content copied
content
Start
CreateRestorePoint:
CloseProcesses:
2026-05-18 22:24 - 2026-05-18 22:24 - 000000000 ____D C:\Users\hamis\ss.exe
2026-05-18 22:23 - 2026-05-20 16:23 - 000000000 ____D C:\ProgramData\JAVAsocket_x86
2026-05-18 22:22 - 2026-04-19 14:50 - 000000000 ____D C:\Users\hamis\AppData\Roaming\RenPy
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: c:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (No File)
HKU\S-1-5-21-2136208285-4195537487-1634696728-1001\...\Run: [AMDNoiseSuppression] => "C:\windows\system32\AMD\ANR\AMDNoiseSuppression.exe" (No File)
HKU\S-1-5-21-2136208285-4195537487-1634696728-1001\...\Run: [MicrosoftEdgeAutoLaunch_292D4E21D5D04AFCE77845656E2222A4] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start (No File)
HKU\S-1-5-21-2136208285-4195537487-1634696728-1001\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" (No File)
HKU\S-1-5-21-2136208285-4195537487-1634696728-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe --component-updater=url-source=hxxps://go-updater.brave.com/extensions --disable-domain-reliability --enable-distillability-service (the data entry has 372 more characters). (No File)
HKU\S-1-5-21-2136208285-4195537487-1634696728-1001\...\MountPoints2: {c8b5dcea-1aac-11ec-a526-00e04c70c4be} - "D:\RTK_NIC_DRIVER_INSTALLER.sfx.exe"
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.10.6.0_x64__v10z8vjag6ke6\SysWin32Process\HPCC.Bg.BackgroundSys.exe (No File)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> "C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.105\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable (No File)
Task: {DA7FCE4D-6B3D-4B49-9160-161E253DDF75} - System32\Tasks\Launch Adobe CCXProcess => "C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe" (No File)
Task: {6747F61D-7060-44E3-9016-1A2E1CAE27DA} - System32\Tasks\McAfee\DAD.Execute.Updates => "C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe" (No File)
Task: {E59B5753-4518-4CF3-B853-A57F715AB0DF} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe /hcmode=periodic /periodicruncount=2 (No File)
Task: {9F6FDC6B-D113-4F22-B0B2-264F3896E878} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c (No File)
Task: {2F37052E-A41E-484B-930D-A07BE45D848D} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler (No File)
S2 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc (No File)
S3 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc (No File)
S4 ELANFPService; %SystemRoot%\System32\ELANFPService.exe (No File)
S2 HPDCService; "C:\Program Files\Portrait Displays\HP Display Control Service\DisplayControlService.exe" (No File)
S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.105\elevation_service.exe" (No File)
S3 cpuz153; \??\C:\windows\temp\cpuz153\cpuz153_x64.sys (No File) <==== ATTENTION
S3 RtlWlanu; \SystemRoot\System32\drivers\rtwlanu.sys (No File)
S3 vpnva; \SystemRoot\System32\drivers\vpnva64-6.sys (No File)
CMD: sc query hptouchpointanalyticsservice
CMD: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hptouchpointanalyticsservice" /s
Folder: C:\windows\SecureBoot
Powershell: Get-ScheduledTask | select -first 30 | Get-ScheduledTaskInfo
Powershell: @("$env:APPDATA","$env:LOCALAPPDATA") | ForEach-Object { Get-ChildItem $_ -Recurse -Filter "index.js" -ErrorAction SilentlyContinue } | Where-Object { $_.FullName -match "discord_desktop_core" } | ForEach-Object { Write-Host "--- $($_.FullName) ---"; (Get-Content $_.FullName -Raw).Substring(0,[Math]::Min(2000,(Get-Content $_.FullName -Raw).Length)) }
Powershell: (Get-ItemProperty "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU" -ErrorAction SilentlyContinue).PSObject.Properties | Where-Object { $_.Name -match "^[a-z]$" } | ForEach-Object { Write-Host "$($_.Name): $($_.Value)" }
C:\WINDOWS\Temp\*
C:\WINDOWS\SystemTemp\*
C:\Users\hamis\AppData\Local\Temp\*
StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan
New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:
StartPowershell:
# Replace /scanonly with /clean if you also want to delete items -- however, this will activate a trial license on the system, I do not recommend it
$hmpExe = "$env:TEMP\HitmanPro_x64.exe"
$logFile = "$env:TEMP\HitmanPro_ScanLog.txt"
Invoke-WebRequest -Uri "https://dl.surfright.nl/HitmanPro_x64.exe" -OutFile $hmpExe -UseBasicParsing
$proc = Start-Process $hmpExe -ArgumentList "/ews","/scanonly","/noinstall","/log=`"$logFile`"","/logtype=txt" -Wait -PassThru
if (!(Test-Path $logFile)) { Write-Host "Scan failed (exit $($proc.ExitCode))"; exit 1 }
Get-Content $logFile -Encoding Unicode
EndPowershell:
StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
$a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
$a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}
Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:
cmd: del %temp%\*.* /f /s /q
cmd: rd /s /q %temp%
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
End
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.