Malware Log Analysis

Start:: SystemRestore: On CreateRestorePoint: CloseProcesses: Folder: C:\Users\Tekkit\AppData\Roaming\Portmaster AlternateDataStreams: C:\Windows\tracing:? [16] AlternateDataStreams: C:\Users\Tekkit\Downloads\FRST64.exe:MBAM.Zone.Identifier [50] AlternateDataStreams: C:\Users\Tekkit\Downloads\msert.exe:MBAM.Zone.Identifier [201] FirewallRules: [{B13EDA83-677A-49D8-8709-A6AFCC1E9E6B}] => (Allow) C:\Users\Tekkit\AppData\Local\Temp\ACFL\ACSetup\ACSetup.exe => No File FirewallRules: [{CB2C14B0-16AF-46F9-926B-CBE0021C3869}] => (Allow) C:\Users\Tekkit\AppData\Local\Temp\ACFL\ACSetup\ACSetup.exe => No File FirewallRules: [{1A08C727-E8E6-4273-B5B6-0301B0E1F2B9}] => (Allow) C:\Users\Tekkit\AppData\Local\Packages\B9ECED6F.ArmouryCrate_qmba6cd70vzyy\LocalState\GridUpdateFile\ASUSGCDriverUpdateClient.exe => No File FirewallRules: [{1648394F-DAC6-4EE8-B759-539CF7A0A7AB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{31E14D26-2130-4466-A7CB-F9E2BFBB8394}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [TCP Query User{EB312E61-7D2A-4289-A984-D82233B52E2D}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File FirewallRules: [UDP Query User{9B1C758B-C0D3-4FD8-8678-3AF86AB2289B}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File FirewallRules: [TCP Query User{82E82281-D1C2-4159-81BD-087091515328}D:\steamlibrary\steamapps\common\titanfall2\titanfall2.exe] => (Allow) D:\steamlibrary\steamapps\common\titanfall2\titanfall2.exe => No File FirewallRules: [UDP Query User{42B09618-4157-4759-B354-2353D82BB9B6}D:\steamlibrary\steamapps\common\titanfall2\titanfall2.exe] => (Allow) D:\steamlibrary\steamapps\common\titanfall2\titanfall2.exe => No File FirewallRules: [TCP Query User{CD18BBC6-59A7-488A-A911-864C1090F31E}C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe => No File FirewallRules: [UDP Query User{E6E968EB-13CE-4362-BE34-600EB631BF12}C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe => No File FirewallRules: [TCP Query User{04AFD18D-23F6-4FB1-A74D-D1EEB37A453E}C:\program files (x86)\starcraft ii\versions\base91115\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base91115\sc2_x64.exe => No File FirewallRules: [UDP Query User{24D2FC30-E3D2-48D8-A70B-2FA032AB68EB}C:\program files (x86)\starcraft ii\versions\base91115\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base91115\sc2_x64.exe => No File FirewallRules: [{A223450F-796A-4879-A7B1-4D5E53E6C13B}] => (Allow) C:\Program Files\Oculus\Support\oculus-client\OculusClient.exe => No File FirewallRules: [{CCC96922-210D-42FE-BBAA-BA5DD6482DE5}] => (Allow) C:\Program Files\Oculus\Support\oculus-client\OculusClient.exe => No File FirewallRules: [TCP Query User{8371EE4F-4649-4691-B3DD-1B6D605B4F5A}C:\program files (x86)\steam\steamapps\common\battlefield v\bfv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield v\bfv.exe => No File FirewallRules: [UDP Query User{0C8766FB-797E-4459-AED0-E0790EC4A76E}C:\program files (x86)\steam\steamapps\common\battlefield v\bfv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield v\bfv.exe => No File FirewallRules: [TCP Query User{0B8403C1-B89B-404C-A673-FF45CD1FC146}C:\users\tekkit\desktop\citra-windows-msvc-20240303-0ff3440\citra-windows-msvc-20240303-0ff3440\citra-qt.exe] => (Allow) C:\users\tekkit\desktop\citra-windows-msvc-20240303-0ff3440\citra-windows-msvc-20240303-0ff3440\citra-qt.exe => No File FirewallRules: [UDP Query User{E80A9C01-BCD5-42CD-BA9A-BE4E63310543}C:\users\tekkit\desktop\citra-windows-msvc-20240303-0ff3440\citra-windows-msvc-20240303-0ff3440\citra-qt.exe] => (Allow) C:\users\tekkit\desktop\citra-windows-msvc-20240303-0ff3440\citra-windows-msvc-20240303-0ff3440\citra-qt.exe => No File FirewallRules: [{8C577A0B-E6B2-42E9-8150-A0D039F9B713}] => (Block) C:\users\tekkit\desktop\citra-windows-msvc-20240303-0ff3440\citra-windows-msvc-20240303-0ff3440\citra-qt.exe => No File FirewallRules: [{A3C6A44B-2151-4E53-8F52-BA941BF13787}] => (Block) C:\users\tekkit\desktop\citra-windows-msvc-20240303-0ff3440\citra-windows-msvc-20240303-0ff3440\citra-qt.exe => No File FirewallRules: [{914F521C-2401-48BE-93C2-47DBD34B7D0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe => No File FirewallRules: [{C0D54696-0B25-45E8-983E-82D82DAC4634}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe => No File FirewallRules: [TCP Query User{4B93D3A3-F60B-4BDE-895A-147586659D85}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File FirewallRules: [UDP Query User{AD252C40-7826-401B-8F06-E4720B66D998}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File FirewallRules: [TCP Query User{81D84157-40BA-4637-A041-2901FF4281B8}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe => No File FirewallRules: [UDP Query User{57302CE9-F03F-4E07-AA3C-29425783548C}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe => No File FirewallRules: [TCP Query User{723A8769-E865-4C08-BDDB-12A637A51FC0}C:\program files\java\jre-1.8\bin\java.exe] => (Allow) C:\program files\java\jre-1.8\bin\java.exe => No File FirewallRules: [UDP Query User{0F061246-0519-42DC-AF56-90F6ED04318B}C:\program files\java\jre-1.8\bin\java.exe] => (Allow) C:\program files\java\jre-1.8\bin\java.exe => No File FirewallRules: [TCP Query User{10F105F8-E3D9-4FF8-9991-23475E51B445}C:\program files (x86)\heroes of the storm\versions\base91769\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base91769\heroesofthestorm_x64.exe => No File FirewallRules: [UDP Query User{959737CF-AFCC-4923-B667-FD0D679C6E52}C:\program files (x86)\heroes of the storm\versions\base91769\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base91769\heroesofthestorm_x64.exe => No File FirewallRules: [TCP Query User{093A9361-DB84-447E-93A0-44B1B6368FDC}C:\program files (x86)\heroes of the storm\versions\base92264\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base92264\heroesofthestorm_x64.exe => No File FirewallRules: [UDP Query User{6BD1EB84-F02A-4604-9574-99480B2DAF77}C:\program files (x86)\heroes of the storm\versions\base92264\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base92264\heroesofthestorm_x64.exe => No File FirewallRules: [{6FCD1565-1630-4171-B24A-2E62DF9AD0AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Satisfactory\FactoryGame.exe => No File FirewallRules: [{8716B994-9A96-4FBB-8A70-D2D82D212F5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Satisfactory\FactoryGame.exe => No File FirewallRules: [TCP Query User{F9C74085-F78E-4948-89F2-91D4B886A268}C:\program files (x86)\steam\steamapps\common\satisfactory\engine\binaries\win64\factorygame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\satisfactory\engine\binaries\win64\factorygame-win64-shipping.exe => No File FirewallRules: [UDP Query User{A1330437-278A-4C3E-B7C5-A8CF7A236239}C:\program files (x86)\steam\steamapps\common\satisfactory\engine\binaries\win64\factorygame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\satisfactory\engine\binaries\win64\factorygame-win64-shipping.exe => No File FirewallRules: [{4E887596-B983-4D72-9F5A-3734E3D238C2}] => (Block) C:\program files (x86)\steam\steamapps\common\satisfactory\engine\binaries\win64\factorygame-win64-shipping.exe => No File FirewallRules: [{A00E16F4-867F-4FE4-9CCC-0D1539EB6E5C}] => (Block) C:\program files (x86)\steam\steamapps\common\satisfactory\engine\binaries\win64\factorygame-win64-shipping.exe => No File FirewallRules: [TCP Query User{A69A7538-934D-43F7-A6D3-4485F1FA2A89}C:\program files\java\jdk-22\bin\java.exe] => (Allow) C:\program files\java\jdk-22\bin\java.exe => No File FirewallRules: [UDP Query User{6CACE1E6-1381-4D91-B8E2-1D56131AC0A0}C:\program files\java\jdk-22\bin\java.exe] => (Allow) C:\program files\java\jdk-22\bin\java.exe => No File FirewallRules: [{0FCB283E-D4E0-4F0A-8119-5940DFBD2607}] => (Block) C:\program files\java\jdk-22\bin\java.exe => No File FirewallRules: [{AA03C336-4A5D-484F-82D4-6DAC1487C444}] => (Block) C:\program files\java\jdk-22\bin\java.exe => No File FirewallRules: [{DAEAF45F-DC6F-49A2-A929-9D618164D87D}] => (Allow) D:\SteamLibrary\steamapps\common\Spyro Reignited Trilogy\Spyro.exe => No File FirewallRules: [{A8C0027C-544E-4BCA-8F5E-8775F3945D3C}] => (Allow) D:\SteamLibrary\steamapps\common\Spyro Reignited Trilogy\Spyro.exe => No File FirewallRules: [TCP Query User{AE1303E8-9E9B-448C-8EE9-EFE4E7BC102C}D:\steamlibrary\steamapps\common\spyro reignited trilogy\falcon\binaries\win64\spyro-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\spyro reignited trilogy\falcon\binaries\win64\spyro-win64-shipping.exe => No File FirewallRules: [UDP Query User{E48F45CE-79D8-4408-8F0D-3CE504087F1F}D:\steamlibrary\steamapps\common\spyro reignited trilogy\falcon\binaries\win64\spyro-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\spyro reignited trilogy\falcon\binaries\win64\spyro-win64-shipping.exe => No File FirewallRules: [{83FAACD0-654F-4A81-9EBB-E607F2165616}] => (Allow) C:\Program Files\Pinnacle\Studio 23\programs\RM.exe => No File FirewallRules: [{F1FC862C-6FCF-4A9E-B7EC-E81400081C5F}] => (Allow) C:\Program Files\Pinnacle\Studio 23\programs\RM.exe => No File FirewallRules: [{0CA66A9A-C23C-4C81-A414-8A3CDD9B25AC}] => (Allow) C:\Program Files\Pinnacle\Studio 23\programs\NGStudio.exe => No File FirewallRules: [{FB89643E-38B8-4EF6-8DAB-5631AA9376E6}] => (Allow) C:\Program Files\Pinnacle\Studio 23\programs\NGStudio.exe => No File FirewallRules: [{78531C9C-D33F-4785-BFAE-8D572462A0EB}] => (Allow) C:\Program Files\Pinnacle\Studio 23\programs\UMI.exe => No File FirewallRules: [{D3ECA033-25C9-4D1E-8ABD-FC2060898C4A}] => (Allow) C:\Program Files\Pinnacle\Studio 23\programs\UMI.exe => No File FirewallRules: [{95510B81-E75B-421C-8C0C-0A660454F27D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deadlock\game\bin\win64\project8.exe => No File FirewallRules: [{5AC93270-369C-4223-BD29-AE49916CE6A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deadlock\game\bin\win64\project8.exe => No File FirewallRules: [TCP Query User{CCE2839B-DC1F-4C74-B219-5E744FB0A358}F:\wpsystem\s-1-5-21-1884015456-3966951252-313410465-1002\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) F:\wpsystem\s-1-5-21-1884015456-3966951252-313410465-1002\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe => No File FirewallRules: [UDP Query User{402708ED-73B0-417E-8376-DD9D35174078}F:\wpsystem\s-1-5-21-1884015456-3966951252-313410465-1002\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) F:\wpsystem\s-1-5-21-1884015456-3966951252-313410465-1002\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe => No File FirewallRules: [TCP Query User{B96F5261-F320-4D4B-BE28-8C27D1BB8B11}C:\users\tekkit\downloads\godot_v3.6-stable_win64.exe\godot_v3.6-stable_win64.exe] => (Allow) C:\users\tekkit\downloads\godot_v3.6-stable_win64.exe\godot_v3.6-stable_win64.exe => No File FirewallRules: [UDP Query User{53CF0E77-22D4-4E93-9DB6-A00DC3C1D999}C:\users\tekkit\downloads\godot_v3.6-stable_win64.exe\godot_v3.6-stable_win64.exe] => (Allow) C:\users\tekkit\downloads\godot_v3.6-stable_win64.exe\godot_v3.6-stable_win64.exe => No File FirewallRules: [TCP Query User{DF19A29B-9CE6-4F3F-8BC9-7183F6A8368D}C:\users\tekkit\desktop\godot_v3.5.3-stable_win64.exe\godot_v3.5.3-stable_win64.exe] => (Allow) C:\users\tekkit\desktop\godot_v3.5.3-stable_win64.exe\godot_v3.5.3-stable_win64.exe => No File FirewallRules: [UDP Query User{6958D15F-0856-4804-812C-055FB02868A0}C:\users\tekkit\desktop\godot_v3.5.3-stable_win64.exe\godot_v3.5.3-stable_win64.exe] => (Allow) C:\users\tekkit\desktop\godot_v3.5.3-stable_win64.exe\godot_v3.5.3-stable_win64.exe => No File FirewallRules: [{50F42603-093B-49FF-ADFF-32F9B5EC7B13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe => No File FirewallRules: [{6436A20D-EAB0-429E-8E45-D974B0E52AF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe => No File FirewallRules: [TCP Query User{6A8AA352-AD75-4062-8007-4196884A8E80}C:\program files (x86)\heroes of the storm\versions\base93054\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base93054\heroesofthestorm_x64.exe => No File FirewallRules: [UDP Query User{08D41F8B-643B-4368-A667-49153E1901EA}C:\program files (x86)\heroes of the storm\versions\base93054\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base93054\heroesofthestorm_x64.exe => No File FirewallRules: [{B67374B3-97FB-4CC0-ADD9-C7572B5F9324}] => (Allow) D:\SteamLibrary\steamapps\common\MonsterHunterWildsBetatest\MonsterHunterWildsBeta.exe => No File FirewallRules: [{C3E19C21-5682-4499-AE6C-F9A95BAF06E2}] => (Allow) D:\SteamLibrary\steamapps\common\MonsterHunterWildsBetatest\MonsterHunterWildsBeta.exe => No File FirewallRules: [TCP Query User{9D1BD5A7-58B6-4E44-9A69-9F42D61BD383}C:\users\tekkit\appdata\local\discord\app-1.0.9169\discord.exe] => (Allow) C:\users\tekkit\appdata\local\discord\app-1.0.9169\discord.exe => No File FirewallRules: [UDP Query User{1F4D64F4-09FE-4FB5-B9FB-B59832742EFB}C:\users\tekkit\appdata\local\discord\app-1.0.9169\discord.exe] => (Allow) C:\users\tekkit\appdata\local\discord\app-1.0.9169\discord.exe => No File FirewallRules: [TCP Query User{C70C1B23-8898-4139-AC60-BFCC54100335}C:\program files\java\jre1.8.0_431\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_431\bin\java.exe => No File FirewallRules: [UDP Query User{C32D800B-990D-4D15-8A17-B1468D3ABCA0}C:\program files\java\jre1.8.0_431\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_431\bin\java.exe => No File FirewallRules: [TCP Query User{48F18CB7-8B91-4757-A88B-A20D296E3889}F:\wpsystem\s-1-5-21-1884015456-3966951252-313410465-1002\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) F:\wpsystem\s-1-5-21-1884015456-3966951252-313410465-1002\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe => No File FirewallRules: [UDP Query User{132C69DD-EF6B-4410-B410-8B00C856EAA6}F:\wpsystem\s-1-5-21-1884015456-3966951252-313410465-1002\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) F:\wpsystem\s-1-5-21-1884015456-3966951252-313410465-1002\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe => No File FirewallRules: [TCP Query User{8BA69D6F-AA11-4433-90EA-2BF129A3A28D}F:\wpsystem\s-1-5-21-1884015456-3966951252-313410465-1002\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe] => (Allow) F:\wpsystem\s-1-5-21-1884015456-3966951252-313410465-1002\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe => No File FirewallRules: [UDP Query User{AE55A66B-1ABF-45F2-97A9-5C6968EB8C31}F:\wpsystem\s-1-5-21-1884015456-3966951252-313410465-1002\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe] => (Allow) F:\wpsystem\s-1-5-21-1884015456-3966951252-313410465-1002\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe => No File FirewallRules: [TCP Query User{9C158099-AA82-4AAC-8B52-1BA418500657}D:\steamlibrary\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File FirewallRules: [UDP Query User{8D33E3E2-BD94-46AF-A70E-345E3973E8D9}D:\steamlibrary\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File FirewallRules: [{F522BC7E-537A-4D30-84C3-570ADCD58058}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe => No File FirewallRules: [{B4463DD2-8F72-4A71-907A-AD3C84F1097D}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe => No File FirewallRules: [{9AB2083A-D5E7-4FE6-8AF8-853E3434BA44}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe => No File FirewallRules: [TCP Query User{7BBF3171-980F-4332-A388-446B50BF1839}C:\program files (x86)\starcraft ii\versions\base93333\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base93333\sc2_x64.exe => No File FirewallRules: [UDP Query User{8163CD80-FE4E-4A35-BB7E-F7248CDB62C4}C:\program files (x86)\starcraft ii\versions\base93333\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base93333\sc2_x64.exe => No File FirewallRules: [{4E3CE034-63C8-4F24-8356-1A09845B829F}] => (Block) C:\program files (x86)\starcraft ii\versions\base93333\sc2_x64.exe => No File FirewallRules: [{7BD71DED-0E3E-4353-A119-47E49B9753EC}] => (Block) C:\program files (x86)\starcraft ii\versions\base93333\sc2_x64.exe => No File FirewallRules: [TCP Query User{795B45AF-2008-4418-B1BF-CA10C5F3023D}C:\users\tekkit\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\tekkit\appdata\roaming\zoom\bin\zoom.exe => No File FirewallRules: [UDP Query User{BA74CDE8-4479-4911-BB03-4BD431D6A63E}C:\users\tekkit\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\tekkit\appdata\roaming\zoom\bin\zoom.exe => No File FirewallRules: [{E0EB4B3C-A5F5-4358-9DD2-01EDF147D6EE}] => (Block) C:\users\tekkit\appdata\roaming\zoom\bin\zoom.exe => No File FirewallRules: [{59762231-EBB6-4248-AD96-76322B48D610}] => (Block) C:\users\tekkit\appdata\roaming\zoom\bin\zoom.exe => No File FirewallRules: [TCP Query User{25993423-68AF-48EF-BC8B-D8BD97C9EAAB}C:\program files (x86)\heroes of the storm\versions\base93810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base93810\heroesofthestorm_x64.exe => No File FirewallRules: [UDP Query User{D0A76298-360E-4906-A17A-6F39DAF32FD6}C:\program files (x86)\heroes of the storm\versions\base93810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base93810\heroesofthestorm_x64.exe => No File FirewallRules: [{97E2B937-0A14-4A56-BD32-22E2239ECC52}] => (Block) C:\program files (x86)\heroes of the storm\versions\base93810\heroesofthestorm_x64.exe => No File FirewallRules: [{D501D7DF-BE18-430B-988B-A0D029A82E15}] => (Block) C:\program files (x86)\heroes of the storm\versions\base93810\heroesofthestorm_x64.exe => No File FirewallRules: [TCP Query User{D7756B84-61A4-4B06-B55F-7BD22A17E91C}C:\program files (x86)\heroes of the storm\versions\base94387\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base94387\heroesofthestorm_x64.exe => No File FirewallRules: [UDP Query User{AAD4EFB5-9AF5-4982-8743-B6DA4A1A5683}C:\program files (x86)\heroes of the storm\versions\base94387\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base94387\heroesofthestorm_x64.exe => No File FirewallRules: [TCP Query User{BA6CCC2D-7A44-4F2B-A1D5-3AC54370F55C}G:\steamlibrary\steamapps\common\arma 3\arma3_x64.exe] => (Allow) G:\steamlibrary\steamapps\common\arma 3\arma3_x64.exe => No File FirewallRules: [UDP Query User{49762DDA-10A5-4375-8D20-8E494BD439E0}G:\steamlibrary\steamapps\common\arma 3\arma3_x64.exe] => (Allow) G:\steamlibrary\steamapps\common\arma 3\arma3_x64.exe => No File FirewallRules: [{0A1D1DC2-D89E-4916-8501-FF918931E0D5}] => (Allow) G:\SteamLibrary\steamapps\common\SpaceEngineersDedicatedServer\DedicatedServer64\SpaceEngineersDedicated.exe => No File FirewallRules: [{236293FA-8315-4DE0-B591-C4135954D79E}] => (Allow) G:\SteamLibrary\steamapps\common\SpaceEngineersDedicatedServer\DedicatedServer64\SpaceEngineersDedicated.exe => No File FirewallRules: [TCP Query User{829A643F-BB96-40E8-AFFA-F89AF7D8A362}D:\steamlibrary\steamapps\common\glacier events\bf6event.exe] => (Allow) D:\steamlibrary\steamapps\common\glacier events\bf6event.exe => No File FirewallRules: [UDP Query User{EC234B0E-4C1D-4242-B3C1-FD7DB78F5C77}D:\steamlibrary\steamapps\common\glacier events\bf6event.exe] => (Allow) D:\steamlibrary\steamapps\common\glacier events\bf6event.exe => No File FirewallRules: [TCP Query User{17398984-C586-47EB-BCFB-5BB193B04E7A}C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe => No File FirewallRules: [UDP Query User{4F0BAF22-0167-49B7-8CBA-74CB89C749D7}C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe => No File FirewallRules: [{DA1F7408-65C1-4380-B0E0-289EA0ABC196}] => (Allow) C:\Users\Tekkit\AppData\Roaming\uTorrent\uTorrent.exe => No File FirewallRules: [{D7013CEE-04A1-4D18-8691-00FB34DED0A1}] => (Allow) C:\Users\Tekkit\AppData\Roaming\uTorrent\uTorrent.exe => No File FirewallRules: [TCP Query User{C40AE140-0C1F-4D3A-9449-9C6829D1C10C}C:\users\tekkit\appdata\local\discord\app-1.0.9219\discord.exe] => (Allow) C:\users\tekkit\appdata\local\discord\app-1.0.9219\discord.exe => No File FirewallRules: [UDP Query User{37A0B059-E615-4CA1-909B-81FFBE2A1F48}C:\users\tekkit\appdata\local\discord\app-1.0.9219\discord.exe] => (Allow) C:\users\tekkit\appdata\local\discord\app-1.0.9219\discord.exe => No File FirewallRules: [TCP Query User{F62A12A7-E5A1-43A4-843A-3E34ABBB489D}C:\program files (x86)\heroes of the storm\versions\base95918\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base95918\heroesofthestorm_x64.exe => No File FirewallRules: [UDP Query User{400FC420-EE19-4084-A4D1-E62C9734CEDB}C:\program files (x86)\heroes of the storm\versions\base95918\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base95918\heroesofthestorm_x64.exe => No File FirewallRules: [TCP Query User{46F9F62E-AA24-4416-B162-EF937C3ACE07}C:\users\tekkit\appdata\local\discord\app-1.0.9230\discord.exe] => (Allow) C:\users\tekkit\appdata\local\discord\app-1.0.9230\discord.exe => No File FirewallRules: [UDP Query User{AFB8075A-4512-4269-AF83-5E5528DBDFFD}C:\users\tekkit\appdata\local\discord\app-1.0.9230\discord.exe] => (Allow) C:\users\tekkit\appdata\local\discord\app-1.0.9230\discord.exe => No File Task: {DAE228B9-D539-4FB6-9BA3-2D44CF5329B8} - System32\Tasks\ASUS\AcPowerNotification => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe (No File) Task: {6B011108-AA4A-4F39-A768-B71CB524C08C} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (No File) Task: {F2B61FD1-DDC4-4D90-90DA-46E14812605A} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe --delay (No File) Task: {50DE98B6-9F3C-46E1-A01E-C0326B3AF2FA} - System32\Tasks\ASUS\NoiseCancelingEngine => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe (No File) Task: {521609C8-341D-4746-B092-202A4DDCA08D} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File) S2 Nexus; "G:\SteamLibrary\steamapps\common\SpaceEngineersDedicatedServer\DedicatedServer64\SpaceEngineersDedicated.exe" (No File) S3 ACE-SSC-DRV64; \??\C:\Program Files\AntiCheatExpert\SGuard\x64\plugins\ACE-SSC-DRV64.sys (No File) S3 ALSysIO; \??\C:\Users\Tekkit\AppData\Local\Temp\ALSysIO64.sys (No File) <==== ATTENTION S3 cpuz159; \??\C:\Windows\temp\cpuz159\cpuz159_x64.sys (No File) <==== ATTENTION S3 EAAntiCheat; system32\drivers\eaanticheat.sys (No File) S3 HWiNFO_204; \??\C:\Users\Tekkit\AppData\Local\Temp\HWiNFO_x64_204.sys (No File) <==== ATTENTION S3 TRIXX; \??\C:\Users\Tekkit\AppData\Local\Temp\TRIXX.sys (No File) <==== ATTENTION 2024-12-11 13:59 - 2024-12-11 13:59 - 000000048 ____R () C:\Users\Tekkit\AppData\Local\D1A054C7117921A4402A0EA7ED88B467 GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION Task: {0c30b421-d150-4b3d-a2d0-ea7099509e5a} - no filepath. <==== ATTENTION Task: {417dee78-781a-446e-91e1-15a410f5a89f} - no filepath. <==== ATTENTION Task: {423b9f6a-3c36-4364-a98e-23e4a0aef05c} - no filepath. <==== ATTENTION Task: {4575d75a-ee4c-4d86-9a0b-34f27d9e845c} - no filepath. <==== ATTENTION Task: {4792bdbe-d11a-456b-ae8f-4d2a76353579} - no filepath. <==== ATTENTION Task: {51476db8-32d7-49a3-896d-275d09832515} - no filepath. <==== ATTENTION Task: {6b005d9b-c65f-407f-809a-78e94b0dde1f} - no filepath. <==== ATTENTION Task: {82a40103-65dd-4207-9450-ffeb77a8eac5} - no filepath. <==== ATTENTION Task: {90b647ef-71da-485e-bb84-e4e681632196} - no filepath. <==== ATTENTION Task: {b342086b-1e05-4eb6-9fca-4af0323fb2f8} - no filepath. <==== ATTENTION Task: {bfca2640-f1b1-4da9-8f19-d37ce8bb00df} - no filepath. <==== ATTENTION Task: {c6ae36a4-eea5-4785-9efb-0ca7de9340b1} - no filepath. <==== ATTENTION Task: {c6f16da6-ab2e-4356-a0f7-d391915f58ac} - no filepath. <==== ATTENTION Task: {c8c79835-09bc-4ba2-be29-92462af3daf2} - no filepath. <==== ATTENTION Task: {cd05a22a-74e2-4ea6-9a7b-042220c95c0a} - no filepath. <==== ATTENTION Task: {d31d2d2f-8fe0-4fb0-ba8a-0e03926cbd2b} - no filepath. <==== ATTENTION Task: {daddab10-f9da-4920-8e18-2c775dcd0d00} - no filepath. <==== ATTENTION Task: {e084989e-2dfe-42c2-ab0f-a8cb01166911} - no filepath. <==== ATTENTION Task: {e1a7c535-7b28-4875-99fe-ed4a3ddce9c6} - no filepath. <==== ATTENTION Task: {ef22f0aa-6215-44e1-8784-2f7e78fa722e} - no filepath. <==== ATTENTION Task: {f2eddbc8-7e71-4304-9233-1dd48105c4b5} - no filepath. <==== ATTENTION Task: {f502b2e4-f416-46a8-9631-1358e04d01ed} - no filepath. <==== ATTENTION Task: {f7228e87-9ffd-47ba-be72-63fea5009d03} - no filepath. <==== ATTENTION Task: {f8bb73f2-7aad-41be-abf3-57e68886986e} - no filepath. <==== ATTENTION Task: {f9c37735-62d2-4edc-9aba-3e26d4a892b7} - no filepath. <==== ATTENTION Task: {ff0eb4e1-9e7c-4689-8039-cf6dc2b2084e} - no filepath. <==== ATTENTION R3 cpuz155; C:\Windows\temp\cpuz155\cpuz155_x64.sys [41480 2026-05-22] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION R3 GPUZ-v2; C:\Windows\TEMP\GPUZ-v2.sys [52008 2026-05-22] (TechPowerUp LLC -> ) <==== ATTENTION StartPowerShell: # This snippet re-enables Windows Defender and applies optimized settings to ensure high protection against malware # Enable real-time protection Set-MpPreference -DisableRealtimeMonitoring $false # Enable behavioural protection Set-MpPreference -DisableBehaviorMonitoring $false # Enable PUP detection Set-MpPreference -PUAProtection Enabled # Enable cloud protection to level 4 - aggressively block unknowns and apply additional protection measures, alternatively use 2 for lower protection or 0 for default Set-MpPreference -CloudBlockLevel 4 # Send advanced information about malicious/unwanted software present on your device Set-MpPreference -MAPSReporting 2 # Send safe samples automatically to Microsoft Set-MpPreference -SubmitSamplesConsent 1 # Enables inspection of HTTP traffic to detect malicious websites Set-MpPreference -EnableNetworkProtection Enabled # Enables block at first seen Set-MpPreference -DisableBlockAtFirstSeen $false # Allows scanning of archive files, such as .zip and .cab files for malware/PUP Set-MpPreference -DisableArchiveScanning $false # Enables automatic scanning of USB & removal drives Set-MpPreference -DisableRemovableDriveScanning $false # Enables scanning of network files Set-MpPreference -DisableScanningNetworkFiles $false # Forces signature check before running a scan Set-MpPreference -CheckForSignaturesBeforeRunningScan $true # Extends cloud check timer from default 10 to 30 seconds Set-MpPreference -CloudExtendedTimeout 30 # Enables automatic scanning of all downloaded files and attachments Set-MpPreference -DisableIOAVProtection $false # Enables script detection Set-MpPreference -DisableScriptScanning $false # Disables automatic exclusions from scanning Set-MpPreference -DisableAutoExclusions 1 # Enables scanning of mapped network drives Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan 0 # Enables scanning of email files Set-MpPreference -DisableEmailScanning 0 # Enables blocking of malicious domains and IP's on DNS level Set-MpPreference -EnableDnsSinkhole $true # Enables signature updates every 12 hours Set-MpPreference -SignatureUpdateInterval 12 # Enables automatic quarantine for threats labelled as high and severe Set-MpPreference -HighThreatDefaultAction Quarantine Set-MpPreference -SevereThreatDefaultAction Quarantine # Updates signatures Update-MpSignature EndPowerShell: StartPowershell: # Replace /scanonly with /clean if you also want to delete items -- however, this will activate a trial license on the system, I do not recommend it $hmpExe = "$env:TEMP\HitmanPro_x64.exe" $logFile = "$env:TEMP\HitmanPro_ScanLog.txt" Invoke-WebRequest -Uri "https://dl.surfright.nl/HitmanPro_x64.exe" -OutFile $hmpExe -UseBasicParsing $proc = Start-Process $hmpExe -ArgumentList "/ews","/scanonly","/noinstall","/log=`"$logFile`"","/logtype=txt" -Wait -PassThru if (!(Test-Path $logFile)) { Write-Host "Scan failed (exit $($proc.ExitCode))"; exit 1 } Get-Content $logFile -Encoding Unicode EndPowershell: StartPowerShell: # Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console # Does not clean preinstalled objects, only PUP/Adware # If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument # If you would like to only scan with it, change the argument from /clean to /scan # NOTE: For the sake of users from Asia (primarily China), do not use the clean option. It will very likely remove a lot of their important software. New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden $logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt" Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile Get-Content $logFile -Encoding Unicode Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue EndPowerShell: Comment: Remove unwanted files from common folders using native removal power of Farbar to include remove on reboot if needed. Please double check the user does not have any applications incorrectly installed in the directories listed below. C:\ProgramData\*.a3x C:\ProgramData\*.ahk C:\ProgramData\*.au3 C:\ProgramData\*.bat C:\ProgramData\*.cab C:\ProgramData\*.cmd C:\ProgramData\*.com C:\ProgramData\*.dll C:\ProgramData\*.exe C:\ProgramData\*.hta C:\ProgramData\*.jar C:\ProgramData\*.js C:\ProgramData\*.jse C:\ProgramData\*.lnk C:\ProgramData\*.pif C:\ProgramData\*.ps1 C:\ProgramData\*.py C:\ProgramData\*.pyc C:\ProgramData\*.pyd C:\ProgramData\*.scr C:\ProgramData\*.tmp C:\ProgramData\*.vbe C:\ProgramData\*.vbs C:\ProgramData\*.wsf C:\ProgramData\*.wsh C:\ProgramData\*.zip C:\ProgramData\*.rar C:\ProgramData\*.7z C:\Users\*\AppData\Roaming\*.au3 C:\Users\*\AppData\Roaming\*.bat C:\Users\*\AppData\Roaming\*.cab C:\Users\*\AppData\Roaming\*.cmd C:\Users\*\AppData\Roaming\*.com C:\Users\*\AppData\Roaming\*.dll C:\Users\*\AppData\Roaming\*.exe C:\Users\*\AppData\Roaming\*.hta C:\Users\*\AppData\Roaming\*.jar C:\Users\*\AppData\Roaming\*.js C:\Users\*\AppData\Roaming\*.jse C:\Users\*\AppData\Roaming\*.lnk C:\Users\*\AppData\Roaming\*.pif C:\Users\*\AppData\Roaming\*.ps1 C:\Users\*\AppData\Roaming\*.py C:\Users\*\AppData\Roaming\*.pyc C:\Users\*\AppData\Roaming\*.pyd C:\Users\*\AppData\Roaming\*.scr C:\Users\*\AppData\Roaming\*.tmp C:\Users\*\AppData\Roaming\*.vbe C:\Users\*\AppData\Roaming\*.vbs C:\Users\*\AppData\Roaming\*.wsf C:\Users\*\AppData\Roaming\*.wsh C:\Users\*\AppData\Roaming\*.zip C:\Users\*\AppData\Roaming\*.rar C:\Users\*\AppData\Roaming\*.7z C:\Users\CurrentUserName\AppData\Local\*.a3x C:\Users\CurrentUserName\AppData\Local\*.ahk C:\Users\CurrentUserName\AppData\Local\*.au3 C:\Users\CurrentUserName\AppData\Local\*.bat C:\Users\CurrentUserName\AppData\Local\*.cab C:\Users\CurrentUserName\AppData\Local\*.cmd C:\Users\CurrentUserName\AppData\Local\*.com C:\Users\CurrentUserName\AppData\Local\*.dll C:\Users\CurrentUserName\AppData\Local\*.exe C:\Users\CurrentUserName\AppData\Local\*.hta C:\Users\CurrentUserName\AppData\Local\*.jar C:\Users\CurrentUserName\AppData\Local\*.js C:\Users\CurrentUserName\AppData\Local\*.jse C:\Users\CurrentUserName\AppData\Local\*.lnk C:\Users\CurrentUserName\AppData\Local\*.pif C:\Users\CurrentUserName\AppData\Local\*.ps1 C:\Users\CurrentUserName\AppData\Local\*.py C:\Users\CurrentUserName\AppData\Local\*.pyc C:\Users\CurrentUserName\AppData\Local\*.pyd C:\Users\CurrentUserName\AppData\Local\*.scr C:\Users\CurrentUserName\AppData\Local\*.tmp C:\Users\CurrentUserName\AppData\Local\*.vbe C:\Users\CurrentUserName\AppData\Local\*.vbs C:\Users\CurrentUserName\AppData\Local\*.wsf C:\Users\CurrentUserName\AppData\Local\*.wsh C:\Users\CurrentUserName\AppData\Local\*.zip C:\Users\CurrentUserName\AppData\Local\*.rar C:\Users\CurrentUserName\AppData\Local\*.7z C:\Users\CurrentUserName\AppData\Roaming\*.a3x C:\Users\CurrentUserName\AppData\Roaming\*.ahk C:\Users\CurrentUserName\AppData\Roaming\*.au3 C:\Users\CurrentUserName\AppData\Roaming\*.bat C:\Users\CurrentUserName\AppData\Roaming\*.cab C:\Users\CurrentUserName\AppData\Roaming\*.cmd C:\Users\CurrentUserName\AppData\Roaming\*.com C:\Users\CurrentUserName\AppData\Roaming\*.dll C:\Users\CurrentUserName\AppData\Roaming\*.exe C:\Users\CurrentUserName\AppData\Roaming\*.hta C:\Users\CurrentUserName\AppData\Roaming\*.jar C:\Users\CurrentUserName\AppData\Roaming\*.js C:\Users\CurrentUserName\AppData\Roaming\*.jse C:\Users\CurrentUserName\AppData\Roaming\*.lnk C:\Users\CurrentUserName\AppData\Roaming\*.pif C:\Users\CurrentUserName\AppData\Roaming\*.ps1 C:\Users\CurrentUserName\AppData\Roaming\*.py C:\Users\CurrentUserName\AppData\Roaming\*.pyc C:\Users\CurrentUserName\AppData\Roaming\*.pyd C:\Users\CurrentUserName\AppData\Roaming\*.scr C:\Users\CurrentUserName\AppData\Roaming\*.tmp C:\Users\CurrentUserName\AppData\Roaming\*.vbe C:\Users\CurrentUserName\AppData\Roaming\*.vbs C:\Users\CurrentUserName\AppData\Roaming\*.wsf C:\Users\CurrentUserName\AppData\Roaming\*.wsh C:\Users\CurrentUserName\AppData\Roaming\*.zip C:\Users\CurrentUserName\AppData\Roaming\*.rar C:\Users\CurrentUserName\AppData\Roaming\*.7z Comment: Force policy removal C:\Windows\System32\GroupPolicyUsers C:\Windows\System32\GroupPolicy Comment: System repair commands CMD: DISM.exe /Online /Cleanup-image /Restorehealth CMD: SFC.exe /scannow Comment: Network reset commands CMD: netsh int ip reset CMD: netsh int ipv6 reset CMD: ipconfig /flushDNS CMD: netsh winsock reset catalog Comment: Additional temp file removal C:\Windows\System32\config\systemprofile\AppData\Local\*.tmp C:\WINDOWS\system32\*.tmp C:\WINDOWS\syswow64\*.tmp C:\Users\CurrentUserName\AppData\Local\Temp\* C:\Windows\Temp\* C:\Windows\SystemTemp\* EmptyTemp: End::