content copied
content
Start
CreateRestorePoint:
CloseProcesses:
IE trusted site: HKU\S-1-5-21-2005884574-2845769440-1914724762-1001\...\webcompanion.com -> hxxp://webcompanion.com
C:\Users\ZainA\AppData\Local\Google\Chrome\User Data\Default\Extensions\acgfgghhilpekhphlbmenhhnnhhhafnf
C:\Users\ZainA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo
C:\Users\ZainA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhcmdonhekjhfbjmeacdjbhlfgpjabp
C:\Users\ZainA\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\mfhcmdonhekjhfbjmeacdjbhlfgpjabp
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [mfhcmdonhekjhfbjmeacdjbhlfgpjabp]
2026-04-09 23:38 - 2026-04-09 23:38 - 000000000 ____D C:\Users\ZainA\AppData\Roaming\RenPy
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {50DF70E5-3A17-4343-ACF0-00604CC06DA2} - no filepath. <==== ATTENTION
Task: {7915FD70-5057-451F-9ADF-FD410AD68C6A} - no filepath. <==== ATTENTION
Task: {D5853FA7-B3F5-4A90-9F63-00172AF2FAE5} - no filepath. <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2005884574-2845769440-1914724762-1001_Classes\CLSID\{04d5c66b-d515-61ec-258f-a409f9443e98}\localserver32 -> "C:\Program Files\Proton\VPN\v3.0.7\ProtonVPN.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2005884574-2845769440-1914724762-1001_Classes\CLSID\{89b2b650-c4dd-d68b-46e7-3176f1973c8b}\localserver32 -> "C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2005884574-2845769440-1914724762-1001_Classes\CLSID\{921433FA-DEAF-4594-A196-8C3B94E41BEE}\InprocServer32 -> c:/program files/microsoft visual studio/2022/community/common7/ide/extensions/hvja2j3x.q2p/MenuContent/DebugTargetConfig.dll => No File
CustomCLSID: HKU\S-1-5-21-2005884574-2845769440-1914724762-1001_Classes\CLSID\{D332CDDA-15C3-464A-864C-3365C0E577FA}\InprocServer32 -> c:/program files/microsoft visual studio/2022/community/common7/ide/extensions/hvja2j3x.q2p/menucontent/DebuggerPackage.dll => No File
CustomCLSID: HKU\S-1-5-21-2005884574-2845769440-1914724762-1001_Classes\CLSID\{F91972FD-5A43-47C7-A0C5-6052DB26FAAC}\InprocServer32 -> c:/program files/microsoft visual studio/2022/community/common7/ide/extensions/hvja2j3x.q2p/menucontent/DebuggerPackage.dll => No File
AlternateDataStreams: C:\ProgramData\DP45977C.lfl:677104FCAA [6010]
AlternateDataStreams: C:\ProgramData\EsgInstallerResumeAction_0981375804e609765ae9a7e6481eca23.exe:CE40CE894D [6010]
AlternateDataStreams: C:\ProgramData\system.conf:0F57F3FDE6 [6010]
AlternateDataStreams: C:\ProgramData\system.conf:422D4106AB [6010]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\HidHide Configuration Client.lnk:B7B9C8BD2D [6010]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [6010]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk:7661CCE9BF [6010]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2024.lnk:B74CC70858 [6010]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2024.lnk:5239ACD094 [6010]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2024.lnk:D6CCC992C2 [6010]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [468]
AlternateDataStreams: C:\Users\ZainA\Downloads\11110DED29B9565CACD7447EA89BFEBEA905913B.torrent:shield [236]
AlternateDataStreams: C:\Users\ZainA\Downloads\30A6D789CF021620078D8355CBB08438057D8E58.torrent:shield [236]
AlternateDataStreams: C:\Users\ZainA\Downloads\60FPS.zip:shield [155]
AlternateDataStreams: C:\Users\ZainA\Downloads\Anaconda3-2023.03-1-Windows-x86_64.exe:MBAM.Zone.Identifier [156]
AlternateDataStreams: C:\Users\ZainA\Downloads\AnyDesk.exe:MBAM.Zone.Identifier [110]
AlternateDataStreams: C:\Users\ZainA\Downloads\azure-cli-2.49.0 (1).msi:MBAM.Zone.Identifier [142]
AlternateDataStreams: C:\Users\ZainA\Downloads\azure-cli-2.49.0.msi:MBAM.Zone.Identifier [142]
AlternateDataStreams: C:\Users\ZainA\Downloads\BCUninstaller_5.9.0_setup.exe:MBAM.Zone.Identifier [364]
AlternateDataStreams: C:\Users\ZainA\Downloads\bt_22.40.0_64_win10.exe:MBAM.Zone.Identifier [138]
AlternateDataStreams: C:\Users\ZainA\Downloads\C5301A029BBC3B298E4A36EA4267CE3E2EDAD93A.torrent:shield [236]
AlternateDataStreams: C:\Users\ZainA\Downloads\CreamInstaller.exe:MBAM.Zone.Identifier [2066]
AlternateDataStreams: C:\Users\ZainA\Downloads\CrystalDiskInfo9_4_4.exe:MBAM.Zone.Identifier [177]
AlternateDataStreams: C:\Users\ZainA\Downloads\cuda_12.9.1_576.57_windows (1).exe:MBAM.Zone.Identifier [184]
AlternateDataStreams: C:\Users\ZainA\Downloads\DevOps course overview_pdf (1).html:shield [120]
AlternateDataStreams: C:\Users\ZainA\Downloads\DevOps course overview_pdf (2).html:shield [120]
AlternateDataStreams: C:\Users\ZainA\Downloads\DevOps course overview_pdf (3).html:shield [120]
AlternateDataStreams: C:\Users\ZainA\Downloads\DevOps_pdf.html:shield [100]
AlternateDataStreams: C:\Users\ZainA\Downloads\Disable_Dynamic_Resolution.zip:shield [197]
AlternateDataStreams: C:\Users\ZainA\Downloads\DiscordSetup (1).exe:MBAM.Zone.Identifier [113]
AlternateDataStreams: C:\Users\ZainA\Downloads\DiscordSetup (2).exe:MBAM.Zone.Identifier [310]
AlternateDataStreams: C:\Users\ZainA\Downloads\DiscordSetup.exe:MBAM.Zone.Identifier [147]
AlternateDataStreams: C:\Users\ZainA\Downloads\Docker Desktop Installer (1).exe:MBAM.Zone.Identifier [148]
AlternateDataStreams: C:\Users\ZainA\Downloads\DODIisOKNowandOnline.torrent:shield [223]
AlternateDataStreams: C:\Users\ZainA\Downloads\downloader.exe:shield [629]
AlternateDataStreams: C:\Users\ZainA\Downloads\EAappInstaller (1).exe:MBAM.Zone.Identifier [163]
AlternateDataStreams: C:\Users\ZainA\Downloads\FastForward_chromium.zip:shield [396]
AlternateDataStreams: C:\Users\ZainA\Downloads\FileZilla_Server_1.8.0_win64-setup.exe:MBAM.Zone.Identifier [201]
AlternateDataStreams: C:\Users\ZainA\Downloads\Firmware 16.0.3.zip:shield [173]
AlternateDataStreams: C:\Users\ZainA\Downloads\FM23_AroundTheGlobeV2v5v5.rar:shield [345]
AlternateDataStreams: C:\Users\ZainA\Downloads\Forza-Mods-AIO.exe:MBAM.Zone.Identifier [629]
AlternateDataStreams: C:\Users\ZainA\Downloads\FRST64.exe:MBAM.Zone.Identifier [450]
AlternateDataStreams: C:\Users\ZainA\Downloads\GPU-Z.2.53.0.exe:shield [163]
AlternateDataStreams: C:\Users\ZainA\Downloads\idman642build64.exe:MBAM.Zone.Identifier [308]
AlternateDataStreams: C:\Users\ZainA\Downloads\Increase Realism Megapack May Update (05.05.23).zip:shield [393]
AlternateDataStreams: C:\Users\ZainA\Downloads\Keys_16.0.2.7z:shield [160]
AlternateDataStreams: C:\Users\ZainA\Downloads\lghub_installer (7).exe:MBAM.Zone.Identifier [186]
AlternateDataStreams: C:\Users\ZainA\Downloads\MBSetup-Activate.exe:MBAM.Zone.Identifier [328]
AlternateDataStreams: C:\Users\ZainA\Downloads\NVIDIA_Broadcast_v1.4.0.29.exe:MBAM.Zone.Identifier [172]
AlternateDataStreams: C:\Users\ZainA\Downloads\OBS-Studio-29.1.1-Full-Installer-x64.exe:MBAM.Zone.Identifier [157]
AlternateDataStreams: C:\Users\ZainA\Downloads\OpenShot-v3.3.0-x86_64.exe:MBAM.Zone.Identifier [1008]
AlternateDataStreams: C:\Users\ZainA\Downloads\pa.bat.zip:shield [132]
AlternateDataStreams: C:\Users\ZainA\Downloads\ProtonVPN_v3.0.7.exe:MBAM.Zone.Identifier [87]
AlternateDataStreams: C:\Users\ZainA\Downloads\pw-free-online.exe:MBAM.Zone.Identifier [123]
AlternateDataStreams: C:\Users\ZainA\Downloads\python-3.6.0-amd64.exe:MBAM.Zone.Identifier [164]
AlternateDataStreams: C:\Users\ZainA\Downloads\qbittorrent_5.0.1_x64_setup.exe:MBAM.Zone.Identifier [345]
AlternateDataStreams: C:\Users\ZainA\Downloads\QuickShareSetup.exe:MBAM.Zone.Identifier [694]
AlternateDataStreams: C:\Users\ZainA\Downloads\Radmin_VPN_1.4.4642.1.exe:MBAM.Zone.Identifier [149]
AlternateDataStreams: C:\Users\ZainA\Downloads\Readest_0.9.63_x64-setup.exe:MBAM.Zone.Identifier [144]
AlternateDataStreams: C:\Users\ZainA\Downloads\RedModManager.exe:MBAM.Zone.Identifier [2048]
AlternateDataStreams: C:\Users\ZainA\Downloads\RemotePlayInstaller_5.5.0.08250_Win32.msi:MBAM.Zone.Identifier [341]
AlternateDataStreams: C:\Users\ZainA\Downloads\ReShade_Setup_6.3.3_Addon.exe:MBAM.Zone.Identifier [127]
AlternateDataStreams: C:\Users\ZainA\Downloads\RSI Launcher-Setup-2.12.1.exe:MBAM.Zone.Identifier [330]
AlternateDataStreams: C:\Users\ZainA\Downloads\setup-cyowcopy-1.9.1.872-x64.exe:MBAM.Zone.Identifier [378]
AlternateDataStreams: C:\Users\ZainA\Downloads\Shutter Encoder 17.6 Windows 64bits.exe:MBAM.Zone.Identifier [162]
AlternateDataStreams: C:\Users\ZainA\Downloads\smplayer-23.12.0-x64-unsigned.exe:MBAM.Zone.Identifier [642]
AlternateDataStreams: C:\Users\ZainA\Downloads\Stellaris v3.8.2 Update.rar:shield [136]
AlternateDataStreams: C:\Users\ZainA\Downloads\SumatraPDF-3.5.2-64-install.exe:MBAM.Zone.Identifier [180]
AlternateDataStreams: C:\Users\ZainA\Downloads\systeminformer-3.2.25011-release-setup.exe:MBAM.Zone.Identifier [188]
AlternateDataStreams: C:\Users\ZainA\Downloads\tailscale-setup-1.56.1.exe:MBAM.Zone.Identifier [130]
AlternateDataStreams: C:\Users\ZainA\Downloads\TeamsSetup_c_w_ (1).exe:MBAM.Zone.Identifier [320]
AlternateDataStreams: C:\Users\ZainA\Downloads\TeamsSetup_c_w_.exe:MBAM.Zone.Identifier [320]
AlternateDataStreams: C:\Users\ZainA\Downloads\Thunderstore Mod Manager - Installer.exe:MBAM.Zone.Identifier [201]
AlternateDataStreams: C:\Users\ZainA\Downloads\tlou-i.CT:shield [163]
AlternateDataStreams: C:\Users\ZainA\Downloads\VC_redist.x64 (1).exe:shield [256]
AlternateDataStreams: C:\Users\ZainA\Downloads\VencordInstaller (1).exe:MBAM.Zone.Identifier [988]
AlternateDataStreams: C:\Users\ZainA\Downloads\VencordInstaller.exe:MBAM.Zone.Identifier [587]
AlternateDataStreams: C:\Users\ZainA\Downloads\Vesktop-Setup-1.6.5.exe:MBAM.Zone.Identifier [1988]
AlternateDataStreams: C:\Users\ZainA\Downloads\VisualStudioSetup.exe:MBAM.Zone.Identifier [398]
AlternateDataStreams: C:\Users\ZainA\Downloads\Vortex-1-1-8-4-1685534615.exe:MBAM.Zone.Identifier [222]
AlternateDataStreams: C:\Users\ZainA\Downloads\vs_BuildTools.exe:MBAM.Zone.Identifier [283]
AlternateDataStreams: C:\Users\ZainA\Downloads\wdksetup.exe:MBAM.Zone.Identifier [177]
AlternateDataStreams: C:\Users\ZainA\Downloads\WeMod Mafia II Setup.exe:MBAM.Zone.Identifier [290]
AlternateDataStreams: C:\Users\ZainA\Downloads\Windows11InstallationAssistant.exe:MBAM.Zone.Identifier [193]
AlternateDataStreams: C:\Users\ZainA\Downloads\windowsdesktop-runtime-3.1.32-win-x64.exe:MBAM.Zone.Identifier [246]
AlternateDataStreams: C:\Users\ZainA\Downloads\windowsdesktop-runtime-5.0.17-win-x64.exe:MBAM.Zone.Identifier [246]
AlternateDataStreams: C:\Users\ZainA\Downloads\WindowsPCHealthCheckSetup.msi:MBAM.Zone.Identifier [200]
AlternateDataStreams: C:\Users\ZainA\Downloads\winsdksetup.exe:MBAM.Zone.Identifier [191]
AlternateDataStreams: C:\Users\ZainA\Downloads\wiztree_4_20_setup.exe:MBAM.Zone.Identifier [153]
AlternateDataStreams: C:\Users\ZainA\Downloads\YuzuModDownloader.zip:shield [643]
AlternateDataStreams: C:\Users\ZainA\Downloads\ZeroTier One (1).msi:MBAM.Zone.Identifier [127]
AlternateDataStreams: C:\Users\ZainA\Downloads\ZeroTier One.msi:MBAM.Zone.Identifier [128]
AlternateDataStreams: C:\Users\ZainA\Downloads\ZoomInstallerFull.exe:MBAM.Zone.Identifier [256]
AlternateDataStreams: C:\Users\ZainA\Downloads\[gmt-max.net]_Marvel.s.Guardians.of.the.Galaxy.DE.RePack.by.Chovka.torrent:shield [182]
AlternateDataStreams: C:\Users\ZainA\AppData\Local\Temp:$DATA [16]
FirewallRules: [{ED1B4F50-980D-4B93-9F4B-57A67B43EFF8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{B86DA895-04D7-4947-9965-4E35A739A106}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{94F93C52-74CA-444E-8D97-31226B7AD7CC}E:\ssd games\the outer worlds 2\content\arkansas\binaries\wingdk\theouterworlds2-wingdk-shipping.exe] => (Allow) E:\ssd games\the outer worlds 2\content\arkansas\binaries\wingdk\theouterworlds2-wingdk-shipping.exe => No File
FirewallRules: [UDP Query User{51B2C051-0D4A-485B-BFEE-DA25C3811645}E:\ssd games\the outer worlds 2\content\arkansas\binaries\wingdk\theouterworlds2-wingdk-shipping.exe] => (Allow) E:\ssd games\the outer worlds 2\content\arkansas\binaries\wingdk\theouterworlds2-wingdk-shipping.exe => No File
FirewallRules: [TCP Query User{DC2DF566-5EF9-4C90-B5BE-CD36FFDA1D28}E:\ssd games\microsoft flight simulator 2024\content\flightsimulator2024.exe] => (Allow) E:\ssd games\microsoft flight simulator 2024\content\flightsimulator2024.exe => No File
FirewallRules: [UDP Query User{E56949B3-488E-4FBA-A56B-1613CC8862F4}E:\ssd games\microsoft flight simulator 2024\content\flightsimulator2024.exe] => (Allow) E:\ssd games\microsoft flight simulator 2024\content\flightsimulator2024.exe => No File
FirewallRules: [TCP Query User{8525D0C4-1CC0-40B8-A95D-E89E26CCE9A3}E:\steamlibrary\steamapps\common\fc 26\fc26_showcase.exe] => (Allow) E:\steamlibrary\steamapps\common\fc 26\fc26_showcase.exe => No File
FirewallRules: [UDP Query User{94CC885F-14FC-44BE-BF64-8E116C3D2CA4}E:\steamlibrary\steamapps\common\fc 26\fc26_showcase.exe] => (Allow) E:\steamlibrary\steamapps\common\fc 26\fc26_showcase.exe => No File
FirewallRules: [TCP Query User{F66407FF-6323-4B3C-B18D-4A888C2B15B8}Z:\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) Z:\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{B8FF08E7-2529-43E2-9C08-95F435998203}Z:\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) Z:\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{95A78983-861F-4986-83C8-A238D4EC51B9}] => (Allow) C:\Users\ZainA\AppData\Local\Programs\Opera\opera.exe => No File
FirewallRules: [TCP Query User{9AE6023E-0D1D-455F-BB90-D8B3614D7F11}E:\ssd games\football manager 26\content\fm.exe] => (Allow) E:\ssd games\football manager 26\content\fm.exe => No File
FirewallRules: [UDP Query User{6B42E925-4897-4793-94CE-6F4A67B6A33E}E:\ssd games\football manager 26\content\fm.exe] => (Allow) E:\ssd games\football manager 26\content\fm.exe => No File
FirewallRules: [TCP Query User{80D684EE-A425-4F38-857A-252176A1A34F}C:\users\zaina\appdata\local\programs\ollama\ollama.exe] => (Allow) C:\users\zaina\appdata\local\programs\ollama\ollama.exe => No File
FirewallRules: [UDP Query User{F4327DDB-DB40-4DD3-9641-53666EE25D94}C:\users\zaina\appdata\local\programs\ollama\ollama.exe] => (Allow) C:\users\zaina\appdata\local\programs\ollama\ollama.exe => No File
FirewallRules: [TCP Query User{5985178A-A46A-4BCF-9653-4A7FD2C21D30}Z:\online ready ort not\ready or not\readyornot\binaries\win64\readyornotsteam-win64-shipping.exe] => (Allow) Z:\online ready ort not\ready or not\readyornot\binaries\win64\readyornotsteam-win64-shipping.exe => No File
FirewallRules: [UDP Query User{8CF357DE-274E-4E77-B3BF-C55FFF385D55}Z:\online ready ort not\ready or not\readyornot\binaries\win64\readyornotsteam-win64-shipping.exe] => (Allow) Z:\online ready ort not\ready or not\readyornot\binaries\win64\readyornotsteam-win64-shipping.exe => No File
FirewallRules: [TCP Query User{3681D6D5-939B-40A2-811B-70C2DC939762}Z:\fitgirl ready or not\readyornot\binaries\win64\readyornotsteam-win64-shipping.exe] => (Allow) Z:\fitgirl ready or not\readyornot\binaries\win64\readyornotsteam-win64-shipping.exe => No File
FirewallRules: [UDP Query User{52994463-128F-4796-8D22-DA2955A1D8B9}Z:\fitgirl ready or not\readyornot\binaries\win64\readyornotsteam-win64-shipping.exe] => (Allow) Z:\fitgirl ready or not\readyornot\binaries\win64\readyornotsteam-win64-shipping.exe => No File
FirewallRules: [{ED00B040-BD76-458C-97B6-3CD85DC1FD3B}] => (Allow) C:\Program Files\Tailscale\tailscaled.exe => No File
FirewallRules: [TCP Query User{7C84E450-D8A2-4055-A0E4-015459E2A1F0}C:\program files\roberts space industries\starcitizen\live\bin64\starcitizen.exe] => (Allow) C:\program files\roberts space industries\starcitizen\live\bin64\starcitizen.exe => No File
FirewallRules: [UDP Query User{C287E0B5-3D3C-4A2E-BB9C-B106B58A6DBB}C:\program files\roberts space industries\starcitizen\live\bin64\starcitizen.exe] => (Allow) C:\program files\roberts space industries\starcitizen\live\bin64\starcitizen.exe => No File
FirewallRules: [TCP Query User{B36A8094-EADD-4511-874C-899CE0AEE29B}Z:\games\dying light - platinum edition\dyinglightgame.exe] => (Allow) Z:\games\dying light - platinum edition\dyinglightgame.exe => No File
FirewallRules: [UDP Query User{3F09A0AE-6215-42F8-8139-EEDA89BDFF39}Z:\games\dying light - platinum edition\dyinglightgame.exe] => (Allow) Z:\games\dying light - platinum edition\dyinglightgame.exe => No File
FirewallRules: [TCP Query User{55B0A5AF-0622-4AF7-A0A8-D838FFD47644}E:\ssd games\black myth wukong\b1\binaries\win64\b1-win64-shipping.exe] => (Block) E:\ssd games\black myth wukong\b1\binaries\win64\b1-win64-shipping.exe => No File
FirewallRules: [UDP Query User{3B7A43B9-105B-4852-B7DE-C4FE3CA18BFD}E:\ssd games\black myth wukong\b1\binaries\win64\b1-win64-shipping.exe] => (Block) E:\ssd games\black myth wukong\b1\binaries\win64\b1-win64-shipping.exe => No File
FirewallRules: [TCP Query User{9CEF42B0-628A-4DC3-9CFC-120E667B18FA}Z:\stellar blade\sb\binaries\win64\sb-win64-shipping.exe] => (Block) Z:\stellar blade\sb\binaries\win64\sb-win64-shipping.exe => No File
FirewallRules: [UDP Query User{C8867CD1-4AF2-43F4-B004-8E63953E3A66}Z:\stellar blade\sb\binaries\win64\sb-win64-shipping.exe] => (Block) Z:\stellar blade\sb\binaries\win64\sb-win64-shipping.exe => No File
FirewallRules: [TCP Query User{4BB0EF92-C415-4D9E-92DD-650010465042}E:\ssd games\mafia - the old country\mafiatheoldcountry\binaries\win64\mafiatheoldcountry.exe] => (Block) E:\ssd games\mafia - the old country\mafiatheoldcountry\binaries\win64\mafiatheoldcountry.exe => No File
FirewallRules: [UDP Query User{108C4022-AF1E-40FD-BEEE-292B57514FA8}E:\ssd games\mafia - the old country\mafiatheoldcountry\binaries\win64\mafiatheoldcountry.exe] => (Block) E:\ssd games\mafia - the old country\mafiatheoldcountry\binaries\win64\mafiatheoldcountry.exe => No File
HKLM-x32\...\Run: [TeamsMachineInstaller] => %ProgramFiles%\Teams Installer\Teams.exe --checkInstall --source=PROPLUS (No File)
HKU\S-1-5-21-2005884574-2845769440-1914724762-1001\...\Run: [RiotClient] => D:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {973400B6-EBDE-427B-BA6A-D2405CB53A99} - System32\Tasks\Microsoft\Windows\PI\SecureBootEncodeUEFI => %WINDIR%\system32\SecureBootEncodeUEFI.exe (No File)
Task: {79F76823-4E73-4874-8F6E-A615B16BA92F} - System32\Tasks\Microsoft\Windows\Task Manager\Guids => %appdata%\\freetools\\guids.exe -r -c 3 (No File)
Task: {12948628-F84A-47E4-B936-B779128B0BF2} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {1F7D7184-5E45-4378-BDF2-996B808FD014} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => %systemroot%\system32\MusNotification.exe ReadyToReboot (No File)
Task: {5AED652E-02FF-4B87-BBEC-896A62C2F1B2} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {FCFBA51D-8902-46C3-A18A-A1A6BADC58EF} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {5FA8ED1E-7B32-4A0F-96AF-66B06F2E7FBE} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {8BAB772D-60F7-42BD-B533-272A99FE656F} - System32\Tasks\MySQL\Installer\ManifestUpdate => "C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe" Community Update (No File)
Task: {FB50705A-C626-416A-A121-C06691F932C3} - System32\Tasks\Opera scheduled Autoupdate 1548959843 => C:\Users\ZainA\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask $(Arg0) (No File)
Task: {BC4AB97D-F326-4165-A41D-B842F2C1474A} - System32\Tasks\S-1-5-21-2005884574-2845769440-1914724762-1001\DataSenseLiveTileTask => %SystemRoot%\System32\DataUsageLiveTileTask.exe (No File)
S3 CCleanerPerformanceOptimizerService; "C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe" (No File)
S3 EasyAntiCheat; "C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe" (No File)
S3 MBVpnTunnelService; "C:\Program Files\Malwarebytes\Anti-Malware\tunnel\MBVpnTunnelService.exe" /service (No File)
S3 atvi-randgrid_msstore; \??\E:\ssd games\Call of Duty_1\Content\Randgrid.sys (No File)
S3 cpuz147; \??\C:\WINDOWS\temp\cpuz147\cpuz147_x64.sys (No File) <==== ATTENTION
S3 NovabenchDriver; \??\C:\Program Files\Novawave\Novabench\NovabenchDriverWin10.sys (No File)
2026-03-26 18:29 - 2026-03-26 18:29 - 000000000 ____D C:\Users\ZainA\AppData\Local\76561199537316576
2026-02-02 21:44 - 2026-02-02 21:44 - 000000048 ____R () C:\Users\ZainA\AppData\Local\0119AC2FC90D95AC063B177717B7B3B6
2022-07-26 21:25 - 2022-07-26 21:25 - 000004358 _____ () C:\Users\ZainA\AppData\Local\1799948584
2025-04-04 19:19 - 2025-04-04 19:19 - 000000048 ____R () C:\Users\ZainA\AppData\Local\789B9FB2F96EDF12983B041465A951C5
2026-01-31 19:28 - 2026-01-31 19:28 - 000007679 _____ () C:\Users\ZainA\AppData\Local\91524069285
2025-05-19 20:04 - 2025-05-19 20:04 - 000003951 _____ () C:\Users\ZainA\AppData\Local\93650967668
2026-02-14 19:02 - 2026-02-14 19:02 - 000007679 _____ () C:\Users\ZainA\AppData\Local\94291451683
2024-12-06 20:25 - 2024-12-06 20:25 - 000000048 ____R () C:\Users\ZainA\AppData\Local\9AA025493E366EED06A0600272E2C9C1
2024-10-25 18:23 - 2024-10-25 18:23 - 000000048 ____R () C:\Users\ZainA\AppData\Local\B7C00603A66324DC905A988AF92798C6
F-Secure Ultralight 1.1.24.0 (release) (HKLM-x32\...\{9FAE989F-A043-4017-B60F-9134E992BB55}) (Version: 1.1.24.0 - F-Secure Corporation) Hidden
FF Notifications: Mozilla\Firefox\Profiles\a2sy9km4.default-release -> hxxps://gmt-maxnet16782815630980.sobesed.com; hxxps://customerspartaglobal.lightning.force.com
CHR Notifications: Default -> hxxps://app.zoom.us; hxxps://cc8lgx1i6q7n5w.tyvexbotshield.co.in; hxxps://f7rn3eg39uio5u.tyvexbotshield.co.in; hxxps://www.youtube.com
Powershell: Get-ScheduledTask | select -first 30 | Get-ScheduledTaskInfo
Powershell: @("$env:APPDATA","$env:LOCALAPPDATA") | ForEach-Object { Get-ChildItem $_ -Recurse -Filter "index.js" -ErrorAction SilentlyContinue } | Where-Object { $_.FullName -match "discord_desktop_core" } | ForEach-Object { Write-Host "--- $($_.FullName) ---"; (Get-Content $_.FullName -Raw).Substring(0,[Math]::Min(2000,(Get-Content $_.FullName -Raw).Length)) }
Powershell: (Get-ItemProperty "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU" -ErrorAction SilentlyContinue).PSObject.Properties | Where-Object { $_.Name -match "^[a-z]$" } | ForEach-Object { Write-Host "$($_.Name): $($_.Value)" }
C:\WINDOWS\Temp\*
C:\WINDOWS\SystemTemp\*
C:\Users\ZainA\AppData\Local\Temp\*
StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan
New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:
StartPowershell:
# Replace /scanonly with /clean if you also want to delete items -- however, this will activate a trial license on the system, I do not recommend it
$hmpExe = "$env:TEMP\HitmanPro_x64.exe"
$logFile = "$env:TEMP\HitmanPro_ScanLog.txt"
Invoke-WebRequest -Uri "https://dl.surfright.nl/HitmanPro_x64.exe" -OutFile $hmpExe -UseBasicParsing
$proc = Start-Process $hmpExe -ArgumentList "/ews","/scanonly","/noinstall","/log=`"$logFile`"","/logtype=txt" -Wait -PassThru
if (!(Test-Path $logFile)) { Write-Host "Scan failed (exit $($proc.ExitCode))"; exit 1 }
Get-Content $logFile -Encoding Unicode
EndPowershell:
StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
$a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
$a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}
Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:
cmd: del %temp%\*.* /f /s /q
cmd: rd /s /q %temp%
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
End
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.