content copied
content
Start::
CreateRestorePoint:
CloseProcesses:
2026-04-25 18:54 - 2026-04-27 22:37 - 000000000 ____D C:\Users\allyx\jj.exe
2026-04-25 18:53 - 2026-03-12 22:29 - 000000000 ____D C:\Users\allyx\AppData\Roaming\RenPy
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [7424]
FirewallRules: [{F69772A7-A0F4-4103-AC07-58561CC6192F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{E538F54A-402A-49FA-B1B5-C0551A3085CD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{87820746-0F0B-49C9-8B1C-C44FC3423EB5}C:\users\allyx\curseforge\minecraft\install\java\java-runtime-delta\bin\javaw.exe] => (Allow) C:\users\allyx\curseforge\minecraft\install\java\java-runtime-delta\bin\javaw.exe => No File
FirewallRules: [UDP Query User{1B333F30-D84A-4A8C-B411-8860EBC4288C}C:\users\allyx\curseforge\minecraft\install\java\java-runtime-delta\bin\javaw.exe] => (Allow) C:\users\allyx\curseforge\minecraft\install\java\java-runtime-delta\bin\javaw.exe => No File
FirewallRules: [TCP Query User{841F0260-28EC-4839-AF52-6E12C15FA4BB}C:\xboxgames\7792d9ce-355a-493c-afbd-768f4a77c3b0\content\minecraft.windows.exe] => (Allow) C:\xboxgames\7792d9ce-355a-493c-afbd-768f4a77c3b0\content\minecraft.windows.exe => No File
FirewallRules: [UDP Query User{871E852B-465A-42F1-8012-CB9ABF2F8E39}C:\xboxgames\7792d9ce-355a-493c-afbd-768f4a77c3b0\content\minecraft.windows.exe] => (Allow) C:\xboxgames\7792d9ce-355a-493c-afbd-768f4a77c3b0\content\minecraft.windows.exe => No File
FirewallRules: [TCP Query User{F3153DF7-1D83-47CC-B8AC-DF706FA684D9}C:\users\allyx\curseforge\minecraft\install\java\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\allyx\curseforge\minecraft\install\java\java-runtime-gamma\bin\javaw.exe => No File
FirewallRules: [UDP Query User{2F6872C0-659E-498B-9E9C-C0F81F58B745}C:\users\allyx\curseforge\minecraft\install\java\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\allyx\curseforge\minecraft\install\java\java-runtime-gamma\bin\javaw.exe => No File
FirewallRules: [TCP Query User{6FE49986-7A0E-408E-96DD-E9A00188501E}C:\program files (x86)\steam\steamapps\common\burger shift team rush prologue\dds_with_exterior\binaries\win64\dds_with_exterior-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\burger shift team rush prologue\dds_with_exterior\binaries\win64\dds_with_exterior-win64-shipping.exe => No File
FirewallRules: [UDP Query User{1C90E066-C085-48CE-A23C-F8C16F0A9275}C:\program files (x86)\steam\steamapps\common\burger shift team rush prologue\dds_with_exterior\binaries\win64\dds_with_exterior-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\burger shift team rush prologue\dds_with_exterior\binaries\win64\dds_with_exterior-win64-shipping.exe => No File
FirewallRules: [TCP Query User{0DF15C0F-F3A7-4DC4-B3DC-DE4F005F5356}C:\program files (x86)\steam\steamapps\common\bakery cafe simulator prologue\simulatorgame\binaries\win64\simulatorgame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\bakery cafe simulator prologue\simulatorgame\binaries\win64\simulatorgame-win64-shipping.exe => No File
FirewallRules: [UDP Query User{8CB9AF85-C817-4E78-A5F9-C0EF52550A8B}C:\program files (x86)\steam\steamapps\common\bakery cafe simulator prologue\simulatorgame\binaries\win64\simulatorgame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\bakery cafe simulator prologue\simulatorgame\binaries\win64\simulatorgame-win64-shipping.exe => No File
FirewallRules: [TCP Query User{B73A4EDA-7031-4864-824C-3DCDE8C859FC}C:\program files (x86)\steam\steamapps\common\wrap house simulator demo\wraphousesimulator\binaries\win64\wraphousesimulator-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\wrap house simulator demo\wraphousesimulator\binaries\win64\wraphousesimulator-win64-shipping.exe => No File
FirewallRules: [UDP Query User{1BD8A135-0960-412F-952B-0CB854895B4F}C:\program files (x86)\steam\steamapps\common\wrap house simulator demo\wraphousesimulator\binaries\win64\wraphousesimulator-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\wrap house simulator demo\wraphousesimulator\binaries\win64\wraphousesimulator-win64-shipping.exe => No File
FirewallRules: [TCP Query User{1A9B195B-D4EE-440D-9DD9-27EAC06D59DC}C:\program files (x86)\steam\steamapps\common\halo infinite\game\haloinfinite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\halo infinite\game\haloinfinite.exe => No File
FirewallRules: [UDP Query User{91E78AEC-65EC-4564-BBB6-DC191C993BA1}C:\program files (x86)\steam\steamapps\common\halo infinite\game\haloinfinite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\halo infinite\game\haloinfinite.exe => No File
FirewallRules: [TCP Query User{4C3936FF-0840-4FA5-8E8C-7F11153168DC}C:\users\allyx\downloads\the-long-drive-steamrip.com\the long drive\thelongdrive.exe] => (Allow) C:\users\allyx\downloads\the-long-drive-steamrip.com\the long drive\thelongdrive.exe => No File
FirewallRules: [UDP Query User{449CADF9-B575-46FA-9303-C2186562E2BA}C:\users\allyx\downloads\the-long-drive-steamrip.com\the long drive\thelongdrive.exe] => (Allow) C:\users\allyx\downloads\the-long-drive-steamrip.com\the long drive\thelongdrive.exe => No File
FirewallRules: [TCP Query User{DA820CDE-0242-45A2-8A03-5F9627794671}C:\users\allyx\curseforge\minecraft\install\java\jre-legacy\bin\javaw.exe] => (Allow) C:\users\allyx\curseforge\minecraft\install\java\jre-legacy\bin\javaw.exe => No File
FirewallRules: [UDP Query User{621177FD-12D6-4192-A252-B900F1327708}C:\users\allyx\curseforge\minecraft\install\java\jre-legacy\bin\javaw.exe] => (Allow) C:\users\allyx\curseforge\minecraft\install\java\jre-legacy\bin\javaw.exe => No File
FirewallRules: [TCP Query User{C6F96905-A318-47AB-9DC8-57B6E05A4B7F}C:\users\allyx\downloads\garrys-mod-ankergames\garrysmod\gmod.exe] => (Allow) C:\users\allyx\downloads\garrys-mod-ankergames\garrysmod\gmod.exe => No File
FirewallRules: [UDP Query User{A0E9423B-B70C-48B0-900E-DDCAD8A12267}C:\users\allyx\downloads\garrys-mod-ankergames\garrysmod\gmod.exe] => (Allow) C:\users\allyx\downloads\garrys-mod-ankergames\garrysmod\gmod.exe => No File
FirewallRules: [TCP Query User{077A564F-0E54-40B5-89A2-AC3D17E4B22A}C:\program files (x86)\steam\steamapps\common\ribbits\projecttgt\binaries\win64\ropetest-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\ribbits\projecttgt\binaries\win64\ropetest-win64-shipping.exe => No File
FirewallRules: [UDP Query User{F73E5BAB-80C1-4E4F-9494-866106D585EF}C:\program files (x86)\steam\steamapps\common\ribbits\projecttgt\binaries\win64\ropetest-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\ribbits\projecttgt\binaries\win64\ropetest-win64-shipping.exe => No File
FirewallRules: [TCP Query User{25C1CACB-6D8B-45D2-86B7-AE567B5030BE}C:\program files\jetbrains\intellij idea 2026.1\bin\idea64.exe] => (Allow) C:\program files\jetbrains\intellij idea 2026.1\bin\idea64.exe => No File
FirewallRules: [UDP Query User{DC003F88-0868-4EED-A2D1-B7C6ED95F5DD}C:\program files\jetbrains\intellij idea 2026.1\bin\idea64.exe] => (Allow) C:\program files\jetbrains\intellij idea 2026.1\bin\idea64.exe => No File
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {8344E095-1D11-4A0F-9A88-99EB6747D94B} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2074896985-1543861465-2608890951-500 => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\25.087.0506.0001\OneDriveLauncher.exe /startInstances (No File)
S2 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service (No File)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
2026-04-25 18:44 - 2026-04-27 22:37 - 000000000 ____D C:\WINDOWS\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
$a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
$a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}
Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:
StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan
New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:
CMD: netsh int ip reset
CMD: netsh int ipv6 reset
CMD: ipconfig /flushDNS
CMD: netsh winsock reset catalog
C:\Users\CurrentUserName\AppData\Local\Temp\*
C:\Windows\Temp\*
EmptyTemp:
End::
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.