content copied
content
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
2026-05-01 13:00 - 2025-11-09 14:27 - 000000000 ____D C:\Users\Ritwik\AppData\Roaming\RenPy
HKU\S-1-5-21-1744752336-2882503394-1322745430-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-1744752336-2882503394-1322745430-1001\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
2026-04-19 02:01 - 2026-04-19 02:01 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\9cb19a1029c6f402150948e6cc48c0c0beb42cc3699245f8a265b69ce8b53dfe
2026-04-14 01:33 - 2026-04-20 00:59 - 000002264 _____ C:\Users\Ritwik\AppData\LocalLow\49b3da81164a8df1348572c0f6efe7f8cad10ffbb42237352acdca8e21deac26
2026-04-14 01:33 - 2026-04-20 00:59 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\2ad54bc73863ed6a045d2e264fa49c48fc86eec1db8a817ef26bc4b0057f244c
2026-04-08 22:21 - 2026-04-08 22:23 - 000235990 _____ C:\Users\Ritwik\AppData\LocalLow\412c8682ec19256a969faafd5b746591002cc3b194b39cd52dc5b037cce5d24e
2026-04-08 22:21 - 2026-04-08 22:21 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\d0eb21322df9e89b438b302a4cf9595f952c1572d64c12583c18b7204a897983
2026-04-05 12:27 - 2026-04-05 12:27 - 000002264 _____ C:\Users\Ritwik\AppData\LocalLow\f43580a169fa868dc0ff51b75871df5c2606005f14fc44f71b93903ae95a2853
2026-04-05 12:25 - 2026-04-05 12:44 - 000039006 _____ C:\Users\Ritwik\AppData\LocalLow\74fda657e427bcbaa46951ef6c921e1ed35a3ff2b7708d7471c82228041fb2a0
2026-04-05 12:25 - 2026-04-05 12:25 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\ed53ee351a0cfcb662024b7a838aa7e258a4e67990e523776867fd325c52169d
2026-05-02 11:15 - 2026-01-02 16:35 - 000448485 _____ C:\Users\Ritwik\AppData\LocalLow\069b0a48c1623ae1a157c67c0b3f48f1a47b32fb0dc4684fb440627dd324aaea
2026-05-01 21:24 - 2025-06-02 22:17 - 000071438 _____ C:\Users\Ritwik\AppData\LocalLow\5874033d8848b89a3a42cc7c7ba641caf8030e491e02fecf98d61e0054f2db53
2026-05-01 21:24 - 2025-06-01 19:21 - 000106512 _____ C:\Users\Ritwik\AppData\LocalLow\6c51b24d5e620a3b38c019d599c60abdcb04cc588da041d559f12db3b9aa7231
2026-05-01 12:54 - 2025-12-17 10:17 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\76e74a11e7e80abf9c9dc6c3f737a097629746385ec89a18f97f4498fb0b9b4f
2026-05-01 12:52 - 2025-06-13 18:53 - 000101127 _____ C:\Users\Ritwik\AppData\LocalLow\63ba0d7e9b061e0fcb503a73f904969e247285bb506818bb786d451b689e764b
2026-05-01 11:21 - 2025-05-30 19:41 - 000584729 _____ C:\Users\Ritwik\AppData\LocalLow\444ae8df6c3eb5bac98a8012da6936a9e1692aec96674d5e35048e766a134401
2026-04-30 12:04 - 2025-06-01 19:21 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\ec1fec5fcf09cb6a07bf20445e7a460af2c397b6f555f2ac05e6bc586c85dcff
2026-04-29 21:44 - 2025-05-31 20:33 - 000126161 _____ C:\Users\Ritwik\AppData\LocalLow\a4355e543859e11155aa36343cb9a478aa43677a3cf49dbaa2f3188b491112e2
2026-04-23 13:34 - 2025-05-30 22:46 - 000013968 _____ C:\Users\Ritwik\AppData\LocalLow\d1da861cfea1cac516d687c4eeb2e63417682e6e3bc86f4849c4eca970424676
2026-04-23 13:34 - 2025-05-30 22:46 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\33c19af634bd05f68ca3e11de70fa9347050eb01b3671331e4148f646481fe66
2026-04-22 20:26 - 2026-01-02 16:35 - 000101032 _____ C:\Users\Ritwik\AppData\LocalLow\218800681cfc0a00492572007cf461307c5939d6cdfa5fa0ee2a4d7e2bd39eaa
2026-04-22 00:42 - 2025-05-30 19:41 - 000040485 _____ C:\Users\Ritwik\AppData\LocalLow\e2bbadacf1ebe636c8a962cb58fd71668d8327fdec02cb6818d1bf77b93fdb27
2026-04-22 00:41 - 2025-05-31 20:33 - 000061395 _____ C:\Users\Ritwik\AppData\LocalLow\b9868619e61c43fb4bd373fb6e2a7a69cca96447ff1c79018c02c8454e512541
2026-04-19 04:32 - 2025-05-30 19:41 - 000002264 _____ C:\Users\Ritwik\AppData\LocalLow\36de1d655807d7d4de3c912d414a94770d5afa0bdf33ec934efe3b3f38262c8e
2026-04-19 03:30 - 2026-01-02 16:37 - 000002264 _____ C:\Users\Ritwik\AppData\LocalLow\8483d028e4e6c8520cdd5eb126943ce3390329758c7b1b6169ef993a3b723bc5
2026-04-19 03:28 - 2025-09-20 13:02 - 000000387 _____ C:\Users\Ritwik\AppData\LocalLow\fc1b3daa3a5935df72a6e922ea369b14bfd1b189524f4a6a8e73cc0500dd60f5
2026-04-19 03:28 - 2025-09-20 13:02 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\30f982edec307910d5311bf528c7055ee0889f77a1d09499e2383f5b25398d3b
2026-04-19 03:28 - 2025-07-19 17:18 - 000005722 _____ C:\Users\Ritwik\AppData\LocalLow\9eb419fab32106cb8e5e9df72275f12954da25af3f13498b895b5b11aa62678a
2026-04-19 03:28 - 2025-07-19 17:18 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\54db3870de9d619410c0b4c62c924b82e18168667a54b53722c22dd05d137788
2026-04-19 03:27 - 2025-05-30 19:41 - 000023673 _____ C:\Users\Ritwik\AppData\LocalLow\b873c210c36749049258f11705a5002e997fde062cf81f03128278aa8df77f88
2026-04-19 03:26 - 2025-05-30 19:41 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\45d9bc1771f021215fd58e1fa6334ccf5e63e3ce3ccbbaba30b8115ff426df36
2026-04-19 02:43 - 2025-05-30 19:49 - 000021046 _____ C:\Users\Ritwik\AppData\LocalLow\1ac32bdaa910373b08623e2f8ac02a7ae0e02c3b5ded8a0f19ed9b596d820731
2026-04-19 02:02 - 2025-05-30 19:49 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\a6b1ec24a79ca183699c89a8241252ed2a115484f78eebc57006b45796c182ce
2026-04-19 02:01 - 2025-06-30 03:37 - 000005730 _____ C:\Users\Ritwik\AppData\LocalLow\fcfb8348572124bee15e209f3ee42237c5a731389aded41d306d11c55db26b81
2026-04-19 02:01 - 2025-06-30 03:37 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\576bf79226144da7523ab7fa90e4dc52d5ff7f052fec52952fe2e83df70d4e0b
2026-04-19 02:01 - 2025-05-31 20:33 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\fa843ff916bc2b72dedd62e0a8a8b7d106bc8cb56307d8b4bcfb2287596cf88e
2026-04-18 22:52 - 2025-06-30 19:38 - 000002264 _____ C:\Users\Ritwik\AppData\LocalLow\95b4c935841fa04f4c3305aa2ddda7ed34363f77484c01e31cba8f6a58e4fb3f
2026-04-18 18:59 - 2025-05-31 08:35 - 000005721 _____ C:\Users\Ritwik\AppData\LocalLow\b48cecc6268e2c7b324889236e9354be4acd654476f082c7fbf3eb2a340c9539
2026-04-18 18:59 - 2025-05-31 08:35 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\07a724a0ca1e12f829f94e939f6adbfcc0e239f69839ff46f72e3f077b6e7c9b
2026-04-17 21:32 - 2025-06-01 19:21 - 000002264 _____ C:\Users\Ritwik\AppData\LocalLow\1f456c6970fa8087758ce40ade9202d084dbce5ec8390a0015b9a092b18ad1ef
2026-04-17 21:32 - 2025-06-01 19:21 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\08a42095ab06d3e989b94fda345fba4534d1e7069fdf4e8ae9eaefdbcdcf1dfe
2026-04-17 19:56 - 2025-06-13 18:53 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\219e8b429a2e9a10bc2bb8ff2606bd6e99899b3a7b05345aedf13291e924313c
2026-04-17 08:01 - 2025-05-30 20:02 - 000012657 _____ C:\Users\Ritwik\AppData\LocalLow\2f7cd5209a89cc96f7bba785511d16371daa6d16fbc9ac5290c6b1ae290b0baa
2026-04-17 08:01 - 2025-05-30 20:02 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\777e2bdca0cde8921983a3ad68d2e40112eb0517da86035cd17ab456fa2369d9
2026-04-17 07:58 - 2025-05-30 20:08 - 000108265 _____ C:\Users\Ritwik\AppData\LocalLow\9cca3975b64d55770e59a0eb70aa892842fe72b556b2fc16a95f1d067efdb1fe
2026-04-17 07:58 - 2025-05-30 20:08 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\5b6f4e44e70c040d9af28063bd2458b104b3b929aea384567be3f59136220dd1
2026-04-16 23:55 - 2025-05-30 19:41 - 000007618 _____ C:\Users\Ritwik\AppData\LocalLow\59391489520f9ff84194f71ff86bb98892a3a459ef0cbc0281d0c06c10a3a689
2026-04-16 23:55 - 2025-05-30 19:41 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\6fb93dbea7be2b9e574201807dd10a4496e6bede827df0d2f24ee20e113237e0
2026-04-16 23:08 - 2025-05-30 19:41 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\23badf405a2774b14138e141f928153d5f8634e90c5a51122c16414c0ab03fc3
2026-04-16 23:07 - 2025-06-02 10:26 - 000005724 _____ C:\Users\Ritwik\AppData\LocalLow\81243dbc415e7bd346864946829a5da9244de1ba42ddebf2ac8c9a7c5d419c2c
2026-04-16 23:07 - 2025-06-02 10:26 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\5782cc34b5244fe4ac8701da3c1bdc26dd3de359991cb3def55ff33b93e98e7f
2026-04-16 22:52 - 2025-06-30 03:37 - 000005732 _____ C:\Users\Ritwik\AppData\LocalLow\29760d04b6b9c53061fe27aee62251f438a69e6e5223aa9b13672b38c5f1f192
2026-04-16 22:52 - 2025-06-30 03:37 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\e76211ab8af3fbaab4b9326ad35b0a00969d95d0a64da56eb4ac7de2ee6b0277
2026-04-16 22:52 - 2025-06-02 22:17 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\87db5a622c5572fe0d506cbbca67ce8cf109bd29c9ff11e1632366ff84956360
2026-04-16 22:52 - 2025-05-31 20:33 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\7ace7f062d3dd156df43abad279cbd14955ff807e9a54c7e6a7f69996f098f47
2026-04-16 22:52 - 2025-05-30 19:41 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\0bdd92fa3f1683bb286b3c4e1552250d8fbe475def5df97bb184d34e04055e09
2026-04-16 22:51 - 2026-01-02 16:35 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\6cb790d1401a1e81683e55b6b90440677f00cb81e1a6de8c7142a8f48ae18e5c
2026-04-16 22:51 - 2026-01-02 16:35 - 000000026 _____ C:\Users\Ritwik\AppData\LocalLow\13686f649d3f67556a1d366cb837ac7f429b9a3b60b97fdcf68ef29dc969b67e
2026-04-15 11:43 - 2025-08-11 18:47 - 000171812 _____ C:\Users\Ritwik\AppData\LocalLow\f2fc46c3d689e28e4b07f0feecd09a37e634fb21daab59981e2fdc37629bbc6c
CustomCLSID: HKU\S-1-5-21-1744752336-2882503394-1322745430-1001_Classes\CLSID\{e5b04800-afd9-5b5a-db55-8fd85fdf65ad}\localserver32 -> "C:\Program Files\Samsung\SamsungDeviceCare\Samsung Device Care.exe" -ToastActivated => No File
FirewallRules: [{AB77E357-FA14-418F-80CB-E10B7166704F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{1AF955B2-10FF-4858-925B-48949786CCB8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{739AC7A6-56E8-417E-B678-577476BAEFCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe => No File
FirewallRules: [{3676597B-FBB9-492F-82CD-AF6180F23141}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe => No File
FirewallRules: [TCP Query User{9573FE36-D29D-42FB-AEEB-4740A2BCD40F}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe => No File
FirewallRules: [UDP Query User{10CFC1D9-4ED7-4F27-B56C-E6048D7B3C73}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe => No File
FirewallRules: [{F8E6286C-DE2C-4D2B-B068-386A2E2E8729}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Split Fiction\Split\Binaries\Win64\SplitFiction.exe => No File
FirewallRules: [{5BEB3B45-4493-4A00-8173-524F98B3F8D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Split Fiction\Split\Binaries\Win64\SplitFiction.exe => No File
FirewallRules: [TCP Query User{54D96804-7DE3-4931-85D4-F4DCEA54B472}C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe => No File
FirewallRules: [UDP Query User{C149A277-B40D-4318-8C0F-B16C0BEA2C9D}C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe => No File
FirewallRules: [TCP Query User{5ADD3131-3933-4B09-BFD9-306E691BEBB8}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe => No File
FirewallRules: [UDP Query User{8784B9C1-3983-4906-BD79-F11E95B771F3}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe => No File
FirewallRules: [TCP Query User{658E563C-3C57-4B25-98F7-001C4FDD0C73}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe => No File
FirewallRules: [UDP Query User{22BD58A8-768A-4D39-9A13-DE6D627F5E83}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe => No File
FirewallRules: [{453A9FDC-43B7-43F8-A8AD-BD0E2EC37620}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe => No File
FirewallRules: [{D2CE1149-BEA5-4BB4-80C5-E88851D059CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe => No File
FirewallRules: [TCP Query User{DE666824-9C3A-4856-9B63-2D775EBA3576}C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe => No File
FirewallRules: [UDP Query User{A4CD1872-A821-4E2B-999C-02EB3357CA8F}C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe => No File
FirewallRules: [TCP Query User{C42DF9CE-57DA-42B4-A63C-B9942B8C4D4D}C:\xboxgames\clair obscur- expedition 33\content\sandfall\binaries\wingdk\sandfall-wingdk-shipping.exe] => (Allow) C:\xboxgames\clair obscur- expedition 33\content\sandfall\binaries\wingdk\sandfall-wingdk-shipping.exe => No File
FirewallRules: [UDP Query User{1BC6E62C-6AA6-4AA9-A175-427F031639DE}C:\xboxgames\clair obscur- expedition 33\content\sandfall\binaries\wingdk\sandfall-wingdk-shipping.exe] => (Allow) C:\xboxgames\clair obscur- expedition 33\content\sandfall\binaries\wingdk\sandfall-wingdk-shipping.exe => No File
FirewallRules: [TCP Query User{92BC4F98-2EB5-4D12-B752-165DE90398C7}C:\users\ritwik\appdata\local\discord\app-1.0.9222\discord.exe] => (Allow) C:\users\ritwik\appdata\local\discord\app-1.0.9222\discord.exe => No File
FirewallRules: [UDP Query User{37DF3044-212B-4C97-8C88-32ABF03D80D6}C:\users\ritwik\appdata\local\discord\app-1.0.9222\discord.exe] => (Allow) C:\users\ritwik\appdata\local\discord\app-1.0.9222\discord.exe => No File
FirewallRules: [TCP Query User{E5B6B06B-8EE1-4538-93C2-1DB3C8136010}C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [UDP Query User{B9433F48-EF12-4D9A-9494-EF0A7589D9F4}C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [{6AEF0F3A-A939-492D-A67B-2C89B6B51019}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\King's Quest\Binaries\Win\KingsQuest.exe => No File
FirewallRules: [{782DBDB5-DFDF-4DCA-A1FA-1A68D8A89890}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\King's Quest\Binaries\Win\KingsQuest.exe => No File
Startup: C:\Users\Ritwik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nt_shield_stable.lnk [2026-05-01] <==== ATTENTION
ShortcutTarget: nt_shield_stable.lnk -> C:\Users\Ritwik\AppData\Local\Temp\tmp-88109-p2uVDABPmv1P\2XMRehxuF.exe (Microsoft Corporation -> ) <==== ATTENTION
Task: {FEA8F03A-3E33-4783-9514-07666F9B2042} - System32\Tasks\Google Compatibility Appraiser CL_NCL_62f481f46211560d => C:\Windows\system32\conhost.exe [1003520 2026-04-14] (Microsoft Windows -> Microsoft Corporation) -> --headless C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoP -ExecutionPolicy Bypass -WindowStyle Hidden -EncodedCommand aQBmACgAIQAoAEcAZQB0AC0AUAByAG8AYwBlAHMAcwAgAHYAZABzACwAVQBzAG8AQwBsAGkAZQBuAHQAIAAtAEUAQQAgADAAKQApAHsASQBuAHYAbwBrAGUALQBSAGUAcwB0AE0AZQB0AGgAbwBkACAANwA5AC4AOAAxAD (the data entry has 142 more characters). <==== ATTENTION
Task: {463BA38D-8B59-4B28-936F-7360835CFA49} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem47.0.7703.CL_NCL_62f481f46211560d{47263A17-2D66-43B9-9692-56314D0C1AEC} => C:\Windows\system32\conhost.exe [1003520 2026-04-14] (Microsoft Windows -> Microsoft Corporation) -> --headless C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoP -ExecutionPolicy Bypass -WindowStyle Hidden -EncodedCommand aQBmACgAIQAoAEcAZQB0AC0AUAByAG8AYwBlAHMAcwAgAHYAZABzACwAVQBzAG8AQwBsAGkAZQBuAHQAIAAtAEUAQQAgADAAKQApAHsASQBuAHYAbwBrAGUALQBSAGUAcwB0AE0AZQB0AGgAbwBkACAANwA5AC4AOAAxAD (the data entry has 142 more characters). <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
2026-05-01 13:01 - 2026-05-01 13:01 - 000000000 ____D C:\ProgramData\apphub
2026-05-01 13:01 - 2026-05-01 13:01 - 000000000 ____D C:\Users\Ritwik\AppData\Roaming\apphub
2026-05-01 13:01 - 2026-05-01 13:01 - 000249168 _____ (PortableApps.com) C:\ProgramData\VirtManager86.exe
2026-05-01 13:02 - 2026-05-01 13:07 - 000004730 _____ C:\Windows\system32\Tasks\Google Compatibility Appraiser CL_NCL_62f481f46211560d
StartPowerShell:
# Enable real-time protection
Set-MpPreference -DisableRealtimeMonitoring $false
# Enable behavioural protection
Set-MpPreference -DisableBehaviorMonitoring $false
# Enable PUP detection
Set-MpPreference -PUAProtection Enabled
# Enable cloud protection to level 4 - aggressively block unknowns and apply additional protection measures, alternatively use 2 for lower protection or 0 for default
Set-MpPreference -CloudBlockLevel 4
# Send advanced information about malicious/unwanted software present on your device
Set-MpPreference -MAPSReporting 2
# Send safe samples automatically to Microsoft
Set-MpPreference -SubmitSamplesConsent 1
# Enables inspection of HTTP traffic to detect malicious websites
Set-MpPreference -EnableNetworkProtection Enabled
# Enables block at first seen
Set-MpPreference -DisableBlockAtFirstSeen $false
# Allows scanning of archive files, such as .zip and .cab files for malware/PUP
Set-MpPreference -DisableArchiveScanning $false
# Enables automatic scanning of USB & removal drives
Set-MpPreference -DisableRemovableDriveScanning $false
# Enables scanning of network files
Set-MpPreference -DisableScanningNetworkFiles $false
# Forces signature check before running a scan
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true
# Extends cloud check timer from default 10 to 30 seconds
Set-MpPreference -CloudExtendedTimeout 30
# Enables automatic scanning of all downloaded files and attachments
Set-MpPreference -DisableIOAVProtection $false
# Enables script detection
Set-MpPreference -DisableScriptScanning $false
# Disables automatic exclusions from scanning
Set-MpPreference -DisableAutoExclusions 1
# Enables scanning of mapped network drives
Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan 0
# Enables scanning of email files
Set-MpPreference -DisableEmailScanning 0
# Enables blocking of malicious domains and IP's on DNS level
Set-MpPreference -EnableDnsSinkhole $true
# Enables signature updates every 12 hours
Set-MpPreference -SignatureUpdateInterval 12
# Enables automatic quarantine for threats labelled as high and severe
Set-MpPreference -HighThreatDefaultAction Quarantine
Set-MpPreference -SevereThreatDefaultAction Quarantine
# Updates signatures
Update-MpSignature
EndPowerShell:
StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
$a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
$a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}
Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:
StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan
New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:
CMD: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Warn" /f
CMD: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d 1 /f
CMD: netsh int ip reset
CMD: netsh int ipv6 reset
CMD: ipconfig /flushDNS
CMD: netsh winsock reset catalog
C:\Users\CurrentUserName\AppData\Local\Temp\*
C:\Windows\Temp\*
C:\Windows\SystemTemp\*
EmptyTemp:
End::
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.