content copied
content
Start::
CreateRestorePoint:
CloseProcesses:
2026-04-14 01:44 - 2026-04-16 22:13 - 000000000 ____D C:\ProgramData\lib_tool_process
CustomCLSID: HKU\S-1-5-21-1987162263-3468947570-2408855926-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\BioStaR\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1987162263-3468947570-2408855926-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\BioStaR\AppData\Local\Kingsoft\WPS Office\12.2.0.23196\office6\kwpsmenushellext64.dll => No File
CustomCLSID: HKU\S-1-5-21-1987162263-3468947570-2408855926-1001_Classes\CLSID\{89795E3E-F6B0-4D88-B1A0-BCC3DF1A682E}\InprocServer32 -> C:\Users\BioStaR\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386\kmsosidebar_1.0.1.4\kmsosidebar64.dll => No File
CustomCLSID: HKU\S-1-5-21-1987162263-3468947570-2408855926-1001_Classes\CLSID\{F8686D90-7CB9-4D81-B596-69C3C408BA88}\InprocServer32 -> C:\Users\BioStaR\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386\kmsosidebar_1.0.1.4\kmsosidebar64.dll => No File
ShellIconOverlayIdentifiers: [ MEGA (NotFound)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890635} => C:\Users\BioStaR\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\BioStaR\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\BioStaR\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\BioStaR\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\BioStaR\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\BioStaR\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\BioStaR\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\BioStaR\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1_S-1-5-21-1987162263-3468947570-2408855926-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\BioStaR\AppData\Local\Kingsoft\WPS Office\12.2.0.23196\office6\kwpsmenushellext64.dll -> No File
ContextMenuHandlers4_S-1-5-21-1987162263-3468947570-2408855926-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\BioStaR\AppData\Local\Kingsoft\WPS Office\12.2.0.23196\office6\kwpsmenushellext64.dll -> No File
HKLM\...\Run: [DubbingAI] => "C:\Program Files\DubbingAI\DubbingAI.exe" -AutoStart (No File)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)
HKU\S-1-5-21-1987162263-3468947570-2408855926-1001\...\Run: [ScreenRec] => C:\Users\BioStaR\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe (No File)
HKU\S-1-5-21-1987162263-3468947570-2408855926-1001\...\Run: [AMDNoiseSuppression] => "C:\Windows\system32\AMD\ANR\AMDNoiseSuppression.exe" (No File)
HKU\S-1-5-21-1987162263-3468947570-2408855926-1001\...\Run: [RobloxPlayerBeta] => "C:\Users\BioStaR\AppData\Local\Roblox\Versions\version-81dc12ef5c824adb\RobloxPlayerBeta.exe" --launch-to-tray (No File)
HKU\S-1-5-21-1987162263-3468947570-2408855926-1001\...\MountPoints2: {2fe821bf-d732-11f0-a00b-047f0e83f60c} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1987162263-3468947570-2408855926-1001\...\MountPoints2: {472f017e-0916-11ef-9efb-f4b520682dbb} - "D:\WifiAutoInstallSetup.exe"
Task: {3A7833CA-0899-4269-BAA8-B8514427234D} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-1987162263-3468947570-2408855926-1001 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe (No File)
Task: {ABA8B84C-8EC8-41CD-B80A-3405EBCC4345} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-1987162263-3468947570-2408855926-1004 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe (No File)
Task: {82A3FFCF-DBC5-490D-A114-90000BB2B239} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXAutoUpdate.exe (No File)
S3 VSInstallerElevationService; "C:\Program Files (x86)\Microsoft Visual Studio\Installer\VSInstallerElevationService.exe" (No File)
S3 VSStandardCollectorService150; "C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe" (No File)
FirewallRules: [TCP Query User{93E4E377-5FFE-470D-8DAE-75BF547B9CE7}D:\snappy driver installer\sdi_x64_r2201.exe] => (Allow) D:\snappy driver installer\sdi_x64_r2201.exe => No File
FirewallRules: [UDP Query User{6F683758-4CBF-448F-8BAB-545F40BD2352}D:\snappy driver installer\sdi_x64_r2201.exe] => (Allow) D:\snappy driver installer\sdi_x64_r2201.exe => No File
FirewallRules: [TCP Query User{8347F8D4-F7CF-41BE-B66C-18D18E26522E}D:\snappy driver installer\sdi_x64_r2201.exe] => (Allow) D:\snappy driver installer\sdi_x64_r2201.exe => No File
FirewallRules: [UDP Query User{12B3B869-B75D-49D9-ACBA-423CDEFBAE59}D:\snappy driver installer\sdi_x64_r2201.exe] => (Allow) D:\snappy driver installer\sdi_x64_r2201.exe => No File
FirewallRules: [{BA5C0B14-5243-407B-9151-78C20CA84CA2}] => (Allow) C:\Users\BioStaR\Documents\Apps\Steam.exe => No File
FirewallRules: [{A76CE007-8AB9-4030-9925-EB878605CDFD}] => (Allow) C:\Users\BioStaR\Documents\Apps\Steam.exe => No File
FirewallRules: [{AF28EFE1-B079-423A-8ED1-CCF0362D5D05}] => (Allow) C:\Windows\gemu\Steam\Steam.exe => No File
FirewallRules: [{613F4D0C-9F79-41C7-AE6A-49F635A3B5FC}] => (Allow) C:\Windows\gemu\Steam\Steam.exe => No File
FirewallRules: [{34271C68-736C-47C2-94BA-286E2FCCCEEC}] => (Allow) C:\Windows\gemu\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{5FB519C2-B925-458D-8B62-5740523E084E}] => (Allow) C:\Windows\gemu\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{DFD02061-E024-490E-95A6-5806E18194CE}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe => No File
FirewallRules: [{4E7A1AAB-050A-4E53-8D31-164647C68D27}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe => No File
FirewallRules: [{416FB8AA-E7DB-48E1-83A6-FE67ED7EBA93}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe => No File
FirewallRules: [{4320DDEB-6ED5-4E4C-9D4F-B680B4494705}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe => No File
FirewallRules: [{17B340D3-1764-4C83-BDD7-F39685A778B3}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe => No File
FirewallRules: [{4635BDC5-714B-41F6-AFA2-F8E8A7EB29C5}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe => No File
FirewallRules: [{41B25B35-0A64-441B-8958-99101C346D88}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe => No File
FirewallRules: [{5ECF376C-BBA8-4E21-8F30-518273949050}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe => No File
FirewallRules: [{082B9BB1-AC53-4C73-963A-9DB07ED8198E}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe => No File
FirewallRules: [{BD0CD221-DF28-4EFE-94DD-85D5F350F22F}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe => No File
FirewallRules: [{47D94472-DA0D-4D42-9614-77BA4592BBC2}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe => No File
FirewallRules: [{89002301-606D-408B-B237-DBF858CCF059}] => (Allow) C:\Users\BioStaR\AppData\Local\Steam\Steam.exe => No File
FirewallRules: [{EAEC43F8-0FC5-4678-9EB6-EFF0B15C8CF8}] => (Allow) C:\Users\BioStaR\AppData\Local\Steam\Steam.exe => No File
FirewallRules: [{4ECB97FF-15FA-4FC4-9F63-02E494554DEC}] => (Allow) C:\Users\BioStaR\AppData\Local\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{2378F624-EEED-4B77-AF6B-F1CFF87F460D}] => (Allow) C:\Users\BioStaR\AppData\Local\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{DEEE1517-9CD7-4F67-9837-72F8C75DF421}] => (Allow) C:\Users\BioStaR\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe => No File
FirewallRules: [{B86C61DD-BC6E-4CC4-AEEA-F839AA81C697}] => (Allow) C:\Users\BioStaR\AppData\Local\Steam\steamapps\common\DOLL EYE CHAPTER ONE\win32\Game.exe => No File
FirewallRules: [{62E6345D-C3BC-428D-829C-08EC8801D380}] => (Allow) C:\Users\BioStaR\AppData\Local\Steam\steamapps\common\DOLL EYE CHAPTER ONE\win32\Game.exe => No File
FirewallRules: [{F8669B5D-BDE9-4463-B0E8-96BD1D37DB6C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{98CE5436-0F42-4E4A-8A50-C03DABD62DC3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{28AF9B8D-E4B1-4E22-AC58-C301BB740958}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{82C324D1-4156-4EA1-8386-308334CC604E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{35301E25-4058-4FE6-83EF-F516BF4A288F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => No File
FirewallRules: [{0F373273-C581-4E9A-A0D3-02726DE6B605}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => No File
FirewallRules: [{817C74AF-3ADA-4489-BBC7-75EBF1A48D7F}] => (Allow) C:\Users\BioStaR\AppData\Local\publish2\Ryujinx.exe => No File
FirewallRules: [{BA6D3F9F-C9C4-4C00-9AF5-2D730212E704}] => (Allow) C:\Users\BioStaR\AppData\Local\publish2\Ryujinx.exe => No File
FirewallRules: [{F5544D05-E609-4C9D-8A45-25911C4D03B1}] => (Allow) C:\Users\BioStaR\AppData\Local\publish2\Ryujinx.exe => No File
FirewallRules: [{C550855B-4002-460E-87DC-05921DB0E80D}] => (Allow) C:\Users\BioStaR\AppData\Local\publish2\Ryujinx.exe => No File
FirewallRules: [{E0E82B3D-A30A-40AE-BF0B-EC9D9D004656}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{6E7D41E6-1FB1-47AA-A43D-7C3CC3378690}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{B71CA4D3-D384-4D2A-A02F-2CF4D7F80DDA}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe => No File
FirewallRules: [{EDFF5AD9-692B-4948-898F-18A4A1BFA2A9}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{8BA0ABAC-6FDA-436B-B28E-9C117A9893F2}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
C:\Users\BioStaR\Cizutapa
StartRegedit:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableLUA"=dword:00000001
EndRegedit:
StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan
New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:
EmptyTemp:
End::
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.