content copied
content
Start::
CloseProcesses:
C:\Users\annak\AppData\Local\ugitgud\logs
AlternateDataStreams: C:\Windows\tracing:? [16]
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [3442]
AlternateDataStreams: C:\ProgramData\sldh.dat:136096DD5B [3442]
AlternateDataStreams: C:\ProgramData\sldh.dat:F3D162C601 [3442]
AlternateDataStreams: C:\ProgramData\sldh.dat-journal:04B23894D3 [3442]
AlternateDataStreams: C:\ProgramData\sldh.dat-journal:B6C6340405 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Loading Bay.lnk:5CEA5E69E9 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook (classic).lnk:5465085A2F [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook (classic).lnk:BE800952D3 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk:104946E0EA [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk:7D9589121D [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk:3DF0A9C0EF [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk:954E53D7F9 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TXSecureBrowser.lnk:D436957D05 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk:7AD7FA8AB1 [3442]
AlternateDataStreams: C:\Users\annak\AppData\Local\Temp:$DATA [16]
FirewallRules: [{B096878E-4461-4004-8117-6F9718CF2873}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_4fc38a913e0f2ea5\ASUSLinkRemote\AsusLinkRemoteAgent.exe => No File
FirewallRules: [{5D7D05B9-7D7F-496B-A53A-B3F634841AE9}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_4fc38a913e0f2ea5\ASUSLinkRemote\AsusLinkRemoteAgent.exe => No File
FirewallRules: [{D527E430-92EA-4A37-AF6C-512DBB05EECD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{4A0D025B-1D29-4F1A-8711-77AA1EE13AE8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{D7D6867B-482B-4A50-885F-3BB03F1B0109}] => (Allow) C:\Program Files\LogiOptionsPlus\logivoice\logioptionsplus_logivoice => No File
FirewallRules: [TCP Query User{4548E14C-FDA3-4C51-BEEF-A5C7254E8D7C}C:\users\annak\appdata\local\programs\u.gg\u.gg.exe] => (Allow) C:\users\annak\appdata\local\programs\u.gg\u.gg.exe => No File
FirewallRules: [UDP Query User{C2A8243E-1D69-45C5-AC8F-FA615D393106}C:\users\annak\appdata\local\programs\u.gg\u.gg.exe] => (Allow) C:\users\annak\appdata\local\programs\u.gg\u.gg.exe => No File
FirewallRules: [{AD45AE7E-5BC7-49DC-92CC-3FC55E98125A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yume Nikki\yumenikki\RPG_RT.exe => No File
FirewallRules: [{2ECFAAAF-1FE6-4CB9-8D15-723FCC56CFBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yume Nikki\yumenikki\RPG_RT.exe => No File
FirewallRules: [TCP Query User{ECC09AF0-2EF4-42E1-8395-BCDB801CDDD3}C:\program files (x86)\steam\steamapps\common\destiny 2\destiny2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\destiny 2\destiny2.exe => No File
FirewallRules: [UDP Query User{AE092723-65C7-4ACC-95C9-40BEA31B3370}C:\program files (x86)\steam\steamapps\common\destiny 2\destiny2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\destiny 2\destiny2.exe => No File
FirewallRules: [{935EF6B9-4691-4ACD-A8D8-62B4D2E75D8E}] => (Allow) C:\Users\annak\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{D00A43F4-5737-4F37-A0F8-1763E6FD6617}] => (Allow) C:\Users\annak\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{4D49C54B-3CAE-416A-8A7E-45FC5A20B13B}C:\program files\genshin impact\genshin impact game\genshinimpact_data\plugins\zfgamebrowser.exe] => (Allow) C:\program files\genshin impact\genshin impact game\genshinimpact_data\plugins\zfgamebrowser.exe => No File
FirewallRules: [UDP Query User{E780397C-E332-4400-9E20-40C0B7A9E675}C:\program files\genshin impact\genshin impact game\genshinimpact_data\plugins\zfgamebrowser.exe] => (Allow) C:\program files\genshin impact\genshin impact game\genshinimpact_data\plugins\zfgamebrowser.exe => No File
FirewallRules: [TCP Query User{7F3DB31A-027C-4F38-A378-053313B61BC9}C:\wuthering waves\wuthering waves game\client\binaries\win64\client-win64-shipping.exe] => (Allow) C:\wuthering waves\wuthering waves game\client\binaries\win64\client-win64-shipping.exe => No File
FirewallRules: [UDP Query User{A7FAC1D1-9955-4776-B098-8C992B653A49}C:\wuthering waves\wuthering waves game\client\binaries\win64\client-win64-shipping.exe] => (Allow) C:\wuthering waves\wuthering waves game\client\binaries\win64\client-win64-shipping.exe => No File
FirewallRules: [TCP Query User{11908E3A-CB1A-4E45-9AE7-DFD3B0EBBE42}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{D2890B6D-3763-4FCB-9416-F78E7718F360}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [TCP Query User{4F4C63C2-997B-4CF1-AACC-AD692A36E831}C:\users\annak\appdata\local\discord\app-1.0.9159\discord.exe] => (Block) C:\users\annak\appdata\local\discord\app-1.0.9159\discord.exe => No File
FirewallRules: [UDP Query User{E5162C64-C733-4B4E-8C04-76BD6204E2AC}C:\users\annak\appdata\local\discord\app-1.0.9159\discord.exe] => (Block) C:\users\annak\appdata\local\discord\app-1.0.9159\discord.exe => No File
FirewallRules: [TCP Query User{0A0D2095-6B21-4CBA-8420-3FDA812A4AE5}C:\users\annak\appdata\local\discord\app-1.0.9161\discord.exe] => (Allow) C:\users\annak\appdata\local\discord\app-1.0.9161\discord.exe => No File
FirewallRules: [UDP Query User{4854AB1C-BE74-4D33-AC30-FCBA8FC74F3E}C:\users\annak\appdata\local\discord\app-1.0.9161\discord.exe] => (Allow) C:\users\annak\appdata\local\discord\app-1.0.9161\discord.exe => No File
FirewallRules: [TCP Query User{22CDB924-1FC3-435E-A182-B46FF4290B1E}C:\users\annak\appdata\local\medal\app-4.2558.0\medal.exe] => (Allow) C:\users\annak\appdata\local\medal\app-4.2558.0\medal.exe => No File
FirewallRules: [UDP Query User{2CFF937B-DEBD-41CB-8DDC-658B58EC9B42}C:\users\annak\appdata\local\medal\app-4.2558.0\medal.exe] => (Allow) C:\users\annak\appdata\local\medal\app-4.2558.0\medal.exe => No File
FirewallRules: [TCP Query User{EF57979E-1BB0-406D-B30B-0DC3AB66E793}C:\users\annak\appdata\local\discord\app-1.0.9169\discord.exe] => (Allow) C:\users\annak\appdata\local\discord\app-1.0.9169\discord.exe => No File
FirewallRules: [UDP Query User{68CFD193-4411-4D72-A551-B4B3EA2F9504}C:\users\annak\appdata\local\discord\app-1.0.9169\discord.exe] => (Allow) C:\users\annak\appdata\local\discord\app-1.0.9169\discord.exe => No File
FirewallRules: [TCP Query User{1AFFA0D4-407D-4A38-85DF-52A450626BEC}C:\users\annak\appdata\local\discord\app-1.0.9171\discord.exe] => (Allow) C:\users\annak\appdata\local\discord\app-1.0.9171\discord.exe => No File
FirewallRules: [UDP Query User{EDEB168C-1842-48D3-A43D-9A5F1EEAAC6E}C:\users\annak\appdata\local\discord\app-1.0.9171\discord.exe] => (Allow) C:\users\annak\appdata\local\discord\app-1.0.9171\discord.exe => No File
FirewallRules: [TCP Query User{CA6FE926-ACCD-4320-8361-1865604F5B7B}C:\program files (x86)\steam\steamapps\common\palia\palia\binaries\win64\paliaclientsteam-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\palia\palia\binaries\win64\paliaclientsteam-win64-shipping.exe => No File
FirewallRules: [UDP Query User{4E30A674-ED89-4458-A362-104AAB054259}C:\program files (x86)\steam\steamapps\common\palia\palia\binaries\win64\paliaclientsteam-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\palia\palia\binaries\win64\paliaclientsteam-win64-shipping.exe => No File
FirewallRules: [TCP Query User{94D4F00A-F2AD-4BFE-8776-5BE77A2D6386}C:\users\annak\appdata\local\discord\app-1.0.9174\discord.exe] => (Allow) C:\users\annak\appdata\local\discord\app-1.0.9174\discord.exe => No File
FirewallRules: [UDP Query User{0FF8D58F-9766-416A-905D-2CD8F4DBB8FB}C:\users\annak\appdata\local\discord\app-1.0.9174\discord.exe] => (Allow) C:\users\annak\appdata\local\discord\app-1.0.9174\discord.exe => No File
FirewallRules: [TCP Query User{EA9D6E95-69E9-4B95-AD6D-54EAD03A0EFC}C:\users\annak\appdata\local\programs\blitz\blitz.exe] => (Allow) C:\users\annak\appdata\local\programs\blitz\blitz.exe => No File
FirewallRules: [UDP Query User{E3F31470-A68C-4056-8962-D9863F927E32}C:\users\annak\appdata\local\programs\blitz\blitz.exe] => (Allow) C:\users\annak\appdata\local\programs\blitz\blitz.exe => No File
FirewallRules: [TCP Query User{4F86FA98-5D38-40AB-8971-667AD0020AAD}C:\users\annak\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe] => (Allow) C:\users\annak\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe => No File
FirewallRules: [UDP Query User{356BF0F7-B9D8-4E24-88C5-74448E5D539F}C:\users\annak\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe] => (Allow) C:\users\annak\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe => No File
FirewallRules: [TCP Query User{FD524DE8-B73F-475B-9FEE-2A635C4BFC8F}C:\users\annak\appdata\local\medal\app-4.2699.0\medal.exe] => (Block) C:\users\annak\appdata\local\medal\app-4.2699.0\medal.exe => No File
FirewallRules: [UDP Query User{364211D4-01FE-4257-B5F1-D07CE777554F}C:\users\annak\appdata\local\medal\app-4.2699.0\medal.exe] => (Block) C:\users\annak\appdata\local\medal\app-4.2699.0\medal.exe => No File
FirewallRules: [TCP Query User{D63B1265-B6D4-42FC-88FF-21E3731CFEA5}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [UDP Query User{A68834A9-CBEF-48FF-9235-2F8D624EFAC5}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [TCP Query User{3B050700-CA87-47B0-98C7-66F256B5542C}C:\users\annak\appdata\local\discord\app-1.0.9193\discord.exe] => (Allow) C:\users\annak\appdata\local\discord\app-1.0.9193\discord.exe => No File
FirewallRules: [UDP Query User{D3C12AAB-16B8-4E25-A76D-EE33F5C5805C}C:\users\annak\appdata\local\discord\app-1.0.9193\discord.exe] => (Allow) C:\users\annak\appdata\local\discord\app-1.0.9193\discord.exe => No File
FirewallRules: [TCP Query User{947CD0C2-47EC-486A-AAF9-0296A884F09F}C:\users\annak\appdata\local\medal\app-4.2792.0\medal.exe] => (Block) C:\users\annak\appdata\local\medal\app-4.2792.0\medal.exe => No File
FirewallRules: [UDP Query User{59889790-6286-450C-822F-34EDA50301F9}C:\users\annak\appdata\local\medal\app-4.2792.0\medal.exe] => (Block) C:\users\annak\appdata\local\medal\app-4.2792.0\medal.exe => No File
FirewallRules: [{46B38025-3997-4E2B-8B33-F827BD19D7D5}] => (Allow) C:\Program Files\Tencent\WeChat\WeChat.exe => No File
FirewallRules: [{4DFB1502-5E8D-49A4-948C-F472AD4B6C3F}] => (Allow) C:\Program Files\Tencent\WeChat\WeChatBrowser.exe => No File
FirewallRules: [{EF681296-B965-4DA1-A2E3-3286B7E5C3A2}] => (Allow) C:\Program Files\Tencent\WeChat\WeChatPlayer.exe => No File
FirewallRules: [{F8D7F7B8-605A-4E49-B7B8-6E3C13EBA699}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{B68C3AA7-F920-4586-9E25-76379C4C2821}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{C0AAA2D8-5A94-4785-9144-FBE84B40B62E}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{C3375107-1775-420B-A384-0115A6D95DBB}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe => No File
FirewallRules: [{624DE692-ECBE-4A75-B76C-0A71CAE9E7D0}] => (Allow) C:\Program Files\Tencent\Weixin\Weixin.exe => No File
FirewallRules: [{25388A04-FA5E-4164-865D-27742729274A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Rogueteers\launcher\rs_launcher.exe => No File
FirewallRules: [{385DAE43-725E-4FF7-A574-A915C6334FD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Rogueteers\launcher\rs_launcher.exe => No File
FirewallRules: [TCP Query User{0629ED29-1A37-4397-9582-DD17E8A5F1B8}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe => No File
FirewallRules: [UDP Query User{869B74EF-F3E2-454A-9BB7-8BCA0A5757CC}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe => No File
FirewallRules: [TCP Query User{CEF83E54-8125-4368-870E-5DE7D60A65B3}C:\users\annak\appdata\local\discord\app-1.0.9212\discord.exe] => (Allow) C:\users\annak\appdata\local\discord\app-1.0.9212\discord.exe => No File
FirewallRules: [UDP Query User{2F8EF842-9921-4A3F-ADBD-BA8A1D3008AD}C:\users\annak\appdata\local\discord\app-1.0.9212\discord.exe] => (Allow) C:\users\annak\appdata\local\discord\app-1.0.9212\discord.exe => No File
FirewallRules: [TCP Query User{913DC2C0-A26A-4FC2-823B-17E34A05C723}C:\riot games\2xko\live\lion\binaries\win64\lion-win64-shipping.exe] => (Allow) C:\riot games\2xko\live\lion\binaries\win64\lion-win64-shipping.exe => No File
FirewallRules: [UDP Query User{6148B01F-22AD-45D4-93C1-A778BC707BA6}C:\riot games\2xko\live\lion\binaries\win64\lion-win64-shipping.exe] => (Allow) C:\riot games\2xko\live\lion\binaries\win64\lion-win64-shipping.exe => No File
FirewallRules: [{F5ABF57D-41ED-48D5-932D-CFF6D17F5873}] => (Allow) C:\Program Files\ASUS\GlideX\GlideXNear\GlideXNearService.exe => No File
FirewallRules: [{8EA4097D-7617-4016-82D4-0725FD1A8604}] => (Allow) C:\Program Files\Neverness To Everness\NTEGlobal\NTEGlobalGame.exe => No File
FirewallRules: [{87256A70-AA69-444A-9DA5-6F2DF7CF26FD}] => (Allow) C:\Program Files\Neverness To Everness\NTEGlobal\NTEGlobalGame.exe => No File
FirewallRules: [{7E64A7CF-4D79-47EC-A530-92DD24C0C9DC}] => (Allow) C:\Program Files\Neverness To Everness\NTEGlobal\NTEGlobalUpdate.exe => No File
FirewallRules: [{4E6C764B-4C1A-4A50-B205-4F9868903613}] => (Allow) C:\Program Files\Neverness To Everness\NTEGlobal\NTEGlobalUpdate.exe => No File
FirewallRules: [{0099325A-83B4-442E-A7B5-C8992B608152}] => (Allow) C:\Program Files\Neverness To Everness\NTEGlobal\NTEGlobalBrowser.exe => No File
FirewallRules: [{EA269341-0BEE-4AE7-BD12-747B8BC2CFE2}] => (Allow) C:\Program Files\Neverness To Everness\NTEGlobal\NTEGlobalBrowser.exe => No File
FirewallRules: [{B12A530C-FBB9-4B2B-91A1-6EFA72936033}] => (Allow) C:\Program Files\Neverness To Everness\NTEGlobal\NTEGlobalWebBooster.exe => No File
FirewallRules: [{306FEEE7-6380-4458-93C9-91FC8498E5F5}] => (Allow) C:\Program Files\Neverness To Everness\NTEGlobal\NTEGlobalWebBooster.exe => No File
FirewallRules: [{8185ABB8-C62A-4533-8B6F-F0FC9D99E001}] => (Allow) C:\Program Files\Neverness To Everness\Client\WindowsNoEditor\HT\Binaries\Win64\HTGame.exe => No File
FirewallRules: [{DCC3091B-F922-4C1D-B8E8-8A5FAE51860A}] => (Allow) C:\Program Files\Neverness To Everness\Client\WindowsNoEditor\HT\Binaries\Win64\HTGame.exe => No File
FirewallRules: [TCP Query User{CFE734D0-4BB9-4AB0-88C3-A1F96C3E83EE}C:\users\annak\appdata\local\discord\app-1.0.9234\discord.exe] => (Allow) C:\users\annak\appdata\local\discord\app-1.0.9234\discord.exe => No File
FirewallRules: [UDP Query User{11FEDF6A-0C40-46FE-B693-A537D968FC2E}C:\users\annak\appdata\local\discord\app-1.0.9234\discord.exe] => (Allow) C:\users\annak\appdata\local\discord\app-1.0.9234\discord.exe => No File
FirewallRules: [{45D26A43-2349-427A-883D-F4B2697C89B7}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1335403387-1389866251-194513293-1002\...\Run: [electron.app.U.GG] => C:\Users\annak\AppData\Local\Programs\U.GG\U.GG.exe --hidden (No File)
HKU\S-1-5-21-1335403387-1389866251-194513293-1002\...\Run: [WindowsBootManager] => C:\Users\annak\AppData\Local\Microsoft\Windows\0\WindowsBootManager.exe (No File)
HKU\S-1-5-21-1335403387-1389866251-194513293-1002\...\Run: [LoadingBayInstaller] => "C:\Program Files\LoadingBay\1.5.9.5\LoadingBayInstaller" --auto (No File)
HKU\S-1-5-21-1335403387-1389866251-194513293-1002\...\Run: [com.blitz.app] => "C:\Users\annak\AppData\Local\Programs\Blitz\Blitz.exe" --autostart (No File)
Task: {73014B7A-2A27-4368-9192-1B91C775BEEF} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {540CDB3B-842D-4952-AF39-171862CC3D9E} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1335403387-1389866251-194513293-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
S3 EAAntiCheatService; "C:\Program Files\EA\AC\eaanticheat.gameservice.exe" (No File)
S3 ATSZIO; \??\D:\Pantone\Tool\WBT\ATSZIO64.sys (No File)
S3 EAAntiCheat; system32\drivers\eaanticheat.sys (No File)
U3 HtAntiCheatDriver; \??\C:\Program Files\Neverness To Everness\NTEGlobal\driver\gamedriverX64.sys (No File)
S3 NEProtect; \??\C:\Program Files (x86)\Steam\steamapps\common\Once Human\NEProtect.sys (No File)
U4 npcap_wifi; no ImagePath
2026-05-22 01:29 - 2025-12-19 20:00 - 000008150 _____ C:\Users\annak\AppData\LocalLow\510801f7c93788b3b3e9d1dfa86439b8ea30c85223adacce9a78f0032dd28c4f
2026-05-22 01:29 - 2025-12-19 20:00 - 000000130 _____ C:\Users\annak\AppData\LocalLow\b69617c03f2b17c3031492aeb75956296bddf934af412d0ac477fbd890b602e5
2025-11-19 20:22 - 2025-11-19 20:22 - 000000048 ____R () C:\Users\annak\AppData\Local\00D1EFA2C266A637091369EDADE68E8B
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {C998175D-6DAE-41FC-B7A1-1AC7CAC497AD} - System32\Tasks\Maple Military 13306-293-1002 => C:\Users\annak\AppData\Local\ugitgud\logs\74996ba8b44cde4e9a0dcde45b026c9b\pythonw.exe [104280 2026-05-24] (Python Software Foundation -> Python Software Foundation) -> "C:\Users\annak\AppData\Local\ugitgud\logs\74996ba8b44cde4e9a0dcde45b026c9b\gamelan.py" <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
2026-05-24 11:55 - 2026-05-24 11:55 - 000000000 ____D C:\Users\annak\31f9k2osaK7Sj16T
2026-05-24 11:55 - 2026-05-24 11:55 - 000003422 _____ C:\Windows\system32\Tasks\Maple Military 13306-293-1002
2026-05-24 11:55 - 2026-05-24 11:55 - 072837239 _____ C:\Users\annak\31f9k2Ut8QOippwP.exe
2026-05-24 11:59 - 2026-05-24 11:59 - 000000000 ____D C:\Users\annak\31f9k2qcuYMDiWp1
2026-05-24 11:59 - 2026-05-24 11:59 - 072837239 _____ C:\Users\annak\31f9k2FetDKPJxqC.exe
2026-05-24 12:07 - 2026-05-24 12:07 - 000000000 ____D C:\Users\annak\31f9k27PUJNTvj6t
2026-05-24 12:07 - 2026-05-24 12:07 - 072837239 _____ C:\Users\annak\31f9k2pheAanPW4A.exe
2026-05-24 11:48 - 2026-05-24 11:49 - 808216829 _____ C:\Users\annak\Downloads\Archive_x64_586303.zip
2026-05-24 11:55 - 2026-05-24 11:55 - 072837239 _____ () C:\Users\annak\31f9k2Ut8QOippwP.exe
2026-05-24 12:07 - 2026-05-24 12:07 - 072837239 _____ () C:\Users\annak\31f9k2pheAanPW4A.exe
2026-05-24 11:59 - 2026-05-24 11:59 - 072837239 _____ () C:\Users\annak\31f9k2FetDKPJxqC.exe
StartPowerShell:
# This snippet re-enables Windows Defender and applies optimized settings to ensure high protection against malware
# Enable real-time protection
Set-MpPreference -DisableRealtimeMonitoring $false
# Enable behavioural protection
Set-MpPreference -DisableBehaviorMonitoring $false
# Enable PUP detection
Set-MpPreference -PUAProtection Enabled
# Enable cloud protection to level 4 - aggressively block unknowns and apply additional protection measures, alternatively use 2 for lower protection or 0 for default
Set-MpPreference -CloudBlockLevel 4
# Send advanced information about malicious/unwanted software present on your device
Set-MpPreference -MAPSReporting 2
# Send safe samples automatically to Microsoft
Set-MpPreference -SubmitSamplesConsent 1
# Enables inspection of HTTP traffic to detect malicious websites
Set-MpPreference -EnableNetworkProtection Enabled
# Enables block at first seen
Set-MpPreference -DisableBlockAtFirstSeen $false
# Allows scanning of archive files, such as .zip and .cab files for malware/PUP
Set-MpPreference -DisableArchiveScanning $false
# Enables automatic scanning of USB & removal drives
Set-MpPreference -DisableRemovableDriveScanning $false
# Enables scanning of network files
Set-MpPreference -DisableScanningNetworkFiles $false
# Forces signature check before running a scan
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true
# Extends cloud check timer from default 10 to 30 seconds
Set-MpPreference -CloudExtendedTimeout 30
# Enables automatic scanning of all downloaded files and attachments
Set-MpPreference -DisableIOAVProtection $false
# Enables script detection
Set-MpPreference -DisableScriptScanning $false
# Disables automatic exclusions from scanning
Set-MpPreference -DisableAutoExclusions 1
# Enables scanning of mapped network drives
Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan 0
# Enables scanning of email files
Set-MpPreference -DisableEmailScanning 0
# Enables blocking of malicious domains and IP's on DNS level
Set-MpPreference -EnableDnsSinkhole $true
# Enables signature updates every 12 hours
Set-MpPreference -SignatureUpdateInterval 12
# Enables automatic quarantine for threats labelled as high and severe
Set-MpPreference -HighThreatDefaultAction Quarantine
Set-MpPreference -SevereThreatDefaultAction Quarantine
# Updates signatures
Update-MpSignature
EndPowerShell:
StartPowershell:
# Replace /scanonly with /clean if you also want to delete items -- however, this will activate a trial license on the system, I do not recommend it
$hmpExe = "$env:TEMP\HitmanPro_x64.exe"
$logFile = "$env:TEMP\HitmanPro_ScanLog.txt"
Invoke-WebRequest -Uri "https://dl.surfright.nl/HitmanPro_x64.exe" -OutFile $hmpExe -UseBasicParsing
$proc = Start-Process $hmpExe -ArgumentList "/ews","/scanonly","/noinstall","/log=`"$logFile`"","/logtype=txt" -Wait -PassThru
if (!(Test-Path $logFile)) { Write-Host "Scan failed (exit $($proc.ExitCode))"; exit 1 }
Get-Content $logFile -Encoding Unicode
EndPowershell:
StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan
# NOTE: For the sake of users from Asia (primarily China), do not use the clean option. It will very likely remove a lot of their important software.
New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:
Comment: Remove unwanted files from common folders using native removal power of Farbar to include remove on reboot if needed. Please double check the user does not have any applications incorrectly installed in the directories listed below.
C:\ProgramData\*.a3x
C:\ProgramData\*.ahk
C:\ProgramData\*.au3
C:\ProgramData\*.bat
C:\ProgramData\*.cab
C:\ProgramData\*.cmd
C:\ProgramData\*.com
C:\ProgramData\*.dll
C:\ProgramData\*.exe
C:\ProgramData\*.hta
C:\ProgramData\*.jar
C:\ProgramData\*.js
C:\ProgramData\*.jse
C:\ProgramData\*.lnk
C:\ProgramData\*.pif
C:\ProgramData\*.ps1
C:\ProgramData\*.py
C:\ProgramData\*.pyc
C:\ProgramData\*.pyd
C:\ProgramData\*.scr
C:\ProgramData\*.tmp
C:\ProgramData\*.vbe
C:\ProgramData\*.vbs
C:\ProgramData\*.wsf
C:\ProgramData\*.wsh
C:\ProgramData\*.zip
C:\ProgramData\*.rar
C:\ProgramData\*.7z
C:\Users\*\AppData\Roaming\*.au3
C:\Users\*\AppData\Roaming\*.bat
C:\Users\*\AppData\Roaming\*.cab
C:\Users\*\AppData\Roaming\*.cmd
C:\Users\*\AppData\Roaming\*.com
C:\Users\*\AppData\Roaming\*.dll
C:\Users\*\AppData\Roaming\*.exe
C:\Users\*\AppData\Roaming\*.hta
C:\Users\*\AppData\Roaming\*.jar
C:\Users\*\AppData\Roaming\*.js
C:\Users\*\AppData\Roaming\*.jse
C:\Users\*\AppData\Roaming\*.lnk
C:\Users\*\AppData\Roaming\*.pif
C:\Users\*\AppData\Roaming\*.ps1
C:\Users\*\AppData\Roaming\*.py
C:\Users\*\AppData\Roaming\*.pyc
C:\Users\*\AppData\Roaming\*.pyd
C:\Users\*\AppData\Roaming\*.scr
C:\Users\*\AppData\Roaming\*.tmp
C:\Users\*\AppData\Roaming\*.vbe
C:\Users\*\AppData\Roaming\*.vbs
C:\Users\*\AppData\Roaming\*.wsf
C:\Users\*\AppData\Roaming\*.wsh
C:\Users\*\AppData\Roaming\*.zip
C:\Users\*\AppData\Roaming\*.rar
C:\Users\*\AppData\Roaming\*.7z
C:\Users\CurrentUserName\AppData\Local\*.a3x
C:\Users\CurrentUserName\AppData\Local\*.ahk
C:\Users\CurrentUserName\AppData\Local\*.au3
C:\Users\CurrentUserName\AppData\Local\*.bat
C:\Users\CurrentUserName\AppData\Local\*.cab
C:\Users\CurrentUserName\AppData\Local\*.cmd
C:\Users\CurrentUserName\AppData\Local\*.com
C:\Users\CurrentUserName\AppData\Local\*.dll
C:\Users\CurrentUserName\AppData\Local\*.exe
C:\Users\CurrentUserName\AppData\Local\*.hta
C:\Users\CurrentUserName\AppData\Local\*.jar
C:\Users\CurrentUserName\AppData\Local\*.js
C:\Users\CurrentUserName\AppData\Local\*.jse
C:\Users\CurrentUserName\AppData\Local\*.lnk
C:\Users\CurrentUserName\AppData\Local\*.pif
C:\Users\CurrentUserName\AppData\Local\*.ps1
C:\Users\CurrentUserName\AppData\Local\*.py
C:\Users\CurrentUserName\AppData\Local\*.pyc
C:\Users\CurrentUserName\AppData\Local\*.pyd
C:\Users\CurrentUserName\AppData\Local\*.scr
C:\Users\CurrentUserName\AppData\Local\*.tmp
C:\Users\CurrentUserName\AppData\Local\*.vbe
C:\Users\CurrentUserName\AppData\Local\*.vbs
C:\Users\CurrentUserName\AppData\Local\*.wsf
C:\Users\CurrentUserName\AppData\Local\*.wsh
C:\Users\CurrentUserName\AppData\Local\*.zip
C:\Users\CurrentUserName\AppData\Local\*.rar
C:\Users\CurrentUserName\AppData\Local\*.7z
C:\Users\CurrentUserName\AppData\Roaming\*.a3x
C:\Users\CurrentUserName\AppData\Roaming\*.ahk
C:\Users\CurrentUserName\AppData\Roaming\*.au3
C:\Users\CurrentUserName\AppData\Roaming\*.bat
C:\Users\CurrentUserName\AppData\Roaming\*.cab
C:\Users\CurrentUserName\AppData\Roaming\*.cmd
C:\Users\CurrentUserName\AppData\Roaming\*.com
C:\Users\CurrentUserName\AppData\Roaming\*.dll
C:\Users\CurrentUserName\AppData\Roaming\*.exe
C:\Users\CurrentUserName\AppData\Roaming\*.hta
C:\Users\CurrentUserName\AppData\Roaming\*.jar
C:\Users\CurrentUserName\AppData\Roaming\*.js
C:\Users\CurrentUserName\AppData\Roaming\*.jse
C:\Users\CurrentUserName\AppData\Roaming\*.lnk
C:\Users\CurrentUserName\AppData\Roaming\*.pif
C:\Users\CurrentUserName\AppData\Roaming\*.ps1
C:\Users\CurrentUserName\AppData\Roaming\*.py
C:\Users\CurrentUserName\AppData\Roaming\*.pyc
C:\Users\CurrentUserName\AppData\Roaming\*.pyd
C:\Users\CurrentUserName\AppData\Roaming\*.scr
C:\Users\CurrentUserName\AppData\Roaming\*.tmp
C:\Users\CurrentUserName\AppData\Roaming\*.vbe
C:\Users\CurrentUserName\AppData\Roaming\*.vbs
C:\Users\CurrentUserName\AppData\Roaming\*.wsf
C:\Users\CurrentUserName\AppData\Roaming\*.wsh
C:\Users\CurrentUserName\AppData\Roaming\*.zip
C:\Users\CurrentUserName\AppData\Roaming\*.rar
C:\Users\CurrentUserName\AppData\Roaming\*.7z
Comment: Force policy removal
C:\Windows\System32\GroupPolicyUsers
C:\Windows\System32\GroupPolicy
Comment: System repair commands
CMD: DISM.exe /Online /Cleanup-image /Restorehealth
CMD: SFC.exe /scannow
Comment: Network reset commands
CMD: netsh int ip reset
CMD: netsh int ipv6 reset
CMD: ipconfig /flushDNS
CMD: netsh winsock reset catalog
Comment: Additional temp file removal
C:\Windows\System32\config\systemprofile\AppData\Local\*.tmp
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
C:\Users\CurrentUserName\AppData\Local\Temp\*
C:\Windows\Temp\*
C:\Windows\SystemTemp\*
EmptyTemp:
End::
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.