content copied
content
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
2026-05-16 19:05 - 2023-09-19 16:34 - 000000000 ____D C:\ProgramData\Lavasoft
CustomCLSID: HKU\S-1-5-21-879954731-722168850-2708336878-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> "C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-879954731-722168850-2708336878-1001_Classes\CLSID\{1d65537f-c69f-507f-b66c-0bd38fbd1e34}\localserver32 -> "C:\Users\User\AppData\Local\PowerToys\PowerToys.PowerLauncher.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-879954731-722168850-2708336878-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> "C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe" -ToastActivated => No File
AlternateDataStreams: C:\ProgramData\agent.1634604440.bdinstall.v2.bin:F448A38EDC [3442]
AlternateDataStreams: C:\ProgramData\agent.1644651247.6316.v2.bin:386FC4E018 [3442]
AlternateDataStreams: C:\ProgramData\cl.1634604476.bdinstall.v2.bin:0053A59E41 [3442]
AlternateDataStreams: C:\ProgramData\cl.kit.1634604474.bdinstall.v2.bin:B47E6A1A5C [3442]
AlternateDataStreams: C:\ProgramData\dm.1634956761.bdinstall.v2.bin:3853FD5083 [3442]
AlternateDataStreams: C:\ProgramData\dm.uninstall.1634956878.bdinstall.v2.bin:DB9E6CD916 [3442]
AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`bfjhiqhnhm [0]
AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`bfjhjihljp [0]
AlternateDataStreams: C:\ProgramData\WnHqYU0nH4:D39ABDACE2 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image.lnk:A797F41ABF [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects 2023.lnk:348C7DE18C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign 2024.lnk:493DA0DB77 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro 2023.lnk:FB95DB72C9 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [3442]
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll => No File
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll => No File
FirewallRules: [{1005B355-4166-4CB3-B4DC-C1F205C3E87F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{3BEA74BF-DC6F-4A83-A72B-5A54141221FC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{DDCEEB9C-DC4C-4B30-A72E-C90A2D01595A}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{F888860D-4400-4A3B-877A-317F6F0BF579}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{ACB1EB95-F341-4718-8976-2917D8DA9DFD}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{17B7119C-F46C-4C32-B3BF-03AA6D7CC518}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe => No File
FirewallRules: [{939415B4-4FA3-4C8F-9659-B9AB26B9C870}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{F21BC716-98EA-47CC-83F7-9650B4DC2E9E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{F007D3E1-5A84-4ACB-8DCF-B16A0ED8B2B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Strinova\Launcher\Strinova.exe => No File
FirewallRules: [{AB38635D-5B87-46B1-B824-2E2AC2A8151D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Strinova\Launcher\Strinova.exe => No File
FirewallRules: [{860E15A1-97F7-44A0-90FE-E394E95787F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Strinova\Launcher\Strinova.exe => No File
FirewallRules: [{4987011B-2701-4DE0-A0E7-8332D53F4957}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Strinova\Launcher\Strinova.exe => No File
FirewallRules: [TCP Query User{74699A2D-6D65-4979-B98E-23D83780D92A}C:\users\user\appdata\local\discord\app-1.0.9173\discord.exe] => (Block) C:\users\user\appdata\local\discord\app-1.0.9173\discord.exe => No File
FirewallRules: [UDP Query User{FB7D7C78-5196-416E-BA56-E1EE77DF9C0A}C:\users\user\appdata\local\discord\app-1.0.9173\discord.exe] => (Block) C:\users\user\appdata\local\discord\app-1.0.9173\discord.exe => No File
FirewallRules: [{586B72D0-958D-4F4D-AED3-D0B0B97AF8D8}] => (Allow) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File
FirewallRules: [{5C4A2715-1451-4163-AD64-5B01C5E60D3C}] => (Allow) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File
FirewallRules: [{9A4DC86A-4B95-49C2-ABB5-C165AC03DAAA}] => (Block) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File
FirewallRules: [{47DA1932-40AA-4F31-8456-DBAD4AB178C7}] => (Block) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File
Task: {F9C25838-78F9-4C4F-8CF6-A7E80F80D488} - System32\Tasks\Microsoft\Windows\Clip\ClipESU => %SystemRoot%\system32\clipesu.exe (No File)
Task: {7D1393CA-DEBF-48E3-871B-97D91E2C2D60} - System32\Tasks\Microsoft\Windows\Clip\ClipESUConsumer => %SystemRoot%\system32\ClipESUConsumer.exe -evaluateEligibility (No File)
Task: {E91810BC-EDD1-4AB7-AD2F-6E06C3032802} - System32\Tasks\Microsoft\Windows\Clip\ClipESUConsumerProcessECUpdate => %SystemRoot%\system32\ClipESUConsumer.exe -persistEligibilityStatus (No File)
Task: {75B09859-561B-4333-B4E9-BB1897AE76D2} - System32\Tasks\Microsoft\Windows\Clip\ClipEsuConsumerProcessPreOrder => %SystemRoot%\system32\ClipESUConsumer.exe -postProcessPreOrder (No File)
Task: {BC353E32-17BC-4443-B6AD-95061322BD24} - System32\Tasks\Microsoft\Windows\Clip\ClipEsuConsumerProcessRefund => %SystemRoot%\system32\ClipESUConsumer.exe -processRefund (No File)
Task: {F43AAE8B-8087-49C9-A0B7-B319CDF4335A} - System32\Tasks\Microsoft\Windows\Clip\EnableClipESU => %SystemRoot%\system32\clipesu.exe -e (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {0BB36A32-0D9E-4297-AFD7-6BD7B5DB4C9B} - System32\Tasks\Microsoft\Windows\UNP\RunUpdateNotificationMgr => %windir%\System32\UNP\UpdateNotificationMgr.exe (No File)
Task: {A74FFA2D-5022-4CBF-86C5-933F996AA715} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {0D7F7B18-4FC6-4424-ABB4-9CCE0AE8C936} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {DA2B3FB6-091A-4734-9C96-947474CE3192} - System32\Tasks\MSI Task Host - Duet => "C:\Program Files (x86)\MSI\One Dragon Center\Duet\MSI_Duet.exe" (No File)
S3 MGHwCtrl; \??\C:\Program Files (x86)\MSI\One Dragon Center\HW Diagnosis\Fan\MGHwCtrl.sys (No File)
2026-05-16 19:26 - 2026-05-16 19:26 - 000002264 _____ C:\Users\User\AppData\LocalLow\69b68b8e2eab5b246d1578ebdcd8a58b866443ea6267a89362c2adc53f5aa286
2026-05-16 15:49 - 2026-05-16 15:49 - 000005890 _____ C:\Users\User\AppData\LocalLow\6f3e9b07e2ad230e640fc7bb54817797a54d5c14529df3db968fd7012cafd14e
2026-05-16 15:49 - 2026-05-16 15:49 - 000000026 _____ C:\Users\User\AppData\LocalLow\9a68445ea92450c667a67aff4dbd1624b63656cc020fa2f86cc0ee68bea51f46
2026-05-11 18:05 - 2026-05-11 18:05 - 000002264 _____ C:\Users\User\AppData\LocalLow\3c2878bdf827f01c50d894bf033ce11488c5a77f0b4f08bfbe08e98edaf253f0
2026-05-07 23:19 - 2026-05-07 23:19 - 000212538 _____ C:\Users\User\AppData\LocalLow\3f815ee291b0ac09e050d644889a796c73939fc0674e4e4a524dae321d0a6639
2026-05-07 23:19 - 2026-05-07 23:19 - 000000026 _____ C:\Users\User\AppData\LocalLow\c1f7d3e3b03b819bf61f4cbffccae9d96ea7dad7c7d208e67a183cac3afe91aa
2026-05-05 20:13 - 2026-05-07 23:19 - 000092904 _____ C:\Users\User\AppData\LocalLow\edf82534f579bc9ad597290bc8aa05c3774654cd88d5f7a1d9cfdf22a86d9cac
2026-04-18 22:19 - 2026-04-18 22:19 - 000002264 _____ C:\Users\User\AppData\LocalLow\f44583bd7e2c32cc4f40d912ae4247ce050cdd8c4ef2b3e23fd4fb1175c048e6
2026-05-17 13:27 - 2026-04-05 22:29 - 000000130 _____ C:\Users\User\AppData\LocalLow\96a184e61659f20674f4cb075617391aff5ecc27a80e92f12383dc339cf94f5d
2026-05-17 13:25 - 2026-04-14 13:52 - 000000130 _____ C:\Users\User\AppData\LocalLow\b623ef2f95d84730adfd0d7fdefb4e3be50bf414b05229a8acc7c2bd1b011044
2026-05-17 13:25 - 2026-04-06 19:40 - 000000130 _____ C:\Users\User\AppData\LocalLow\0677328635269b88b308e66a4520b0079f35702e6d26ad2ed9b93a50c19530ca
2026-05-17 12:55 - 2026-04-05 21:24 - 000901548 _____ C:\Users\User\AppData\LocalLow\6e5d1fc50c818bd3313b57ec442998a9252d6a90fbc569899689b2074fc0b8bd
2026-05-17 12:54 - 2026-04-05 21:24 - 000000130 _____ C:\Users\User\AppData\LocalLow\42b39da3f0f24399be4b70c06dbc9889e1b5b8a9068a8cd96eeb0efa28174772
2026-05-17 12:43 - 2026-04-05 22:50 - 000000130 _____ C:\Users\User\AppData\LocalLow\ed99b9ea65d65278617c06607d325f22e902284715051b9e0666e07ea4b942cf
2026-05-16 19:29 - 2026-04-05 23:08 - 000000130 _____ C:\Users\User\AppData\LocalLow\55286158743f1ea3a7ff67b347481dd22ab5f7cbd2d8c4ebb5a287929ef1b101
2026-05-16 19:26 - 2026-04-05 23:08 - 000000130 _____ C:\Users\User\AppData\LocalLow\dd92de1e2ba5624d0a074a4b2ff9e6ccad9eccc2d5adeefba61c4e66d82d8536
2026-05-16 19:24 - 2026-04-05 23:08 - 000050791 _____ C:\Users\User\AppData\LocalLow\992c35be6d4d2b353af53be4408568622ec9f039359ba2b57b92e727d359a29c
2026-05-16 18:25 - 2026-04-05 23:08 - 000057119 _____ C:\Users\User\AppData\LocalLow\43aa4811a4c62ef8132af8fff22e72accdfbab184c321e6e07a6c6f558720770
2026-04-25 11:56 - 2026-04-05 21:20 - 000032295 _____ C:\Users\User\AppData\LocalLow\f6b5e8e93ac184a5b5d42c15ffc4b7861baed8460677b88e9cb13e44770238cd
2026-04-20 22:42 - 2026-04-05 22:50 - 000038681 _____ C:\Users\User\AppData\LocalLow\e1c7f91d26430b6f654d2ec7afdcd207e6087435f951ad932e7672cacc0f2dbf
2026-04-17 00:09 - 2026-04-06 21:09 - 000000130 _____ C:\Users\User\AppData\LocalLow\71f5af4aba90db26cafac1bc5d5048fa42453288d125ca8fb2a5ac0c7beff487
2024-12-27 17:06 - 2024-12-27 17:06 - 000000048 ____R () C:\Users\User\AppData\Local\FBDD74941C07BB48896A4B2BF766C496
HKU\S-1-5-21-879954731-722168850-2708336878-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-879954731-722168850-2708336878-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-879954731-722168850-2708336878-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-879954731-722168850-2708336878-1001\Software\Classes\.cmd: => <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Task: {bfa9151b-693e-437a-a463-b26768111c85} - no filepath. <==== ATTENTION
File: C:\Users\User\AppData\Local\Programs\oz-client\Poly Lens.exe
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi => not found
StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
$a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
$a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}
Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:
StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan
New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:
Comment: Remove unwanted files from common folders using native removal power of Farbar to include remove on reboot if needed
C:\ProgramData\*.a3x
C:\ProgramData\*.ahk
C:\ProgramData\*.au3
C:\ProgramData\*.bat
C:\ProgramData\*.cab
C:\ProgramData\*.cmd
C:\ProgramData\*.com
C:\ProgramData\*.dll
C:\ProgramData\*.exe
C:\ProgramData\*.hta
C:\ProgramData\*.jar
C:\ProgramData\*.js
C:\ProgramData\*.jse
C:\ProgramData\*.lnk
C:\ProgramData\*.pif
C:\ProgramData\*.ps1
C:\ProgramData\*.py
C:\ProgramData\*.pyc
C:\ProgramData\*.pyd
C:\ProgramData\*.scr
C:\ProgramData\*.tmp
C:\ProgramData\*.vbe
C:\ProgramData\*.vbs
C:\ProgramData\*.wsf
C:\ProgramData\*.wsh
C:\ProgramData\*.zip
C:\Users\*\AppData\Roaming\*.au3
C:\Users\*\AppData\Roaming\*.bat
C:\Users\*\AppData\Roaming\*.cab
C:\Users\*\AppData\Roaming\*.cmd
C:\Users\*\AppData\Roaming\*.com
C:\Users\*\AppData\Roaming\*.dll
C:\Users\*\AppData\Roaming\*.exe
C:\Users\*\AppData\Roaming\*.hta
C:\Users\*\AppData\Roaming\*.jar
C:\Users\*\AppData\Roaming\*.js
C:\Users\*\AppData\Roaming\*.jse
C:\Users\*\AppData\Roaming\*.lnk
C:\Users\*\AppData\Roaming\*.pif
C:\Users\*\AppData\Roaming\*.ps1
C:\Users\*\AppData\Roaming\*.py
C:\Users\*\AppData\Roaming\*.pyc
C:\Users\*\AppData\Roaming\*.pyd
C:\Users\*\AppData\Roaming\*.scr
C:\Users\*\AppData\Roaming\*.tmp
C:\Users\*\AppData\Roaming\*.vbe
C:\Users\*\AppData\Roaming\*.vbs
C:\Users\*\AppData\Roaming\*.wsf
C:\Users\*\AppData\Roaming\*.wsh
C:\Users\*\AppData\Roaming\*.zip
C:\Users\CurrentUserName\AppData\Local\*.a3x
C:\Users\CurrentUserName\AppData\Local\*.ahk
C:\Users\CurrentUserName\AppData\Local\*.au3
C:\Users\CurrentUserName\AppData\Local\*.bat
C:\Users\CurrentUserName\AppData\Local\*.cab
C:\Users\CurrentUserName\AppData\Local\*.cmd
C:\Users\CurrentUserName\AppData\Local\*.com
C:\Users\CurrentUserName\AppData\Local\*.dll
C:\Users\CurrentUserName\AppData\Local\*.exe
C:\Users\CurrentUserName\AppData\Local\*.hta
C:\Users\CurrentUserName\AppData\Local\*.jar
C:\Users\CurrentUserName\AppData\Local\*.js
C:\Users\CurrentUserName\AppData\Local\*.jse
C:\Users\CurrentUserName\AppData\Local\*.lnk
C:\Users\CurrentUserName\AppData\Local\*.pif
C:\Users\CurrentUserName\AppData\Local\*.ps1
C:\Users\CurrentUserName\AppData\Local\*.py
C:\Users\CurrentUserName\AppData\Local\*.pyc
C:\Users\CurrentUserName\AppData\Local\*.pyd
C:\Users\CurrentUserName\AppData\Local\*.scr
C:\Users\CurrentUserName\AppData\Local\*.tmp
C:\Users\CurrentUserName\AppData\Local\*.vbe
C:\Users\CurrentUserName\AppData\Local\*.vbs
C:\Users\CurrentUserName\AppData\Local\*.wsf
C:\Users\CurrentUserName\AppData\Local\*.wsh
C:\Users\CurrentUserName\AppData\Local\*.zip
C:\Users\CurrentUserName\AppData\Roaming\*.a3x
C:\Users\CurrentUserName\AppData\Roaming\*.ahk
C:\Users\CurrentUserName\AppData\Roaming\*.au3
C:\Users\CurrentUserName\AppData\Roaming\*.bat
C:\Users\CurrentUserName\AppData\Roaming\*.cab
C:\Users\CurrentUserName\AppData\Roaming\*.cmd
C:\Users\CurrentUserName\AppData\Roaming\*.com
C:\Users\CurrentUserName\AppData\Roaming\*.dll
C:\Users\CurrentUserName\AppData\Roaming\*.exe
C:\Users\CurrentUserName\AppData\Roaming\*.hta
C:\Users\CurrentUserName\AppData\Roaming\*.jar
C:\Users\CurrentUserName\AppData\Roaming\*.js
C:\Users\CurrentUserName\AppData\Roaming\*.jse
C:\Users\CurrentUserName\AppData\Roaming\*.lnk
C:\Users\CurrentUserName\AppData\Roaming\*.pif
C:\Users\CurrentUserName\AppData\Roaming\*.ps1
C:\Users\CurrentUserName\AppData\Roaming\*.py
C:\Users\CurrentUserName\AppData\Roaming\*.pyc
C:\Users\CurrentUserName\AppData\Roaming\*.pyd
C:\Users\CurrentUserName\AppData\Roaming\*.scr
C:\Users\CurrentUserName\AppData\Roaming\*.tmp
C:\Users\CurrentUserName\AppData\Roaming\*.vbe
C:\Users\CurrentUserName\AppData\Roaming\*.vbs
C:\Users\CurrentUserName\AppData\Roaming\*.wsf
C:\Users\CurrentUserName\AppData\Roaming\*.wsh
C:\Users\CurrentUserName\AppData\Roaming\*.zip
C:\Windows\System32\config\systemprofile\AppData\Local\*.tmp
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
C:\Windows\System32\GroupPolicyUsers
C:\Windows\System32\GroupPolicy
CMD: DISM.exe /Online /Cleanup-image /Restorehealth
CMD: SFC.exe /scannow
CMD: netsh int ip reset
CMD: netsh int ipv6 reset
CMD: ipconfig /flushDNS
CMD: netsh winsock reset catalog
C:\Users\CurrentUserName\AppData\Local\Temp\*
C:\Windows\Temp\*
C:\Windows\SystemTemp\*
EmptyTemp:
End::
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.