content copied
content
Start
CreateRestorePoint:
CloseProcesses:
C:\Users\Aarya\Downloads\monochrome-main
2026-05-13 13:57 - 2026-05-13 13:57 - 000000000 ____D C:\Users\Aarya\AppData\Roaming\RenPy
Task: {BD31B8EF-CCBA-443E-9ED0-90F46E819614} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {87555B29-C0C2-44E3-87F3-A0BD06278F9E} - System32\Tasks\Microsoft\Windows\UNP\RunUpdateNotificationMgr => %windir%\System32\UNP\UpdateNotificationMgr.exe (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {3374D82D-1AF9-41EF-B2F6-E959C1ABFD1F} - System32\Tasks\Opera scheduled Autoupdate 1722873798 => C:\Users\Aarya\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask --bypasslauncher $(Arg0) (No File)
S3 EAAntiCheat; system32\drivers\eaanticheat.sys (No File)
2026-04-30 00:06 - 2026-04-30 00:32 - 000106532 _____ C:\Users\Aarya\AppData\LocalLow\3b134b0229d1e4f9a036e373d9acafdd32aca4707630f2a0e885552d4e60f7d1
2026-04-30 00:06 - 2026-04-30 00:32 - 000000866 _____ C:\Users\Aarya\AppData\LocalLow\1ca3cab3f6d39e649cdb90f90e5a32568a4d0ec83ea62503f7c497702c5d625e
2026-04-21 19:11 - 2026-04-21 19:11 - 000002264 _____ C:\Users\Aarya\AppData\LocalLow\556f0a9c93a39f8b03bd2eb9b56d5fbc5cbe3063ef944275f2a78c1f4aded7ee
2026-05-15 11:46 - 2025-10-23 14:10 - 000000298 _____ C:\Users\Aarya\AppData\LocalLow\a1e8d076e04782710566f0a50ede2eb728036a4e5254c3765b41339058e5c82b
2026-05-15 11:45 - 2025-03-09 13:47 - 000000970 _____ C:\Users\Aarya\AppData\LocalLow\5291ca856e25057bdd7133fdcde838b46a65104150d54e75754cc2ac2bfc93cc
2026-05-13 23:35 - 2025-10-23 14:10 - 000107272 _____ C:\Users\Aarya\AppData\LocalLow\a20f9ffac6185eea45cdc2f6edf3406fa69cde6e4c78a522c1851c096d411395
2026-05-13 14:02 - 2025-08-21 16:22 - 000000130 _____ C:\Users\Aarya\AppData\LocalLow\330192cf758fa65b9ebffff54ffb84507d6779bedd16d160c6af18f4bb31aa8f
2026-05-13 14:02 - 2025-03-09 13:44 - 000000130 _____ C:\Users\Aarya\AppData\LocalLow\b163e9a4f0592f0cf5d77e1865f44228d397334030e246aa162719fd6c655a78
2026-05-13 13:35 - 2025-09-24 12:55 - 000000130 _____ C:\Users\Aarya\AppData\LocalLow\d11ebb076508aa50a3d2faa980695ffe7a5ea610206dcda5218111ff71848228
2026-05-13 13:30 - 2025-06-03 00:12 - 000005904 _____ C:\Users\Aarya\AppData\LocalLow\dbe9a95cb9eb3488fa240b72a222ee2f5d92c35587487b1d45753b2aec3d5604
2026-05-13 13:30 - 2025-06-03 00:12 - 000000026 _____ C:\Users\Aarya\AppData\LocalLow\ed20a50ac82d75a6a3cfdbc0b3b3f54c78594c8adc25560ddabfbb3273336c97
2026-05-13 13:27 - 2025-05-07 20:01 - 000043397 _____ C:\Users\Aarya\AppData\LocalLow\b6c528315096fe6afd382565e6befdc6febedd764422cd13758643885801dc77
2026-05-13 13:27 - 2025-05-07 20:01 - 000000130 _____ C:\Users\Aarya\AppData\LocalLow\cb9bcbe24cb52282c1aec7f8313bdd1943b1d304515495bb1a09780b81f970bd
2026-05-13 09:48 - 2025-10-23 14:10 - 000798208 _____ C:\Users\Aarya\AppData\LocalLow\34d4ef994047023705032a1d0dcba02963df12e397efe860233cc852f0c78fa9
2026-05-12 17:12 - 2025-03-09 13:47 - 000471717 _____ C:\Users\Aarya\AppData\LocalLow\e8ae55ca6b757eb4e1f024fe929b2ef8059832b4d41dcdd1854d8046cc4f47e5
2026-05-07 22:13 - 2025-03-09 13:49 - 000131130 _____ C:\Users\Aarya\AppData\LocalLow\d5d0092b7630813696f5dc48693d894040aec1473a1d96f56edcf7ae7b81f2ee
2026-05-06 00:51 - 2025-10-21 16:26 - 000145846 _____ C:\Users\Aarya\AppData\LocalLow\288d56e257136006d94637c075187553821535604738df4429075f6cad33d6ff
2026-05-06 00:51 - 2025-10-21 16:26 - 000000130 _____ C:\Users\Aarya\AppData\LocalLow\8e713be81b220b91b81de81c2739620423f714f9c58bc40277fb93f9b88df9ff
2026-05-06 00:51 - 2025-10-21 16:26 - 000000130 _____ C:\Users\Aarya\AppData\LocalLow\08d25294d74f7c2aa1502b6bfe09c0d7e91defc2fbba6a8828e192439076ba04
2026-05-06 00:50 - 2025-10-21 16:26 - 000000130 _____ C:\Users\Aarya\AppData\LocalLow\6e6281ed6a2a8e6e001bf6fb8655d74c726264e3a6c53f66499803e3d36df576
2026-04-29 05:58 - 2025-03-09 13:48 - 000000130 _____ C:\Users\Aarya\AppData\LocalLow\39994384fd6cd236c0b6f46f39e32495f9ffc4a847f3a457aa6afad7a155da96
2026-04-28 05:44 - 2025-08-21 16:22 - 000011081 _____ C:\Users\Aarya\AppData\LocalLow\b32c1b79a9302587035344da71caa4f3087c5c984e7d99db928e6569f0b8eaa5
2026-04-21 19:11 - 2025-03-25 23:29 - 000000298 _____ C:\Users\Aarya\AppData\LocalLow\d7283aa839f308609a79d520b94bb7fd96c2dd46da59508d7056ecbece268646
2026-04-21 19:09 - 2025-03-25 23:29 - 000127162 _____ C:\Users\Aarya\AppData\LocalLow\ded135a4aba0beb2785b7c0604ca7a6d1993940f9864c77662de0ba44449a73b
2024-12-12 23:53 - 2024-12-12 23:53 - 000000048 ____R () C:\Users\Aarya\AppData\Local\A4CFF94B10893E3BD1E8E86FE2FBCDDE
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {8DDAFCC5-1E97-4216-963D-EFFEA545BC37} - System32\Tasks\Harbor Collector Ireland 14327-587-1001 => C:\Users\Aarya\AppData\Local\NEO\neo_compiler_cache\9cca17fe73fe1c2c26d8ac9fb6e81465\pythonw.exe [104280 2026-05-13] (Python Software Foundation -> Python Software Foundation) -> "C:\Users\Aarya\AppData\Local\NEO\neo_compiler_cache\9cca17fe73fe1c2c26d8ac9fb6e81465\gamelan.py" <==== ATTENTION
C:\Users\Aarya\AppData\Local\NEO\neo_compiler_cache\9cca17fe73fe1c2c26d8ac9fb6e81465
Folder: C:\Users\Aarya\AppData\Local\NEO
2026-05-13 14:00 - 2026-05-13 14:00 - 000003482 _____ C:\WINDOWS\system32\Tasks\Harbor Collector Ireland 14327-587-1001
Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NvContainerLocalSystem" /s >> "%userprofile%\desktop\NvContainerLocalSystem.txt"
cmd: type %userprofile%\desktop\NvContainerLocalSystem.txt
Folder: C:\Program Files\Common Files\EAInstaller
Folder: C:\Users\Public\XboxGamingApp
Folder: C:\WINDOWS\SecureBoot
File: C:\Program Files\Google\NearbyShare\nearby_share_launcher.exe;C:\Program Files\SmartPSSLite\SmartPSSLite.exe
File: C:\ProgramData\darawerwerdw42ds163;C:\Program Files\cpfmvvnfile163;C:\Program Files\cpfmvvnfile68;C:\Program Files\cpfmvvnfile69;C:\ProgramData\FinalDeleteFile.exe;C:\Program Files (x86)\gYqOZaev23cbc6f5ab590e02.hjx;C:\Program Files (x86)\rOiajgJH.b0G;C:\Program Files (x86)\win_prog_versions.cfg;C:\Users\Aarya\AppData\Roaming\emp.bin
CustomCLSID: HKU\S-1-5-21-2182174056-2512049449-416804587-1001_Classes\CLSID\{23B3E3D8-C162-4A8B-AB0C-0905DCB1DF19}\InprocServer32 -> C:\Users\Aarya\AppData\Local\Packages\Microsoft.PowerAutomateDesktop_8wekyb3d8bbwe\TempState\RDP\DVCPlugin\x64\Microsoft.Flow.RPA.Desktop.UIAutomation.RDP.DVC.Plugin.dll => No File
CustomCLSID: HKU\S-1-5-21-2182174056-2512049449-416804587-1001_Classes\CLSID\{6a27a1a9-7be8-1491-04ca-ee68a211c258}\localserver32 -> "C:\Program Files\Google\Play Games\current\service\Service.exe" -ToastActivated => No File
FirewallRules: [UDP Query User{EC3C8638-36F3-4C8F-A8E0-95EEAD1AE120}C:\games\ea sports fc 24\fc24.exe] => (Allow) C:\games\ea sports fc 24\fc24.exe => No File
FirewallRules: [TCP Query User{CB05FA3F-0DD3-4CAE-A0A1-0992242C61FE}C:\games\ea sports fc 24\fc24.exe] => (Allow) C:\games\ea sports fc 24\fc24.exe => No File
FirewallRules: [UDP Query User{5D612AE2-CAAA-4A33-98D0-A14DBB6E939C}C:\xboxgames\call of duty\content\sp22\sp22-cod.exe] => (Allow) C:\xboxgames\call of duty\content\sp22\sp22-cod.exe => No File
FirewallRules: [TCP Query User{D8FD29FE-0ACA-4F2F-ADC3-91ECCE6DBFED}C:\xboxgames\call of duty\content\sp22\sp22-cod.exe] => (Allow) C:\xboxgames\call of duty\content\sp22\sp22-cod.exe => No File
FirewallRules: [UDP Query User{A1D47ABA-7137-4122-A445-E7E9C0742037}C:\xboxgames\call of duty\content\sp24\sp24-cod.exe] => (Allow) C:\xboxgames\call of duty\content\sp24\sp24-cod.exe => No File
FirewallRules: [TCP Query User{37125DD2-731E-49A6-AAEA-21A76E8EC304}C:\xboxgames\call of duty\content\sp24\sp24-cod.exe] => (Allow) C:\xboxgames\call of duty\content\sp24\sp24-cod.exe => No File
FirewallRules: [UDP Query User{305C80C5-5D93-40F1-9F88-72D6AEA4BBA1}C:\xboxgames\call of duty\content\cod.exe] => (Allow) C:\xboxgames\call of duty\content\cod.exe => No File
FirewallRules: [TCP Query User{405F3290-F069-4431-B6B4-A8A5CE0A3796}C:\xboxgames\call of duty\content\cod.exe] => (Allow) C:\xboxgames\call of duty\content\cod.exe => No File
FirewallRules: [UDP Query User{72B71C17-85A7-4ADF-84C2-2E6F6500E8CA}C:\program files (x86)\steam\steamapps\common\blackmythwukong\b1\binaries\win64\b1-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\blackmythwukong\b1\binaries\win64\b1-win64-shipping.exe => No File
FirewallRules: [TCP Query User{3BAE0B5B-1AB6-4760-AFFF-EA92B6647902}C:\program files (x86)\steam\steamapps\common\blackmythwukong\b1\binaries\win64\b1-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\blackmythwukong\b1\binaries\win64\b1-win64-shipping.exe => No File
FirewallRules: [{10E111CC-AC52-4808-ADDB-01CD4B1EDD3E}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\predatorservice.inf_amd64_4175325bbd05e38a\OpenRGB.exe => No File
FirewallRules: [{717116AF-B737-4684-84E3-1D24D2775B5F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{6EB53AC7-D26A-476F-A6A6-81E8393F1A1A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{11785C8D-5291-494F-840A-4A0A4B2EBECD}C:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{A939E44B-4D59-4E1C-85CE-6755A2D2B328}C:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{F0D6664C-A3E2-4D56-8F3E-3978A731CEC5}C:\games\forza horizon 4\forzahorizon4.exe] => (Allow) C:\games\forza horizon 4\forzahorizon4.exe => No File
FirewallRules: [UDP Query User{41EEA7E6-FA0C-4AF4-8D57-3F908466206D}C:\games\forza horizon 4\forzahorizon4.exe] => (Allow) C:\games\forza horizon 4\forzahorizon4.exe => No File
FirewallRules: [TCP Query User{0A65DC70-37B9-4EE2-AAFF-C901E82098F8}C:\games\need for speed heat\needforspeedheat.exe] => (Allow) C:\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [UDP Query User{DBBC9504-F53C-4F12-9ECF-30E49214F87B}C:\games\need for speed heat\needforspeedheat.exe] => (Allow) C:\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [TCP Query User{CDDD914A-9C71-4458-A2D9-FF0A26B554B0}C:\program files\epic games\gtav\gta5.exe] => (Allow) C:\program files\epic games\gtav\gta5.exe => No File
FirewallRules: [UDP Query User{E5050AEA-3729-4D53-A787-8D940B8DB17F}C:\program files\epic games\gtav\gta5.exe] => (Allow) C:\program files\epic games\gtav\gta5.exe => No File
FirewallRules: [TCP Query User{C9CCB52E-B857-4556-92B0-94B84BE31A7D}C:\users\aarya\downloads\anydesk.exe] => (Allow) C:\users\aarya\downloads\anydesk.exe => No File
FirewallRules: [UDP Query User{F1DA21D3-8072-4593-A429-C6A1C1B2ECD9}C:\users\aarya\downloads\anydesk.exe] => (Allow) C:\users\aarya\downloads\anydesk.exe => No File
FirewallRules: [TCP Query User{170CCCE4-28F8-414D-982F-8D35EF8002F6}C:\games\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe] => (Allow) C:\games\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe => No File
FirewallRules: [UDP Query User{E9D3BC99-EB17-4925-9B8C-2C6DF643825D}C:\games\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe] => (Allow) C:\games\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe => No File
FirewallRules: [TCP Query User{659BCAF4-E9CC-40C5-8B2E-77EA0438A0E3}C:\program files\ea games\ea sports fc 24\fc24.exe] => (Allow) C:\program files\ea games\ea sports fc 24\fc24.exe => No File
FirewallRules: [UDP Query User{677F4A0A-5DB9-4903-AF77-AEAEB4B3EEA3}C:\program files\ea games\ea sports fc 24\fc24.exe] => (Allow) C:\program files\ea games\ea sports fc 24\fc24.exe => No File
FirewallRules: [TCP Query User{9ED6CF4C-37DD-4D43-B9D4-AF6C966BA968}C:\games\far cry 6 - ultimate edition\bin\farcry6.exe] => (Block) C:\games\far cry 6 - ultimate edition\bin\farcry6.exe => No File
FirewallRules: [UDP Query User{22FBC37F-0C26-45F5-8B15-A71F1C5752BA}C:\games\far cry 6 - ultimate edition\bin\farcry6.exe] => (Block) C:\games\far cry 6 - ultimate edition\bin\farcry6.exe => No File
FirewallRules: [TCP Query User{CF1F3C79-0A9E-4888-A32C-B5F43A3DB0E3}C:\program files (x86)\steam\steamapps\common\the finals\discovery\binaries\win64\discovery.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the finals\discovery\binaries\win64\discovery.exe => No File
FirewallRules: [UDP Query User{68FE66C5-31CD-461B-B226-34766BD7D5A2}C:\program files (x86)\steam\steamapps\common\the finals\discovery\binaries\win64\discovery.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the finals\discovery\binaries\win64\discovery.exe => No File
FirewallRules: [TCP Query User{8847E29E-FA4A-40FA-B299-8FB215ED2834}C:\users\aarya\downloads\marvels_wolverine_i33\i33.exe] => (Allow) C:\users\aarya\downloads\marvels_wolverine_i33\i33.exe => No File
FirewallRules: [UDP Query User{72E94F63-70EB-4318-9984-1797DDF27346}C:\users\aarya\downloads\marvels_wolverine_i33\i33.exe] => (Allow) C:\users\aarya\downloads\marvels_wolverine_i33\i33.exe => No File
FirewallRules: [TCP Query User{DB57CF7E-6814-4485-8D7C-AADC82F39553}C:\games\uncharted legacy of thieves collection\u4.exe] => (Allow) C:\games\uncharted legacy of thieves collection\u4.exe => No File
FirewallRules: [UDP Query User{00F79E7D-F178-4D38-BD73-708FA886C430}C:\games\uncharted legacy of thieves collection\u4.exe] => (Allow) C:\games\uncharted legacy of thieves collection\u4.exe => No File
FirewallRules: [TCP Query User{0C5212CA-7A83-41F0-9B15-8CB0F304D0F8}C:\games\uncharted legacy of thieves collection\tll.exe] => (Allow) C:\games\uncharted legacy of thieves collection\tll.exe => No File
FirewallRules: [UDP Query User{45E0F6A1-3F74-4A32-8657-CAADF2B109BF}C:\games\uncharted legacy of thieves collection\tll.exe] => (Allow) C:\games\uncharted legacy of thieves collection\tll.exe => No File
FirewallRules: [{2BBD9CD9-0EFC-4AE0-BAA2-60D5B8DE0532}] => (Allow) C:\ProgramData\SoftwareDistribution\Update.exe => No File
FirewallRules: [{87C807E5-D0B2-4D39-9C4D-F311345B1B70}] => (Allow) C:\ProgramData\SoftwareDistribution\Update.exe => No File
FirewallRules: [TCP Query User{20A07156-DE51-4D9F-9648-5B3A73C67892}C:\program files\windowsapps\33134gllcapps.mirrorcast-screenmirroringtosmarttv_1.0.5.0_x64__mw8ynz2n5p6p2\openscreen\tvcast.exe] => (Allow) C:\program files\windowsapps\33134gllcapps.mirrorcast-screenmirroringtosmarttv_1.0.5.0_x64__mw8ynz2n5p6p2\openscreen\tvcast.exe => No File
FirewallRules: [UDP Query User{19CF36A5-9E12-4E23-9EE9-5A196FE0FBA9}C:\program files\windowsapps\33134gllcapps.mirrorcast-screenmirroringtosmarttv_1.0.5.0_x64__mw8ynz2n5p6p2\openscreen\tvcast.exe] => (Allow) C:\program files\windowsapps\33134gllcapps.mirrorcast-screenmirroringtosmarttv_1.0.5.0_x64__mw8ynz2n5p6p2\openscreen\tvcast.exe => No File
FirewallRules: [{ABBF9454-221A-40FE-9021-CE499EF0BB0B}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\predatorservice.inf_amd64_1602ea523ee54f88\OpenRGB.exe => No File
FirewallRules: [{37531582-A6C0-4A59-8DB6-41780E472832}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\predatorservice.inf_amd64_adc4e4bb0000b255\OpenRGB.exe => No File
FirewallRules: [{62F66512-4D77-4F09-852D-566D50F372EF}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\predatorservice.inf_amd64_d2e610f73fba748b\OpenRGB.exe => No File
FirewallRules: [TCP Query User{43DF7B73-292F-4E7D-B9DA-1BE5B029147D}C:\games\marvels spider-man 2\workspace\marvel's spider-man 2.exe] => (Allow) C:\games\marvels spider-man 2\workspace\marvel's spider-man 2.exe => No File
FirewallRules: [UDP Query User{7740C4F5-87F0-49BE-92AA-F65DD69EBAF1}C:\games\marvels spider-man 2\workspace\marvel's spider-man 2.exe] => (Allow) C:\games\marvels spider-man 2\workspace\marvel's spider-man 2.exe => No File
FirewallRules: [TCP Query User{7251CC4B-68A6-4016-82CD-D161E688A9DC}C:\games\marvels spider-man 2\workspace\remnant-win64-shipping.exe] => (Allow) C:\games\marvels spider-man 2\workspace\remnant-win64-shipping.exe => No File
FirewallRules: [UDP Query User{0597995F-031A-486A-B4D7-4514B86CCFD2}C:\games\marvels spider-man 2\workspace\remnant-win64-shipping.exe] => (Allow) C:\games\marvels spider-man 2\workspace\remnant-win64-shipping.exe => No File
FirewallRules: [TCP Query User{C28614D7-0257-451D-BE75-E50E3EEE416A}C:\games\call of duty black ops cold war\blackopscoldwar.exe] => (Allow) C:\games\call of duty black ops cold war\blackopscoldwar.exe => No File
FirewallRules: [UDP Query User{83C191FE-F28A-49CE-8284-15ED2DB8C0CA}C:\games\call of duty black ops cold war\blackopscoldwar.exe] => (Allow) C:\games\call of duty black ops cold war\blackopscoldwar.exe => No File
FirewallRules: [{669F614A-699A-49B1-96C8-9F097EB18AF1}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\predatorservice.inf_amd64_0305d86d2079f1a7\OpenRGB.exe => No File
FirewallRules: [TCP Query User{9E94DA38-2FDC-4D9A-8C54-11F2D6E3A10D}C:\program files\epic games\suicidesquadktjl\stones\binaries\win64\suicidesquad_ktjl.exe] => (Allow) C:\program files\epic games\suicidesquadktjl\stones\binaries\win64\suicidesquad_ktjl.exe => No File
FirewallRules: [UDP Query User{9FE6187B-9DD1-4441-A6F4-F5199EEF6967}C:\program files\epic games\suicidesquadktjl\stones\binaries\win64\suicidesquad_ktjl.exe] => (Allow) C:\program files\epic games\suicidesquadktjl\stones\binaries\win64\suicidesquad_ktjl.exe => No File
FirewallRules: [{40EC65AD-F16B-45F3-9B33-CA9BB670A424}] => (Allow) C:\Users\Aarya\AppData\Local\Programs\Opera\opera.exe => No File
FirewallRules: [{2FFC2017-8CF8-4A57-B748-8BB0576B4C96}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\predatorservice.inf_amd64_438f22dfe1d5b109\OpenRGB.exe => No File
FirewallRules: [TCP Query User{D15D6807-B43D-4890-B73A-651A589089E0}C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File
FirewallRules: [UDP Query User{F2BCB791-D267-4079-AFC6-A50AAE42C643}C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File
C:\WINDOWS\Temp\*
C:\WINDOWS\SystemTemp\*
C:\Users\Aarya\AppData\Local\Temp\*
StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan
New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:
StartPowershell:
# Replace /scanonly with /clean if you also want to delete items -- however, this will activate a trial license on the system, I do not recommend it
$hmpExe = "$env:TEMP\HitmanPro_x64.exe"
$logFile = "$env:TEMP\HitmanPro_ScanLog.txt"
Invoke-WebRequest -Uri "https://dl.surfright.nl/HitmanPro_x64.exe" -OutFile $hmpExe -UseBasicParsing
$proc = Start-Process $hmpExe -ArgumentList "/ews","/scanonly","/noinstall","/log=`"$logFile`"","/logtype=txt" -Wait -PassThru
if (!(Test-Path $logFile)) { Write-Host "Scan failed (exit $($proc.ExitCode))"; exit 1 }
Get-Content $logFile -Encoding Unicode
EndPowershell:
StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
$a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
$a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}
Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:
cmd: del %temp%\*.* /f /s /q
cmd: rd /s /q %temp%
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
End
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.