Start:: SystemRestore: On CreateRestorePoint: CloseProcesses: HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION R3 cpuz158; C:\Windows\temp\cpuz158\cpuz158_x64.sys [44576 2026-05-01] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION AlternateDataStreams: C:\Users\Ben\Downloads\adwcleaner.exe:MBAM.Zone.Identifier [141] FirewallRules: [{9E42B474-9A42-4492-ABD1-A7121CE79465}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{EE63981E-FB00-472A-B18F-84C0C0DE5043}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{72758BEA-7618-4664-90A8-74F6E30A6FEF}] => (Allow) F:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File FirewallRules: [{32D63EBC-5CC6-464B-BC96-2179D9C4C282}] => (Allow) F:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File FirewallRules: [TCP Query User{6082E952-F00B-4D00-99C8-4AF82476F3F0}C:\users\ben\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ben\appdata\roaming\spotify\spotify.exe => No File FirewallRules: [UDP Query User{1048FDEB-3EF4-4018-B4FF-24292DBA7882}C:\users\ben\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ben\appdata\roaming\spotify\spotify.exe => No File FirewallRules: [{07EE08C4-55B0-4592-965B-12C4E2892F73}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe => No File FirewallRules: [{B26681A0-7DAC-47E4-9AC5-E773B25BB33D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe => No File FirewallRules: [{F5A6975A-D247-4DB7-9131-D71BA01B4138}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe => No File FirewallRules: [{CD449ADA-52DF-4FD2-9D8A-4AA514CDD647}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe => No File FirewallRules: [{780670F7-C522-491B-BE16-10F9D349FFA2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe => No File FirewallRules: [{FB6FC07A-6074-40C9-94FD-F78F43A0D3AA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe => No File FirewallRules: [{928ED54A-B8B1-401C-AF59-3B64405E4B0B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe => No File FirewallRules: [{FA4E2CE8-4EDA-4305-B5C2-1C045BDE9B09}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe => No File FirewallRules: [{37DDC85E-3366-48AC-966B-D3EE15CAC0B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe => No File FirewallRules: [{C4FA7814-C2AF-4F84-8408-67857F0742CE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe => No File FirewallRules: [TCP Query User{34A870BF-5576-40AF-8A65-97E1F559F5B2}C:\users\ben\appdata\local\discord\app-1.0.9034\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9034\discord.exe => No File FirewallRules: [UDP Query User{0C2A5B75-D329-47A9-A4C6-6FB4F5DC30DD}C:\users\ben\appdata\local\discord\app-1.0.9034\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9034\discord.exe => No File FirewallRules: [TCP Query User{C041A168-A6C5-495B-A702-93A239371377}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File FirewallRules: [UDP Query User{AD678A31-46EB-4514-AD7B-CEE90366B427}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File FirewallRules: [{64005A48-41C4-4753-BE5E-6A974F28AA3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Tribe Must Survive\TheTribeMustSurvive\The Tribe Must Survive.exe => No File FirewallRules: [{EAD50307-C7FF-4470-972E-8D8D2AEF079B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Tribe Must Survive\TheTribeMustSurvive\The Tribe Must Survive.exe => No File FirewallRules: [{7FD84469-8C5C-4D85-BBF4-406129680EC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hades II\Ship\Hades2.exe => No File FirewallRules: [{24109480-6101-47E4-B30B-908EC5A4F38D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hades II\Ship\Hades2.exe => No File FirewallRules: [TCP Query User{A45846D2-D772-4203-AA17-D3F7000DAA3B}C:\program files (x86)\steam\steamapps\common\marvel rivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\marvel rivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File FirewallRules: [UDP Query User{9B8C72DE-247C-4169-8FAF-FCB4646C3C8C}C:\program files (x86)\steam\steamapps\common\marvel rivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\marvel rivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File FirewallRules: [{3EA3025C-3CA8-4BBC-A839-23544B7ECBA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Marine 2\Warhammer 40000 Space Marine 2.exe => No File FirewallRules: [{9C1087D2-CB28-41CA-B17D-12A24485FB90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Marine 2\Warhammer 40000 Space Marine 2.exe => No File FirewallRules: [TCP Query User{65DF2917-A331-412F-AFE5-7DCC5B22AA6B}C:\users\ben\appdata\local\discord\app-1.0.9163\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9163\discord.exe => No File FirewallRules: [UDP Query User{8E425447-5143-4E9C-AE8A-575124445133}C:\users\ben\appdata\local\discord\app-1.0.9163\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9163\discord.exe => No File FirewallRules: [{4A598ECD-50E6-4457-B29E-7E7C9BA7225D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KILL KNIGHT\Build.exe => No File FirewallRules: [{754A5E6D-1EFE-445C-872B-D6EFAE55DC8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KILL KNIGHT\Build.exe => No File FirewallRules: [{8D9FE667-3945-4443-8C33-42D746E5649E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Predator Hunting Grounds\SpaceFish\Binaries\Win64\SpaceFish.exe => No File FirewallRules: [{BC120C76-EC2C-4FE1-B47C-850F21CCCEB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Predator Hunting Grounds\SpaceFish\Binaries\Win64\SpaceFish.exe => No File FirewallRules: [TCP Query User{B5FFFD46-FD0B-4DDF-B7AE-73A919F4503A}C:\users\ben\appdata\local\discord\app-1.0.9166\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9166\discord.exe => No File FirewallRules: [UDP Query User{B12160AE-2ACB-4555-8302-CD0B2073911C}C:\users\ben\appdata\local\discord\app-1.0.9166\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9166\discord.exe => No File FirewallRules: [{4A8E837B-E1A0-4B07-9CC8-3B504F80E78C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER III\launcher\launcher.exe => No File FirewallRules: [{B3AC6872-6AD8-459C-B46C-CAF5D3D000AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER III\launcher\launcher.exe => No File FirewallRules: [TCP Query User{66CCC407-13F8-4DA0-9C7A-964F86C95779}C:\program files (x86)\steam\steamapps\common\total war warhammer iii\warhammer3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer iii\warhammer3.exe => No File FirewallRules: [UDP Query User{2F9E6016-9882-47FA-A53B-72CD0D9D13C5}C:\program files (x86)\steam\steamapps\common\total war warhammer iii\warhammer3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer iii\warhammer3.exe => No File FirewallRules: [{81ACF4BE-DE68-4901-AD50-16048C3A48B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Forgive Me Father 2\FMF2.exe => No File FirewallRules: [{4BE200BE-3EB8-4C16-82CA-68A06677DFEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Forgive Me Father 2\FMF2.exe => No File FirewallRules: [TCP Query User{604C2BD9-3448-49CE-9559-E4EA4A7CE0B2}C:\program files (x86)\steam\steamapps\common\forgive me father 2\fmf2\binaries\win64\fmf2-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\forgive me father 2\fmf2\binaries\win64\fmf2-win64-shipping.exe => No File FirewallRules: [UDP Query User{D153D49C-5361-484C-904B-470C9DB76FAB}C:\program files (x86)\steam\steamapps\common\forgive me father 2\fmf2\binaries\win64\fmf2-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\forgive me father 2\fmf2\binaries\win64\fmf2-win64-shipping.exe => No File FirewallRules: [TCP Query User{55E397B9-9082-4BA6-95A1-B0CF155852C8}G:\steamlibrary\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe] => (Allow) G:\steamlibrary\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe => No File FirewallRules: [UDP Query User{CB4EA194-2741-442C-9F6B-53E61A4439F9}G:\steamlibrary\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe] => (Allow) G:\steamlibrary\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe => No File FirewallRules: [{45DE6B67-CA9C-46C8-90B9-36B606B857C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MarvelRivals\MarvelRivals_Launcher.exe => No File FirewallRules: [{4CA4DCF0-DFC1-4DBD-84B3-F86CB8870FDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MarvelRivals\MarvelRivals_Launcher.exe => No File FirewallRules: [TCP Query User{9D841A69-3E67-4B94-A3F4-0EF4276C3FBF}C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File FirewallRules: [UDP Query User{1E54212F-D0BB-4F58-A4A4-F3823B468FAF}C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File FirewallRules: [TCP Query User{28E546DC-35B2-4A4B-85C2-A171A5D4AD3A}C:\users\ben\appdata\local\discord\app-1.0.9175\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9175\discord.exe => No File FirewallRules: [UDP Query User{8143CB69-D649-4620-8474-C57DD019A232}C:\users\ben\appdata\local\discord\app-1.0.9175\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9175\discord.exe => No File FirewallRules: [TCP Query User{480A2694-3901-481A-9DE9-7D7779CA369F}C:\xboxgames\chivalry 2\content\tbl\binaries\wingdk\chivalry2-wingdk-shipping.exe] => (Allow) C:\xboxgames\chivalry 2\content\tbl\binaries\wingdk\chivalry2-wingdk-shipping.exe => No File FirewallRules: [UDP Query User{F9B4DD3E-5583-4E21-84FC-3CA29455FA6F}C:\xboxgames\chivalry 2\content\tbl\binaries\wingdk\chivalry2-wingdk-shipping.exe] => (Allow) C:\xboxgames\chivalry 2\content\tbl\binaries\wingdk\chivalry2-wingdk-shipping.exe => No File FirewallRules: [{3B8A613B-2AAC-49F7-855B-D1B137A01EA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MonsterHunterWilds\MonsterHunterWilds.exe => No File FirewallRules: [{B3F326DF-536A-48CF-A7B0-BA1E93BC89C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MonsterHunterWilds\MonsterHunterWilds.exe => No File FirewallRules: [TCP Query User{D9E7E13A-BB79-427C-AF6F-3A2300AA343B}C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe => No File FirewallRules: [UDP Query User{19551027-A745-412B-8005-79EEC80EA4ED}C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe => No File FirewallRules: [TCP Query User{6A9A6FB8-B206-4C56-8194-5CBA083B9F02}C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3.exe => No File FirewallRules: [UDP Query User{8D1DA914-5D5D-4CD0-B9E1-5989E266893A}C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3.exe => No File FirewallRules: [TCP Query User{A60B0EF4-CE7E-45BB-9AA5-C4D1D7CC46B3}C:\program files (x86)\steam\steamapps\common\rematch playtest\runtime\binaries\win64\runtimeclient-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\rematch playtest\runtime\binaries\win64\runtimeclient-win64-shipping.exe => No File FirewallRules: [UDP Query User{49EB2518-4796-4ABB-B360-9565B65BA953}C:\program files (x86)\steam\steamapps\common\rematch playtest\runtime\binaries\win64\runtimeclient-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\rematch playtest\runtime\binaries\win64\runtimeclient-win64-shipping.exe => No File FirewallRules: [TCP Query User{CC3C96B8-D338-4DA2-A97D-C04DC4AE404D}C:\xboxgames\rematch\content\runtime\binaries\wingdk\runtimeclient-wingdk-shipping.exe] => (Allow) C:\xboxgames\rematch\content\runtime\binaries\wingdk\runtimeclient-wingdk-shipping.exe => No File FirewallRules: [UDP Query User{839609F6-0742-4DFA-9294-8686D498FFEF}C:\xboxgames\rematch\content\runtime\binaries\wingdk\runtimeclient-wingdk-shipping.exe] => (Allow) C:\xboxgames\rematch\content\runtime\binaries\wingdk\runtimeclient-wingdk-shipping.exe => No File FirewallRules: [{C712D0C6-DE61-4F4B-A471-83C4DEC269CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Suit for Hire\Suit4Hire\ThinWick.exe => No File FirewallRules: [{56D690D1-9C89-4824-9849-E272E9DF6DD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Suit for Hire\Suit4Hire\ThinWick.exe => No File FirewallRules: [TCP Query User{3309B1BB-DCA1-4808-90C7-5E120B66211A}C:\program files (x86)\steam\steamapps\common\suit for hire\suit4hire\thinwick\binaries\win64\thinwick-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\suit for hire\suit4hire\thinwick\binaries\win64\thinwick-win64-shipping.exe => No File FirewallRules: [UDP Query User{49D86B73-5039-491D-959A-86B0311129A7}C:\program files (x86)\steam\steamapps\common\suit for hire\suit4hire\thinwick\binaries\win64\thinwick-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\suit for hire\suit4hire\thinwick\binaries\win64\thinwick-win64-shipping.exe => No File FirewallRules: [{7BB5173D-A592-4D9D-A0AD-AA686DCAE898}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ready Or Not\Engine\Binaries\Win64\CrashReporter.exe => No File FirewallRules: [{B72AB184-F48A-49E2-9608-97A12CB758DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ready Or Not\Engine\Binaries\Win64\CrashReporter.exe => No File FirewallRules: [TCP Query User{2C713E0A-84CD-48C6-94B8-61B53E0E900C}C:\program files (x86)\steam\steamapps\common\hell clock\hell clock.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hell clock\hell clock.exe => No File FirewallRules: [UDP Query User{90198E65-E06B-4DCF-8B57-46E285553010}C:\program files (x86)\steam\steamapps\common\hell clock\hell clock.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hell clock\hell clock.exe => No File FirewallRules: [TCP Query User{161B13BF-E34C-4D58-8E18-BECE5F0B283A}C:\program files\guild wars 2\bin64\cef\cefhost.exe] => (Allow) C:\program files\guild wars 2\bin64\cef\cefhost.exe => No File FirewallRules: [UDP Query User{93565C17-9E9C-435D-A0A6-F7393A2EC591}C:\program files\guild wars 2\bin64\cef\cefhost.exe] => (Allow) C:\program files\guild wars 2\bin64\cef\cefhost.exe => No File FirewallRules: [{839FA72C-09FB-4065-A5BB-0529B0085D85}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.269.449.0_x64__zpdnekdrzrea0\Spotify.exe => No File FirewallRules: [{272C315B-38E7-458B-9F88-1CE93904F64A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.269.449.0_x64__zpdnekdrzrea0\Spotify.exe => No File FirewallRules: [{3D441982-2278-4F2C-8BA4-4787C4E61A9F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.269.449.0_x64__zpdnekdrzrea0\Spotify.exe => No File FirewallRules: [{2B7EEEF9-0E40-4DC5-833C-09ED22EBA1D1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.269.449.0_x64__zpdnekdrzrea0\Spotify.exe => No File FirewallRules: [{3D886FE5-203B-45FD-BD1B-EB21771E009E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.269.449.0_x64__zpdnekdrzrea0\Spotify.exe => No File FirewallRules: [{EDBFCE47-6AF9-4303-8A35-EEFFFCBDD28E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.269.449.0_x64__zpdnekdrzrea0\Spotify.exe => No File FirewallRules: [{46FB2FC9-0EBF-4BEB-9CAD-37B55A04C756}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.269.449.0_x64__zpdnekdrzrea0\Spotify.exe => No File FirewallRules: [{FA62C06E-A52C-4024-A9FC-893D9D583D60}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.269.449.0_x64__zpdnekdrzrea0\Spotify.exe => No File FirewallRules: [{903C14D7-BC15-416E-A43D-F02022F0351E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.269.449.0_x64__zpdnekdrzrea0\Spotify.exe => No File FirewallRules: [{E41585D7-B087-40DB-9FDE-CE7C13D56A11}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.269.449.0_x64__zpdnekdrzrea0\Spotify.exe => No File FirewallRules: [TCP Query User{80EEE815-702C-4985-BC9A-2001B4CF80A5}C:\program files (x86)\steam\steamapps\common\glacier events\bf6event.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\glacier events\bf6event.exe => No File FirewallRules: [UDP Query User{F26907E6-8292-437F-AA9C-A6F9CDF6AA42}C:\program files (x86)\steam\steamapps\common\glacier events\bf6event.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\glacier events\bf6event.exe => No File FirewallRules: [TCP Query User{C6E8B6CC-C059-48AE-86DA-E44830553C4B}C:\program files (x86)\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe => No File FirewallRules: [UDP Query User{29D8BAEA-0648-49BF-8971-8978092D5F4A}C:\program files (x86)\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe => No File FirewallRules: [TCP Query User{7D975054-7E88-49A3-95E8-3343146839CA}C:\program files (x86)\steam\steamapps\common\skate\skate.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\skate\skate.exe => No File FirewallRules: [UDP Query User{23C51D26-5D57-477D-8722-D5D8E534B570}C:\program files (x86)\steam\steamapps\common\skate\skate.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\skate\skate.exe => No File FirewallRules: [{BADC891B-361D-4A4E-9E04-8F72168E94B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallen Aces\Tools\AceEd\AceEd.exe => No File FirewallRules: [{08D4B432-5C44-4200-9440-92B90982AC92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallen Aces\Tools\AceEd\AceEd.exe => No File FirewallRules: [{3F22D1A0-1B3D-4200-BFA9-B5D2A642D1C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallen Aces\Tools\Lead Pipe\LeadPipe.exe => No File FirewallRules: [{F29C43C7-4C3D-4A46-A71C-EAD05E5F2EFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallen Aces\Tools\Lead Pipe\LeadPipe.exe => No File FirewallRules: [{4D80E81F-12CC-4C13-8903-ECB1BA2EDD9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallen Aces\Tools\Mod Manager\Aces Mod Manager.exe => No File FirewallRules: [{B64CDA63-1C09-420B-9F20-162B37AB4F47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallen Aces\Tools\Mod Manager\Aces Mod Manager.exe => No File FirewallRules: [TCP Query User{8C4C7E06-4109-46AD-8538-AA3EAE281720}C:\program files (x86)\steam\steamapps\common\battlefield 6\bf6.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield 6\bf6.exe => No File FirewallRules: [UDP Query User{2B3B98FD-ED26-40FB-A8C6-BBEFD90FD654}C:\program files (x86)\steam\steamapps\common\battlefield 6\bf6.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield 6\bf6.exe => No File FirewallRules: [TCP Query User{5EB8349A-DD33-45A9-B6D6-76AF5F7A1064}C:\program files (x86)\diablo iv\diablo iv.exe] => (Allow) C:\program files (x86)\diablo iv\diablo iv.exe => No File FirewallRules: [UDP Query User{EB1AA38D-BA07-4689-A324-DEA25BE0067B}C:\program files (x86)\diablo iv\diablo iv.exe] => (Allow) C:\program files (x86)\diablo iv\diablo iv.exe => No File FirewallRules: [TCP Query User{D048AF52-0B4E-43FE-B56A-C32FFFED06C6}C:\users\ben\appdata\local\discord\app-1.0.9233\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9233\discord.exe => No File FirewallRules: [UDP Query User{3C18C9F9-AA8A-4DBF-891C-336CA10A0299}C:\users\ben\appdata\local\discord\app-1.0.9233\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9233\discord.exe => No File FirewallRules: [TCP Query User{92815102-E846-4AB5-9417-DDE877ABABA8}C:\users\ben\appdata\local\discord\app-1.0.9234\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9234\discord.exe => No File FirewallRules: [UDP Query User{BE4EDA3E-BDC6-4BEC-BBCC-0F53EAF37D84}C:\users\ben\appdata\local\discord\app-1.0.9234\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9234\discord.exe => No File HKU\S-1-5-21-2037030647-3268643156-1389443460-1001\...\Run: [electron.app.Grape] => C:\Users\Ben\AppData\Local\ProUtilMegaSoftlite\Grape.exe (No File) S3 GoogleChromeElevationService; "C:\Program Files\Google\Chrome\Application\146.0.7680.165\elevation_service.exe" (No File) S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\146.0.3856.84\elevation_service.exe" (No File) StartPowerShell: # Enable real-time protection Set-MpPreference -DisableRealtimeMonitoring $false # Enable behavioural protection Set-MpPreference -DisableBehaviorMonitoring $false # Enable PUP detection Set-MpPreference -PUAProtection Enabled # Enable cloud protection to level 4 - aggressively block unknowns and apply additional protection measures, alternatively use 2 for lower protection or 0 for default Set-MpPreference -CloudBlockLevel 4 # Send advanced information about malicious/unwanted software present on your device Set-MpPreference -MAPSReporting 2 # Send safe samples automatically to Microsoft Set-MpPreference -SubmitSamplesConsent 1 # Enables inspection of HTTP traffic to detect malicious websites Set-MpPreference -EnableNetworkProtection Enabled # Enables block at first seen Set-MpPreference -DisableBlockAtFirstSeen $false # Allows scanning of archive files, such as .zip and .cab files for malware/PUP Set-MpPreference -DisableArchiveScanning $false # Enables automatic scanning of USB & removal drives Set-MpPreference -DisableRemovableDriveScanning $false # Enables scanning of network files Set-MpPreference -DisableScanningNetworkFiles $false # Forces signature check before running a scan Set-MpPreference -CheckForSignaturesBeforeRunningScan $true # Extends cloud check timer from default 10 to 30 seconds Set-MpPreference -CloudExtendedTimeout 30 # Enables automatic scanning of all downloaded files and attachments Set-MpPreference -DisableIOAVProtection $false # Enables script detection Set-MpPreference -DisableScriptScanning $false # Disables automatic exclusions from scanning Set-MpPreference -DisableAutoExclusions 1 # Enables scanning of mapped network drives Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan 0 # Enables scanning of email files Set-MpPreference -DisableEmailScanning 0 # Enables blocking of malicious domains and IP's on DNS level Set-MpPreference -EnableDnsSinkhole $true # Enables signature updates every 12 hours Set-MpPreference -SignatureUpdateInterval 12 # Enables automatic quarantine for threats labelled as high and severe Set-MpPreference -HighThreatDefaultAction Quarantine Set-MpPreference -SevereThreatDefaultAction Quarantine # Updates signatures Update-MpSignature EndPowerShell: StartPowerShell: # This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it. # Do note that the executable is 300MB and may take some time to download. # --- # This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says # It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests # --- # You can use argument "/delete" to delete found objects including references but this is permanent and irreversible. # You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle. # You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections. $downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe" $systemDrive = $env:SystemDrive $frstPath = "$systemDrive\FRST" $savePath = "$frstPath\EEK.exe" $extractPath = "$frstPath\EEK" if (-not (Test-Path $frstPath)) { New-Item -Path $frstPath -ItemType Directory -Force | Out-Null } if (-not (Test-Path $extractPath)) { New-Item -Path $extractPath -ItemType Directory -Force | Out-Null } Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing $proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 } Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue if ([Environment]::Is64BitOperatingSystem) { $a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe" } else { $a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe" } Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow Get-Content "$frstPath\EEK_scan.log" exit EndPowerShell: StartPowerShell: # Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console # Does not clean preinstalled objects, only PUP/Adware # If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument # If you would like to only scan with it, change the argument from /clean to /scan New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden $logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt" Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile Get-Content $logFile -Encoding Unicode Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue EndPowerShell: Comment: Remove unwanted files from common folders using native removal power of Farbar to include remove on reboot if needed C:\ProgramData\*.a3x C:\ProgramData\*.ahk C:\ProgramData\*.au3 C:\ProgramData\*.bat C:\ProgramData\*.cab C:\ProgramData\*.cmd C:\ProgramData\*.com C:\ProgramData\*.dll C:\ProgramData\*.exe C:\ProgramData\*.hta C:\ProgramData\*.jar C:\ProgramData\*.js C:\ProgramData\*.jse C:\ProgramData\*.lnk C:\ProgramData\*.pif C:\ProgramData\*.ps1 C:\ProgramData\*.py C:\ProgramData\*.pyc C:\ProgramData\*.pyd C:\ProgramData\*.scr C:\ProgramData\*.tmp C:\ProgramData\*.vbe C:\ProgramData\*.vbs C:\ProgramData\*.wsf C:\ProgramData\*.wsh C:\ProgramData\*.zip C:\Users\*\AppData\Roaming\*.au3 C:\Users\*\AppData\Roaming\*.bat C:\Users\*\AppData\Roaming\*.cab C:\Users\*\AppData\Roaming\*.cmd C:\Users\*\AppData\Roaming\*.com C:\Users\*\AppData\Roaming\*.dll C:\Users\*\AppData\Roaming\*.exe C:\Users\*\AppData\Roaming\*.hta C:\Users\*\AppData\Roaming\*.jar C:\Users\*\AppData\Roaming\*.js C:\Users\*\AppData\Roaming\*.jse C:\Users\*\AppData\Roaming\*.lnk C:\Users\*\AppData\Roaming\*.pif C:\Users\*\AppData\Roaming\*.ps1 C:\Users\*\AppData\Roaming\*.py C:\Users\*\AppData\Roaming\*.pyc C:\Users\*\AppData\Roaming\*.pyd C:\Users\*\AppData\Roaming\*.scr C:\Users\*\AppData\Roaming\*.tmp C:\Users\*\AppData\Roaming\*.vbe C:\Users\*\AppData\Roaming\*.vbs C:\Users\*\AppData\Roaming\*.wsf C:\Users\*\AppData\Roaming\*.wsh C:\Users\*\AppData\Roaming\*.zip C:\Users\CurrentUserName\AppData\Local\*.a3x C:\Users\CurrentUserName\AppData\Local\*.ahk C:\Users\CurrentUserName\AppData\Local\*.au3 C:\Users\CurrentUserName\AppData\Local\*.bat C:\Users\CurrentUserName\AppData\Local\*.cab C:\Users\CurrentUserName\AppData\Local\*.cmd C:\Users\CurrentUserName\AppData\Local\*.com C:\Users\CurrentUserName\AppData\Local\*.dll C:\Users\CurrentUserName\AppData\Local\*.exe C:\Users\CurrentUserName\AppData\Local\*.hta C:\Users\CurrentUserName\AppData\Local\*.jar C:\Users\CurrentUserName\AppData\Local\*.js C:\Users\CurrentUserName\AppData\Local\*.jse C:\Users\CurrentUserName\AppData\Local\*.lnk C:\Users\CurrentUserName\AppData\Local\*.pif C:\Users\CurrentUserName\AppData\Local\*.ps1 C:\Users\CurrentUserName\AppData\Local\*.py C:\Users\CurrentUserName\AppData\Local\*.pyc C:\Users\CurrentUserName\AppData\Local\*.pyd C:\Users\CurrentUserName\AppData\Local\*.scr C:\Users\CurrentUserName\AppData\Local\*.tmp C:\Users\CurrentUserName\AppData\Local\*.vbe C:\Users\CurrentUserName\AppData\Local\*.vbs C:\Users\CurrentUserName\AppData\Local\*.wsf C:\Users\CurrentUserName\AppData\Local\*.wsh C:\Users\CurrentUserName\AppData\Local\*.zip C:\Users\CurrentUserName\AppData\Roaming\*.a3x C:\Users\CurrentUserName\AppData\Roaming\*.ahk C:\Users\CurrentUserName\AppData\Roaming\*.au3 C:\Users\CurrentUserName\AppData\Roaming\*.bat C:\Users\CurrentUserName\AppData\Roaming\*.cab C:\Users\CurrentUserName\AppData\Roaming\*.cmd C:\Users\CurrentUserName\AppData\Roaming\*.com C:\Users\CurrentUserName\AppData\Roaming\*.dll C:\Users\CurrentUserName\AppData\Roaming\*.exe C:\Users\CurrentUserName\AppData\Roaming\*.hta C:\Users\CurrentUserName\AppData\Roaming\*.jar C:\Users\CurrentUserName\AppData\Roaming\*.js C:\Users\CurrentUserName\AppData\Roaming\*.jse C:\Users\CurrentUserName\AppData\Roaming\*.lnk C:\Users\CurrentUserName\AppData\Roaming\*.pif C:\Users\CurrentUserName\AppData\Roaming\*.ps1 C:\Users\CurrentUserName\AppData\Roaming\*.py C:\Users\CurrentUserName\AppData\Roaming\*.pyc C:\Users\CurrentUserName\AppData\Roaming\*.pyd C:\Users\CurrentUserName\AppData\Roaming\*.scr C:\Users\CurrentUserName\AppData\Roaming\*.tmp C:\Users\CurrentUserName\AppData\Roaming\*.vbe C:\Users\CurrentUserName\AppData\Roaming\*.vbs C:\Users\CurrentUserName\AppData\Roaming\*.wsf C:\Users\CurrentUserName\AppData\Roaming\*.wsh C:\Users\CurrentUserName\AppData\Roaming\*.zip C:\Windows\System32\config\systemprofile\AppData\Local\*.tmp C:\WINDOWS\system32\*.tmp C:\WINDOWS\syswow64\*.tmp C:\Windows\System32\GroupPolicyUsers C:\Windows\System32\GroupPolicy CMD: DISM.exe /Online /Cleanup-image /Restorehealth CMD: SFC.exe /scannow CMD: netsh int ip reset CMD: netsh int ipv6 reset CMD: ipconfig /flushDNS CMD: netsh winsock reset catalog C:\Users\CurrentUserName\AppData\Local\Temp\* C:\Windows\Temp\* C:\Windows\SystemTemp\* EmptyTemp: End::