Start::
CloseProcesses:
EmptyTemp:
CreateRestorePoint:

2026-04-17 07:52 - 2026-04-17 07:54 - 000000000 ____D C:\Users\Noodles\AppData\Roaming\software-setup
2026-04-17 17:01 - 2025-05-04 13:54 - 000000000 ____D C:\Users\Noodles\AppData\Roaming\Lavasoft
2026-04-17 17:01 - 2025-05-04 13:53 - 000000000 ____D C:\ProgramData\Lavasoft
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{017DBD10-F1F1-459C-B4CF-EDF734F02309}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{01EA6FE4-673B-4C7C-9EB1-EF3F24D24933}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{020A69B9-FFEA-47A4-A193-E604AF8E7A5C}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{07D5419C-8EDF-4E27-A75A-6B4CADF4B7F1}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{086C4C41-D3FE-4313-BAAC-32CE554CEC4D}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{08B95091-221A-4223-86C0-F542F4200ECF}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{0E1AC2A5-9396-4D8C-B400-D03D38EA43ED}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{0F2A29CD-0542-463A-B3E8-706C7B063652}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{10795EDB-88BB-47DE-A574-922ACBEC0A02}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{14882376-A144-4B46-BAB7-9FF824624DB0}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{177C7C72-DD26-4569-86B6-84AECBCF79E8}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{17826F15-2460-4A28-8E0A-0BF246D8BB21}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{1879B495-A51B-4841-A038-AA0BB0EC27A2}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{19D938E4-FFE1-421B-B404-2E7F1BC86D86}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{1BEA63C2-6F9D-4C8E-9E3D-ABD6BEE0A002}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{1D44A7BF-4F55-43F7-A3FA-ACBE43781610}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{1ED153D9-EEA2-45E6-AE27-2FD5F613A215}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{2216C075-93A8-4676-8AE1-95BDA354AFDD}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{2B6AE0F7-89B0-47C5-A00A-D7C082AC7566}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{2BB2DA87-D1F9-4E58-83DC-B7EC0D366D67}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{318C914B-2666-48CE-9ED0-CCA5052EA923}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{339FA1D5-707F-4CE4-8291-B2AF27C34A74}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{3E49C26B-E348-45C6-86D8-235D34210C33}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{41EE27FB-C2D0-4D53-8939-3873880EF814}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{4672D08A-38DD-4D21-82C0-697B57F70040}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{4A7A0DBC-9B6B-499E-AB4A-615BFBA1522A}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{4B0C8437-A35F-45F8-AFB0-B8D7C9B53D37}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{4C8BC22D-47D8-4BE3-B821-D300E8BD1F63}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> "C:\Program Files\NordVPN\NordVPN.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{4EFEE713-DA21-46C3-B903-DC59E0DF276A}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{51F92064-8FA8-4F1D-B6BA-204700B1BA82}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{5308B7C4-746A-4696-991A-5C0B30F22A4C}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{58677D6E-9B9F-4A1E-923B-DC952761A2D1}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{594A703E-DEC7-4F75-A6CB-2EE54BC4C469}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{5B78B250-6F8F-4FB4-AB40-F4B0B4B89BD8}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{61EB52A9-0B20-436D-875C-C6CFF093EF1C}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{66C8E835-1CE9-48F4-868A-4916105AE9F6}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{6A1487FD-96D4-4023-82D7-89A6B80C4736}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{6F1CE353-33C8-47D8-BCDD-74DED3BC7898}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{709489BC-1889-4969-BA7F-52B1D7C610C1}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{71DEB9C7-8714-45C8-A4AE-BE7201AEF7FD}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{72DF6E67-8126-41B7-8367-AAC4AEC70DFC}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{749160ED-4086-4575-986A-232CA5B0129C}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{75A8BC3E-EBC0-41A1-853C-2704F5F6FEBD}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{7635752E-B9EF-4130-96BC-5493C8F78BA6}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{77741097-601A-4117-AC23-EE46A0A11F8B}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{77E7B6BC-2773-4E25-9058-D73FAA257A8E}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{7E021247-A603-4FD2-937D-D0BE08F9B35E}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{8498C5CD-9F53-42D2-8155-00D3B49A24BB}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{869BFC7F-5596-4D4A-A70F-671DB862F0DF}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{8A0F18D3-7D0B-44D6-9F6E-C6EFC3483C40}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{8B0D3C39-7C1A-47CF-A0C1-93D8C6FF69CC}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{8B86D05E-243A-4F84-9673-D2FC6720E1AB}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{8B9CEAB7-F38A-4F89-BC53-5DC2B2DD5EF7}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{8C22AD93-2729-44A8-9071-641FCFE5F4AF}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{8CF66142-870E-49C6-A8D4-2EBFDBBDF52A}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{8E04C4BA-7E32-47D5-BAC4-E2A1E2EA88B2}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{8E910AED-2F02-43C5-B395-09D258035B9E}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{8E95A45C-0D72-4705-ACDC-8F827577A907}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{9540E6CB-773B-46C1-9DD7-292630950A37}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{98040BBB-E70D-4238-8208-2E2D0472E9CC}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{9973FFC9-C89A-4B19-856A-132A72DA3CB8}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{9F6988C1-BA7A-4CA2-B2BA-A49629B6B575}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{A2FF1F7F-248D-4F20-900F-67C0EA0F7150}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{A3DD1C46-6DAA-46F3-A4EB-FC93E3AC6484}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{A6DF842D-A789-4120-AE7B-9845BB290BA2}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{A808E6EA-73D5-4E3D-9C95-183481A797AE}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{B0109E6A-CC7E-408E-89E7-895228496705}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{B0747E81-5658-4E63-BFE2-069321BC0F40}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{B199E1D8-2378-4DD8-90FB-888F61F73541}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{B45BA27E-04F2-4968-93D3-EDCDD45E2231}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{B4C2F064-139D-42A6-9CEC-EA45CA50BAA7}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{B6185390-A50B-4FEF-A076-F08BEAC5AF69}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{B6A598B4-5239-4F49-BB4A-0F234B549D8B}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{BAC3BD3C-2BC9-4C38-BCA4-0788A8292C74}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{C22A3162-EF93-4551-B0E7-9AD41CF2202F}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{C2963F90-E5B1-43F0-9DC8-404B8F5FA517}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{C313DA38-CC29-47A2-99A5-9C9DA20D63E4}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{C810EF40-8D1E-4F92-855C-4025E7C59037}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{CAD5A48D-7133-4828-A065-B0B02C77E371}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{CB8713D8-41DB-4CF7-AAE1-413DE5A97C62}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{CD41C9C5-438E-4F7D-B8E3-DA9865E3AAB2}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{D529842C-3778-41A2-A464-D71AA7DE323F}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{D86B15D3-15A0-48BC-AFB7-3ED54C11D662}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{D8B09F1F-FB19-4C1A-A3FE-C8A09D72DCBE}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{DADCC850-F9A5-42E1-B92C-418221EAE8E2}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{DBAA9821-E41C-4683-98B2-58E2A18EA585}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{DBB022FA-62B0-4E71-AC0F-5E18331BF76C}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{E1CED0C8-97F4-4240-8A1E-7E1F98366497}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{E3B2144B-6146-4E91-A72B-D538A481620B}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{E46D3F78-5F02-436E-A0BD-ADAC5B3791F2}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{E4D2240E-D67B-4537-8C90-B1652DD8F81F}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{E6C70E06-CF23-468E-9DF0-7C1199A4F016}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{E991C517-645C-4B24-AF66-E3DABCFB68AE}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{ECA314B9-8208-4944-BF35-787FFCEF86E5}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{F1FA86B2-50F0-49C3-96E5-D2DF3E1F9B67}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{F25F61B2-BEAE-4454-83A1-9CBE96AF1353}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{F2ABA028-7C3D-460B-8F0E-C957C2B3006F}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{F35D3F59-EDC8-4DDB-96A1-472211370BBA}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{F59B7587-95E7-4297-AE4A-08561A6AD425}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{F710D09E-E5C4-412C-A43A-E35EFB0DF208}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{F7F3D1B4-2A21-4492-AD95-D8BB1AF86E6E}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{F836D4A2-9D6B-407C-A2C8-D8E3E7897EFC}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{FA0B13F2-931A-45D5-9892-997CE1052FE0}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
CustomCLSID: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001_Classes\CLSID\{FB1DF988-2FBE-4565-84CF-211B0A472EF7}\InprocServer32 -> D:\[D] Programs\Directory Opus\dopuslib.dll => No File
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} =>  -> No File
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} =>  -> No File
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} =>  -> No File
AlternateDataStreams: C:\WINDOWS\System32:sguard [36]
AlternateDataStreams: C:\WINDOWS\tracing:? [16]
AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`pgyjhjkiihj [0]
AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates [322]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT.lnk:B021ADA33C [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall MechWarrior: Living Legends.lnk [1388]
AlternateDataStreams: C:\Users\Noodles\Downloads\foodhandlercard.pdf:shield [118]
AlternateDataStreams: C:\Users\Noodles\AppData\Local\Temp:$DATA​ [16]
AlternateDataStreams: C:\Users\Noodles\AppData\Local\VEGAS Pro:$v4 [48]
HKLM-x32\...\Run: [GAOMONTablet] => C:\Users\Noodles\AppData\Roaming\GAOMONTablet\GAOMONTablet.exe (No File)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\105.0.1.0\GoogleDriveFS.exe --startup_mode (No File)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\105.0.1.0\GoogleDriveFS.exe --startup_mode (No File)
HKU\S-1-5-21-2607022301-3357126973-3369378109-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize  (No File) <==== ATTENTION
HKU\S-1-5-21-2607022301-3357126973-3369378109-1001\...\Run: [RiotClient] => D:\Games\2XKO\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (No File)
HKU\S-1-5-21-2607022301-3357126973-3369378109-1001\...\Run: [CrosshairX] => "D:\[D] Programs\Crosshair.X.v2024.10.04\CrosshairX.exe" (No File)
HKU\S-1-5-21-2607022301-3357126973-3369378109-1001\...\Run: [SaveSync] => "D:\SteamLibrary\steamapps\common\SaveSync\Startup.exe" (No File)
HKU\S-1-5-21-2607022301-3357126973-3369378109-1001\...\RunOnce: [Application Restart #4] => C:\Users\Noodles\AppData\Roaming\GAOMONTablet\TabletDriver.exe \@BrandName\@ : \@GAOMON\@,*   \@CfgWnd\@ : 264044,*   \@CustomerCode\@ : [ \@GM001\@, \@OEM02\@ ],*   \@DataPath\@ : \@C:\\Users\\Noodle (the data entry has 259 more characters). (No File)
HKU\S-1-5-80-2318606733-4105731500-2265514868-2382646068-3090068018\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\105.0.1.0\GoogleDriveFS.exe --startup_mode (No File)
HKU\S-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\105.0.1.0\GoogleDriveFS.exe --startup_mode (No File)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\105.0.1.0\GoogleDriveFS.exe --startup_mode (No File)
S3 ace-game-0; \SystemRoot\System32\drivers\ace-game-0.sys (No File)
S3 ACE-SSC-DRV64; \??\C:\Program Files\AntiCheatExpert\SGuard\x64\plugins\ACE-SSC-DRV64.sys (No File)
S3 atvi-randgrid_msstore; \??\D:\Games\Call of Duty\Content\Randgrid.sys (No File)
U4 RLM-BorisFX; no ImagePath
2024-12-10 23:01 - 2024-12-10 23:01 - 000000048 ____R () C:\Users\Noodles\AppData\Local\5A3478397C0EA70D98B370B6A6A5AC79
Web Companion (HKLM-x32\...\{8c05aaaf-58ed-467a-baff-f1a745310457}) (Version: 8.9.0.1091 - Lavasoft) <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2607022301-3357126973-3369378109-1001\...\webcompanion.com -> hxxp://webcompanion.com

HKU\S-1-5-21-2607022301-3357126973-3369378109-1001\...\Run: [Pyujgivzqy] => "C:\Users\Noodles\AppData\Roaming\Rvvcvvodl\Pyujgivzqy.exe" (No File)

C:\Users\Noodles\AppData\Roaming\Rvvcvvodl

StartPowerShell:
# Enable real-time protection
Set-MpPreference -DisableRealtimeMonitoring $false

# Enable behavioural protection
Set-MpPreference -DisableBehaviorMonitoring $false

# Enable PUP detection
Set-MpPreference -PUAProtection Enabled

# Enable cloud protection to level 4 - aggressively block unknowns and apply additional protection measures, alternatively use 2 for lower protection or 0 for default
Set-MpPreference -CloudBlockLevel 4

# Send advanced information about malicious/unwanted software present on your device
Set-MpPreference -MAPSReporting 2

# Send safe samples automatically to Microsoft
Set-MpPreference -SubmitSamplesConsent 1

# Enables inspection of HTTP traffic to detect malicious websites
Set-MpPreference -EnableNetworkProtection Enabled

# Enables block at first seen
Set-MpPreference -DisableBlockAtFirstSeen $false

# Allows scanning of archive files, such as .zip and .cab files for malware/PUP
Set-MpPreference -DisableArchiveScanning $false

# Enables automatic scanning of USB & removal drives
Set-MpPreference -DisableRemovableDriveScanning $false

# Enables scanning of network files
Set-MpPreference -DisableScanningNetworkFiles $false

# Forces signature check before running a scan
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true

# Extends cloud check timer from default 10 to 30 seconds
Set-MpPreference -CloudExtendedTimeout 30

# Enables automatic scanning of all downloaded files and attachments
Set-MpPreference -DisableIOAVProtection $false

# Enables script detection
Set-MpPreference -DisableScriptScanning $false

# Disables automatic exclusions from scanning
Set-MpPreference -DisableAutoExclusions 1

# Enables scanning of mapped network drives
Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan 0

# Enables scanning of email files
Set-MpPreference -DisableEmailScanning 0

# Enables blocking of malicious domains and IP's on DNS level
Set-MpPreference -EnableDnsSinkhole $true

# Enables signature updates every 12 hours
Set-MpPreference -SignatureUpdateInterval 12

# Enables automatic quarantine for threats labelled as high and severe
Set-MpPreference -HighThreatDefaultAction Quarantine
Set-MpPreference -SevereThreatDefaultAction Quarantine

# Updates signatures
Update-MpSignature
EndPowerShell:


StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
    New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
    New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
    $a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
    $a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}
Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:

StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan

New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:

CMD: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Warn" /f
CMD: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d 1 /f
CMD: netsh int ip reset
CMD: netsh int ipv6 reset
CMD: ipconfig /flushDNS
CMD: netsh winsock reset catalog
C:\Users\CurrentUserName\AppData\Local\Temp\*
C:\Windows\Temp\*
C:\Windows\SystemTemp\*

EmptyTemp:
End::