content copied
content
Start
CreateRestorePoint:
CloseProcesses:
2026-05-10 20:18 - 2024-09-22 01:55 - 000000000 ____D C:\Users\George\AppData\Roaming\RenPy
HKU\S-1-5-21-2636595356-4091631100-3353983944-1002\...\Run: [EnlistedLauncher] => "D:\gam\enlist\Enlisted\launcher.exe" (No File)
HKU\S-1-5-21-2636595356-4091631100-3353983944-1002\...\MountPoints2: {30235edd-b109-11eb-98f4-244bfe5c9ded} - "V:\Autorun.exe"
S3 cpuz137; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys (No File) <==== ATTENTION
S3 cpuz150; \??\C:\Windows\temp\cpuz150\cpuz150_x64.sys (No File) <==== ATTENTION
S3 cpuz152; \??\C:\Windows\temp\cpuz152\cpuz152_x64.sys (No File) <==== ATTENTION
S3 EAAntiCheat; system32\drivers\eaanticheat.sys (No File)
S4 NvModuleTracker; \SystemRoot\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_ea6cec41fc5b2a8b\NvModuleTracker.sys (No File)
S3 UcmCxUcsiNvppc; \SystemRoot\System32\DriverStore\FileRepository\nvppc.inf_amd64_b9ce8a54d5a31e95\UcmCxUcsiNvppc.sys (No File)
S3 WinRing0_1_2_0; \??\C:\Overclockers UK\AutoTestV2\RealBench\RBHAPIx64.sys (No File)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Unlock: C:\Program Files (x86)\BodyLarita
Unlock: HKLM\SYSTEM\ControlSet001\Services\BodyLarita
C:\Program Files (x86)\BodyLarita
HKLM\SYSTEM\ControlSet001\Services\BodyLarita => C:\Program Files (x86)\BodyLarita\BodyLarita.exe -system -token a6124c <==== ATTENTION (Rootkit!/Locked Service)
S5 BodyLarita; <==== ATTENTION: Locked Service
cmd: sc query BodyLarita
AlternateDataStreams: C:\Users\George\Downloads\FRST64.exe:MBAM.Zone.Identifier [225]
AlternateDataStreams: C:\Users\George\AppData\Local\Temp:$DATA [16]
FirewallRules: [{D7B0B505-4301-4FFF-AC51-C7A109456024}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{5F0D259C-08B9-4FC2-8DD8-5D5535E230B2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{640D137D-80C2-4A1E-88F5-C51612C7909D}C:\users\george\appdata\local\discord\app-1.0.9166\discord.exe] => (Allow) C:\users\george\appdata\local\discord\app-1.0.9166\discord.exe => No File
FirewallRules: [UDP Query User{CF88A4A9-9939-491C-8B9A-B01D1BE8464D}C:\users\george\appdata\local\discord\app-1.0.9166\discord.exe] => (Allow) C:\users\george\appdata\local\discord\app-1.0.9166\discord.exe => No File
FirewallRules: [TCP Query User{9260BBB3-38B2-4631-A8A5-A46DC19C107D}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Block) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe => No File
FirewallRules: [UDP Query User{AEA9DBF0-C44D-42FC-BF08-59E7A5382EF8}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Block) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe => No File
FirewallRules: [TCP Query User{B1BC0085-EFDD-4240-973C-32805E8FFFFF}C:\users\george\curseforge\minecraft\install\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe] => (Allow) C:\users\george\curseforge\minecraft\install\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe => No File
FirewallRules: [UDP Query User{4A58DB33-CF33-431C-9D41-ABBD904C8326}C:\users\george\curseforge\minecraft\install\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe] => (Allow) C:\users\george\curseforge\minecraft\install\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe => No File
FirewallRules: [TCP Query User{3EB99D65-0C66-46E2-826F-211744749BB7}D:\steamlibrary\steamapps\common\for honor\forhonor.exe] => (Allow) D:\steamlibrary\steamapps\common\for honor\forhonor.exe => No File
FirewallRules: [UDP Query User{17BFA7B1-D80F-47B3-9796-3D3F5BD5401B}D:\steamlibrary\steamapps\common\for honor\forhonor.exe] => (Allow) D:\steamlibrary\steamapps\common\for honor\forhonor.exe => No File
FirewallRules: [{637CE852-7722-474E-B7B6-591D059D26B6}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{5BE80C5D-AB29-4404-A99F-4C10D126AEC6}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{A6FCBDE2-6306-4440-8C28-99DB2129CFBE}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{2B43B1C2-4E44-41F4-964A-3D2B0E16E3AE}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe => No File
FirewallRules: [TCP Query User{78C1C4FC-C545-448A-82F2-20A428843680}C:\users\george\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\george\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe => No File
FirewallRules: [UDP Query User{F8B8E9F2-E257-45CD-8A35-A09EDB506266}C:\users\george\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\george\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe => No File
FirewallRules: [TCP Query User{654CA6DF-6DDE-4E12-9A77-10513BAF7D8A}C:\users\george\desktop\perhaps\headtracking\opentrack\opentrack.exe] => (Allow) C:\users\george\desktop\perhaps\headtracking\opentrack\opentrack.exe => No File
FirewallRules: [UDP Query User{B4284401-D09E-4BC8-8F94-B22C6B3008CE}C:\users\george\desktop\perhaps\headtracking\opentrack\opentrack.exe] => (Allow) C:\users\george\desktop\perhaps\headtracking\opentrack\opentrack.exe => No File
FirewallRules: [TCP Query User{6035F847-C216-4956-A48D-6744ECB96A49}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe => No File
FirewallRules: [UDP Query User{91308DA3-83E2-4A55-8786-0954CCAC4934}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe => No File
FirewallRules: [TCP Query User{7E36FC53-7E2A-43BA-BAAC-73B514D20573}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe => No File
FirewallRules: [UDP Query User{E9AEEAC9-1382-48C5-A8BC-6D7D043F39C7}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe => No File
FirewallRules: [{8D96D200-99B3-47BD-B16E-FE1D8AA99452}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ELDEN RING\Game\start_protected_game.exe => No File
FirewallRules: [{91DC4B67-A261-4BF7-90E6-34AC4D14CA56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ELDEN RING\Game\start_protected_game.exe => No File
FirewallRules: [TCP Query User{6BCF10A0-7AA3-4F3C-9C48-A26808D9ED10}D:\steamlibrary\steamapps\common\snowrunner\sources\bin\snowrunner.exe] => (Allow) D:\steamlibrary\steamapps\common\snowrunner\sources\bin\snowrunner.exe => No File
FirewallRules: [UDP Query User{29BB8A71-5666-49D9-885A-9EA3CC2BA493}D:\steamlibrary\steamapps\common\snowrunner\sources\bin\snowrunner.exe] => (Allow) D:\steamlibrary\steamapps\common\snowrunner\sources\bin\snowrunner.exe => No File
FirewallRules: [{DC7E28EA-BAE0-44D9-881A-138BD3644C5D}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
FirewallRules: [{CC5CAFB2-22F3-4B1A-9A49-593E07FEEA5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EXILIUM\GF2_Exilium.exe => No File
FirewallRules: [{803AF44D-6D9D-43A7-82B0-7A9E6C6BDFA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EXILIUM\GF2_Exilium.exe => No File
FirewallRules: [TCP Query User{99FFC85A-AFD1-43E0-96F0-E0D37F4811C8}E:\steamlibrary\steamapps\common\for honor\forhonor.exe] => (Allow) E:\steamlibrary\steamapps\common\for honor\forhonor.exe => No File
FirewallRules: [UDP Query User{823CF5D4-ABA8-4B5E-B318-0ED39570B723}E:\steamlibrary\steamapps\common\for honor\forhonor.exe] => (Allow) E:\steamlibrary\steamapps\common\for honor\forhonor.exe => No File
FirewallRules: [TCP Query User{58953871-7658-4944-AEED-469ADC49D4B4}C:\users\george\documents\vintagestory\vintagestory\vintagestory.exe] => (Allow) C:\users\george\documents\vintagestory\vintagestory\vintagestory.exe => No File
FirewallRules: [UDP Query User{5FF72A06-9C7E-4E84-BFA6-F200299EBFE2}C:\users\george\documents\vintagestory\vintagestory\vintagestory.exe] => (Allow) C:\users\george\documents\vintagestory\vintagestory\vintagestory.exe => No File
FirewallRules: [TCP Query User{14BD6794-7A99-4ED2-956D-391E2DF284FE}E:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) E:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{66CB963F-A88E-4515-9B0F-5BF522926ADA}E:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) E:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{31EA1EA9-BA7F-49E8-A490-7F6F6B91C788}C:\users\george\documents\vintagestory\vintagestory\vintagestory.exe] => (Allow) C:\users\george\documents\vintagestory\vintagestory\vintagestory.exe => No File
FirewallRules: [UDP Query User{150FF7C7-280C-4E84-82DB-600C14953407}C:\users\george\documents\vintagestory\vintagestory\vintagestory.exe] => (Allow) C:\users\george\documents\vintagestory\vintagestory\vintagestory.exe => No File
FirewallRules: [TCP Query User{EFA08D97-9CB8-4766-924B-B580DBE65958}E:\steamlibrary\steamapps\common\glacier events\bf6event.exe] => (Allow) E:\steamlibrary\steamapps\common\glacier events\bf6event.exe => No File
FirewallRules: [UDP Query User{B996FBB7-97DC-4791-9214-83A25A806BA8}E:\steamlibrary\steamapps\common\glacier events\bf6event.exe] => (Allow) E:\steamlibrary\steamapps\common\glacier events\bf6event.exe => No File
FirewallRules: [TCP Query User{481F32BB-A208-4E32-BD6D-0AD2ED9EA896}D:\steamlibrary\steamapps\common\glacier events\bf6event.exe] => (Allow) D:\steamlibrary\steamapps\common\glacier events\bf6event.exe => No File
FirewallRules: [UDP Query User{42FFF3D7-45F4-409E-B720-569AB6B41744}D:\steamlibrary\steamapps\common\glacier events\bf6event.exe] => (Allow) D:\steamlibrary\steamapps\common\glacier events\bf6event.exe => No File
FirewallRules: [TCP Query User{C6E799A1-B75E-494D-8C59-57D16A2F679D}D:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-odyssey-64\elitedangerous64.exe] => (Allow) D:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-odyssey-64\elitedangerous64.exe => No File
FirewallRules: [UDP Query User{D1812E25-F78A-4EBE-8DF1-46F9FDFFD5BA}D:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-odyssey-64\elitedangerous64.exe] => (Allow) D:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-odyssey-64\elitedangerous64.exe => No File
FirewallRules: [TCP Query User{C7763878-222F-40CF-B9DB-F9BC786884F6}E:\steamlibrary\steamapps\common\for honor\forhonor.exe] => (Allow) E:\steamlibrary\steamapps\common\for honor\forhonor.exe => No File
FirewallRules: [UDP Query User{73D08D8D-79E2-4C02-B145-8325EA35EDFD}E:\steamlibrary\steamapps\common\for honor\forhonor.exe] => (Allow) E:\steamlibrary\steamapps\common\for honor\forhonor.exe => No File
FirewallRules: [TCP Query User{1485D056-8EA1-4DC6-931A-57913EBBBD29}C:\users\george\appdata\local\discord\app-1.0.9222\discord.exe] => (Allow) C:\users\george\appdata\local\discord\app-1.0.9222\discord.exe => No File
FirewallRules: [UDP Query User{484B6A36-2744-41FD-AE20-C41E357778BA}C:\users\george\appdata\local\discord\app-1.0.9222\discord.exe] => (Allow) C:\users\george\appdata\local\discord\app-1.0.9222\discord.exe => No File
FirewallRules: [{81A485D5-0C94-4779-AE86-0B9D4851E576}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SYNTHETIK 2\Synthetik2.exe => No File
FirewallRules: [{E3603842-558B-4447-8B13-063609C471DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SYNTHETIK 2\Synthetik2.exe => No File
FirewallRules: [TCP Query User{C6A6F417-2EF5-410F-B8F9-FA7DC979BB79}D:\steamlibrary\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\steamlibrary\steamapps\common\awesomenauts\awesomenauts.exe => No File
FirewallRules: [UDP Query User{1446DF9D-05B9-4A78-B9B0-7FFBF53C99F3}D:\steamlibrary\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\steamlibrary\steamapps\common\awesomenauts\awesomenauts.exe => No File
FirewallRules: [TCP Query User{D6BD0ADA-C027-4AD4-8032-6567D10F813F}C:\users\george\desktop\sm64coop\sm64coopdx.exe] => (Allow) C:\users\george\desktop\sm64coop\sm64coopdx.exe => No File
FirewallRules: [UDP Query User{36C95B56-4C88-46B5-87DE-2535F670B956}C:\users\george\desktop\sm64coop\sm64coopdx.exe] => (Allow) C:\users\george\desktop\sm64coop\sm64coopdx.exe => No File
FirewallRules: [{C66DF3B5-70E2-4DE6-8188-E1A5725148DD}] => (Allow) E:\Curseforge\overwolf\0.296.3.2\OverwolfBrowser.exe => No File
FirewallRules: [{845B52C5-C1F9-4629-ACBA-F9F546EB74E4}] => (Allow) E:\Curseforge\overwolf\0.296.3.2\OverwolfBrowser.exe => No File
FirewallRules: [{284E98A6-AC52-4832-9F61-B3EA5F70AD6F}] => (Block) E:\Curseforge\overwolf\0.296.3.2\OverwolfBrowser.exe => No File
FirewallRules: [{AF926C22-6A0B-44AA-AC07-BF004DD8145F}] => (Block) E:\Curseforge\overwolf\0.296.3.2\OverwolfBrowser.exe => No File
FirewallRules: [TCP Query User{377D82E9-03D6-4F57-8737-7C227B83583E}C:\users\george\desktop\fh6ckc\forza horizon 6\forzahorizon6.exe] => (Block) C:\users\george\desktop\fh6ckc\forza horizon 6\forzahorizon6.exe => No File
FirewallRules: [UDP Query User{8F12EA05-F315-4931-A454-9743FA6436E1}C:\users\george\desktop\fh6ckc\forza horizon 6\forzahorizon6.exe] => (Block) C:\users\george\desktop\fh6ckc\forza horizon 6\forzahorizon6.exe => No File
File: C:\Users\George\Desktop\fh6ckc\Forza Horizon 6\Launcher.exe;C:\Users\George\Desktop\version.dll
C:\Windows\SystemTemp\*
C:\Windows\Temp\*
C:\Users\George\AppData\Local\Temp\*
StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan
New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:
StartPowershell:
# Replace /scanonly with /clean if you also want to delete items -- however, this will activate a trial license on the system, I do not recommend it
$hmpExe = "$env:TEMP\HitmanPro_x64.exe"
$logFile = "$env:TEMP\HitmanPro_ScanLog.txt"
Invoke-WebRequest -Uri "https://dl.surfright.nl/HitmanPro_x64.exe" -OutFile $hmpExe -UseBasicParsing
$proc = Start-Process $hmpExe -ArgumentList "/ews","/scanonly","/noinstall","/log=`"$logFile`"","/logtype=txt" -Wait -PassThru
if (!(Test-Path $logFile)) { Write-Host "Scan failed (exit $($proc.ExitCode))"; exit 1 }
Get-Content $logFile -Encoding Unicode
EndPowershell:
StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
$a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
$a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}
Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:
cmd: del %temp%\*.* /f /s /q
cmd: rd /s /q %temp%
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
End
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.