-09-13 11:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2017-10-18 18:05 - 2017-09-13 11:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll 2017-10-18 18:05 - 2017-09-13 11:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2017-10-18 18:05 - 2017-09-13 11:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll 2017-10-18 18:05 - 2017-09-13 11:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2017-10-18 18:05 - 2017-09-13 11:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2017-10-18 18:05 - 2017-09-13 11:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2017-10-18 18:05 - 2017-09-13 11:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2017-10-18 18:05 - 2017-09-13 11:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 11:05 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys 2017-10-18 18:05 - 2017-09-13 11:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2017-10-18 18:05 - 2017-09-13 11:00 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2017-10-18 18:05 - 2017-09-13 11:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2017-10-18 18:05 - 2017-09-13 11:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2017-10-18 18:05 - 2017-09-13 10:57 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2017-10-18 18:05 - 2017-09-13 10:56 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2017-10-18 18:05 - 2017-09-13 10:53 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2017-10-18 18:05 - 2017-09-13 10:53 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2017-10-18 18:05 - 2017-09-13 10:53 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2017-10-18 18:05 - 2017-09-13 10:52 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2017-10-18 18:05 - 2017-09-13 10:52 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2017-10-18 18:05 - 2017-09-13 10:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2017-10-18 18:05 - 2017-09-13 10:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2017-10-18 18:05 - 2017-09-13 10:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2017-10-18 18:05 - 2017-09-13 10:46 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2017-10-18 18:05 - 2017-09-13 10:46 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2017-10-18 18:05 - 2017-09-13 10:46 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 10:46 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 10:46 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 10:46 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2017-10-18 18:05 - 2017-09-13 10:46 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2017-10-18 18:05 - 2017-09-08 20:45 - 000395984 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2017-10-18 18:05 - 2017-09-08 19:47 - 000347344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2017-10-18 18:05 - 2017-09-08 11:34 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2017-10-18 18:05 - 2017-09-08 11:30 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2017-10-18 18:05 - 2017-09-08 11:30 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2017-10-18 18:05 - 2017-09-08 11:30 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll 2017-10-18 18:05 - 2017-09-08 11:30 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll 2017-10-18 18:05 - 2017-09-08 11:30 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll 2017-10-18 18:05 - 2017-09-08 11:30 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2017-10-18 18:05 - 2017-09-08 11:30 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll 2017-10-18 18:05 - 2017-09-08 11:30 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll 2017-10-18 18:05 - 2017-09-08 11:30 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll 2017-10-18 18:05 - 2017-09-08 11:30 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2017-10-18 18:05 - 2017-09-08 11:30 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll 2017-10-18 18:05 - 2017-09-08 11:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll 2017-10-18 18:05 - 2017-09-08 11:14 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2017-10-18 18:05 - 2017-09-08 11:13 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe 2017-10-18 18:05 - 2017-09-08 11:13 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe 2017-10-18 18:05 - 2017-09-08 11:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2017-10-18 18:05 - 2017-09-08 11:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll 2017-10-18 18:05 - 2017-09-08 11:10 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2017-10-18 18:05 - 2017-09-08 11:10 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll 2017-10-18 18:05 - 2017-09-08 11:09 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2017-10-18 18:05 - 2017-09-08 11:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll 2017-10-18 18:05 - 2017-09-08 11:09 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll 2017-10-18 18:05 - 2017-09-08 11:09 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll 2017-10-18 18:05 - 2017-09-08 11:09 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll 2017-10-18 18:05 - 2017-09-08 11:09 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll 2017-10-18 18:05 - 2017-09-08 11:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll 2017-10-18 18:05 - 2017-09-08 11:00 - 003222016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2017-10-18 18:05 - 2017-09-08 11:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2017-10-18 18:05 - 2017-09-08 11:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe 2017-10-18 18:05 - 2017-09-08 10:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe 2017-10-18 18:05 - 2017-09-08 10:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll 2017-10-18 18:05 - 2017-09-08 10:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll 2017-10-18 18:05 - 2017-09-08 10:20 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll 2017-10-18 18:05 - 2017-09-08 10:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll 2017-10-18 18:05 - 2017-09-07 17:38 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2017-10-18 18:05 - 2017-09-07 17:37 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2017-10-18 18:05 - 2017-09-07 17:19 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2017-10-18 18:05 - 2017-09-07 17:18 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2017-10-18 18:05 - 2017-09-07 17:18 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2017-10-18 18:05 - 2017-09-07 17:17 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2017-10-18 18:05 - 2017-09-07 17:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2017-10-18 18:05 - 2017-09-07 17:15 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2017-10-18 18:05 - 2017-09-07 17:08 - 025729536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-10-18 18:05 - 2017-09-07 17:08 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2017-10-18 18:05 - 2017-09-07 17:07 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2017-10-18 18:05 - 2017-09-07 17:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2017-10-18 18:05 - 2017-09-07 17:01 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2017-10-18 18:05 - 2017-09-07 17:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2017-10-18 18:05 - 2017-09-07 17:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2017-10-18 18:05 - 2017-09-07 17:00 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2017-10-18 18:05 - 2017-09-07 16:52 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2017-10-18 18:05 - 2017-09-07 16:48 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2017-10-18 18:05 - 2017-09-07 16:40 - 005982208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-10-18 18:05 - 2017-09-07 16:39 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2017-10-18 18:05 - 2017-09-07 16:38 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2017-10-18 18:05 - 2017-09-07 16:37 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2017-10-18 18:05 - 2017-09-07 16:33 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2017-10-18 18:05 - 2017-09-07 16:32 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2017-10-18 18:05 - 2017-09-07 16:29 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2017-10-18 18:05 - 2017-09-07 16:27 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2017-10-18 18:05 - 2017-09-07 16:13 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2017-10-18 18:05 - 2017-09-07 16:10 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2017-10-18 18:05 - 2017-09-07 16:10 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2017-10-18 18:05 - 2017-09-07 16:08 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2017-10-18 18:05 - 2017-09-07 16:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2017-10-18 18:05 - 2017-09-07 15:44 - 015262720 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-10-18 18:05 - 2017-09-07 15:40 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-10-18 18:05 - 2017-09-07 15:27 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2017-10-18 18:05 - 2017-09-07 15:27 - 001548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-10-18 18:05 - 2017-09-07 15:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2017-10-18 18:05 - 2017-09-07 15:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2017-10-18 18:05 - 2017-09-07 15:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2017-10-18 18:05 - 2017-09-07 15:10 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2017-10-18 18:05 - 2017-09-07 15:10 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2017-10-18 18:05 - 2017-09-07 15:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2017-10-18 18:05 - 2017-09-07 15:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-10-18 18:05 - 2017-09-07 15:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2017-10-18 18:05 - 2017-09-07 15:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2017-10-18 18:05 - 2017-09-07 15:02 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2017-10-18 18:05 - 2017-09-07 14:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2017-10-18 18:05 - 2017-09-07 14:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2017-10-18 18:05 - 2017-09-07 14:58 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2017-10-18 18:05 - 2017-09-07 14:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2017-10-18 18:05 - 2017-09-07 14:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2017-10-18 18:05 - 2017-09-07 14:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2017-10-18 18:05 - 2017-09-07 14:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2017-10-18 18:05 - 2017-09-07 14:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2017-10-18 18:05 - 2017-09-07 14:40 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2017-10-18 18:05 - 2017-09-07 14:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2017-10-18 18:05 - 2017-09-07 14:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2017-10-18 18:05 - 2017-09-07 14:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2017-10-18 18:05 - 2017-09-07 14:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-10-18 18:05 - 2017-09-07 14:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2017-10-18 18:05 - 2017-09-07 14:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2017-10-18 18:05 - 2017-09-07 14:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2017-10-18 18:05 - 2017-09-07 14:25 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2017-10-18 18:05 - 2017-09-07 14:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2017-10-18 18:05 - 2017-09-07 14:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2017-10-18 18:05 - 2017-09-07 13:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2017-10-18 18:05 - 2017-09-07 13:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2017-10-18 18:05 - 2017-09-07 11:31 - 002851328 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll 2017-10-18 18:05 - 2017-09-07 11:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll 2017-10-18 18:05 - 2017-09-07 10:55 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2017-10-18 18:05 - 2017-09-07 10:55 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2017-10-18 18:05 - 2017-09-07 10:55 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2017-10-18 18:05 - 2017-08-19 11:28 - 004121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2017-10-18 18:05 - 2017-08-19 11:28 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2017-10-18 18:05 - 2017-08-19 11:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2017-10-18 18:05 - 2017-08-19 11:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2017-10-18 18:05 - 2017-08-19 11:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2017-10-18 18:05 - 2017-08-19 11:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2017-10-18 18:05 - 2017-08-19 11:08 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2017-10-18 18:05 - 2017-08-19 11:08 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2017-10-18 18:05 - 2017-08-19 10:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2017-10-18 18:05 - 2017-08-19 10:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2017-10-18 18:05 - 2017-08-14 13:35 - 001032192 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll 2017-10-18 18:05 - 2017-08-14 13:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2017-10-18 18:05 - 2017-08-14 13:35 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll 2017-10-18 18:05 - 2017-08-13 17:45 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2017-10-15 19:52 - 2017-10-15 20:27 - 000000000 ____D C:\Users\Covenant\AppData\Roaming\endless-sky 2017-10-14 08:15 - 2017-10-14 08:15 - 000000000 ____D C:\Users\Covenant\AppData\Roaming\EasyAntiCheat 2017-10-11 19:15 - 2017-10-11 19:22 - 000000000 ____D C:\ProgramData\CanonIJPLM 2017-10-11 19:15 - 2017-10-11 19:15 - 000000000 ____D C:\ProgramData\Canon IJ Network Tool 2017-10-11 19:15 - 2014-08-18 08:59 - 000092928 _____ C:\Windows\SysWOW64\CNC1787D.TBL 2017-10-11 19:15 - 2014-07-08 11:09 - 000353792 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_CKL.dll 2017-10-11 19:15 - 2008-08-25 18:02 - 000015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll 2017-10-11 19:14 - 2017-10-22 12:19 - 000000000 ____D C:\Windows\system32\STRING 2017-10-11 19:14 - 2017-10-22 12:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2017-10-11 19:14 - 2017-10-11 19:14 - 000000000 ___HD C:\Program Files\CanonBJ 2017-10-11 19:14 - 2017-10-11 19:14 - 000000000 ____D C:\ProgramData\CanonIJWSpt 2017-10-11 19:14 - 2017-10-11 19:14 - 000000000 ____D C:\Program Files\Canon 2017-10-11 19:14 - 2014-08-06 13:25 - 000380928 _____ (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL 2017-10-11 19:14 - 2014-08-06 13:25 - 000375296 _____ (CANON INC.) C:\Windows\system32\CNMN6PPM.DLL 2017-10-11 19:14 - 2014-08-06 13:25 - 000039424 _____ (CANON INC.) C:\Windows\system32\CNMN6UI.DLL 2017-10-11 19:10 - 2017-10-22 12:19 - 000000000 ____D C:\Program Files (x86)\Canon 2017-10-11 19:09 - 2017-10-11 19:09 - 052629160 _____ C:\Users\Covenant\Downloads\win-mx490-1_1-mcd.exe 2017-10-11 18:43 - 2017-10-11 18:43 - 000292947 _____ C:\Users\Covenant\Downloads\snoopy.pdf 2017-10-09 22:17 - 2017-10-09 22:17 - 000000822 _____ C:\Users\Covenant\AppData\Local\recently-used.xbel 2017-10-09 21:20 - 2017-10-09 21:20 - 005312793 _____ C:\Users\Covenant\Downloads\pairing_utility_1.00.009.zip 2017-10-08 15:33 - 2017-10-09 22:07 - 000000000 ____D C:\Users\Covenant\AppData\Local\Epzudbun 2017-10-08 15:06 - 2017-10-08 15:06 - 000000000 ____D C:\Users\Covenant\AppData\Local\Qxinakuspi 2017-09-30 20:45 - 2017-09-30 22:40 - 000000000 ____D C:\Users\Covenant\AppData\Roaming\CDE 2017-09-30 19:59 - 2017-10-22 00:30 - 000000000 ____D C:\Users\Covenant\AppData\Roaming\Heat_Signature 2017-09-30 19:50 - 2017-09-30 19:50 - 000000000 ____D C:\Users\Covenant\CHILDREN 2017-09-28 19:10 - 2017-09-28 19:12 - 000000000 ____D C:\Users\Covenant\AppData\Local\ftblauncher 2017-09-28 19:10 - 2017-09-28 19:11 - 000000000 ____D C:\Users\Covenant\AppData\Roaming\ftblauncher 2017-09-27 18:28 - 2017-09-27 18:28 - 000000882 _____ C:\Users\Covenant\Desktop\PID_.txt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-22 19:24 - 2016-05-10 01:37 - 000000000 _____ C:\Windows\system32\RzSurroundVADAudioDeviceManager_log.txt 2017-10-22 19:20 - 2017-03-07 03:04 - 000101824 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-10-22 19:19 - 2017-03-07 03:04 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-10-22 19:19 - 2017-03-07 03:04 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-10-22 19:19 - 2016-03-12 23:43 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-10-22 19:19 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-10-22 19:18 - 2016-08-07 11:53 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2017-10-22 19:18 - 2009-07-14 00:45 - 000022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-10-22 19:18 - 2009-07-14 00:45 - 000022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-10-22 19:17 - 2009-07-14 01:13 - 000786380 _____ C:\Windows\system32\PerfStringBackup.INI 2017-10-22 19:17 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf 2017-10-22 19:08 - 2016-08-24 11:22 - 000001179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Google Chrome.lnk 2017-10-22 19:04 - 2016-03-12 22:28 - 000000000 ____D C:\Users\Covenant 2017-10-22 17:38 - 2016-05-28 21:28 - 000000000 ____D C:\Users\Covenant\Documents\From The Depths 2017-10-22 13:28 - 2017-03-12 12:36 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-10-22 13:03 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache 2017-10-22 12:19 - 2017-09-04 15:19 - 000000000 ____D C:\Program Files (x86)\Garmin 2017-10-22 12:19 - 2017-04-19 20:17 - 000000000 ____D C:\ProgramData\FLEXnet 2017-10-22 12:19 - 2017-02-04 22:01 - 000000000 ____D C:\Users\Covenant\AppData\Roaming\Avorion 2017-10-22 12:19 - 2016-07-31 14:37 - 000000000 ____D C:\Users\Covenant\AppData\Roaming\FreeCAD 2017-10-22 12:19 - 2016-05-10 00:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer 2017-10-22 12:19 - 2016-03-23 18:48 - 000000000 ____D C:\Windows\system32\Macromed 2017-10-22 12:19 - 2016-03-20 00:27 - 000000000 ____D C:\Users\Covenant\AppData\Roaming\vlc 2017-10-22 12:19 - 2016-03-18 00:44 - 000000000 ____D C:\Users\Covenant\AppData\Roaming\Mozilla 2017-10-22 12:19 - 2016-03-13 04:06 - 000000000 ____D C:\Users\Covenant\AppData\Roaming\SpaceEngineers 2017-10-22 12:19 - 2016-03-12 23:16 - 000000000 ____D C:\ProgramData\Package Cache 2017-10-22 12:19 - 2009-07-13 23:20 - 000000000 __RSD C:\Windows\Media 2017-10-22 12:19 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\registration 2017-10-22 12:19 - 2009-07-13 23:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared 2017-10-20 21:29 - 2016-03-27 22:20 - 000000000 ____D C:\Users\Covenant\Documents\Larian Studios 2017-10-18 18:30 - 2016-03-12 22:28 - 000000000 ____D C:\Users\Covenant\AppData\Local\VirtualStore 2017-10-18 18:14 - 2009-07-14 00:45 - 000435984 _____ C:\Windows\system32\FNTCACHE.DAT 2017-10-18 18:12 - 2016-06-01 12:16 - 000000000 ____D C:\Windows\system32\MRT 2017-10-18 18:09 - 2016-06-01 12:16 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-10-18 18:07 - 2016-03-12 23:17 - 000778502 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2017-10-16 15:41 - 2017-07-13 19:02 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-10-16 15:41 - 2016-03-23 18:48 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-10-16 15:41 - 2016-03-23 18:48 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-10-16 15:41 - 2016-03-23 18:48 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-10-10 08:52 - 2009-07-14 01:08 - 000032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-10-09 22:24 - 2017-09-04 15:19 - 000003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask 2017-10-09 22:17 - 2016-10-29 23:28 - 000000000 ____D C:\Users\Covenant\.gimp-2.8 2017-10-08 22:16 - 2016-03-13 03:21 - 000007655 _____ C:\Users\Covenant\AppData\Local\Resmon.ResmonCfg 2017-10-08 22:12 - 2016-12-02 03:09 - 000000000 ____D C:\Users\Covenant\AppData\LocalLow\Mozilla 2017-10-08 20:39 - 2016-06-24 12:07 - 000000000 ____D C:\Users\Covenant\AppData\Local\ElevatedDiagnostics 2017-10-08 20:29 - 2009-07-13 23:20 - 000000000 ____D C:\PerfLogs 2017-10-08 11:24 - 2016-09-15 00:42 - 000000000 ____D C:\Users\Covenant\AppData\Roaming\.minecraft 2017-10-03 18:05 - 2017-02-04 22:01 - 000000000 _____ C:\Users\Covenant\AppData\Roaming\avoriontestfile 2017-09-24 10:42 - 2017-04-19 18:39 - 000000000 ____D C:\Users\Covenant\AppData\Roaming\SOLIDWORKS ==================== Files in the root of some directories ======= 2017-02-04 22:01 - 2017-10-03 18:05 - 000000000 _____ () C:\Users\Covenant\AppData\Roaming\avoriontestfile 2017-10-09 22:17 - 2017-10-09 22:17 - 000000822 _____ () C:\Users\Covenant\AppData\Local\recently-used.xbel 2016-03-13 03:21 - 2017-10-08 22:16 - 000007655 _____ () C:\Users\Covenant\AppData\Local\Resmon.ResmonCfg 2017-05-23 13:24 - 2017-05-23 13:24 - 000000000 _____ () C:\Users\Covenant\AppData\Local\Temptable.xml 2017-03-25 22:25 - 2017-09-19 00:54 - 000000060 _____ () C:\ProgramData\SoftwareUpdateTemp.xml Some files in TEMP: ==================== 2017-07-31 19:42 - 2017-07-31 19:42 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Covenant\AppData\Local\Temp\jansi-64-1268533398477060563.dll 2017-08-01 17:27 - 2017-08-01 17:27 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Covenant\AppData\Local\Temp\jansi-64-3255977114475393418.dll 2017-07-30 22:38 - 2017-07-30 22:38 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Covenant\AppData\Local\Temp\jansi-64-4154330135062690654.dll 2017-08-03 17:23 - 2017-08-03 17:23 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Covenant\AppData\Local\Temp\jansi-64-4871226256988058759.dll 2017-07-30 13:54 - 2017-07-30 13:54 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Covenant\AppData\Local\Temp\jansi-64-5101992391752774345.dll 2017-07-30 01:52 - 2017-07-30 01:52 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Covenant\AppData\Local\Temp\jansi-64-5124618861307153511.dll 2017-08-01 15:11 - 2017-08-01 15:11 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Covenant\AppData\Local\Temp\jansi-64-6274129516840007448.dll 2017-08-01 17:02 - 2017-08-01 17:02 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Covenant\AppData\Local\Temp\jansi-64-6469831055741629372.dll 2017-08-01 17:23 - 2017-08-01 17:23 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Covenant\AppData\Local\Temp\jansi-64-6715986250634738703.dll 2017-07-31 18:06 - 2017-07-31 18:06 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Covenant\AppData\Local\Temp\jansi-64-8754784417015021614.dll 2017-07-30 22:29 - 2017-07-30 22:29 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Covenant\AppData\Local\Temp\jansi-64-9088929244658776205.dll 2017-10-11 19:10 - 2015-09-29 11:13 - 001131040 ____N (CANON INC.) C:\Users\Covenant\AppData\Local\Temp\MSETUP4.EXE ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-10-22 12:56 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted October 23, 2017 ID:1175076 Share Posted October 23, 2017 (edited) Thanks for those logs, continue as follows: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Emsisoft Emergency Kit Click Here to download Emsisoft Emergency Kit. The download will automatically start after a moment. Save EmsisoftEmergencyKit.exe to your Desktop. Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8/10 users: Accept UAC warning if it is enabled). A screen like this will appear: Leave everything as it is, then click Extract. This maybe listed as Install This will unpack or install Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\). Once the extraction or installation is done, an icon will appear on your Desktop. Double click it to start Emsisoft Emergency Kit. Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear: Choose Yes, then wait for EEK to finish updating. Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes. Wait for the scan to finish. If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected. If Emsisoft Emergency Kit asks to reboot, please do so immediately. The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop. Please Copy and Paste the contents of the scan log in your next reply. Let me see those logs, also let me know if the issue has cleared... Thank you, Kevin... fixlist.txt Edited October 23, 2017 by kevinf80 Link to post Share on other sites More sharing options...
timothycovenant Posted October 23, 2017 Author ID:1175211 Share Posted October 23, 2017 Emsisoft Emergency Kit - Version 2017.8 Forensics log Date Component Action Details 10/23/2017 10:15:40 AM Scanner Scan finished Scanned 79708 objects and found nothing. 10/23/2017 10:14:56 AM User COVENANT-PC\Covenant Scan started Malware Scan 10/23/2017 10:14:20 AM User COVENANT-PC\Covenant Setting modified "Detect PUPs" has been changed to "Enabled". 10/23/2017 10:13:51 AM User Update Downloaded and installed 51 files (10794 kb) (34 sec.). 10/23/2017 10:13:17 AM Core Notification "Recommended Reading:New in 2017.9: Making things simpler and easier". 10/23/2017 10:13:12 AM User Update Failed with error "Server returned error" (0 sec.). -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- I am not certain that everything is fixed... I will run the machine a while and keep you informed. Thank you for all of your assistance. Timothy C. L. Hyser Fixlog.txt Link to post Share on other sites More sharing options...
kevinf80 Posted October 23, 2017 ID:1175216 Share Posted October 23, 2017 Has the blocks ceased.... The following IP that was on your system is a known spammer and will cause untold misery; Tcpip\..\Interfaces\{A5D1997E-8CDD-4714-976F-62EC9767C87F}: [NameServer] 8.8.8.8 Have a read here: https://cleantalk.org/blacklists?record=8.8.8.8 We shifted that with FRST, let me know how your system performs, also if any remaining issues or concerns... Thank you, Kevin Link to post Share on other sites More sharing options...
kevinf80 Posted October 30, 2017 ID:1177278 Share Posted October 30, 2017 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts