Malware Log Analysis

shared / thebookman10
Login
content copied

content

Start:: CloseProcesses: 2026-05-23 01:42 - 2026-05-23 01:42 - 000000000 ____D C:\Users\vivek\AppData\Local\Yandex 2026-05-23 01:41 - 2026-05-23 01:41 - 000000000 ____D C:\Users\vivek\np.exe HKU\S-1-5-18\...\Run: [RazerAxon] => "C:\Program Files (x86)\Razer\Razer Axon\RazerAxon.exe" -autorun (No File) Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File) Task: {577E4151-C2C5-4558-8B72-1731C500590E} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1060269188-4186986845-4281281312-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File) S3 EAAntiCheat; system32\drivers\eaanticheat.sys (No File) 2025-01-08 03:59 - 2025-01-08 03:59 - 000000048 ____R () C:\Users\vivek\AppData\Local\D6A6701EDAAFB2E6B16D88290903F01D CustomCLSID: HKU\S-1-5-21-1060269188-4186986845-4281281312-1003_Classes\CLSID\{2db59e37-0d0f-9458-c133-85e699bb3bdd}\localserver32 -> "C:\Program Files (x86)\Razer\Razer Axon\RazerAxon.exe" -ToastActivated => No File AlternateDataStreams: C:\Windows\tracing:? [16] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [8220] FirewallRules: [{ED3B8102-7933-4BFE-B7AE-83C401ABFABE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{E24733D5-A351-4D78-9119-594F7DC4BF58}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [TCP Query User{15F73C35-BCF9-45A4-8535-8A33FDF57300}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File FirewallRules: [UDP Query User{253AC525-28D6-407F-9C2D-0747681E4544}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File FirewallRules: [{FB9A2BBE-2339-4118-B655-4E9DE0DC2089}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe => No File FirewallRules: [{93EC5AE4-DD3E-47A9-BCF1-DB4B75CE6A11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe => No File FirewallRules: [{27F461BE-F376-494A-A3D9-5D90DE61F268}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File FirewallRules: [{19793B93-250F-463A-809F-A0A69FAE3D5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File FirewallRules: [{ECF667D8-789C-47E9-9CB1-60CD0071D3B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\UBOAT\UBOAT Launcher.exe => No File FirewallRules: [{93D2D820-B098-4775-A6DE-7EFFC0AAE456}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\UBOAT\UBOAT Launcher.exe => No File FirewallRules: [TCP Query User{C49E72EB-3177-4A7D-8545-49234949A693}C:\program files (x86)\steam\steamapps\common\murky divers\murkydivers\binaries\win64\murkydiversgame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\murky divers\murkydivers\binaries\win64\murkydiversgame-win64-shipping.exe => No File FirewallRules: [UDP Query User{867B9977-5789-4B53-B950-ECE071ADC303}C:\program files (x86)\steam\steamapps\common\murky divers\murkydivers\binaries\win64\murkydiversgame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\murky divers\murkydivers\binaries\win64\murkydiversgame-win64-shipping.exe => No File FirewallRules: [{0FC91418-2E00-48C5-AC8A-F296A8944A54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe => No File FirewallRules: [{55B55CCD-EDD6-41BA-AECF-326D2C28B14E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe => No File FirewallRules: [TCP Query User{74D35C91-BA76-4663-B29F-A7AE3FE4014D}C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File FirewallRules: [UDP Query User{2B1F6B4D-3E4C-47A1-8889-7D17D225DEF3}C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File FirewallRules: [{CEF8B44F-95BC-4621-882A-109370BB169C}] => (Allow) C:\Users\vivek\AppData\Local\Discord\app-1.0.9177\Discord.exe => No File FirewallRules: [{E9CA69A4-1028-4980-8F1A-E80A2048A368}] => (Allow) C:\Users\vivek\AppData\Local\Discord\app-1.0.9177\Discord.exe => No File FirewallRules: [{6458BF16-EA83-488B-9144-29A3A7697AE2}] => (Allow) C:\Users\vivek\AppData\Local\Discord\app-1.0.9177\Discord.exe => No File FirewallRules: [{DEE86C8E-74D8-468F-8DC8-72444DB9C7BA}] => (Allow) C:\Users\vivek\AppData\Local\Discord\app-1.0.9177\Discord.exe => No File FirewallRules: [{B440D53D-7177-4148-823B-6A19F3845AD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe => No File FirewallRules: [{EDBEEC52-4E33-4981-AD9E-A07340FA11B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe => No File FirewallRules: [{6334B3AA-8858-43C8-952F-2A7109851E12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe => No File FirewallRules: [{AFF03C69-D9D0-4938-96E7-D67D626FFE04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe => No File FirewallRules: [{C480FF93-154E-4693-8331-74460F5E7FD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe => No File FirewallRules: [{6EE22D74-BBB7-4AE5-8121-FC88B63917F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe => No File FirewallRules: [TCP Query User{909A9594-374F-450F-8626-A4C5A9E81B56}C:\program files\epic games\gtav\gta5.exe] => (Allow) C:\program files\epic games\gtav\gta5.exe => No File FirewallRules: [UDP Query User{182B5703-C6A6-4583-9717-4C530E19197C}C:\program files\epic games\gtav\gta5.exe] => (Allow) C:\program files\epic games\gtav\gta5.exe => No File FirewallRules: [TCP Query User{D26F4F39-D3CD-4359-9DFE-1051B1566E3C}C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe => No File FirewallRules: [UDP Query User{FBB163E5-BD6A-4040-927F-1A49E660FABB}C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe => No File FirewallRules: [TCP Query User{1720C50E-7667-4EFE-9A4B-9FECACFAE276}C:\program files\epic games\cryingsuns\cs.exe] => (Allow) C:\program files\epic games\cryingsuns\cs.exe => No File FirewallRules: [UDP Query User{ECB1E1BC-EE5A-4EA0-90A5-20BCFE66A489}C:\program files\epic games\cryingsuns\cs.exe] => (Allow) C:\program files\epic games\cryingsuns\cs.exe => No File FirewallRules: [TCP Query User{39E37F9D-BA7B-4E30-A180-D6197C6767A1}D:\epicgames\gtav\gta5.exe] => (Allow) D:\epicgames\gtav\gta5.exe => No File FirewallRules: [UDP Query User{4E1170B7-1D5E-4A6D-AA2A-4DA0752DA10F}D:\epicgames\gtav\gta5.exe] => (Allow) D:\epicgames\gtav\gta5.exe => No File FirewallRules: [TCP Query User{DAAE4E6D-B3DB-4FCA-B2BA-40A51E5DE600}D:\epicgames\callofthewildtheangler\cotwtheangler_egs.exe] => (Allow) D:\epicgames\callofthewildtheangler\cotwtheangler_egs.exe => No File FirewallRules: [UDP Query User{A8DF5EA5-2B12-4930-80CF-A5CE4BD83057}D:\epicgames\callofthewildtheangler\cotwtheangler_egs.exe] => (Allow) D:\epicgames\callofthewildtheangler\cotwtheangler_egs.exe => No File FirewallRules: [TCP Query User{EBEF7860-2D09-44A2-9D12-1A62EC96CAD5}D:\epicgames\rs2v\binaries\win64\vngame.exe] => (Allow) D:\epicgames\rs2v\binaries\win64\vngame.exe => No File FirewallRules: [UDP Query User{3F04AFB2-903F-4557-809C-AA2C222E3AC3}D:\epicgames\rs2v\binaries\win64\vngame.exe] => (Allow) D:\epicgames\rs2v\binaries\win64\vngame.exe => No File FirewallRules: [TCP Query User{CB7EC8AB-62B1-415F-9784-A1B0EADA3ED2}C:\users\vivek\appdata\local\discord\app-1.0.9201\discord.exe] => (Allow) C:\users\vivek\appdata\local\discord\app-1.0.9201\discord.exe => No File FirewallRules: [UDP Query User{15060340-B7D4-4142-A8BA-8E017D1F909D}C:\users\vivek\appdata\local\discord\app-1.0.9201\discord.exe] => (Allow) C:\users\vivek\appdata\local\discord\app-1.0.9201\discord.exe => No File FirewallRules: [TCP Query User{75B8B352-FD58-4CAF-82C9-07F6F94ADC3E}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.202.0_x64__2p2nqsd0c76g0\app\chatgpt.exe] => (Allow) C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.202.0_x64__2p2nqsd0c76g0\app\chatgpt.exe => No File FirewallRules: [UDP Query User{DEA0CC15-EB0B-4C2F-9BCA-667A8AA2014F}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.202.0_x64__2p2nqsd0c76g0\app\chatgpt.exe] => (Allow) C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.202.0_x64__2p2nqsd0c76g0\app\chatgpt.exe => No File FirewallRules: [{E6D77FCB-28EC-48FA-8555-829BB1F5BDE1}] => (Allow) D:\SteamLibrary\steamapps\common\Project Rogueteers\launcher\rs_launcher.exe => No File FirewallRules: [{7F03F825-287E-4665-B2C1-58C173B2F8BE}] => (Allow) D:\SteamLibrary\steamapps\common\Project Rogueteers\launcher\rs_launcher.exe => No File FirewallRules: [TCP Query User{582809D5-9982-406E-B9DB-DEA3E2D381FD}C:\users\vivek\appdata\local\discord\app-1.0.9202\discord.exe] => (Allow) C:\users\vivek\appdata\local\discord\app-1.0.9202\discord.exe => No File FirewallRules: [UDP Query User{A3303655-253E-4A99-AD1E-39958D90CB5B}C:\users\vivek\appdata\local\discord\app-1.0.9202\discord.exe] => (Allow) C:\users\vivek\appdata\local\discord\app-1.0.9202\discord.exe => No File FirewallRules: [TCP Query User{3CE0E69C-794F-4F67-8A03-6BDB2F0F057A}D:\steamlibrary\steamapps\common\glacier events\bf6event.exe] => (Allow) D:\steamlibrary\steamapps\common\glacier events\bf6event.exe => No File FirewallRules: [UDP Query User{59DC9031-C023-4FC9-97FB-52AB83C37229}D:\steamlibrary\steamapps\common\glacier events\bf6event.exe] => (Allow) D:\steamlibrary\steamapps\common\glacier events\bf6event.exe => No File FirewallRules: [TCP Query User{0B215258-AC32-4BF5-AA12-4006CA03C43B}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.224.0_x64__2p2nqsd0c76g0\app\chatgpt.exe] => (Allow) C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.224.0_x64__2p2nqsd0c76g0\app\chatgpt.exe => No File FirewallRules: [UDP Query User{5AC8A70D-57A6-4B27-A90C-9E3BA48BC73B}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.224.0_x64__2p2nqsd0c76g0\app\chatgpt.exe] => (Allow) C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.224.0_x64__2p2nqsd0c76g0\app\chatgpt.exe => No File FirewallRules: [TCP Query User{0362968D-580E-4EB7-AF93-98C827C0F8DA}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.258.0_x64__2p2nqsd0c76g0\app\chatgpt.exe] => (Block) C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.258.0_x64__2p2nqsd0c76g0\app\chatgpt.exe => No File FirewallRules: [UDP Query User{72D4C8C8-90FE-476B-9A7F-B3A8445C6E41}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.258.0_x64__2p2nqsd0c76g0\app\chatgpt.exe] => (Block) C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.258.0_x64__2p2nqsd0c76g0\app\chatgpt.exe => No File FirewallRules: [TCP Query User{B858E160-AE3A-44CB-A274-CC402F9F0CF3}C:\users\vivek\appdata\local\discord\app-1.0.9210\discord.exe] => (Allow) C:\users\vivek\appdata\local\discord\app-1.0.9210\discord.exe => No File FirewallRules: [UDP Query User{CD70C08D-BC5A-495E-BF5D-8BD3D5DD623A}C:\users\vivek\appdata\local\discord\app-1.0.9210\discord.exe] => (Allow) C:\users\vivek\appdata\local\discord\app-1.0.9210\discord.exe => No File FirewallRules: [TCP Query User{D7AE8DAE-90E6-4C57-831C-F6C8D810F53B}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe] => (Allow) C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe => No File FirewallRules: [UDP Query User{F3F2E003-BC5C-4DF2-A526-C85D243CC289}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe] => (Allow) C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe => No File FirewallRules: [{6DB2A2AC-EE7D-4088-9A3F-D360C36C7EF5}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File FirewallRules: [TCP Query User{4A5A942B-E9E3-4A40-8625-4AED62FF27CB}C:\users\vivek\appdata\local\discord\app-1.0.9220\discord.exe] => (Allow) C:\users\vivek\appdata\local\discord\app-1.0.9220\discord.exe => No File FirewallRules: [UDP Query User{D03E31B9-B027-4BDC-A369-05FA5F3FDFE9}C:\users\vivek\appdata\local\discord\app-1.0.9220\discord.exe] => (Allow) C:\users\vivek\appdata\local\discord\app-1.0.9220\discord.exe => No File FirewallRules: [{FC4F9EA8-58D1-493F-9784-70011F12B49C}] => (Allow) C:\Program Files\Razer\RazerAppEngine\app-4.0.660\RazerAppEngine.exe => No File FirewallRules: [TCP Query User{326433B9-D932-4AE4-9043-DF3DEAAE43FE}C:\program files (x86)\steam\steamapps\common\solar nations 2 demo\windows\twilightmodernity\binaries\win64\twilightmodernity.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\solar nations 2 demo\windows\twilightmodernity\binaries\win64\twilightmodernity.exe => No File FirewallRules: [UDP Query User{5C0A264E-B99D-4B43-98A8-84EEA317F744}C:\program files (x86)\steam\steamapps\common\solar nations 2 demo\windows\twilightmodernity\binaries\win64\twilightmodernity.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\solar nations 2 demo\windows\twilightmodernity\binaries\win64\twilightmodernity.exe => No File HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION C:\Users\vivek\AppData\Local\ChainedTogether\Saved\b2f4c6227584ba80234e82ef2a42e268 StartPowershell: # Replace /scanonly with /clean if you also want to delete items -- however, this will activate a trial license on the system, I do not recommend it $hmpExe = "$env:TEMP\HitmanPro_x64.exe" $logFile = "$env:TEMP\HitmanPro_ScanLog.txt" Invoke-WebRequest -Uri "https://dl.surfright.nl/HitmanPro_x64.exe" -OutFile $hmpExe -UseBasicParsing $proc = Start-Process $hmpExe -ArgumentList "/ews","/scanonly","/noinstall","/log=`"$logFile`"","/logtype=txt" -Wait -PassThru if (!(Test-Path $logFile)) { Write-Host "Scan failed (exit $($proc.ExitCode))"; exit 1 } Get-Content $logFile -Encoding Unicode EndPowershell: StartPowerShell: # Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console # Does not clean preinstalled objects, only PUP/Adware # If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument # If you would like to only scan with it, change the argument from /clean to /scan # NOTE: For the sake of users from Asia (primarily China), do not use the clean option. It will very likely remove a lot of their important software. New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden $logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt" Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile Get-Content $logFile -Encoding Unicode Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue EndPowerShell: Comment: Remove unwanted files from common folders using native removal power of Farbar to include remove on reboot if needed. Please double check the user does not have any applications incorrectly installed in the directories listed below. C:\ProgramData\*.a3x C:\ProgramData\*.ahk C:\ProgramData\*.au3 C:\ProgramData\*.bat C:\ProgramData\*.cab C:\ProgramData\*.cmd C:\ProgramData\*.com C:\ProgramData\*.dll C:\ProgramData\*.exe C:\ProgramData\*.hta C:\ProgramData\*.jar C:\ProgramData\*.js C:\ProgramData\*.jse C:\ProgramData\*.lnk C:\ProgramData\*.pif C:\ProgramData\*.ps1 C:\ProgramData\*.py C:\ProgramData\*.pyc C:\ProgramData\*.pyd C:\ProgramData\*.scr C:\ProgramData\*.tmp C:\ProgramData\*.vbe C:\ProgramData\*.vbs C:\ProgramData\*.wsf C:\ProgramData\*.wsh C:\ProgramData\*.zip C:\ProgramData\*.rar C:\ProgramData\*.7z C:\Users\*\AppData\Roaming\*.au3 C:\Users\*\AppData\Roaming\*.bat C:\Users\*\AppData\Roaming\*.cab C:\Users\*\AppData\Roaming\*.cmd C:\Users\*\AppData\Roaming\*.com C:\Users\*\AppData\Roaming\*.dll C:\Users\*\AppData\Roaming\*.exe C:\Users\*\AppData\Roaming\*.hta C:\Users\*\AppData\Roaming\*.jar C:\Users\*\AppData\Roaming\*.js C:\Users\*\AppData\Roaming\*.jse C:\Users\*\AppData\Roaming\*.lnk C:\Users\*\AppData\Roaming\*.pif C:\Users\*\AppData\Roaming\*.ps1 C:\Users\*\AppData\Roaming\*.py C:\Users\*\AppData\Roaming\*.pyc C:\Users\*\AppData\Roaming\*.pyd C:\Users\*\AppData\Roaming\*.scr C:\Users\*\AppData\Roaming\*.tmp C:\Users\*\AppData\Roaming\*.vbe C:\Users\*\AppData\Roaming\*.vbs C:\Users\*\AppData\Roaming\*.wsf C:\Users\*\AppData\Roaming\*.wsh C:\Users\*\AppData\Roaming\*.zip C:\Users\*\AppData\Roaming\*.rar C:\Users\*\AppData\Roaming\*.7z C:\Users\CurrentUserName\AppData\Local\*.a3x C:\Users\CurrentUserName\AppData\Local\*.ahk C:\Users\CurrentUserName\AppData\Local\*.au3 C:\Users\CurrentUserName\AppData\Local\*.bat C:\Users\CurrentUserName\AppData\Local\*.cab C:\Users\CurrentUserName\AppData\Local\*.cmd C:\Users\CurrentUserName\AppData\Local\*.com C:\Users\CurrentUserName\AppData\Local\*.dll C:\Users\CurrentUserName\AppData\Local\*.exe C:\Users\CurrentUserName\AppData\Local\*.hta C:\Users\CurrentUserName\AppData\Local\*.jar C:\Users\CurrentUserName\AppData\Local\*.js C:\Users\CurrentUserName\AppData\Local\*.jse C:\Users\CurrentUserName\AppData\Local\*.lnk C:\Users\CurrentUserName\AppData\Local\*.pif C:\Users\CurrentUserName\AppData\Local\*.ps1 C:\Users\CurrentUserName\AppData\Local\*.py C:\Users\CurrentUserName\AppData\Local\*.pyc C:\Users\CurrentUserName\AppData\Local\*.pyd C:\Users\CurrentUserName\AppData\Local\*.scr C:\Users\CurrentUserName\AppData\Local\*.tmp C:\Users\CurrentUserName\AppData\Local\*.vbe C:\Users\CurrentUserName\AppData\Local\*.vbs C:\Users\CurrentUserName\AppData\Local\*.wsf C:\Users\CurrentUserName\AppData\Local\*.wsh C:\Users\CurrentUserName\AppData\Local\*.zip C:\Users\CurrentUserName\AppData\Local\*.rar C:\Users\CurrentUserName\AppData\Local\*.7z C:\Users\CurrentUserName\AppData\Roaming\*.a3x C:\Users\CurrentUserName\AppData\Roaming\*.ahk C:\Users\CurrentUserName\AppData\Roaming\*.au3 C:\Users\CurrentUserName\AppData\Roaming\*.bat C:\Users\CurrentUserName\AppData\Roaming\*.cab C:\Users\CurrentUserName\AppData\Roaming\*.cmd C:\Users\CurrentUserName\AppData\Roaming\*.com C:\Users\CurrentUserName\AppData\Roaming\*.dll C:\Users\CurrentUserName\AppData\Roaming\*.exe C:\Users\CurrentUserName\AppData\Roaming\*.hta C:\Users\CurrentUserName\AppData\Roaming\*.jar C:\Users\CurrentUserName\AppData\Roaming\*.js C:\Users\CurrentUserName\AppData\Roaming\*.jse C:\Users\CurrentUserName\AppData\Roaming\*.lnk C:\Users\CurrentUserName\AppData\Roaming\*.pif C:\Users\CurrentUserName\AppData\Roaming\*.ps1 C:\Users\CurrentUserName\AppData\Roaming\*.py C:\Users\CurrentUserName\AppData\Roaming\*.pyc C:\Users\CurrentUserName\AppData\Roaming\*.pyd C:\Users\CurrentUserName\AppData\Roaming\*.scr C:\Users\CurrentUserName\AppData\Roaming\*.tmp C:\Users\CurrentUserName\AppData\Roaming\*.vbe C:\Users\CurrentUserName\AppData\Roaming\*.vbs C:\Users\CurrentUserName\AppData\Roaming\*.wsf C:\Users\CurrentUserName\AppData\Roaming\*.wsh C:\Users\CurrentUserName\AppData\Roaming\*.zip C:\Users\CurrentUserName\AppData\Roaming\*.rar C:\Users\CurrentUserName\AppData\Roaming\*.7z Comment: Force policy removal C:\Windows\System32\GroupPolicyUsers C:\Windows\System32\GroupPolicy Comment: System repair commands CMD: DISM.exe /Online /Cleanup-image /Restorehealth CMD: SFC.exe /scannow Comment: Network reset commands CMD: netsh int ip reset CMD: netsh int ipv6 reset CMD: ipconfig /flushDNS CMD: netsh winsock reset catalog Comment: Additional temp file removal C:\Windows\System32\config\systemprofile\AppData\Local\*.tmp C:\WINDOWS\system32\*.tmp C:\WINDOWS\syswow64\*.tmp C:\Users\CurrentUserName\AppData\Local\Temp\* C:\Windows\Temp\* C:\Windows\SystemTemp\* EmptyTemp: End::