content copied
content
Start::
CreateRestorePoint:
CloseProcesses:
File: C:\Users\User\AppData\Local\Microsoft\NetworkService\AB6312D8\AppReadiness8bbe01.exe
HKU\S-1-5-21-3796714408-677717544-1482829437-1001\Environment\\UserInitMprLogonScript: -> C:\Users\User\AppData\Local\Microsoft\NetworkService\AB6312D8\AppReadiness8bbe01.exe
C:\Users\User\AppData\Local\Microsoft\NetworkService\AB6312D8
C:\Users\User\AppData\.my5eeesp
C:\Users\User\AppData\Roaming\vibefezakit-hkkr81
C:\Users\User\AppData\Roaming\Inchoo
HKU\S-1-5-21-3796714408-677717544-1482829437-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3796714408-677717544-1482829437-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> "C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3796714408-677717544-1482829437-1001_Classes\CLSID\{52146D8E-DB34-4318-BD40-D061EE9C05C5}\localserver32 -> "NAVER.WIN32_LINEwin8_8ptj331gd3tyt!LINE" -ToastActivated => No File
ShellIconOverlayIdentifiers: [ .WorkspaceExt0] -> {C568C78A-652C-425B-8E6B-FFA73043302D} => -> No File
ShellIconOverlayIdentifiers: [ .WorkspaceExt1] -> {2A6FE247-5DA3-4732-9626-77820518FD77} => -> No File
ShellIconOverlayIdentifiers: [ .WorkspaceExt2] -> {FF895810-293B-464A-93F2-82D11E07EEC8} => -> No File
AlternateDataStreams: C:\WINDOWS\tracing:? [16]
AlternateDataStreams: C:\Users\User\Application Data:3d4b8b2456f4c385406842cac54e0036 [394]
AlternateDataStreams: C:\Users\User\Application Data:7157194eacc4ceca3d61a28ac714cbba [394]
AlternateDataStreams: C:\Users\User\Application Data:c637665368cfb13f2ef9a0440c199d8d [394]
AlternateDataStreams: C:\Users\User\Application Data:ec1be289b1dc3f0834b6b7f0a7240eb6 [394]
AlternateDataStreams: C:\Users\User\AppData\Roaming:3d4b8b2456f4c385406842cac54e0036 [394]
AlternateDataStreams: C:\Users\User\AppData\Roaming:7157194eacc4ceca3d61a28ac714cbba [394]
AlternateDataStreams: C:\Users\User\AppData\Roaming:c637665368cfb13f2ef9a0440c199d8d [394]
AlternateDataStreams: C:\Users\User\AppData\Roaming:ec1be289b1dc3f0834b6b7f0a7240eb6 [394]
FirewallRules: [{A6A323EF-268A-43CC-B883-1ED18A333E8F}] => (Allow) C:\Users\User\AppData\Local\Temp\ACFL\ACSetup\ACSetup.exe => No File
FirewallRules: [{66D3D8BB-D5C9-47AE-931D-9FC585125B22}] => (Allow) C:\Users\User\AppData\Local\Temp\ACFL\ACSetup\ACSetup.exe => No File
FirewallRules: [{599E467F-D50B-43ED-AFE0-87BF162EA682}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{C47A6B7B-21C4-47C1-B633-60C6026C6256}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{8DC7B381-7F11-4044-97E2-076392456266}C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File
FirewallRules: [UDP Query User{EECDB67E-8010-4852-B83C-F744A9991E77}C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File
FirewallRules: [TCP Query User{EEE0A1FE-1BBB-4CE5-99C1-918BEE1B9758}C:\game\warhammer.40000.space.marine.2.v4.5.0.1\game\client_pc\root\bin\pc\warhammer 40000 space marine 2 - retail.exe] => (Allow) C:\game\warhammer.40000.space.marine.2.v4.5.0.1\game\client_pc\root\bin\pc\warhammer 40000 space marine 2 - retail.exe => No File
FirewallRules: [UDP Query User{7AD2FC62-46D0-44AE-8FE8-525C379AF58D}C:\game\warhammer.40000.space.marine.2.v4.5.0.1\game\client_pc\root\bin\pc\warhammer 40000 space marine 2 - retail.exe] => (Allow) C:\game\warhammer.40000.space.marine.2.v4.5.0.1\game\client_pc\root\bin\pc\warhammer 40000 space marine 2 - retail.exe => No File
FirewallRules: [TCP Query User{B808E653-2213-4C6E-8FB1-554A006EC253}C:\games\kingdomcomedeliverance2\bin\win64mastermastersteampgo\kingdomcome.exe] => (Allow) C:\games\kingdomcomedeliverance2\bin\win64mastermastersteampgo\kingdomcome.exe => No File
FirewallRules: [UDP Query User{52812351-7E6D-4DEA-91BB-904D81B6439C}C:\games\kingdomcomedeliverance2\bin\win64mastermastersteampgo\kingdomcome.exe] => (Allow) C:\games\kingdomcomedeliverance2\bin\win64mastermastersteampgo\kingdomcome.exe => No File
FirewallRules: [TCP Query User{E0B4E9CB-2ADB-4F98-9239-530BFBD7B928}C:\program files (x86)\steam\steamapps\common\palworld\pal\binaries\win64\palworld-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\palworld\pal\binaries\win64\palworld-win64-shipping.exe => No File
FirewallRules: [UDP Query User{2194DCD7-ECEE-4D15-9D3A-BB78DBE18CC0}C:\program files (x86)\steam\steamapps\common\palworld\pal\binaries\win64\palworld-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\palworld\pal\binaries\win64\palworld-win64-shipping.exe => No File
FirewallRules: [TCP Query User{135F18BC-6481-4EB4-BB51-1CB8735D1912}C:\game\the lord of the rings return to moria\moria\binaries\win64\moria-win64-shipping.exe] => (Allow) C:\game\the lord of the rings return to moria\moria\binaries\win64\moria-win64-shipping.exe => No File
FirewallRules: [UDP Query User{EE562BEE-8863-4477-96BE-EE8A28D930E5}C:\game\the lord of the rings return to moria\moria\binaries\win64\moria-win64-shipping.exe] => (Allow) C:\game\the lord of the rings return to moria\moria\binaries\win64\moria-win64-shipping.exe => No File
FirewallRules: [TCP Query User{410DEB1E-C07B-4636-9CBA-02157704335B}C:\xboxgames\chivalry 2\content\tbl\binaries\wingdk\chivalry2-wingdk-shipping.exe] => (Allow) C:\xboxgames\chivalry 2\content\tbl\binaries\wingdk\chivalry2-wingdk-shipping.exe => No File
FirewallRules: [UDP Query User{4A841791-7932-4A3C-BAC4-AE08B00FCE0E}C:\xboxgames\chivalry 2\content\tbl\binaries\wingdk\chivalry2-wingdk-shipping.exe] => (Allow) C:\xboxgames\chivalry 2\content\tbl\binaries\wingdk\chivalry2-wingdk-shipping.exe => No File
FirewallRules: [TCP Query User{B48C3C23-AC00-4FEC-A9C0-720E67360573}C:\xboxgames\orcs must die! deathtrap\content\omdd\binaries\wingdk\omdd-wingdk-shipping.exe] => (Allow) C:\xboxgames\orcs must die! deathtrap\content\omdd\binaries\wingdk\omdd-wingdk-shipping.exe => No File
FirewallRules: [UDP Query User{CB154560-2BEF-4201-8B50-DB98E6AFCC8E}C:\xboxgames\orcs must die! deathtrap\content\omdd\binaries\wingdk\omdd-wingdk-shipping.exe] => (Allow) C:\xboxgames\orcs must die! deathtrap\content\omdd\binaries\wingdk\omdd-wingdk-shipping.exe => No File
FirewallRules: [TCP Query User{0DDB981C-9186-43BD-B256-C823C4D295D9}C:\xboxgames\ark- survival ascended\content\shootergame\binaries\wingdk\arkascended.exe] => (Allow) C:\xboxgames\ark- survival ascended\content\shootergame\binaries\wingdk\arkascended.exe => No File
FirewallRules: [UDP Query User{F98E772B-DD53-499B-B199-99A8FC5EC31C}C:\xboxgames\ark- survival ascended\content\shootergame\binaries\wingdk\arkascended.exe] => (Allow) C:\xboxgames\ark- survival ascended\content\shootergame\binaries\wingdk\arkascended.exe => No File
FirewallRules: [TCP Query User{DCBE3A0E-4F11-40D9-92EF-C3FD5BEDA94C}C:\program files (x86)\steam\steamapps\common\inzoi demo\blueclient\binaries\win64\inzoi-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\inzoi demo\blueclient\binaries\win64\inzoi-win64-shipping.exe => No File
FirewallRules: [UDP Query User{578D7CED-432F-4F28-9C7D-8BD09E25CFC9}C:\program files (x86)\steam\steamapps\common\inzoi demo\blueclient\binaries\win64\inzoi-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\inzoi demo\blueclient\binaries\win64\inzoi-win64-shipping.exe => No File
FirewallRules: [TCP Query User{01F853BB-54F7-4919-974A-D12786DA53B3}C:\xboxgames\medieval dynasty\content\medieval_dynasty\binaries\wingdk\medieval_dynasty-wingdk-shipping.exe] => (Allow) C:\xboxgames\medieval dynasty\content\medieval_dynasty\binaries\wingdk\medieval_dynasty-wingdk-shipping.exe => No File
FirewallRules: [UDP Query User{82852013-4947-4BA0-88BC-3BEEC543E66B}C:\xboxgames\medieval dynasty\content\medieval_dynasty\binaries\wingdk\medieval_dynasty-wingdk-shipping.exe] => (Allow) C:\xboxgames\medieval dynasty\content\medieval_dynasty\binaries\wingdk\medieval_dynasty-wingdk-shipping.exe => No File
FirewallRules: [TCP Query User{1C8A47B8-126A-4C35-9771-F0A2EFE1DF32}C:\xboxgames\33 immortals\content\33 immortals.exe] => (Allow) C:\xboxgames\33 immortals\content\33 immortals.exe => No File
FirewallRules: [UDP Query User{A9D4C761-FAD7-475E-8CE3-34A715A4CD83}C:\xboxgames\33 immortals\content\33 immortals.exe] => (Allow) C:\xboxgames\33 immortals\content\33 immortals.exe => No File
FirewallRules: [TCP Query User{19541DC2-ABEE-462A-ACD9-29F24B31D4B4}C:\xboxgames\starbound\content\win\starbound_server.exe] => (Allow) C:\xboxgames\starbound\content\win\starbound_server.exe => No File
FirewallRules: [UDP Query User{DA49A4ED-AC56-45FD-98C1-56C9131EB7EA}C:\xboxgames\starbound\content\win\starbound_server.exe] => (Allow) C:\xboxgames\starbound\content\win\starbound_server.exe => No File
FirewallRules: [TCP Query User{E3510B38-628C-4014-93ED-B767AFF2AA3F}C:\xboxgames\starbound\content\win\starbound.exe] => (Allow) C:\xboxgames\starbound\content\win\starbound.exe => No File
FirewallRules: [UDP Query User{F2FD7668-CAD9-47BE-A095-683CEFA5AF56}C:\xboxgames\starbound\content\win\starbound.exe] => (Allow) C:\xboxgames\starbound\content\win\starbound.exe => No File
FirewallRules: [TCP Query User{E31E61D1-B12C-4AED-9499-FFAF8D1B9CCC}C:\xboxgames\core keeper\content\corekeeper.exe] => (Allow) C:\xboxgames\core keeper\content\corekeeper.exe => No File
FirewallRules: [UDP Query User{59CB1DB1-4A2B-4F71-9D80-47B78ADFBD34}C:\xboxgames\core keeper\content\corekeeper.exe] => (Allow) C:\xboxgames\core keeper\content\corekeeper.exe => No File
FirewallRules: [TCP Query User{E2A0F37B-4DA0-42B9-9372-DE2E695540D0}C:\game\temtem swarm\temtemswarm.exe] => (Allow) C:\game\temtem swarm\temtemswarm.exe => No File
FirewallRules: [UDP Query User{C5D053CF-F3D0-4506-8CFD-96F9ADD51519}C:\game\temtem swarm\temtemswarm.exe] => (Allow) C:\game\temtem swarm\temtemswarm.exe => No File
FirewallRules: [TCP Query User{F1FD5C3D-A342-4DAC-A837-7782A4099DEE}C:\game\v rising\vrising_server\vrisingserver.exe] => (Allow) C:\game\v rising\vrising_server\vrisingserver.exe => No File
FirewallRules: [UDP Query User{8BCE40E9-2F43-47A0-B74D-4E7C0DC76FA2}C:\game\v rising\vrising_server\vrisingserver.exe] => (Allow) C:\game\v rising\vrising_server\vrisingserver.exe => No File
FirewallRules: [{E9BF26CF-54C7-441E-BBE5-D1D25041C3F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe => No File
FirewallRules: [{D6D4993B-92F4-4839-84AA-E963EF52F412}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe => No File
FirewallRules: [{92430A92-EF20-4FDA-AF18-07D4EB682800}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe => No File
FirewallRules: [{9119EB7F-0FD1-4BA0-93DB-AE71DBD0651E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe => No File
FirewallRules: [TCP Query User{AEAD7495-F42B-498F-8652-A75DCE3E82C3}C:\game\norland.v0.4472.6822.0a\game\norland.exe] => (Allow) C:\game\norland.v0.4472.6822.0a\game\norland.exe => No File
FirewallRules: [UDP Query User{74CD05E4-F9B5-490C-9B53-9E41DB5F1AD3}C:\game\norland.v0.4472.6822.0a\game\norland.exe] => (Allow) C:\game\norland.v0.4472.6822.0a\game\norland.exe => No File
FirewallRules: [{52D4FEAD-5E98-4102-A0A0-B1EFD352157F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Albion Online\launcher\AlbionLauncher.exe => No File
FirewallRules: [{C7E9DEAB-8650-4E28-BA26-D18C37780525}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Albion Online\launcher\AlbionLauncher.exe => No File
FirewallRules: [TCP Query User{12C68EA5-C33D-4FAC-903A-F785F2A84EBC}C:\game\into.the.dead.our.darkest.days\game\intothedeadourdarkestdays.exe] => (Allow) C:\game\into.the.dead.our.darkest.days\game\intothedeadourdarkestdays.exe => No File
FirewallRules: [UDP Query User{4C0F90ED-578E-433A-9767-B227017EE611}C:\game\into.the.dead.our.darkest.days\game\intothedeadourdarkestdays.exe] => (Allow) C:\game\into.the.dead.our.darkest.days\game\intothedeadourdarkestdays.exe => No File
FirewallRules: [TCP Query User{6FB2FC70-CCF8-4C96-8C44-DFD8089418C0}C:\program files\epic games\reddeadredemption2\rdr2.exe] => (Allow) C:\program files\epic games\reddeadredemption2\rdr2.exe => No File
FirewallRules: [UDP Query User{F425C853-E4AD-4AD7-AB05-1B506CDE8FC5}C:\program files\epic games\reddeadredemption2\rdr2.exe] => (Allow) C:\program files\epic games\reddeadredemption2\rdr2.exe => No File
FirewallRules: [{60e0352e-4196-4953-9046-7b491edf15cb}] => (Allow) C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe => No File
FirewallRules: [{723363aa-e3cc-43ac-a3e4-20fae250ec62}] => (Allow) C:\Program Files\ldplayer9box\VBoxNetNAT.exe => No File
FirewallRules: [{4b6a800e-f6d5-4853-b58f-cd0af179cf63}] => (Allow) C:\LDPlayer\LDPlayer9\dnplayer.exe => No File
FirewallRules: [{59C9EC1E-AD93-4E62-9FC1-753FC307E2FE}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{5FF4B570-C457-4A68-AB6D-7A08A03089E7}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{37CF43BF-C979-4AF3-9947-B4D23036A8AA}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{C1279638-DC78-4261-BF73-95207EB77360}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe => No File
FirewallRules: [TCP Query User{7C87BB15-FA29-4FF0-82AD-34261CA7DF09}C:\game\prehistoric.kingdom.v1.10.52\game\prehistoric kingdom.exe] => (Allow) C:\game\prehistoric.kingdom.v1.10.52\game\prehistoric kingdom.exe => No File
FirewallRules: [UDP Query User{98826F5A-E33C-4224-B87F-849BBF460828}C:\game\prehistoric.kingdom.v1.10.52\game\prehistoric kingdom.exe] => (Allow) C:\game\prehistoric.kingdom.v1.10.52\game\prehistoric kingdom.exe => No File
FirewallRules: [TCP Query User{3A4F489C-34DF-446E-8E91-EAD91256D287}C:\program files (x86)\steam\steamapps\common\vrising\vrising_server\vrisingserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\vrising\vrising_server\vrisingserver.exe => No File
FirewallRules: [UDP Query User{25248F20-5F95-4578-91A1-9297C3E65E4D}C:\program files (x86)\steam\steamapps\common\vrising\vrising_server\vrisingserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\vrising\vrising_server\vrisingserver.exe => No File
FirewallRules: [TCP Query User{63C20965-F34E-44FB-89AC-9105EC9F3B40}C:\xboxgames\eiyuden chronicle- hundred heroes\content\eiyudenchronicle.exe] => (Allow) C:\xboxgames\eiyuden chronicle- hundred heroes\content\eiyudenchronicle.exe => No File
FirewallRules: [UDP Query User{9EEABCB2-73AD-463E-83B3-63BE034F4550}C:\xboxgames\eiyuden chronicle- hundred heroes\content\eiyudenchronicle.exe] => (Allow) C:\xboxgames\eiyuden chronicle- hundred heroes\content\eiyudenchronicle.exe => No File
FirewallRules: [TCP Query User{8BDBF60C-3A5B-4E01-8A55-7DC04779F47A}C:\game\dinkum.v2025.05.20\dinkum\dinkum.exe] => (Allow) C:\game\dinkum.v2025.05.20\dinkum\dinkum.exe => No File
FirewallRules: [UDP Query User{1387E722-2F52-4221-B59E-4E231AC47731}C:\game\dinkum.v2025.05.20\dinkum\dinkum.exe] => (Allow) C:\game\dinkum.v2025.05.20\dinkum\dinkum.exe => No File
FirewallRules: [TCP Query User{8496BB65-7600-487F-9333-EE8A10F0A6DA}C:\xboxgames\the elder scrolls iv- oblivion remastered\content\oblivionremastered\binaries\wingdk\oblivionremastered-wingdk-shipping.exe] => (Allow) C:\xboxgames\the elder scrolls iv- oblivion remastered\content\oblivionremastered\binaries\wingdk\oblivionremastered-wingdk-shipping.exe => No File
FirewallRules: [UDP Query User{F5458EBA-DFB4-465C-BDE7-2A4F14F81C39}C:\xboxgames\the elder scrolls iv- oblivion remastered\content\oblivionremastered\binaries\wingdk\oblivionremastered-wingdk-shipping.exe] => (Allow) C:\xboxgames\the elder scrolls iv- oblivion remastered\content\oblivionremastered\binaries\wingdk\oblivionremastered-wingdk-shipping.exe => No File
FirewallRules: [TCP Query User{CA7E1654-E062-4D2D-A60A-07E83F28343D}C:\games\borderlands 3\oakgame\binaries\win64\borderlands3.exe] => (Allow) C:\games\borderlands 3\oakgame\binaries\win64\borderlands3.exe => No File
FirewallRules: [UDP Query User{70237408-7B7A-45D5-BB49-E1553C718F27}C:\games\borderlands 3\oakgame\binaries\win64\borderlands3.exe] => (Allow) C:\games\borderlands 3\oakgame\binaries\win64\borderlands3.exe => No File
FirewallRules: [{CC922625-0484-448A-B4B8-BC8664DB7270}] => (Allow) C:\Game\EA SPORTS FC 25\EAAntiCheat.GameServiceLauncher.exe => No File
FirewallRules: [{9DDED3D9-BFFD-4C4B-83DE-84EB1E489601}] => (Allow) C:\Game\EA SPORTS FC 25\EAAntiCheat.GameServiceLauncher.exe => No File
FirewallRules: [TCP Query User{35F2D586-BCA2-4383-BC83-3584B2B6C9FB}C:\game\ea sports fc 25\fc25.exe] => (Allow) C:\game\ea sports fc 25\fc25.exe => No File
FirewallRules: [UDP Query User{748869E2-4C36-4D6B-A18F-B1F5F9E39191}C:\game\ea sports fc 25\fc25.exe] => (Allow) C:\game\ea sports fc 25\fc25.exe => No File
FirewallRules: [TCP Query User{FF6DA902-088C-4740-81FD-E155D25D9951}C:\game\inzoi.v0.2.0\game\blueclient\binaries\win64\inzoi-win64-shipping.exe] => (Allow) C:\game\inzoi.v0.2.0\game\blueclient\binaries\win64\inzoi-win64-shipping.exe => No File
FirewallRules: [UDP Query User{7874E100-49BA-46AB-8843-CED52B07B8C0}C:\game\inzoi.v0.2.0\game\blueclient\binaries\win64\inzoi-win64-shipping.exe] => (Allow) C:\game\inzoi.v0.2.0\game\blueclient\binaries\win64\inzoi-win64-shipping.exe => No File
FirewallRules: [{4191DEBA-AE61-41D4-A5B4-9F1656E16271}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PalServer\PalServer.exe => No File
FirewallRules: [{D0B6E929-454C-4F43-8334-8AAC8773B1D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PalServer\PalServer.exe => No File
FirewallRules: [TCP Query User{8225AA77-4AA0-46A2-BBC4-8C5917A8C7A2}C:\program files (x86)\steam\steamapps\common\palserver\pal\binaries\win64\palserver-win64-shipping-cmd.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\palserver\pal\binaries\win64\palserver-win64-shipping-cmd.exe => No File
FirewallRules: [UDP Query User{B02ECBCB-1E74-47C9-B21F-18EC58639516}C:\program files (x86)\steam\steamapps\common\palserver\pal\binaries\win64\palserver-win64-shipping-cmd.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\palserver\pal\binaries\win64\palserver-win64-shipping-cmd.exe => No File
FirewallRules: [TCP Query User{20A30357-D4A9-4A27-915E-143F2DE6BA34}C:\game\handyman.fantasy\game\handymanfantasy.exe] => (Allow) C:\game\handyman.fantasy\game\handymanfantasy.exe => No File
FirewallRules: [UDP Query User{8513D878-23CE-4C6D-A25A-D339AD955EFB}C:\game\handyman.fantasy\game\handymanfantasy.exe] => (Allow) C:\game\handyman.fantasy\game\handymanfantasy.exe => No File
FirewallRules: [TCP Query User{E423062E-6655-46A2-AAF8-94D64EB9E4D6}C:\game\quickie.v1.0.uncensored\quickie.v1.0.uncensored\quickie a love hotel story.exe] => (Allow) C:\game\quickie.v1.0.uncensored\quickie.v1.0.uncensored\quickie a love hotel story.exe => No File
FirewallRules: [UDP Query User{EB35162D-54CE-49AD-B1DC-90C0E3ACC1CC}C:\game\quickie.v1.0.uncensored\quickie.v1.0.uncensored\quickie a love hotel story.exe] => (Allow) C:\game\quickie.v1.0.uncensored\quickie.v1.0.uncensored\quickie a love hotel story.exe => No File
FirewallRules: [TCP Query User{791520F3-A4FF-4470-83E6-94F57351E009}C:\game\v-tuber\v-lover.exe] => (Allow) C:\game\v-tuber\v-lover.exe => No File
FirewallRules: [UDP Query User{710C0FBA-C01C-4AF2-B8A7-AECC47EEB0CC}C:\game\v-tuber\v-lover.exe] => (Allow) C:\game\v-tuber\v-lover.exe => No File
FirewallRules: [TCP Query User{2826E8E0-D041-481C-9A61-707BB7FEDC44}C:\game\romacticespada\re.exe] => (Allow) C:\game\romacticespada\re.exe => No File
FirewallRules: [UDP Query User{531B69B8-AC38-45B7-89DA-0C65505721ED}C:\game\romacticespada\re.exe] => (Allow) C:\game\romacticespada\re.exe => No File
FirewallRules: [{4882EDA0-4CB0-4F94-AD8F-F8EB404CE1D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Summoners War\SummonersWar.exe => No File
FirewallRules: [{9066A2DC-D98C-40BA-BB04-9BFD7C11C143}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Summoners War\SummonersWar.exe => No File
FirewallRules: [TCP Query User{17080602-D377-48D6-A1CD-FD2B32130300}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [UDP Query User{9847E6BA-7A7A-4F3A-9674-6E8182E8A048}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [TCP Query User{4C0D8A0D-4900-416D-B725-A0499312D8AF}C:\game\utorrent\dragons.dogma.2.v1.0.0.1\game\dd2.exe] => (Allow) C:\game\utorrent\dragons.dogma.2.v1.0.0.1\game\dd2.exe => No File
FirewallRules: [UDP Query User{FEAE01F7-11F7-4938-A460-B3F065D989B0}C:\game\utorrent\dragons.dogma.2.v1.0.0.1\game\dd2.exe] => (Allow) C:\game\utorrent\dragons.dogma.2.v1.0.0.1\game\dd2.exe => No File
FirewallRules: [TCP Query User{C7B3650E-4770-403D-BA2D-B76AE7B232D5}C:\game\utorrent\dragons.dogma.2.v1.0.0.1\game\runtime_il2cpp.exe] => (Allow) C:\game\utorrent\dragons.dogma.2.v1.0.0.1\game\runtime_il2cpp.exe => No File
FirewallRules: [UDP Query User{60D92875-5412-4CCE-BEB6-FC8DD03C27E8}C:\game\utorrent\dragons.dogma.2.v1.0.0.1\game\runtime_il2cpp.exe] => (Allow) C:\game\utorrent\dragons.dogma.2.v1.0.0.1\game\runtime_il2cpp.exe => No File
FirewallRules: [TCP Query User{4A8E80D9-8612-4A4B-81CD-9455ACC67AE9}C:\game\dragon dogma 2\runtime_il2cpp.exe] => (Allow) C:\game\dragon dogma 2\runtime_il2cpp.exe => No File
FirewallRules: [UDP Query User{CCAE1EF7-3C39-43B9-A52A-A4BD4F58399E}C:\game\dragon dogma 2\runtime_il2cpp.exe] => (Allow) C:\game\dragon dogma 2\runtime_il2cpp.exe => No File
FirewallRules: [TCP Query User{D54B7347-5376-48D0-9A9F-1097C52DAAF0}C:\gog games\divinity - original sin 2\defed\bin\eocapp.exe] => (Allow) C:\gog games\divinity - original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [UDP Query User{765DC432-00ED-479B-B480-E5E953D1A093}C:\gog games\divinity - original sin 2\defed\bin\eocapp.exe] => (Allow) C:\gog games\divinity - original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [TCP Query User{268C16E1-6AC5-4FEE-9450-59458AEDDC1F}C:\games\fabledom\fabledom.exe] => (Allow) C:\games\fabledom\fabledom.exe => No File
FirewallRules: [UDP Query User{7FD21B1A-5D04-4706-89C7-B0D64F9ED8A8}C:\games\fabledom\fabledom.exe] => (Allow) C:\games\fabledom\fabledom.exe => No File
FirewallRules: [TCP Query User{FCE664E9-ADDA-4445-BE92-00A3AEF4D135}C:\game\norland\norland.exe] => (Allow) C:\game\norland\norland.exe => No File
FirewallRules: [UDP Query User{B6122B40-CF3B-4D70-B132-71B1E866C49F}C:\game\norland\norland.exe] => (Allow) C:\game\norland\norland.exe => No File
FirewallRules: [{2ADF5B3D-BAA0-44B9-A84D-B7F0BFB16C02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PEAK\PEAK.exe => No File
FirewallRules: [{ADA2F1D0-BF9A-4090-A40F-C9BE418F9743}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PEAK\PEAK.exe => No File
FirewallRules: [TCP Query User{A3C326C4-B5BF-42F2-9883-D0CC80291E46}C:\game\five.hearts.under.one.roof.v2024.12.17\milkgame.exe] => (Allow) C:\game\five.hearts.under.one.roof.v2024.12.17\milkgame.exe => No File
FirewallRules: [UDP Query User{3027A126-7759-4C97-966D-E2A9D4EA63D4}C:\game\five.hearts.under.one.roof.v2024.12.17\milkgame.exe] => (Allow) C:\game\five.hearts.under.one.roof.v2024.12.17\milkgame.exe => No File
FirewallRules: [TCP Query User{C01C9B54-EC4C-4515-876D-6317D21023E6}C:\game\grounded.2\game\augusta\binaries\wingrts\grounded2-wingrts-shipping.exe] => (Allow) C:\game\grounded.2\game\augusta\binaries\wingrts\grounded2-wingrts-shipping.exe => No File
FirewallRules: [UDP Query User{00EBAFC1-DEFF-4FF2-BAEE-11E0F86442F9}C:\game\grounded.2\game\augusta\binaries\wingrts\grounded2-wingrts-shipping.exe] => (Allow) C:\game\grounded.2\game\augusta\binaries\wingrts\grounded2-wingrts-shipping.exe => No File
FirewallRules: [TCP Query User{0FCA1789-492C-458A-8C66-8FB7BE048E09}C:\game\wandering.sword.v1.24.30\game\wandering sword\wandering_sword\binaries\win64\jh-win64-shipping.exe] => (Allow) C:\game\wandering.sword.v1.24.30\game\wandering sword\wandering_sword\binaries\win64\jh-win64-shipping.exe => No File
FirewallRules: [UDP Query User{4A25941B-5395-424E-A9CB-C305CA538E66}C:\game\wandering.sword.v1.24.30\game\wandering sword\wandering_sword\binaries\win64\jh-win64-shipping.exe] => (Allow) C:\game\wandering.sword.v1.24.30\game\wandering sword\wandering_sword\binaries\win64\jh-win64-shipping.exe => No File
FirewallRules: [TCP Query User{2B058194-3886-4D76-B94C-17D6C4C7ABF9}C:\game\frosthaven.v0.10\game\frosthaven.exe] => (Allow) C:\game\frosthaven.v0.10\game\frosthaven.exe => No File
FirewallRules: [UDP Query User{FE0DCF4C-BF36-4EE6-8FC7-5C51FD01D095}C:\game\frosthaven.v0.10\game\frosthaven.exe] => (Allow) C:\game\frosthaven.v0.10\game\frosthaven.exe => No File
FirewallRules: [{1E3EF113-CBBE-41B9-AE82-E93BF556C13D}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [{15756A54-0770-42F9-820D-C494CB7CB05E}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [TCP Query User{9BA24ED1-F6D5-46B5-AAAC-FF07EF6F5D12}C:\game\enshrouded.v2025.07.17\game\enshrouded.exe] => (Allow) C:\game\enshrouded.v2025.07.17\game\enshrouded.exe => No File
FirewallRules: [UDP Query User{FB4DB95D-173E-4B97-B9E0-A1AFE6454C3A}C:\game\enshrouded.v2025.07.17\game\enshrouded.exe] => (Allow) C:\game\enshrouded.v2025.07.17\game\enshrouded.exe => No File
FirewallRules: [TCP Query User{47523C69-4A22-47AD-990F-B2B5264B7D61}C:\games\dragon's dogma 2\runtime_il2cpp.exe] => (Allow) C:\games\dragon's dogma 2\runtime_il2cpp.exe => No File
FirewallRules: [UDP Query User{88D98B34-4997-4991-8F50-E05CC9D4DF41}C:\games\dragon's dogma 2\runtime_il2cpp.exe] => (Allow) C:\games\dragon's dogma 2\runtime_il2cpp.exe => No File
FirewallRules: [TCP Query User{15535D26-D52C-4A7C-B904-7024076154CA}C:\games\dragon's dogma 2\dd2.exe] => (Allow) C:\games\dragon's dogma 2\dd2.exe => No File
FirewallRules: [UDP Query User{659FBB3B-7436-4340-BA98-9760D048081D}C:\games\dragon's dogma 2\dd2.exe] => (Allow) C:\games\dragon's dogma 2\dd2.exe => No File
FirewallRules: [{CED08BC7-0C75-4D27-A429-8A19AF905B82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Palworld\Palworld.exe => No File
FirewallRules: [{4DDAB853-A0C4-43CC-960C-DE04870DCF2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Palworld\Palworld.exe => No File
FirewallRules: [{CB877769-3834-444A-96BE-5FE629603B3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe => No File
FirewallRules: [{A5D1ECF9-47E9-4C60-BBE0-2ACE42099C74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe => No File
FirewallRules: [{C10D8DA5-4DE6-451F-A010-30A4D6AC3FB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File
FirewallRules: [{E219CE04-1AFC-474F-A214-BA5A4F7C2693}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File
FirewallRules: [{AAC5D34B-B04F-4F31-BB6D-638FD10E14F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{FB8F4758-50B8-4DA5-97B9-FC5414CFA49B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{4C12D690-9CD5-4114-B162-3EB1FA9D20B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MonsterHunterWilds\MonsterHunterWilds.exe => No File
FirewallRules: [{6F51CA79-2334-4105-949C-BBB5CC7D9AAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MonsterHunterWilds\MonsterHunterWilds.exe => No File
FirewallRules: [{BE0FA0FF-976B-4F12-8A92-4B35F5332282}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guild Wars 2\Gw2-64.exe => No File
FirewallRules: [{42BB8BB7-F247-45FE-91E4-65DA400B72C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guild Wars 2\Gw2-64.exe => No File
FirewallRules: [{5F33316F-BB14-4027-8111-9C5FEA9DC91F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER III\launcher\launcher.exe => No File
FirewallRules: [{3A3CF015-7130-4522-AEE6-106417E36615}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER III\launcher\launcher.exe => No File
FirewallRules: [{ACA4B508-411F-4832-8CF7-EA34FE912250}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER III\twmm\twmm.exe => No File
FirewallRules: [{B0D5324A-8603-42E5-A029-1118DAB086F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER III\twmm\twmm.exe => No File
FirewallRules: [{BF7F9602-F52E-49C0-B9D5-F9378A506C6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER III\Warhammer3.exe => No File
FirewallRules: [{B4C07109-CC2F-4040-B91B-FD9BFDF9A969}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER III\Warhammer3.exe => No File
FirewallRules: [{2947F381-840D-4B86-95CC-F7768DFB5272}] => (Allow) C:\Program Files (x86)\Overwolf\0.300.0.11\OverwolfBrowser.exe => No File
FirewallRules: [{C7D8F5B7-86A2-4DB1-B9F2-FD6E562CFDE2}] => (Allow) C:\Program Files (x86)\Overwolf\0.300.0.11\OverwolfBrowser.exe => No File
FirewallRules: [{C70FC885-780B-4179-90F6-E32EC428157B}] => (Block) C:\Program Files (x86)\Overwolf\0.300.0.11\OverwolfBrowser.exe => No File
FirewallRules: [{74CE1761-BCA1-47DF-91AE-439B216B4C6A}] => (Block) C:\Program Files (x86)\Overwolf\0.300.0.11\OverwolfBrowser.exe => No File
HKLM\...\Run: [Acrobat Assistant 8.0] => "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe" (No File)
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3796714408-677717544-1482829437-1001\...\Run: [AF_uuid_2426960] => 92a605ce-033b-40b1-9135-d035389bad80*********************คภ:*€*‘@3***** (No File)
HKU\S-1-5-21-3796714408-677717544-1482829437-1001\...\Run: [AF_counter_2426960] => 14* (No File)
HKU\S-1-5-21-3796714408-677717544-1482829437-1001\...\Run: [electron.app.StarLauncher] => C:\Program Files\StarLauncher\StarLauncher.exe (No File)
HKU\S-1-5-21-3796714408-677717544-1482829437-1001\...\MountPoints2: {361746f2-dccb-11ef-9e23-b2ccdc44850f} - "E:\setup.exe"
Task: {541C5B63-ECB2-4ED0-94AF-BD51517DFC86} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File)
Task: {F0ABA828-C79E-47BD-AEC5-203B160C7AD5} - System32\Tasks\MagicMic => "C:\Program Files (x86)\iMyFone MagicMic\MagicMic.exe" (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {417894F9-B540-4824-8282-D4D64F5F43AB} - System32\Tasks\SSAudioSvc32Run => "C:\Program Files\Steelseries\SS Audio\Foundation\SSAudioSvc32.exe" $(Arg0) $(Arg1) $(Arg2) $(Arg3) $(Arg4) $(Arg5) $(Arg6) $(Arg7) (No File)
Task: {2678100B-9977-4865-ABF3-1D340441CB58} - System32\Tasks\SSAudioSvc64Run => "C:\Program Files\Steelseries\SS Audio\Foundation\x64\SSAudioSvc64.exe" $(Arg0) $(Arg1) $(Arg2) $(Arg3) $(Arg4) $(Arg5) $(Arg6) $(Arg7) (No File)
S2 MEmuSVC; "C:\Program Files\Microvirt\MEmu\MemuService.exe" (No File)
S3 ace-game-0; \SystemRoot\System32\drivers\ace-game-0.sys (No File)
S3 BlackCat1; \??\C:\ProgramData\Nexon\NGS\BlackCat1.sys (No File)
S3 cpuz158; \??\C:\WINDOWS\temp\cpuz158\cpuz158_x64.sys (No File) <==== ATTENTION
S3 denuvo_denuvowo; \??\C:\Game\Crimson.Desert\game\bin64\hyperkd.sys (No File)
S3 EAAntiCheat; system32\drivers\eaanticheat.sys (No File)
U3 HtAntiCheatDriver; \??\C:\Neverness To Everness\NTEGlobal\driver\gamedriverX64.sys (No File)
S3 SDGame32; \??\C:\Game\DragonNest_Classic_Full\GPK\SDGame32.sys (No File)
2026-06-06 17:15 - 2026-06-06 17:15 - 000007209 _____ C:\Users\User\AppData\Local\9692726843
2026-05-24 23:37 - 2026-05-24 23:37 - 000000000 ____D C:\Users\User\AppData\Local\22bfc34d90b64054809542014fc9eb32
2025-07-03 00:07 - 2025-07-03 00:07 - 000000024 _____ () C:\Users\User\AppData\Roaming\C23W6Vk43XTwu662.dat
2025-11-16 18:58 - 2025-11-16 18:58 - 000000048 ____R () C:\Users\User\AppData\Local\188BCE3CCCDC93836C98C5A3A9D6221E
2026-06-06 17:15 - 2026-06-06 17:15 - 000007209 _____ () C:\Users\User\AppData\Local\9692726843
2025-01-31 21:31 - 2025-01-31 21:31 - 000000048 ____R () C:\Users\User\AppData\Local\9FD55636B000FC809BB0BB1541BF6741
StartRegedit:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableLUA"=dword:00000001
EndRegedit:
StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan
# NOTE: For the sake of users from Asia (primarily China), do not use the clean option. It will very likely remove a lot of their important software.
New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:
StartPowershell:
# Replace /scanonly with /clean if you also want to delete items -- however, this will activate a trial license on the system, I do not recommend it
$hmpExe = "$env:TEMP\HitmanPro_x64.exe"
$logFile = "$env:TEMP\HitmanPro_ScanLog.txt"
Invoke-WebRequest -Uri "https://dl.surfright.nl/HitmanPro_x64.exe" -OutFile $hmpExe -UseBasicParsing
$proc = Start-Process $hmpExe -ArgumentList "/ews","/scanonly","/noinstall","/log=`"$logFile`"","/logtype=txt" -Wait -PassThru
if (!(Test-Path $logFile)) { Write-Host "Scan failed (exit $($proc.ExitCode))"; exit 1 }
Get-Content $logFile -Encoding Unicode
EndPowershell:
CMD: netsh int ip reset
CMD: netsh int ipv6 reset
CMD: ipconfig /flushDNS
CMD: netsh winsock reset catalog
C:\Users\CurrentUserName\AppData\Local\Temp\*
C:\Windows\Temp\*
C:\Windows\SystemTemp\*
EmptyTemp:
End::
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.