Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I can't login on two home pcs, cmd window opens/closes by itself


  • This topic is locked This topic is locked
12 replies to this topic

#1 You-Uuuuused-Me

You-Uuuuused-Me

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 09 January 2018 - 08:28 PM

Hello.  So, on my home network I lose connectivity intermittently every day.  The pc I normally use and a laptop both quit letting me login to windows.  I see black cmd prompt windows open briefly on my screen and disappear instantly.  My cursor will sometimes move by itself, when I try to control it I cannot.  I did an online scan with Eset, which said it found and removed variants of Win32/Visicom.B, Win32/Toolbar.Visicom.B and Win64/Toolbar.Visicom.A.   Please help.
 
I actually ran two scans with Farbar, here are the most recent logs as well as the log from my online scan.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by Lisa (administrator) on HAYDEN-PC (09-01-2018 17:27:45)
Running from C:\Users\Lisa\Desktop
Loaded Profiles: Lisa (Available Profiles: Lisa & Hayden & whaaaaat)
Platform: Windows 10 Home Version 1607 14393.1715 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(RealityMine Ltd) C:\Program Files\SimmonsConnect\UsageMonitor.WindowsService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
(RealityMine Ltd) C:\Program Files\SimmonsConnect\UsageMonitor.HealthCheck.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\ServiceLoader.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ESET spol. s r.o.) C:\Users\Lisa\Desktop\esetonlinescanner_enu.exe
(RealityMine Ltd) C:\Program Files\SimmonsConnect\UsageMonitor.UI.App.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] ()
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-1934805517-533149009-2384748858-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3638256 2015-11-11] (Electronic Arts)
HKU\S-1-5-21-1934805517-533149009-2384748858-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1934805517-533149009-2384748858-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2015-01-19] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1934805517-533149009-2384748858-1001\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [283608 2013-10-30] (Bitdefender)
HKU\S-1-5-21-1934805517-533149009-2384748858-1001\...\Run: [SimmonsConnect] => C:\Program Files\SimmonsConnect\UsageMonitor.UI.App.exe [1010544 2017-12-20] (RealityMine Ltd)
HKU\S-1-5-21-1934805517-533149009-2384748858-1001\...\Run: [SimmonsConnectHealthcheck] => C:\Program Files\SimmonsConnect\UsageMonitor.HealthCheck.exe [12144 2017-12-20] (RealityMine Ltd)
HKU\S-1-5-21-1934805517-533149009-2384748858-1001\...\Policies\Explorer: [NoDrives] 00000003
GroupPolicyUsers\S-1-5-21-1934805517-533149009-2384748858-1002\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-1934805517-533149009-2384748858-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-1934805517-533149009-2384748858-1001] => http=127.0.0.1:50299;https=127.0.0.1:50299
Tcpip\..\Interfaces\{7ece818b-41c0-46a5-8da8-60f6b544675a}: [NameServer] 8.8.8.8,4.2.2.1
Tcpip\..\Interfaces\{8c873e74-76fe-4b98-87da-d2e159279140}: [NameServer] 75.75.76.76,208.67.220.220,208.67.222.222
ManualProxies: 1http=127.0.0.1:50227;https=127.0.0.1:50227

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1934805517-533149009-2384748858-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.xfinity.com/tt2/?cid=mihpcg03152016
HKU\S-1-5-21-1934805517-533149009-2384748858-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1934805517-533149009-2384748858-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKU\S-1-5-21-1934805517-533149009-2384748858-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1934805517-533149009-2384748858-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-26] (Oracle Corporation)
Toolbar: HKLM - XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - No File
Toolbar: HKLM-x32 - XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - No File
Toolbar: HKU\S-1-5-21-1934805517-533149009-2384748858-1001 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-05-24] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1934805517-533149009-2384748858-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-18] (Intel)
FF Plugin HKU\S-1-5-21-1934805517-533149009-2384748858-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-18] (Intel)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default [2018-01-09]
CHR Extension: (Slides) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-02]
CHR Extension: (Docs) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-02]
CHR Extension: (Google Drive) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-18]
CHR Extension: (YouTube) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-18]
CHR Extension: (Google Search) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-18]
CHR Extension: (Sheets) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-02]
CHR Extension: (Google Docs Offline) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-02]
CHR Extension: (Gmail) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-02]
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-02]
CHR HKLM-x32\...\Chrome\Extension: [ecknkgaahbmamffpenejnpmmfenojend] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gpneloifkenkdnebjkadkmnfekfpggdi] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [25184 2013-08-08] (Microsoft) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-11-05] (Futuremark)
S4 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
S3 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
S4 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273216 2017-02-14] (Lenovo)
S4 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-05-24] (Nitro PDF Software)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099720 2015-11-11] (Electronic Arts)
S4 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1445424 2013-11-11] (Bitdefender)
R2 SimmonsConnectSvc; C:\Program Files\SimmonsConnect\UsageMonitor.WindowsService.exe [35696 2017-12-20] (RealityMine Ltd)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-08-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 MpKsla3558d35; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7509A966-7838-4D79-96B6-55893927F54E}\MpKsla3558d35.sys [58120 2018-01-09] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20170711.007\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20170711.007\NAVEX15.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-09 17:01 - 2018-01-09 17:01 - 000001454 _____ C:\Users\Lisa\Desktop\onsca.txt
2018-01-09 09:28 - 2018-01-09 09:28 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Lisa\Desktop\esetonlinescanner_enu.exe
2018-01-09 09:28 - 2018-01-09 09:28 - 000000000 ____D C:\Users\Lisa\AppData\Local\ESET
2018-01-03 21:19 - 2018-01-03 21:19 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Nitro
2018-01-03 21:19 - 2018-01-03 21:19 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\FileOpen
2018-01-02 12:59 - 2018-01-02 13:00 - 000055403 _____ C:\Users\Lisa\Desktop\Addition.txt
2018-01-02 12:57 - 2018-01-09 17:28 - 000015489 _____ C:\Users\Lisa\Desktop\FRST.txt
2018-01-02 12:53 - 2018-01-02 12:53 - 002393088 _____ (Farbar) C:\Users\Lisa\Desktop\FRST64.exe
2018-01-02 12:41 - 2018-01-09 14:21 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1EFD50F6-D048-43A6-A9E0-088E2DCF7912}
2018-01-02 12:35 - 2018-01-02 12:35 - 000000000 ____D C:\Users\Lisa\AppData\Local\IsolatedStorage
2017-12-30 15:46 - 2017-12-30 15:46 - 000000000 ____D C:\Users\Hayden\AppData\Local\IsolatedStorage
2017-12-30 15:44 - 2017-12-30 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimmonsConnect
2017-12-30 15:44 - 2017-12-30 15:44 - 000000000 ____D C:\Program Files\SimmonsConnect
2017-12-30 15:42 - 2017-12-30 15:42 - 015967080 _____ (RealityMine Ltd) C:\Users\Hayden\Desktop\150-windowsDesktop-release-1.19.0.0-zc-0-SimmonsConnect-Setup.exe
2017-12-29 14:38 - 2017-12-29 14:38 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-12-29 10:58 - 2017-12-29 10:58 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Lenovo
2017-12-29 10:58 - 2017-12-29 10:58 - 000000000 ____D C:\Users\Lisa\.QtWebEngineProcess
2017-12-29 10:57 - 2017-12-29 10:57 - 000000000 ____D C:\Users\Lisa\.LSC
2017-12-29 10:53 - 2017-11-01 15:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-12-29 10:53 - 2017-11-01 15:12 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-12-29 10:53 - 2017-11-01 15:12 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-12-29 10:53 - 2017-11-01 15:12 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2017-12-29 10:53 - 2017-11-01 15:11 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-12-29 10:53 - 2017-11-01 15:11 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-12-29 10:53 - 2017-11-01 15:05 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-12-29 10:53 - 2017-11-01 15:04 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-12-29 10:53 - 2017-11-01 15:03 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-29 10:53 - 2017-10-08 18:44 - 002321408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-12-29 10:53 - 2017-10-08 18:44 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-12-29 10:53 - 2017-10-08 18:43 - 001231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-12-29 10:53 - 2017-09-17 19:27 - 000326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-12-29 10:53 - 2016-08-05 21:16 - 000026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-12-29 10:47 - 2017-12-29 10:47 - 000000000 ____D C:\Users\Lisa\AppData\Local\MR APP
2017-12-29 10:46 - 2018-01-02 12:37 - 000000000 ____D C:\Users\Lisa\AppData\Local\ConnectedDevicesPlatform

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-09 17:27 - 2015-05-12 07:41 - 000000000 ____D C:\FRST
2018-01-09 17:21 - 2016-07-16 04:47 - 000000000 __RHD C:\Users\Public\Libraries
2018-01-09 17:00 - 2016-09-30 06:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-09 16:31 - 2016-05-03 09:17 - 000000000 ____D C:\Users\Lisa\AppData\Local\CrashDumps
2018-01-09 11:54 - 2016-03-15 07:44 - 000000000 ____D C:\Program Files (x86)\xfin_portal
2018-01-09 09:30 - 2015-08-06 11:54 - 001521554 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-09 09:29 - 2014-12-14 11:52 - 000002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-09 09:29 - 2014-12-14 11:52 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-09 09:24 - 2016-09-30 06:38 - 000000000 ____D C:\Users\Lisa
2018-01-09 09:23 - 2016-09-30 07:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-03 21:10 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-03 21:08 - 2016-07-16 04:45 - 000000000 ____D C:\WINDOWS\INF
2018-01-03 21:02 - 2014-12-14 11:43 - 000000000 __SHD C:\Users\Lisa\AppData\LocalLow\EmieUserList
2018-01-03 21:02 - 2014-12-14 11:15 - 000000000 __SHD C:\Users\Lisa\AppData\LocalLow\EmieSiteList
2018-01-03 20:49 - 2015-08-04 20:23 - 000000000 ____D C:\Users\Lisa\AppData\Local\ElevatedDiagnostics
2018-01-02 13:32 - 2016-07-15 23:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2018-01-02 13:05 - 2014-12-14 11:51 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2018-01-02 12:52 - 2016-10-01 08:33 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-12-30 17:25 - 2015-01-01 15:42 - 000000000 __RDO C:\Users\Hayden\OneDrive
2017-12-30 15:54 - 2016-07-16 04:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-30 15:44 - 2014-12-31 12:00 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-30 15:28 - 2015-08-07 11:14 - 000545440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-12-30 15:27 - 2017-07-20 14:31 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1934805517-533149009-2384748858-1002
2017-12-30 15:27 - 2017-06-22 15:22 - 000000000 ____D C:\Users\Hayden\AppData\Roaming\discord
2017-12-30 15:27 - 2015-08-06 12:07 - 000002377 _____ C:\Users\Hayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-30 15:26 - 2017-06-22 15:21 - 000000000 ____D C:\Users\Hayden\AppData\Local\Discord
2017-12-30 15:23 - 2016-03-17 06:55 - 000000000 ____D C:\Users\Hayden\AppData\Local\CrashDumps
2017-12-29 17:25 - 2016-03-15 07:47 - 000000000 ____D C:\ProgramData\Norton
2017-12-29 17:23 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-12-29 17:17 - 2016-07-15 23:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-12-29 17:04 - 2017-10-05 19:17 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-12-29 17:04 - 2016-07-16 04:47 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-12-29 17:03 - 2016-09-13 07:37 - 000000000 ____D C:\Program Files (x86)\MR APP
2017-12-29 11:20 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-29 11:12 - 2016-07-16 04:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-29 11:11 - 2016-07-16 04:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-29 11:11 - 2014-12-14 10:10 - 000000000 ____D C:\Users\Lisa\AppData\Local\Packages
2017-12-29 11:09 - 2015-08-26 09:45 - 000000000 ____D C:\Users\Lisa\AppData\Local\Publishers
2017-12-29 11:02 - 2014-12-14 10:29 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Nitro PDF
2017-12-29 11:01 - 2014-12-14 10:12 - 000000000 ____D C:\Users\Lisa\AppData\Local\Lenovo
2017-12-29 10:59 - 2015-08-26 09:46 - 000002371 _____ C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-29 10:59 - 2014-12-25 14:14 - 000000000 ___RD C:\Users\Lisa\OneDrive
2017-12-29 10:56 - 2017-09-29 13:28 - 000000000 ____D C:\Program Files\rempl
2017-12-29 10:49 - 2016-12-16 17:43 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-29 10:49 - 2016-12-16 17:43 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-29 10:47 - 2014-12-14 10:05 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-29 10:46 - 2015-08-26 09:41 - 000000000 __SHD C:\Users\Lisa\IntelGraphicsProfiles

Some files in TEMP:
====================
2017-12-29 17:04 - 2017-12-29 17:04 - 000010264 _____ () C:\Users\Lisa\AppData\Local\Temp\BullseyeCoverage-2-x64.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-09 16:23

==================== End of FRST.txt ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Lisa (09-01-2018 17:29:25)
Running from C:\Users\Lisa\Desktop
Windows 10 Home Version 1607 14393.1715 (X64) (2016-09-30 14:23:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1934805517-533149009-2384748858-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1934805517-533149009-2384748858-503 - Limited - Disabled)
Guest (S-1-5-21-1934805517-533149009-2384748858-501 - Limited - Disabled)
Hayden (S-1-5-21-1934805517-533149009-2384748858-1002 - Limited - Enabled) => C:\Users\Hayden
HomeGroupUser$ (S-1-5-21-1934805517-533149009-2384748858-1004 - Limited - Enabled)
Lisa (S-1-5-21-1934805517-533149009-2384748858-1001 - Administrator - Enabled) => C:\Users\Lisa
whaaaaat (S-1-5-21-1934805517-533149009-2384748858-1005 - Administrator - Enabled) => C:\Users\whaaaaat

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM\...\{A4F25B0E-C0F2-4CA6-A481-AC123A0B4D85}) (Version: 1.5.915.0 - Futuremark) Hidden
3DMark (HKLM-x32\...\{12d6e0d7-21d5-4755-9da2-70352c6f7558}) (Version: 1.5.915.0 - Futuremark)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon) <==== ATTENTION
AmScope AmScope 3.7 (HKLM-x32\...\{1B67D67B-E7ED-4055-951F-C78FCF99A210}) (Version: 3.7 - AmScope)
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bitdefender 60-Second Virus Scanner (HKLM\...\{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}) (Version: 1.0.3.76 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Comparing (HKLM-x32\...\{233EE2F2-EDA8-4C70-ABC3-D656D67D2CD5}) (Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd) Hidden
Comparing (HKLM-x32\...\InstallShield_{233EE2F2-EDA8-4C70-ABC3-D656D67D2CD5}) (Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0903 - Lenovo)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version: - SEIKO EPSON Corporation)
Find the Differences (HKLM-x32\...\{EAA04F6D-6E10-4267-B824-C35D3B9E0155}) (Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd) Hidden
Find the Differences (HKLM-x32\...\InstallShield_{EAA04F6D-6E10-4267-B824-C35D3B9E0155}) (Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd)
Finding the Letters (HKLM-x32\...\{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Finding the Letters (HKLM-x32\...\InstallShield_{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Fruits (HKLM-x32\...\{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
Fruits (HKLM-x32\...\InstallShield_{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Futuremark SystemInfo (HKLM-x32\...\{70690D9E-3D00-47D6-9CE9-BC3B6F900447}) (Version: 4.41.563.0 - Futuremark)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version: - Christian Kindahl)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Dashboard (HKLM-x32\...\{FEF1833C-244C-4DF2-AB67-1E1D26921ED8}) (Version: 2.0.0.18 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5424.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5424.52 - CyberLink Corp.)
Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Solution Center (HKLM\...\{7BB9AAFD-3350-49C8-92D1-833AAFF9E74E}) (Version: 3.4.003.013 - Lenovo)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Mammals (HKLM-x32\...\{ACA58CEB-2F74-4095-ADB6-4C1BFB170F64}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
Mammals (HKLM-x32\...\InstallShield_{ACA58CEB-2F74-4095-ADB6-4C1BFB170F64}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Matching Roles (HKLM-x32\...\{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Matching Roles (HKLM-x32\...\InstallShield_{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{5B441131-BBE4-4AB7-BBD2-974B9E6F5587}) (Version: 8.5.4.11 - Nitro)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
Puzzle (HKLM-x32\...\{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
Puzzle (HKLM-x32\...\InstallShield_{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39050 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
SimmonsConnect (HKLM-x32\...\{b7aa7117-b957-4fcd-8634-62a24727f953}) (Version: 1.19.0.0 - RealityMine Ltd)
SimmonsConnect x64 1.19.0.0 (HKLM\...\{2887B0AC-2F0D-4550-B11D-6FEFB84B4130}) (Version: 1.19.0.0 - RealityMine Ltd) Hidden
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
sudoku (HKLM-x32\...\{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
sudoku (HKLM-x32\...\InstallShield_{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
timer (HKLM-x32\...\{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
timer (HKLM-x32\...\InstallShield_{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{61702639-6539-473A-8FE5-618E194C0069}) (Version: 2.7.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
XFINITY Toolbar (HKLM-x32\...\xfin_portal) (Version: 4.7.5.2 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1934805517-533149009-2384748858-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-1934805517-533149009-2384748858-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\8.0\NPShellExtension64.dll [2013-05-24] (Nitro PDF)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00CE3A6B-CC13-402C-9407-4AE713657D48} - \Lenovo\LSC\LSCHardwareScan -> No File <==== ATTENTION
Task: {017E43D6-57D3-462C-AAD9-19305CC9E4E5} - \WPD\SqmUpload_S-1-5-21-1934805517-533149009-2384748858-1001 -> No File <==== ATTENTION
Task: {0AAC2842-965C-4817-B10B-D3091113BC33} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0C4DA26E-9049-4D76-8B68-9D5208E124A8} - \Microsoft\Windows\WindowsUpdate\AUScheduledInstall -> No File <==== ATTENTION
Task: {0C6CF2DA-89AA-43FA-86CE-8DBFA8393855} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {135B3C27-E689-4C33-9D11-89E441B92E86} - \Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 -> No File <==== ATTENTION
Task: {137EB597-DA65-4309-AE3E-3EAB35B6EC73} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1934805517-533149009-2384748858-1002 => C:\Users\Lisa\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {1A4230A2-E136-4936-9B22-DDF624BB8332} - \Microsoft\Windows\IME\SQM data sender -> No File <==== ATTENTION
Task: {25645EDA-641E-4956-BF79-F5616010A327} - \Microsoft\Windows\Shell\FamilySafetyUpload -> No File <==== ATTENTION
Task: {28386491-6DF8-4C60-8B96-FFA08356B92D} - \Microsoft\Windows\WindowsUpdate\Scheduled Start With Network -> No File <==== ATTENTION
Task: {30FCBD18-1E8E-44C5-94B6-E621206E388A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3202E086-D041-4F20-9836-EC54C3290401} - \WPD\SqmUpload_S-1-5-21-1934805517-533149009-2384748858-1002 -> No File <==== ATTENTION
Task: {37F09A58-5116-4B2C-A098-5A825F112A9F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3C626A51-288C-493E-B3EF-8150349DC954} - \Lenovo\LSC\LSCTaskService -> No File <==== ATTENTION
Task: {44DD1EAE-6187-4FC7-872F-52DBA8126F40} - \Optimize Start Menu Cache Files-S-1-5-21-1934805517-533149009-2384748858-1001 -> No File <==== ATTENTION
Task: {53E05875-9F19-4229-A870-C20C7AEEADD6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {54264E82-EB62-4381-BDFA-E1ECD5E391A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {55DB23CA-DE87-44BF-8869-80CFFF518E8C} - \Microsoft\Windows\WindowsUpdate\AUSessionConnect -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - \Microsoft\Windows\Customer Experience Improvement Program\BthSQM -> No File <==== ATTENTION
Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {61F99E8A-4965-4E73-8C6D-99BBD19FA61C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - \Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task -> No File <==== ATTENTION
Task: {72DC1987-365F-4612-9F54-9F190EAB6024} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7399E526-48CF-4885-8727-BD9DC660D254} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - \Microsoft\Windows\SkyDrive\Routine Maintenance Task -> No File <==== ATTENTION
Task: {A962B22C-6619-4749-8828-518CB48E06B6} - \Lenovo\Lenovo Customer Feedback Program -> No File <==== ATTENTION
Task: {AAC85CD5-ABD6-4BA5-BDD1-ACAA2EC36DEF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B60A648D-79B6-427B-9AD2-3D09B6364552} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BA54C711-08B3-4E17-A710-5AAD143F994D} - \Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval -> No File <==== ATTENTION
Task: {CA61BCC1-CEE3-4DC2-9B87-570AE9C8431B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {E01A9C80-90D9-4BCF-989B-C3C95AF564F2} - \Optimize Start Menu Cache Files-S-1-5-21-1934805517-533149009-2384748858-1002 -> No File <==== ATTENTION
Task: {E1F3F193-4C5A-4D39-97CE-B347485C90DC} - \Microsoft\Windows\WindowsUpdate\AUFirmwareInstall -> No File <==== ATTENTION
Task: {E586EFBE-1027-473A-9897-36BC282D57C0} - \Microsoft\Windows\PLA\LSC Memory -> No File <==== ATTENTION
Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {E7875FC9-89E8-4373-B871-9098E12D9B33} - \Optimize Start Menu Cache Files-S-1-5-21-1934805517-533149009-2384748858-500 -> No File <==== ATTENTION
Task: {E8F627BE-01A6-4EC4-A31F-150F4AC781A0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {F7D81167-541E-4E42-8B30-BFDFD241BF9E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F9AFE1F4-C7B8-4610-B9C2-342CE16AC61C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-07-16 04:42 - 2016-07-16 04:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-14 08:59 - 2017-09-06 23:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-13 19:50 - 2017-07-13 19:50 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-07-13 19:50 - 2017-07-13 19:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-29 10:58 - 2017-12-29 10:58 - 000959168 _____ () C:\Users\Lisa\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2016-09-30 08:21 - 2016-09-30 08:21 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-27 11:16 - 2017-03-03 23:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-08-22 11:48 - 2017-08-22 11:48 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-22 11:48 - 2017-08-22 11:48 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-22 11:48 - 2017-08-22 11:48 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-22 11:48 - 2017-08-22 11:48 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2014-08-04 17:39 - 2011-08-16 20:46 - 000028672 _____ () C:\Windows\jmesoft\ServiceLoader.exe
2017-03-27 11:17 - 2017-03-03 23:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-27 11:17 - 2017-03-03 23:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-27 11:17 - 2017-03-03 23:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-09-14 08:59 - 2017-09-06 21:53 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-09-14 08:59 - 2017-09-06 21:53 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-09-14 08:59 - 2017-09-06 21:59 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-09-14 11:30 - 2017-09-14 11:31 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.26.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-09-24 10:15 - 2017-09-24 10:15 - 010634752 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-09-24 10:15 - 2017-09-24 10:15 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.26.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-12-29 10:56 - 2017-12-29 10:56 - 000679624 _____ () C:\Users\Lisa\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\ClientTelemetry.dll
2009-12-04 16:59 - 2009-12-04 16:59 - 000619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 17:04 - 2009-12-04 17:04 - 000013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Users\Hayden\Desktop\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayden\Desktop\RobloxPlayerLauncher.exe:BDU [0]
AlternateDataStreams: C:\Users\Lisa\Downloads\iTunes64Setup.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 000000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1934805517-533149009-2384748858-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 8.8.8.8 - 4.2.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-1934805517-533149009-2384748858-1001\...\StartupApproved\Run: => "Bitdefender Wallet Agent"
HKU\S-1-5-21-1934805517-533149009-2384748858-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D889CEC2-B434-4979-A01C-4D067EA4B0FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{92CA6F0F-5360-453C-B826-50703A4BD97F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{9A75722F-B8AB-4F11-99A5-4202DF7439EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{2A14C3F1-D510-486B-8AD3-5CE94AFBD768}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{51049658-D6C1-4F72-93C0-1BDF433BD17D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Way of Life\TheWayOfLifeDemoWindows.exe
FirewallRules: [{1F65528B-88C3-4C7F-8266-0C2A72187CD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Way of Life\TheWayOfLifeDemoWindows.exe
FirewallRules: [{5F3395F4-9296-4244-83F1-4F6743B06ED0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worm.is The Game\Wormis.exe
FirewallRules: [{313ECC56-5E08-4517-8CC0-59DC589FB808}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worm.is The Game\Wormis.exe
FirewallRules: [{67E23122-6B15-4C05-93B4-D830857D7E24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{49818192-88D4-48A4-86DD-A7CDE8CF4552}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{C23574A7-5000-4F21-BC25-A2CFCCD5F9FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{DDAC64A5-2516-4B1D-846B-B041561B2F6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{193ADEF9-C1F7-4BD4-B276-B5B3799A5904}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A8712201-4EA7-44D4-BDCB-73B8247856AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C302C7BC-5286-447F-8FF5-4F1563D1502C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CatlateralDamage\CatlateralDamage.exe
FirewallRules: [{7C3C70AA-FFDC-4A19-8F72-D7D9559DBA39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CatlateralDamage\CatlateralDamage.exe
FirewallRules: [{1392E63D-F0FD-4ED7-9CB3-43F25B6BF202}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{C092DB1C-51B3-4619-B471-EDCA23E4493A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{AE89BFD4-17CC-4054-AA53-902CF16F6F48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EDGE\edge.exe
FirewallRules: [{40F5DCBA-D6BB-42EE-A7E1-CBA6046E6C56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EDGE\edge.exe
FirewallRules: [{DF8EDCDA-46A5-4286-B351-A89E0557D6B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheFloorIsJelly\The Floor is Jelly.exe
FirewallRules: [{45713EE9-2432-40FB-ACB3-B0B261C05FD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheFloorIsJelly\The Floor is Jelly.exe
FirewallRules: [{3927BC93-2F28-4686-8178-464281A5A1B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{783DEB18-86CD-434B-882C-B49F87538458}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{53787690-4B3F-4112-A2AC-F53C41B7FA15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe
FirewallRules: [{0D8E3B8F-DD47-4E27-8592-A7C0E1547DC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe
FirewallRules: [{1D22BD5C-C58C-475C-A464-C24D3867B706}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{4B9FE6B2-6DFF-4A11-A620-A1A15F708523}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{D3437CDF-D308-4F74-BD25-E262C5E48B74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CutTheRope\CutTheRopeApp.exe
FirewallRules: [{C9437CD4-2384-42BD-B067-31DD43F434B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CutTheRope\CutTheRopeApp.exe
FirewallRules: [{2148DFF8-B326-4E94-BD59-8D06B0F21527}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{22E0445C-1BA7-4442-9C63-73BEA3A005DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{60F20326-A241-42AB-895C-D514BB5A1C15}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
FirewallRules: [{02985CA0-5508-492E-95B8-63452D3933DD}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
FirewallRules: [{E533FED3-2868-4AEC-B92A-2E0146A0D364}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{95619669-D002-4C07-BDDD-73DCF343B00E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{A371813D-F7B3-439B-8E37-5245078D9AF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Little Inferno Beta\Little Inferno.exe
FirewallRules: [{094278D3-63F7-474A-A21E-885A0128A264}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Little Inferno Beta\Little Inferno.exe
FirewallRules: [{8EFA6356-AC78-4C61-89B8-CF2A84D7BA9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TurboDismount\TurboDismount.exe
FirewallRules: [{D268E724-5043-4FDF-A771-B74780CA4214}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TurboDismount\TurboDismount.exe
FirewallRules: [{A223C472-6181-4068-B8BC-6F1C3E953B64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{A0696326-49EF-4859-91C2-5869C5BE1A6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{6AFEB1F8-016A-4BA2-8790-3A268D373ED0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{197C5D28-C651-4E48-B154-2FC929A96E68}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{21711C81-DAB4-44E6-A7E0-A1D59411E114}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C4378FD1-D7DE-4630-B793-455895487E83}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{80EA87F0-EC4A-46AF-8139-0824713D8342}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
FirewallRules: [{1029A858-53F0-4934-8127-81DA7D92A485}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
FirewallRules: [{D54EF67A-DBDB-4907-BE1B-416994AF15A1}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{BCF25B3F-2600-4A64-B44C-563FE76C3828}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{B22A523B-6EB8-4BAA-85ED-4E5490602936}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1D0B9129-9D64-4065-9AF7-D9DF086F27DD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{84DB65C2-5533-45F6-B62B-2E609E53F27D}C:\users\hayden\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hayden\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{51B9CF4F-6CF7-46CE-96A2-5588A82A0E2D}C:\users\hayden\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hayden\appdata\roaming\spotify\spotify.exe
FirewallRules: [{1371744A-D80F-40EF-A20C-6D589F09D3DC}] => (Block) C:\users\hayden\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4A405081-C7BB-4258-BFFC-7255E9F7E3EA}] => (Block) C:\users\hayden\appdata\roaming\spotify\spotify.exe
FirewallRules: [{315C89B8-285E-4A35-95A6-0A34E05FD0E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\60 Seconds!\60Seconds.exe
FirewallRules: [{A4B90C7F-3ABC-47CD-A020-F7EC57D4821A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\60 Seconds!\60Seconds.exe
FirewallRules: [{5236BF60-8483-41D2-B609-91C1E18D607C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mitos.is The Game\Mitosis.exe
FirewallRules: [{3B51C731-2045-46F1-984D-7B5FC6DE3256}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mitos.is The Game\Mitosis.exe
FirewallRules: [{3CE157A6-63F3-4656-9B56-B77CD9E9AE29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spooky's House of Jump Scares\SPOOKY.exe
FirewallRules: [{0E7DC92C-64B8-4B31-9D0E-E9F834A50B44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spooky's House of Jump Scares\SPOOKY.exe
FirewallRules: [{6AC45920-02CC-4EE5-994C-56F9A323E522}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's 2\FiveNightsatFreddys2.exe
FirewallRules: [{49985393-19F4-4E1C-A7D7-6B3E75B8039F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's 2\FiveNightsatFreddys2.exe
FirewallRules: [{2D798359-6595-431C-8783-8E12ED574B15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's 3\FiveNightsatFreddys3.exe
FirewallRules: [{2F2A6A63-9193-42F0-96F1-091D729A093C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's 3\FiveNightsatFreddys3.exe
FirewallRules: [{0D5BA4AF-12F3-4485-85AA-225C3C4D0DBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{63149ECE-8A6A-489E-B768-CD9AF7E9CF93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{6620FA07-FD58-4B7F-851A-B54A6638A8C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{2D954F30-1AA2-4BDA-8D4F-F843AEB44BC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{0362454F-8E75-4D20-983E-0205EACA089A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Relic Hunters Zero\RelicHuntersZero.exe
FirewallRules: [{E1D52171-9F7E-4C91-950B-F67F4D608F68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Relic Hunters Zero\RelicHuntersZero.exe
FirewallRules: [TCP Query User{A8C096F7-8D24-4A21-A6A2-5E3A6842E226}C:\program files (x86)\origin games\dead space 3\deadspace3.exe] => (Block) C:\program files (x86)\origin games\dead space 3\deadspace3.exe
FirewallRules: [UDP Query User{B5BD1956-351D-4F9B-B70B-C6D9F87053CA}C:\program files (x86)\origin games\dead space 3\deadspace3.exe] => (Block) C:\program files (x86)\origin games\dead space 3\deadspace3.exe
FirewallRules: [TCP Query User{A3617F97-1946-4E7C-952B-3A620147F46F}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{9287B63D-8019-429D-8F55-4438620E35CC}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{E5DD9E0B-E3F1-4E1B-BD00-010A78D33765}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Destination Sol\sol.exe
FirewallRules: [{9FF576E3-89D1-4BCA-B7BA-FBBF2A4477CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Destination Sol\sol.exe
FirewallRules: [{251EF4FC-89C0-449E-BD79-6A6A1904DC54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{85D0E80B-64D3-42E8-87E8-6DD798B35C81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{97CA4D76-9864-48E1-8A8E-E3CB7CBD0FAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousSam.exe
FirewallRules: [{CCF6EEFD-9AA4-4844-9EDF-EDD6B4D052C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousSam.exe
FirewallRules: [{B4DD00AA-99A3-4EF0-B3D8-A61664161042}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousEditor.exe
FirewallRules: [{0EDACE31-0D1E-400E-AD30-617FBF6B6047}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousEditor.exe
FirewallRules: [{6F4DB1C2-499A-4DC3-9F4B-96D581DB9D56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousModeler.exe
FirewallRules: [{84FE3698-D6FF-4837-9884-CF0C479D622B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousModeler.exe
FirewallRules: [{FA7B2038-F1D6-490D-AD7E-4D12101E1BB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousSam.exe
FirewallRules: [{3DA9FE17-0C74-4820-BD15-63124C1BC3F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousSam.exe
FirewallRules: [{8DC39134-7A73-470A-B21C-87B3AB6C9B74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousEditor.exe
FirewallRules: [{F2FC1635-731D-435C-8159-90DB3DB741A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousEditor.exe
FirewallRules: [{A6732A52-9038-40ED-9BA6-3A2F0044AF60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousModeler.exe
FirewallRules: [{854F3EE5-27B1-44CE-BB13-5A62AB37EC51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousModeler.exe
FirewallRules: [{0FD6607D-121A-468D-9AE5-B3A0EAF8AFF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{136BBE7E-5D64-4BF1-B75C-1849B3193966}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{857655CD-0B93-4611-B028-67C9742E5812}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AF1534F6-2DCC-4411-91EF-732B8A9E3334}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Toribash\toribash.exe
FirewallRules: [{2829E21F-1722-4369-B7B8-56FB1B73477F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Toribash\toribash.exe
FirewallRules: [{FF7A90DB-7F83-46B6-95B0-DAD9A55031BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{AA3ED37F-1956-4C12-96B3-1862925939FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{5F8DE02F-4A8F-4A0D-B42A-274017CB7C2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Revolution\Bin\SeriousSam.exe
FirewallRules: [{648DA822-FA53-4A5D-B7B9-4E61D6525507}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Revolution\Bin\SeriousSam.exe
FirewallRules: [{2096E52B-BA83-4E96-9C4E-67F1F8B56252}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A92B13B4-E090-4DE0-AE3A-455A335E5363}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{80D05B1C-2748-4924-AE9F-34B45476AD40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe
FirewallRules: [{75A73469-7257-4BFD-9235-8493B1666F72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe
FirewallRules: [{C77C0FBE-922C-4763-B369-FF4FE0CE915B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{EF8C577F-BC41-4289-825C-A020768DF37A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{610B0E52-E506-40C7-BAE0-71443DE614C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{AE170E54-6579-48AE-A212-2554B09BF193}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{EC4E841A-C71E-469C-B71F-4099962D82AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dystopia\hl2.exe
FirewallRules: [{029F447A-CE0C-4269-B57B-46B289F8F271}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dystopia\hl2.exe
FirewallRules: [{4EB573F3-59F3-4D8B-9159-723CDA36860A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Loading Screen Simulator\LSS.exe
FirewallRules: [{8B177814-B499-41B2-880E-CA591D02A255}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Loading Screen Simulator\LSS.exe
FirewallRules: [{0E3D2397-71A8-410A-B560-E696435140C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\V\V.exe
FirewallRules: [{44FBB5A3-BE6C-4BAB-8356-9F806F50210E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\V\V.exe
FirewallRules: [{10531311-9DF6-48E4-A914-F2CDCF5FDF3D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9E8D3287-810E-415B-BB3B-C9FD2F5049E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duck Game\DuckGame.exe
FirewallRules: [{EDB789B4-13E8-4C7F-B411-2FBEE34CE410}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duck Game\DuckGame.exe
FirewallRules: [{3833006B-E062-4BB3-B468-306E05165B2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pizza Connection 3 - Pizza Creator\Pizza Connection 3 - Pizza Creator.exe
FirewallRules: [{08916798-E149-43FE-8370-C7FFCB929642}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pizza Connection 3 - Pizza Creator\Pizza Connection 3 - Pizza Creator.exe
FirewallRules: [{FD2DDCBE-BA19-4788-8AB9-2D611BA89E8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Galactic Junk League\GJL.exe
FirewallRules: [{5C3546CF-BB5D-4D8F-88DE-EF0C5C19F6C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Galactic Junk League\GJL.exe
FirewallRules: [{E49D69FA-B23A-411B-88E4-5AED9FCF3A29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Creativerse\Creativerse.exe
FirewallRules: [{C5EAF6B2-FA21-4303-9371-7B15FD7D56AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Creativerse\Creativerse.exe
FirewallRules: [{50FBA1E0-12B7-430C-9F6D-87AA38F61A6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{519F6027-02BE-4D23-969F-7107F6790417}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{56DFED67-90BA-4F62-80AB-1C7CAAC61AE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brief Karate Foolish\SFWinCf.EXE
FirewallRules: [{509B473C-A6AD-429A-8A33-992F18F4E167}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brief Karate Foolish\SFWinCf.EXE
FirewallRules: [{3CFED91F-201F-4424-864F-DFFC2607575A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F1B54C0A-610C-4256-8CC4-79EF8C4F2ADA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\60 Seconds!\60Seconds.exe
FirewallRules: [{5424DFA0-37C3-42A0-A394-73C6E7CC87A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\60 Seconds!\60Seconds.exe
FirewallRules: [{CE67AA98-A1AA-4E0A-8A5A-35348B6A96B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{B71996D0-1D9E-4573-A250-795AD81EC168}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{9B4845E6-CC24-4C14-A4EB-143E93734681}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{E813F2CB-78E0-4B4B-B769-B53383A48EFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{488899F1-9927-4F20-81CF-0B19BE10793E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brief Karate Foolish\SFWinCf.EXE
FirewallRules: [{9904EED7-83CD-49FC-AC57-A595922ADC23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brief Karate Foolish\SFWinCf.EXE
FirewallRules: [{CD7A6CF6-756A-4774-9D38-295349616885}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CatlateralDamage\CatlateralDamage.exe
FirewallRules: [{76925E97-3EAE-49FF-9EEC-1E498FA1703C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CatlateralDamage\CatlateralDamage.exe
FirewallRules: [{18B20EF7-2205-42BC-9ED0-6C149D420BF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Creativerse\Creativerse.exe
FirewallRules: [{BA3C4C7A-E67F-4DD6-9EAD-8CC9BF96F9FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Creativerse\Creativerse.exe
FirewallRules: [{F07D0945-2D2A-4D48-9556-96AF3D5F9581}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CutTheRope\CutTheRopeApp.exe
FirewallRules: [{C158EEBF-846C-40C0-9D26-8973110CD669}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CutTheRope\CutTheRopeApp.exe
FirewallRules: [{90248786-A996-4161-9C0E-D66B94ABDD97}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{D1A68E77-D013-427C-94CC-1A2052766648}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{63A5170E-74F7-4BC3-8A19-3A4A6DC03BC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Destination Sol\sol.exe
FirewallRules: [{34B7D501-3F93-4305-B529-0790B723ED23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Destination Sol\sol.exe
FirewallRules: [{C7BE2325-0DFA-41FA-B6A8-8A649996B2A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duck Game\DuckGame.exe
FirewallRules: [{CEB7A95F-2961-4F73-BB7A-6A9B92A400E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duck Game\DuckGame.exe
FirewallRules: [{322A1FAE-686E-41EE-8E44-0D8F58ADCBDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dystopia\hl2.exe
FirewallRules: [{F139D050-3DE2-4E05-856C-B426A5AB88AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dystopia\hl2.exe
FirewallRules: [{598F734E-BB78-4376-B8C8-0953C2344E28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EDGE\edge.exe
FirewallRules: [{285FE9F3-D0D7-4254-9D01-BACBECEBF563}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EDGE\edge.exe
FirewallRules: [{CDC07F0D-BB3B-40A0-B3D3-EAD60C186E60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe
FirewallRules: [{0388DF70-3794-4D58-BE5C-1F3456D912A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe
FirewallRules: [{22BEF8F1-D3B4-48AF-81F8-6F32E7D5180C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{D2CAC2D8-BAB5-436F-960E-BA633A60D106}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{E96A0BF1-8C64-4612-83EB-95BFF3619234}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{5F0F91D7-DA09-4C08-9F16-43CC8B7FB09C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{1CD120CB-0BC8-4559-9C8E-B90718EAABC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's 2\FiveNightsatFreddys2.exe
FirewallRules: [{89E6F511-FE8B-4418-89A7-6761C8CBAFC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's 2\FiveNightsatFreddys2.exe
FirewallRules: [{7AEA8493-3857-4732-B33E-3539794200AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's 3\FiveNightsatFreddys3.exe
FirewallRules: [{52E5BC75-6947-4215-9533-888338E0D637}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's 3\FiveNightsatFreddys3.exe
FirewallRules: [{C4AF9066-BAC6-44D2-B26A-9A612EF0996A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Galactic Junk League\GJL.exe
FirewallRules: [{A53FC981-2C19-4467-8B89-7632B1E782D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Galactic Junk League\GJL.exe
FirewallRules: [{12704317-0486-4C5D-AACA-3D5903CAEC71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{671ACD5B-E4AF-46F0-91A1-16DC41EFFEBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{C4D98F97-DE8F-4EEB-98DB-33F522F9AD82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{C669822C-21AF-454F-9CCF-67E3B02B6BD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{D2C905E5-6087-40B0-A3A6-D29CE1359CEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{CD7745C7-F79B-473C-B18E-1C3659B2C52A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{219670AC-6505-46B2-A837-738364361846}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B5CE50B4-7378-4239-8926-FCFC9349BE10}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
FirewallRules: [{F01A06D0-8BA4-4B1A-95BC-596573370B22}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
FirewallRules: [{464FA27E-A36C-4E11-BC8C-A89FB63C6B7F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F39D3CE3-7F3F-4052-A3DD-3253156AF07A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Little Inferno Beta\Little Inferno.exe
FirewallRules: [{FF90B36A-877F-4F73-B11D-A7B0D08B5F1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Little Inferno Beta\Little Inferno.exe
FirewallRules: [{AB89E1E7-6D34-4C72-A258-8ED0D4E60B50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Loading Screen Simulator\LSS.exe
FirewallRules: [{E6AE1DD2-7792-478C-B3FB-6D26CE071F1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Loading Screen Simulator\LSS.exe
FirewallRules: [{4A12D174-8238-4079-844D-CC421A0B526E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mitos.is The Game\Mitosis.exe
FirewallRules: [{8AB6567A-0C61-4ACA-8E5B-77A4282E3623}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mitos.is The Game\Mitosis.exe
FirewallRules: [{F88B9B88-3717-4816-A385-53449214F6EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{EB7A23C9-CA7C-46C0-AFE3-F74BB2B7A768}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{76D458D5-BECB-4CBD-8CC9-0B7883F9ABA5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\V\V.exe
FirewallRules: [{519C188A-74AC-488E-912D-9D64CA9FFE2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\V\V.exe
FirewallRules: [{8A2CC745-7FB2-46B3-917C-12E4E2787FC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pizza Connection 3 - Pizza Creator\Pizza Connection 3 - Pizza Creator.exe
FirewallRules: [{5CFA1364-6937-4970-A6F2-023D7F5703B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pizza Connection 3 - Pizza Creator\Pizza Connection 3 - Pizza Creator.exe
FirewallRules: [{325770E8-345B-46A3-B751-46A9AA8C5F7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Relic Hunters Zero\RelicHuntersZero.exe
FirewallRules: [{071B407B-D08A-4A6F-819C-5EDE7C6269E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Relic Hunters Zero\RelicHuntersZero.exe
FirewallRules: [{3AB6F0E7-D243-4F19-9153-8F591DC7C262}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{C464C532-6B5D-4862-A3FD-436CAFA7AF9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{AE155681-1228-4C9E-A62E-3B4C714386FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousSam.exe
FirewallRules: [{78022DC8-8F38-4D8C-AAAA-50C3CE03FE8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousSam.exe
FirewallRules: [{0CA1FC34-EB45-4052-B5FD-6E6160DB6A8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousEditor.exe
FirewallRules: [{AEF0EDA9-C69D-4199-B71F-D226561CBA23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousEditor.exe
FirewallRules: [{23277C97-CE64-4260-964F-6567D2C90177}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousModeler.exe
FirewallRules: [{9865A05A-16B3-49F4-A393-8078BC3BDC91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousModeler.exe
FirewallRules: [{7D98045C-0BCB-4260-8AAF-9CBE3C5071BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousSam.exe
FirewallRules: [{495B93DC-F286-4384-B032-83A6650DEB4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousSam.exe
FirewallRules: [{D2F4651C-4903-430B-BCCE-15CFF163A814}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousEditor.exe
FirewallRules: [{B4CA2CF1-F8E3-4BC1-B0D6-5650FF393901}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousEditor.exe
FirewallRules: [{D7B2ECB1-EEA0-40B7-B96E-54F796527867}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousModeler.exe
FirewallRules: [{5D74567E-65BB-4D20-A329-2C847425FD35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousModeler.exe
FirewallRules: [{9F8D42EB-F7D4-4F90-B4BF-820049AF8791}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{24C6F4C3-6328-4D68-98F1-F958B7A83BEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spooky's House of Jump Scares\SPOOKY.exe
FirewallRules: [{70140217-0B82-4778-8DCA-B90FCE50E0D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spooky's House of Jump Scares\SPOOKY.exe
FirewallRules: [{D5363FD5-9039-4F59-AF2B-2D3CF51049F5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A911DF4E-3BFA-497B-B11C-A624AC9338E7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{91E27531-B3E7-4BCE-A26B-0B3390304E79}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B5DCFC90-108C-4808-A7F0-EFDE3FEF8B6F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4C1351CD-5041-4A7A-8151-791841CD1B52}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{494C6C0C-A7C6-4D14-ABC2-35465E54FA13}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CB88EA02-AA0C-4BC2-99D6-066FE876FD5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{149CE9EC-FF18-4ECE-8CD9-5D15AAB78008}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{3E29B00F-AF38-486D-909B-4338013521A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe
FirewallRules: [{0A3FB9FF-5C17-4B50-9CB7-C10148389615}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe
FirewallRules: [{0B72A8C7-3353-4424-90DD-2EBC0E81DF1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheFloorIsJelly\The Floor is Jelly.exe
FirewallRules: [{D485754D-0D99-43F8-9348-D479A6C30134}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheFloorIsJelly\The Floor is Jelly.exe
FirewallRules: [{DD0EA41F-7025-4E65-A5B5-F02E19E41A65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Way of Life\TheWayOfLifeDemoWindows.exe
FirewallRules: [{604222C3-3635-416A-BC0B-64342F4C9927}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Way of Life\TheWayOfLifeDemoWindows.exe
FirewallRules: [{A51381C4-252A-4624-9A5E-A7CE3E0E907E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Toribash\toribash.exe
FirewallRules: [{112F0D83-43C4-4F04-9CA5-D4EDEB36B041}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Toribash\toribash.exe
FirewallRules: [{B19550F4-5C06-4AE1-ACC4-0A523F619D70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TurboDismount\TurboDismount.exe
FirewallRules: [{B4022318-C53A-4661-96A9-418640E4D81D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TurboDismount\TurboDismount.exe
FirewallRules: [{2FED3337-2A9F-4528-9B00-FBC659701D65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{E8DEF53F-FB4C-4A35-9FD2-768E051B59E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{DD11A994-FA90-496C-996B-84BD0B363758}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{09E1147B-B647-4704-AB30-47D0BF4D5DFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{1A11C7CB-7C8F-4677-8500-277D3608F81F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{336ACBF7-544E-4FA7-8332-A031C6D54CD9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{2054EDC3-204C-492A-A214-6CC27F89B791}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worm.is The Game\Wormis.exe
FirewallRules: [{BFC38C2E-603F-48FF-9163-ED28E9181D8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worm.is The Game\Wormis.exe
FirewallRules: [{42694AE2-721C-4E76-B11C-D8C78A41513E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\60 Seconds!\60Seconds.exe
FirewallRules: [{4B621EE8-01D4-4DF7-8628-4B27AF1F0F03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\60 Seconds!\60Seconds.exe
FirewallRules: [{B4D21CF1-CF21-42DF-919B-15BA0D6E41A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{06537FFD-3E7D-4DED-B8D9-F491C9582331}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{F069E3E8-2306-481D-B05B-8FDA01EE9CBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{47E8A961-69CA-4762-8904-A9F7ACA42AF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{F19440F2-9990-4B62-A393-F6A5FB58BFF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Creativerse\Creativerse.exe
FirewallRules: [{C50FBE62-8581-4F53-84C5-35DB7A2EAC71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Creativerse\Creativerse.exe
FirewallRules: [{4DBA7C64-6C1F-4DFB-8C02-2BFF7B220EDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Destination Sol\sol.exe
FirewallRules: [{6C4D68EA-0EE4-495B-A265-3517BC7934C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Destination Sol\sol.exe
FirewallRules: [{7C990022-AF07-427F-BE40-2E0F860E3926}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe
FirewallRules: [{F5F60760-339B-4972-9B1D-4707BCE55846}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe
FirewallRules: [{B7CDACA9-2D47-47B5-976E-E726D365B6A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{F41AFEAC-9729-49E8-A6C7-9B5DF9BC295A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{8FE9F96E-3795-4D7C-A73A-E99C6A33D3A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{7BF1490D-07F0-47DD-94A2-5D6DCFD9DE04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{7EE0EC85-24A2-4BC2-BC71-2322AAC2D847}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{FCE7D56C-FE2F-466B-BCFD-EA404C99E628}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{403FF3F5-9880-4C30-AB57-FE9D025B7ADB}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
FirewallRules: [{6F0819F7-21F6-4623-B19C-2781300970EA}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
FirewallRules: [{B83D85A7-C88D-42C3-8853-44DF8D6CA846}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4AB1DB05-E9E8-4DCF-83FB-18DF69226EA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Loading Screen Simulator\LSS.exe
FirewallRules: [{76C23527-D225-42EF-B9BB-D77ED7BE0965}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Loading Screen Simulator\LSS.exe
FirewallRules: [{669EE87B-3D51-4B82-B474-BA0018E9110D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mitos.is The Game\Mitosis.exe
FirewallRules: [{EA3313CF-C333-40E9-BB23-8A71307D4051}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mitos.is The Game\Mitosis.exe
FirewallRules: [{F90B13D2-0936-4D7E-A649-08D879D5B847}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{20562955-1603-466B-8753-CCA1D24EAA56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{CFBC6D5C-AA59-4545-8852-944103CB5F4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\V\V.exe
FirewallRules: [{C18BC224-1E77-452C-BF9D-78D9D058DDF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\V\V.exe
FirewallRules: [{7CEAB933-03C0-4D5C-A816-57C436872C44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pizza Connection 3 - Pizza Creator\Pizza Connection 3 - Pizza Creator.exe
FirewallRules: [{9CC82540-9BFF-4B47-AB5D-621584A869F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pizza Connection 3 - Pizza Creator\Pizza Connection 3 - Pizza Creator.exe
FirewallRules: [{CDEAADF9-C530-4264-906D-6F2AA7987864}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Relic Hunters Zero\RelicHuntersZero.exe
FirewallRules: [{17C49261-B314-4DC2-8639-911C8D2F8BD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Relic Hunters Zero\RelicHuntersZero.exe
FirewallRules: [{109AC8A8-423A-4230-93F3-071A290EBA82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{D992FE16-61E2-44B6-A12F-5143CACAE1E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{BC0711B3-9BEB-4BE1-8D7F-1E4944B1802A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{39442E90-5CA1-4508-98B5-C194DAD6080C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9CDBE0F7-4787-484C-BCAA-A228003CDA49}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{98F39BC1-BAA3-4AA5-884E-E7AC75B078EC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1E802E29-6E6C-47F3-B264-AF8FB1358753}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EF1A1ED8-484D-4F85-ADE6-0A367ED1F1A8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{147A426C-0067-4C2E-96DC-8542458D9360}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TurboDismount\TurboDismount.exe
FirewallRules: [{BAC76D2B-AFA5-4738-8A7C-2B70F21DCE3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TurboDismount\TurboDismount.exe
FirewallRules: [{05FF1F01-EBAC-430E-862D-BB8F84209B49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{9A6D81E1-E518-4612-AE1F-B4549E51B807}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{DDD40985-8FDF-4CF9-A297-64C9EC6D2DC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{A51E84D7-B6E9-4CCC-974E-25036EC0AE2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{272D8960-ECAC-41A0-83B0-3E9600DBFD37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{40F7E9BB-8FFD-4C88-8070-B9AF3CBEB3C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{50B6AC60-0FF3-4F5C-9D96-E3088BA80668}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worm.is The Game\Wormis.exe
FirewallRules: [{9C2553EC-3ABB-4C6A-9C5D-7CB65692D74B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worm.is The Game\Wormis.exe

==================== Restore Points =========================

29-09-2017 13:26:57 Windows Update
29-12-2017 10:49:32 Windows Modules Installer

==================== Faulty Device Manager Devices =============

Name: Microsoft Kernel Debug Network Adapter
Description: Microsoft Kernel Debug Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Wi-Fi Direct Virtual Adapter
Description: Microsoft Wi-Fi Direct Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Device Association Root Enumerator
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® Pentium® processor N- and J-series / Intel® Celeron® processor N- and J-series EHCI USB - 0F34
Description: Intel® Pentium® processor N- and J-series / Intel® Celeron® processor N- and J-series EHCI USB - 0F34
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft GS Wavetable Synth
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2018 04:31:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SettingSyncHost.exe, version: 10.0.14393.1198, time stamp: 0x590280cf
Faulting module name: WlanMediaManager.dll, version: 10.0.14393.953, time stamp: 0x58ba5e1d
Exception code: 0xc0000005
Fault offset: 0x000000000005d548
Faulting process id: 0x77c
Faulting application start time: 0x01d38966de901c2d
Faulting application path: C:\WINDOWS\system32\SettingSyncHost.exe
Faulting module path: C:\Windows\System32\WlanMediaManager.dll
Report Id: 1f2a319a-a4a3-4a82-979a-478455c7535c
Faulting package full name:
Faulting package-relative application ID:

Error: (01/09/2018 09:31:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x1328
Faulting application start time: 0x01d38967425f16b9
Faulting application path: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
Faulting module path: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
Report Id: 10b35c48-ad08-4316-8a4d-081f7967beef
Faulting package full name:
Faulting package-relative application ID:

Error: (01/09/2018 09:25:01 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected

Error: (01/03/2018 09:23:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.14393.0, time stamp: 0x57899b96
Faulting module name: WlanMediaManager.dll, version: 10.0.14393.953, time stamp: 0x58ba5e1d
Exception code: 0xc0000005
Fault offset: 0x000000000005d548
Faulting process id: 0x7f8
Faulting application start time: 0x01d3850e559f48f6
Faulting application path: C:\Windows\System32\RuntimeBroker.exe
Faulting module path: C:\Windows\System32\WlanMediaManager.dll
Report Id: 04d30af4-845c-4156-ba62-20f98e136512
Faulting package full name:
Faulting package-relative application ID:

Error: (01/03/2018 09:23:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.14393.82, time stamp: 0x57a55dc6
Faulting module name: WlanMediaManager.dll, version: 10.0.14393.953, time stamp: 0x58ba5e1d
Exception code: 0xc0000005
Fault offset: 0x000000000005d53b
Faulting process id: 0x1748
Faulting application start time: 0x01d38513c8a2c069
Faulting application path: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\Windows\System32\WlanMediaManager.dll
Report Id: b009a3cd-f79a-46ec-b186-d99e59755076
Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (01/03/2018 09:03:01 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1934805517-533149009-2384748858-1001}/">.

Error: (12/30/2017 03:45:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (12/30/2017 03:44:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/30/2017 03:43:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x8007085a, The Workstation service has not been started.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {f25a49ed-4df7-492b-bc54-4786e8920016}

Error: (12/30/2017 03:23:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.14393.1532, time stamp: 0x5965adb0
Faulting module name: TwinUI.dll, version: 10.0.14393.1715, time stamp: 0x59b0d463
Exception code: 0x80270233
Fault offset: 0x0000000000586621
Faulting process id: 0xd40
Faulting application start time: 0x01d381bccdbf0a56
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\Windows\System32\TwinUI.dll
Report Id: 55a7d487-0af2-4929-a00d-851a67dfa240
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (01/09/2018 05:27:38 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (01/09/2018 05:27:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/09/2018 05:27:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/09/2018 05:27:38 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (01/09/2018 05:27:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/09/2018 05:27:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/09/2018 05:27:12 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (01/09/2018 05:27:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/09/2018 05:27:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/09/2018 05:27:11 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}


CodeIntegrity:
===================================
Date: 2018-01-02 12:53:54.842
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-01-02 12:53:54.838
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU J1800 @ 2.41GHz
Percentage of memory in use: 33%
Total physical RAM: 3986.2 MB
Available physical RAM: 2636.55 MB
Total Virtual: 6802.2 MB
Available Virtual: 5240.27 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:439.5 GB) (Free:206.45 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D6BE31FA)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 10 January 2018 - 10:08 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,140 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:11 AM

Posted 10 January 2018 - 10:07 AM

Greetings You-Uuuuused-Me and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:


GroupPolicyUsers\S-1-5-21-1934805517-533149009-2384748858-1002\User: Restriction <==== ATTENTION
ProxyEnable: [S-1-5-21-1934805517-533149009-2384748858-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-1934805517-533149009-2384748858-1001] => http=127.0.0.1:50299;https=127.0.0.1:50299
ManualProxies: 1http=127.0.0.1:50227;https=127.0.0.1:50227
Toolbar: HKLM - XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - No File
Toolbar: HKLM-x32 - XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - No File
Toolbar: HKU\S-1-5-21-1934805517-533149009-2384748858-1001 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
CHR HKLM-x32\...\Chrome\Extension: [ecknkgaahbmamffpenejnpmmfenojend] - hxxps://clients2.google.com/service/update2/crx
Task: {00CE3A6B-CC13-402C-9407-4AE713657D48} - \Lenovo\LSC\LSCHardwareScan
Task: {017E43D6-57D3-462C-AAD9-19305CC9E4E5} - \WPD\SqmUpload_S-1-5-21-1934805517-533149009-2384748858-1001
Task: {0AAC2842-965C-4817-B10B-D3091113BC33} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d
Task: {0C4DA26E-9049-4D76-8B68-9D5208E124A8} - \Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {0C6CF2DA-89AA-43FA-86CE-8DBFA8393855} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd
Task: {135B3C27-E689-4C33-9D11-89E441B92E86} - \Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8
Task: {1A4230A2-E136-4936-9B22-DDF624BB8332} - \Microsoft\Windows\IME\SQM data sender
Task: {25645EDA-641E-4956-BF79-F5616010A327} - \Microsoft\Windows\Shell\FamilySafetyUpload
Task: {28386491-6DF8-4C60-8B96-FFA08356B92D} - \Microsoft\Windows\WindowsUpdate\Scheduled Start With Network
Task: {30FCBD18-1E8E-44C5-94B6-E621206E388A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent
Task: {3202E086-D041-4F20-9836-EC54C3290401} - \WPD\SqmUpload_S-1-5-21-1934805517-533149009-2384748858-1002
Task: {37F09A58-5116-4B2C-A098-5A825F112A9F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d
Task: {3C626A51-288C-493E-B3EF-8150349DC954} - \Lenovo\LSC\LSCTaskService
Task: {44DD1EAE-6187-4FC7-872F-52DBA8126F40} - \Optimize Start Menu Cache Files-S-1-5-21-1934805517-533149009-2384748858-1001
Task: {55DB23CA-DE87-44BF-8869-80CFFF518E8C} - \Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - \Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - \Microsoft\Windows\UpdateOrchestrator\Policy Install
Task: {61F99E8A-4965-4E73-8C6D-99BBD19FA61C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - \Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {72DC1987-365F-4612-9F54-9F190EAB6024} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d
Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - \Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {A962B22C-6619-4749-8828-518CB48E06B6} - \Lenovo\Lenovo Customer Feedback Program
Task: {AAC85CD5-ABD6-4BA5-BDD1-ACAA2EC36DEF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d
Task: {B60A648D-79B6-427B-9AD2-3D09B6364552} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent
Task: {BA54C711-08B3-4E17-A710-5AAD143F994D} - \Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval
Task: {CA61BCC1-CEE3-4DC2-9B87-570AE9C8431B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
Task: {E01A9C80-90D9-4BCF-989B-C3C95AF564F2} - \Optimize Start Menu Cache Files-S-1-5-21-1934805517-533149009-2384748858-1002
Task: {E1F3F193-4C5A-4D39-97CE-B347485C90DC} - \Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {E586EFBE-1027-473A-9897-36BC282D57C0} - \Microsoft\Windows\PLA\LSC Memory
Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {E7875FC9-89E8-4373-B871-9098E12D9B33} - \Optimize Start Menu Cache Files-S-1-5-21-1934805517-533149009-2384748858-500
Task: {E8F627BE-01A6-4EC4-A31F-150F4AC781A0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B
Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display
Task: {F7D81167-541E-4E42-8B30-BFDFD241BF9E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d
Folder: C:\Users\Lisa\.LSC
Folder C:\Users\Lisa\AppData\Local\MR APP
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 You-Uuuuused-Me

You-Uuuuused-Me
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 10 January 2018 - 12:29 PM

Hi Gary, please call me Lisa.  Thanks for your assistance.  After running Farbar and restarting my pc Chrome wouldn't connect to the internet, the error message was err_tunnel_connection_failed.  Then a box popped up that said Windows Firewall has blocked Chrome and I clicked on the box to allow access through the firewall. I still had no internet until running Network Diagnostics and manually setting my ip address.  While I was doing this a cmd window briefly appeared and disappeared.  Here is my Fixlog.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Lisa (10-01-2018 09:56:33) Run:1
Running from C:\Users\Lisa\Desktop
Loaded Profiles: Lisa (Available Profiles: Lisa & Hayden & whaaaaat)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
GroupPolicyUsers\S-1-5-21-1934805517-533149009-2384748858-1002\User: Restriction <==== ATTENTION
ProxyEnable: [S-1-5-21-1934805517-533149009-2384748858-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-1934805517-533149009-2384748858-1001] => http=127.0.0.1:50299;https=127.0.0.1:50299
ManualProxies: 1http=127.0.0.1:50227;https=127.0.0.1:50227
Toolbar: HKLM - XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - No File
Toolbar: HKLM-x32 - XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - No File
Toolbar: HKU\S-1-5-21-1934805517-533149009-2384748858-1001 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
CHR HKLM-x32\...\Chrome\Extension: [ecknkgaahbmamffpenejnpmmfenojend] - hxxps://clients2.google.com/service/update2/crx
Task: {00CE3A6B-CC13-402C-9407-4AE713657D48} - \Lenovo\LSC\LSCHardwareScan
Task: {017E43D6-57D3-462C-AAD9-19305CC9E4E5} - \WPD\SqmUpload_S-1-5-21-1934805517-533149009-2384748858-1001
Task: {0AAC2842-965C-4817-B10B-D3091113BC33} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d
Task: {0C4DA26E-9049-4D76-8B68-9D5208E124A8} - \Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {0C6CF2DA-89AA-43FA-86CE-8DBFA8393855} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd
Task: {135B3C27-E689-4C33-9D11-89E441B92E86} - \Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8
Task: {1A4230A2-E136-4936-9B22-DDF624BB8332} - \Microsoft\Windows\IME\SQM data sender
Task: {25645EDA-641E-4956-BF79-F5616010A327} - \Microsoft\Windows\Shell\FamilySafetyUpload
Task: {28386491-6DF8-4C60-8B96-FFA08356B92D} - \Microsoft\Windows\WindowsUpdate\Scheduled Start With Network
Task: {30FCBD18-1E8E-44C5-94B6-E621206E388A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent
Task: {3202E086-D041-4F20-9836-EC54C3290401} - \WPD\SqmUpload_S-1-5-21-1934805517-533149009-2384748858-1002
Task: {37F09A58-5116-4B2C-A098-5A825F112A9F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d
Task: {3C626A51-288C-493E-B3EF-8150349DC954} - \Lenovo\LSC\LSCTaskService
Task: {44DD1EAE-6187-4FC7-872F-52DBA8126F40} - \Optimize Start Menu Cache Files-S-1-5-21-1934805517-533149009-2384748858-1001
Task: {55DB23CA-DE87-44BF-8869-80CFFF518E8C} - \Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - \Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - \Microsoft\Windows\UpdateOrchestrator\Policy Install
Task: {61F99E8A-4965-4E73-8C6D-99BBD19FA61C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - \Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {72DC1987-365F-4612-9F54-9F190EAB6024} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d
Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - \Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {A962B22C-6619-4749-8828-518CB48E06B6} - \Lenovo\Lenovo Customer Feedback Program
Task: {AAC85CD5-ABD6-4BA5-BDD1-ACAA2EC36DEF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d
Task: {B60A648D-79B6-427B-9AD2-3D09B6364552} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent
Task: {BA54C711-08B3-4E17-A710-5AAD143F994D} - \Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval
Task: {CA61BCC1-CEE3-4DC2-9B87-570AE9C8431B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
Task: {E01A9C80-90D9-4BCF-989B-C3C95AF564F2} - \Optimize Start Menu Cache Files-S-1-5-21-1934805517-533149009-2384748858-1002
Task: {E1F3F193-4C5A-4D39-97CE-B347485C90DC} - \Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {E586EFBE-1027-473A-9897-36BC282D57C0} - \Microsoft\Windows\PLA\LSC Memory
Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {E7875FC9-89E8-4373-B871-9098E12D9B33} - \Optimize Start Menu Cache Files-S-1-5-21-1934805517-533149009-2384748858-500
Task: {E8F627BE-01A6-4EC4-A31F-150F4AC781A0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B
Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display
Task: {F7D81167-541E-4E42-8B30-BFDFD241BF9E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d
Folder: C:\Users\Lisa\.LSC
Folder C:\Users\Lisa\AppData\Local\MR APP
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1934805517-533149009-2384748858-1002\User => moved successfully
"HKU\S-1-5-21-1934805517-533149009-2384748858-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
"HKU\S-1-5-21-1934805517-533149009-2384748858-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}" => removed successfully
"HKLM\Software\Classes\CLSID\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}" => removed successfully
"HKU\S-1-5-21-1934805517-533149009-2384748858-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}" => removed successfully
HKLM\Software\Classes\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => key not found
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ecknkgaahbmamffpenejnpmmfenojend" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00CE3A6B-CC13-402C-9407-4AE713657D48} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00CE3A6B-CC13-402C-9407-4AE713657D48}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{017E43D6-57D3-462C-AAD9-19305CC9E4E5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{017E43D6-57D3-462C-AAD9-19305CC9E4E5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AAC2842-965C-4817-B10B-D3091113BC33}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AAC2842-965C-4817-B10B-D3091113BC33}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C4DA26E-9049-4D76-8B68-9D5208E124A8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C4DA26E-9049-4D76-8B68-9D5208E124A8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C6CF2DA-89AA-43FA-86CE-8DBFA8393855}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C6CF2DA-89AA-43FA-86CE-8DBFA8393855}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{135B3C27-E689-4C33-9D11-89E441B92E86}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{135B3C27-E689-4C33-9D11-89E441B92E86}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1A4230A2-E136-4936-9B22-DDF624BB8332}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A4230A2-E136-4936-9B22-DDF624BB8332}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25645EDA-641E-4956-BF79-F5616010A327}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25645EDA-641E-4956-BF79-F5616010A327}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{28386491-6DF8-4C60-8B96-FFA08356B92D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28386491-6DF8-4C60-8B96-FFA08356B92D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30FCBD18-1E8E-44C5-94B6-E621206E388A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30FCBD18-1E8E-44C5-94B6-E621206E388A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3202E086-D041-4F20-9836-EC54C3290401}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3202E086-D041-4F20-9836-EC54C3290401}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37F09A58-5116-4B2C-A098-5A825F112A9F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37F09A58-5116-4B2C-A098-5A825F112A9F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C626A51-288C-493E-B3EF-8150349DC954}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C626A51-288C-493E-B3EF-8150349DC954}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44DD1EAE-6187-4FC7-872F-52DBA8126F40}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44DD1EAE-6187-4FC7-872F-52DBA8126F40}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{55DB23CA-DE87-44BF-8869-80CFFF518E8C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55DB23CA-DE87-44BF-8869-80CFFF518E8C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A3FB241-0B11-4EA5-BC66-0D9F1B406040}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A3FB241-0B11-4EA5-BC66-0D9F1B406040}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{611C823C-437B-46E7-9683-5312DFFCFD7B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{611C823C-437B-46E7-9683-5312DFFCFD7B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{61F99E8A-4965-4E73-8C6D-99BBD19FA61C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61F99E8A-4965-4E73-8C6D-99BBD19FA61C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DFCB649-0769-4F83-BB10-F60F235F6D3D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DFCB649-0769-4F83-BB10-F60F235F6D3D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72DC1987-365F-4612-9F54-9F190EAB6024}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72DC1987-365F-4612-9F54-9F190EAB6024}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{848DCC36-520C-4946-BF68-C7EFFEFA2F84}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{848DCC36-520C-4946-BF68-C7EFFEFA2F84}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{872D0E53-FD2E-41E3-B431-698AF82882CE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{872D0E53-FD2E-41E3-B431-698AF82882CE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A962B22C-6619-4749-8828-518CB48E06B6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A962B22C-6619-4749-8828-518CB48E06B6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AAC85CD5-ABD6-4BA5-BDD1-ACAA2EC36DEF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAC85CD5-ABD6-4BA5-BDD1-ACAA2EC36DEF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B60A648D-79B6-427B-9AD2-3D09B6364552}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B60A648D-79B6-427B-9AD2-3D09B6364552}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA54C711-08B3-4E17-A710-5AAD143F994D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA54C711-08B3-4E17-A710-5AAD143F994D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA61BCC1-CEE3-4DC2-9B87-570AE9C8431B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA61BCC1-CEE3-4DC2-9B87-570AE9C8431B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE2DE968-E342-40D7-9566-427D45E4A886}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE2DE968-E342-40D7-9566-427D45E4A886}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E01A9C80-90D9-4BCF-989B-C3C95AF564F2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E01A9C80-90D9-4BCF-989B-C3C95AF564F2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1F3F193-4C5A-4D39-97CE-B347485C90DC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1F3F193-4C5A-4D39-97CE-B347485C90DC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E586EFBE-1027-473A-9897-36BC282D57C0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E586EFBE-1027-473A-9897-36BC282D57C0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E6010D43-6AE7-4B59-8E67-EC78FD8E8E96}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6010D43-6AE7-4B59-8E67-EC78FD8E8E96}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7875FC9-89E8-4373-B871-9098E12D9B33}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7875FC9-89E8-4373-B871-9098E12D9B33}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8F627BE-01A6-4EC4-A31F-150F4AC781A0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8F627BE-01A6-4EC4-A31F-150F4AC781A0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA3F661E-B31C-44A9-B40C-E3D5D56149D4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA3F661E-B31C-44A9-B40C-E3D5D56149D4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7D81167-541E-4E42-8B30-BFDFD241BF9E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7D81167-541E-4E42-8B30-BFDFD241BF9E}" => removed successfully
 
========================= Folder: C:\Users\Lisa\.LSC ========================
 
 
====== End of Folder: ======
 
Folder C:\Users\Lisa\AppData\Local\MR APP => Error: No automatic fix found for this entry.
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Route, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to connect to BITS - 0x80080005
Server execution failed
 
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Could not flush the DNS Resolver Cache: Function failed during execution.
 
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1934805517-533149009-2384748858-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1934805517-533149009-2384748858-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 10:04:34 ====


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,140 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:11 AM

Posted 10 January 2018 - 04:49 PM

Thank you Lisa. Shall I assume your Internet is working normally now?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
C:\Users\Lisa\.LSC
Folder: C:\Users\Lisa\AppData\Local\MR APP
cmd: Bitsadmin /Reset /Allusers
cmd: sc query Dnscache
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance/Internet

Edited by Oh My!, 10 January 2018 - 04:49 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 You-Uuuuused-Me

You-Uuuuused-Me
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 10 January 2018 - 05:16 PM

Right before I clicked on Farbar a cmd window flashed and it said "c:\windows\usoclient.exe".  Also, does Farbar create 2 files? Because while it was running there was a new text file on my desktop "xxcginduhmubta.txt" which I opened and the contents were exactly what you had me copy for the Fixlog. The text file disappeared.  Here's the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Lisa (10-01-2018 15:06:37) Run:2
Running from C:\Users\Lisa\Desktop
Loaded Profiles: Lisa (Available Profiles: Lisa & Hayden & whaaaaat)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
C:\Users\Lisa\.LSC
Folder: C:\Users\Lisa\AppData\Local\MR APP
cmd: Bitsadmin /Reset /Allusers
cmd: sc query Dnscache
 
*****************
 
Restore point was successfully created.
C:\Users\Lisa\.LSC => moved successfully
 
========================= Folder: C:\Users\Lisa\AppData\Local\MR APP ========================
 
2017-12-29 10:47 - 2017-12-29 10:47 - 000000252 ____A [A9EAFD033925E4C3E817BCE94AAF215B] () C:\Users\Lisa\AppData\Local\MR APP\UserProxySetting.xml
 
====== End of Folder: ======
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to connect to BITS - 0x80080005
Server execution failed
 
 
 
========= End of CMD: =========
 
 
========= sc query Dnscache =========
 
 
SERVICE_NAME: Dnscache 
        TYPE               : 20  WIN32_SHARE_PROCESS  
        STATE              : 1  STOPPED 
        WIN32_EXIT_CODE    : 1077  (0x435)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
 
========= End of CMD: =========
 
 
==== End of Fixlog 15:09:29 ====


#6 You-Uuuuused-Me

You-Uuuuused-Me
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 10 January 2018 - 05:22 PM

And, my google chrome doesn't look anything like it used to.  It doesn't have any chrome icons or logo or anything.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,140 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:11 AM

Posted 10 January 2018 - 06:33 PM

Thank you.

I do not use Chrome and am not sure what you are describing. Please take a screen shot of this window and attach it to your reply. Explain what is missing.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
C:\Users\Lisa\AppData\Local\MR APP
cmd: sc config Dnscache start= auto
cmd: sc start Dnscache
cmd: ipconfig /flushdns
cmd: sfc /scannow
reboot:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Chrome information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 You-Uuuuused-Me

You-Uuuuused-Me
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 10 January 2018 - 11:32 PM

Hi, sorry I couldn't do this sooner.  Also, the proxy settings were back in chrome again so I deleted them.
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Lisa (10-01-2018 20:20:27) Run:3
Running from C:\Users\Lisa\Desktop
Loaded Profiles: Lisa (Available Profiles: Lisa & Hayden & whaaaaat)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
C:\Users\Lisa\AppData\Local\MR APP
cmd: sc config Dnscache start= auto
cmd: sc start Dnscache
cmd: ipconfig /flushdns
cmd: sfc /scannow
reboot:
 
*****************
 
Restore point was successfully created.
C:\Users\Lisa\AppData\Local\MR APP => moved successfully
 
========= sc config Dnscache start= auto =========
 
[SC] ChangeServiceConfig SUCCESS
 
========= End of CMD: =========
 
 
========= sc start Dnscache =========
 
[SC] StartService FAILED 1056:
 
An instance of the service is already running.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= sfc /scannow =========
 
 
 
Beginning system scan.  This process will take some time.
 
 
 
Beginning verification phase of system scan.
 
Verification 0% complete.Verification 0% complete.Verification 1% complete.Verification 1% complete.Verification 2% complete.Verification 2% complete.Verification 3% complete.Verification 3% complete.Verification 4% complete.Verification 4% complete.Verification 5% complete.Verification 5% complete.Verification 6% complete.Verification 6% complete.Verification 7% complete.Verification 7% complete.Verification 8% complete.Verification 8% complete.Verification 9% complete.Verification 9% complete.Verification 10% complete.Verification 10% complete.Verification 11% complete.Verification 11% complete.Verification 12% complete.Verification 12% complete.Verification 13% complete.Verification 13% complete.Verification 14% complete.Verification 14% complete.Verification 15% complete.Verification 15% complete.Verification 16% complete.Verification 16% complete.Verification 16% complete.Verification 17% complete.Verification 17% complete.Verification 18% complete.Verification 18% complete.Verification 19% complete.Verification 19% complete.Verification 20% complete.Verification 20% complete.Verification 21% complete.Verification 21% complete.Verification 22% complete.Verification 22% complete.Verification 23% complete.Verification 23% complete.Verification 24% complete.Verification 24% complete.Verification 25% complete.Verification 25% complete.Verification 26% complete.Verification 26% complete.Verification 27% complete.Verification 27% complete.Verification 28% complete.Verification 28% complete.Verification 29% complete.Verification 29% complete.Verification 30% complete.Verification 30% complete.Verification 31% complete.Verification 31% complete.Verification 32% complete.Verification 32% complete.Verification 32% complete.Verification 33% complete.Verification 33% complete.Verification 34% complete.Verification 34% complete.Verification 35% complete.Verification 35% complete.Verification 36% complete.Verification 36% complete.Verification 37% complete.Verification 37% complete.Verification 38% complete.Verification 38% complete.Verification 39% complete.Verification 39% complete.Verification 40% complete.Verification 40% complete.Verification 41% complete.Verification 41% complete.Verification 42% complete.Verification 42% complete.Verification 43% complete.Verification 43% complete.Verification 44% complete.Verification 44% complete.Verification 45% complete.Verification 45% complete.Verification 46% complete.Verification 46% complete.Verification 47% complete.Verification 47% complete.Verification 48% complete.Verification 48% complete.Verification 48% complete.Verification 49% complete.Verification 49% complete.Verification 50% complete.Verification 50% complete.Verification 51% complete.Verification 51% complete.Verification 52% complete.Verification 52% complete.Verification 53% complete.Verification 53% complete.Verification 54% complete.Verification 54% complete.Verification 55% complete.Verification 55% complete.Verification 56% complete.Verification 56% complete.Verification 57% complete.Verification 57% complete.Verification 58% complete.Verification 58% complete.Verification 59% complete.Verification 59% complete.Verification 60% complete.Verification 60% complete.Verification 61% complete.Verification 61% complete.Verification 62% complete.Verification 62% complete.Verification 63% complete.Verification 63% complete.Verification 64% complete.Verification 64% complete.Verification 65% complete.Verification 65% complete.Verification 65% complete.Verification 66% complete.Verification 66% complete.Verification 67% complete.Verification 67% complete.Verification 68% complete.Verification 68% complete.Verification 69% complete.Verification 69% complete.Verification 70% complete.Verification 70% complete.Verification 71% complete.Verification 71% complete.Verification 72% complete.Verification 72% complete.Verification 73% complete.Verification 73% complete.Verification 74% complete.Verification 74% complete.Verification 75% complete.Verification 75% complete.Verification 76% complete.Verification 76% complete.Verification 77% complete.Verification 77% complete.Verification 78% complete.Verification 78% complete.Verification 79% complete.Verification 79% complete.Verification 80% complete.Verification 80% complete.Verification 81% complete.Verification 81% complete.Verification 81% complete.Verification 82% complete.Verification 82% complete.Verification 83% complete.Verification 83% complete.Verification 84% complete.Verification 84% complete.Verification 85% complete.Verification 85% complete.Verification 86% complete.Verification 86% complete.Verification 87% complete.Verification 87% complete.Verification 88% complete.Verification 88% complete.Verification 89% complete.Verification 89% complete.Verification 90% complete.Verification 90% complete.Verification 91% complete.Verification 91% complete.Verification 92% complete.Verification 92% complete.Verification 93% complete.Verification 93% complete.Verification 94% complete.Verification 94% complete.Verification 95% complete.Verification 95% complete.Verification 96% complete.Verification 96% complete.Verification 97% complete.Verification 97% complete.Verification 97% complete.Verification 98% complete.Verification 98% complete.Verification 99% complete.Verification 99% complete.Verification 100% complete.
 
 
Windows Resource Protection did not find any integrity violations.
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 20:55:22 ====


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,140 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:11 AM

Posted 11 January 2018 - 11:49 AM

Greetings.

No need to apologize, you are doing quite well.

===================================================

Please follow the instructions here to reset Chrome Sync with one modification. When you get to items 9 & 10 I would like to include an addition step in between as listed below. So when you follow the link instructions the progression of things will now be:
 

9. Do NOT enable sync yet, as you need to perform another scan with Malwarebytes first in order to fix Chrome.
Run the Fixlist below
10. Perform a new scan with Malwarebytes and let it delete what it has found.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------

  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
RemoveProxy:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • Fixlog
  • System update

Edited by Oh My!, 11 January 2018 - 11:50 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 You-Uuuuused-Me

You-Uuuuused-Me
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 11 January 2018 - 11:54 PM

Thanks for your patience, here is the Fixlog. I am unable to stop Chrome from syncing.  There is a service called "Save to Google Drive" that I can't remove from Cloud Print.  I scanned with MB but it didn't find anything.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Lisa (11-01-2018 18:16:52) Run:4
Running from C:\Users\Lisa\Desktop
Loaded Profiles: Lisa (Available Profiles: Lisa & Hayden & whaaaaat)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
RemoveProxy:
 
*****************
 
 
========= RemoveProxy: =========
 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1934805517-533149009-2384748858-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1934805517-533149009-2384748858-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
 
==== End of Fixlog 18:16:54 ====
 
And the MB log-
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/11/18
Scan Time: 1:55 PM
Log File: bf4d5e16-f711-11e7-b1d1-f8a963482727.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3676
License: Trial
 
-System Information-
OS: Windows 8
CPU: x64
File System: NTFS
User: HAYDEN-PC\Lisa
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 511021
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 hr, 6 min, 34 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,140 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:11 AM

Posted 12 January 2018 - 09:30 AM

Hi Lisa.

What I was trying to address is the possibility of Google Sync reinserting the Proxy back into your system. Since you didn't mention it is back shall I assume it is not?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,140 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:11 AM

Posted 17 January 2018 - 12:02 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,140 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:11 AM

Posted 19 January 2018 - 09:47 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users