content copied
content
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
R3 cpuz158; C:\Windows\temp\cpuz158\cpuz158_x64.sys [44576 2026-05-01] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
AlternateDataStreams: C:\Users\Ben\Downloads\adwcleaner.exe:MBAM.Zone.Identifier [141]
FirewallRules: [{9E42B474-9A42-4492-ABD1-A7121CE79465}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{EE63981E-FB00-472A-B18F-84C0C0DE5043}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{72758BEA-7618-4664-90A8-74F6E30A6FEF}] => (Allow) F:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{32D63EBC-5CC6-464B-BC96-2179D9C4C282}] => (Allow) F:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [TCP Query User{6082E952-F00B-4D00-99C8-4AF82476F3F0}C:\users\ben\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ben\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{1048FDEB-3EF4-4018-B4FF-24292DBA7882}C:\users\ben\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ben\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [{07EE08C4-55B0-4592-965B-12C4E2892F73}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{B26681A0-7DAC-47E4-9AC5-E773B25BB33D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{F5A6975A-D247-4DB7-9131-D71BA01B4138}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{CD449ADA-52DF-4FD2-9D8A-4AA514CDD647}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{780670F7-C522-491B-BE16-10F9D349FFA2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{FB6FC07A-6074-40C9-94FD-F78F43A0D3AA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{928ED54A-B8B1-401C-AF59-3B64405E4B0B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{FA4E2CE8-4EDA-4305-B5C2-1C045BDE9B09}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{37DDC85E-3366-48AC-966B-D3EE15CAC0B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{C4FA7814-C2AF-4F84-8408-67857F0742CE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [TCP Query User{34A870BF-5576-40AF-8A65-97E1F559F5B2}C:\users\ben\appdata\local\discord\app-1.0.9034\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9034\discord.exe => No File
FirewallRules: [UDP Query User{0C2A5B75-D329-47A9-A4C6-6FB4F5DC30DD}C:\users\ben\appdata\local\discord\app-1.0.9034\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9034\discord.exe => No File
FirewallRules: [TCP Query User{C041A168-A6C5-495B-A702-93A239371377}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{AD678A31-46EB-4514-AD7B-CEE90366B427}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{64005A48-41C4-4753-BE5E-6A974F28AA3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Tribe Must Survive\TheTribeMustSurvive\The Tribe Must Survive.exe => No File
FirewallRules: [{EAD50307-C7FF-4470-972E-8D8D2AEF079B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Tribe Must Survive\TheTribeMustSurvive\The Tribe Must Survive.exe => No File
FirewallRules: [{7FD84469-8C5C-4D85-BBF4-406129680EC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hades II\Ship\Hades2.exe => No File
FirewallRules: [{24109480-6101-47E4-B30B-908EC5A4F38D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hades II\Ship\Hades2.exe => No File
FirewallRules: [TCP Query User{A45846D2-D772-4203-AA17-D3F7000DAA3B}C:\program files (x86)\steam\steamapps\common\marvel rivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\marvel rivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File
FirewallRules: [UDP Query User{9B8C72DE-247C-4169-8FAF-FCB4646C3C8C}C:\program files (x86)\steam\steamapps\common\marvel rivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\marvel rivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File
FirewallRules: [{3EA3025C-3CA8-4BBC-A839-23544B7ECBA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Marine 2\Warhammer 40000 Space Marine 2.exe => No File
FirewallRules: [{9C1087D2-CB28-41CA-B17D-12A24485FB90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Marine 2\Warhammer 40000 Space Marine 2.exe => No File
FirewallRules: [TCP Query User{65DF2917-A331-412F-AFE5-7DCC5B22AA6B}C:\users\ben\appdata\local\discord\app-1.0.9163\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9163\discord.exe => No File
FirewallRules: [UDP Query User{8E425447-5143-4E9C-AE8A-575124445133}C:\users\ben\appdata\local\discord\app-1.0.9163\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9163\discord.exe => No File
FirewallRules: [{4A598ECD-50E6-4457-B29E-7E7C9BA7225D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KILL KNIGHT\Build.exe => No File
FirewallRules: [{754A5E6D-1EFE-445C-872B-D6EFAE55DC8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KILL KNIGHT\Build.exe => No File
FirewallRules: [{8D9FE667-3945-4443-8C33-42D746E5649E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Predator Hunting Grounds\SpaceFish\Binaries\Win64\SpaceFish.exe => No File
FirewallRules: [{BC120C76-EC2C-4FE1-B47C-850F21CCCEB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Predator Hunting Grounds\SpaceFish\Binaries\Win64\SpaceFish.exe => No File
FirewallRules: [TCP Query User{B5FFFD46-FD0B-4DDF-B7AE-73A919F4503A}C:\users\ben\appdata\local\discord\app-1.0.9166\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9166\discord.exe => No File
FirewallRules: [UDP Query User{B12160AE-2ACB-4555-8302-CD0B2073911C}C:\users\ben\appdata\local\discord\app-1.0.9166\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9166\discord.exe => No File
FirewallRules: [{4A8E837B-E1A0-4B07-9CC8-3B504F80E78C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER III\launcher\launcher.exe => No File
FirewallRules: [{B3AC6872-6AD8-459C-B46C-CAF5D3D000AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER III\launcher\launcher.exe => No File
FirewallRules: [TCP Query User{66CCC407-13F8-4DA0-9C7A-964F86C95779}C:\program files (x86)\steam\steamapps\common\total war warhammer iii\warhammer3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer iii\warhammer3.exe => No File
FirewallRules: [UDP Query User{2F9E6016-9882-47FA-A53B-72CD0D9D13C5}C:\program files (x86)\steam\steamapps\common\total war warhammer iii\warhammer3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer iii\warhammer3.exe => No File
FirewallRules: [{81ACF4BE-DE68-4901-AD50-16048C3A48B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Forgive Me Father 2\FMF2.exe => No File
FirewallRules: [{4BE200BE-3EB8-4C16-82CA-68A06677DFEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Forgive Me Father 2\FMF2.exe => No File
FirewallRules: [TCP Query User{604C2BD9-3448-49CE-9559-E4EA4A7CE0B2}C:\program files (x86)\steam\steamapps\common\forgive me father 2\fmf2\binaries\win64\fmf2-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\forgive me father 2\fmf2\binaries\win64\fmf2-win64-shipping.exe => No File
FirewallRules: [UDP Query User{D153D49C-5361-484C-904B-470C9DB76FAB}C:\program files (x86)\steam\steamapps\common\forgive me father 2\fmf2\binaries\win64\fmf2-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\forgive me father 2\fmf2\binaries\win64\fmf2-win64-shipping.exe => No File
FirewallRules: [TCP Query User{55E397B9-9082-4BA6-95A1-B0CF155852C8}G:\steamlibrary\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe] => (Allow) G:\steamlibrary\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe => No File
FirewallRules: [UDP Query User{CB4EA194-2741-442C-9F6B-53E61A4439F9}G:\steamlibrary\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe] => (Allow) G:\steamlibrary\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe => No File
FirewallRules: [{45DE6B67-CA9C-46C8-90B9-36B606B857C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MarvelRivals\MarvelRivals_Launcher.exe => No File
FirewallRules: [{4CA4DCF0-DFC1-4DBD-84B3-F86CB8870FDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MarvelRivals\MarvelRivals_Launcher.exe => No File
FirewallRules: [TCP Query User{9D841A69-3E67-4B94-A3F4-0EF4276C3FBF}C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File
FirewallRules: [UDP Query User{1E54212F-D0BB-4F58-A4A4-F3823B468FAF}C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File
FirewallRules: [TCP Query User{28E546DC-35B2-4A4B-85C2-A171A5D4AD3A}C:\users\ben\appdata\local\discord\app-1.0.9175\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9175\discord.exe => No File
FirewallRules: [UDP Query User{8143CB69-D649-4620-8474-C57DD019A232}C:\users\ben\appdata\local\discord\app-1.0.9175\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9175\discord.exe => No File
FirewallRules: [TCP Query User{480A2694-3901-481A-9DE9-7D7779CA369F}C:\xboxgames\chivalry 2\content\tbl\binaries\wingdk\chivalry2-wingdk-shipping.exe] => (Allow) C:\xboxgames\chivalry 2\content\tbl\binaries\wingdk\chivalry2-wingdk-shipping.exe => No File
FirewallRules: [UDP Query User{F9B4DD3E-5583-4E21-84FC-3CA29455FA6F}C:\xboxgames\chivalry 2\content\tbl\binaries\wingdk\chivalry2-wingdk-shipping.exe] => (Allow) C:\xboxgames\chivalry 2\content\tbl\binaries\wingdk\chivalry2-wingdk-shipping.exe => No File
FirewallRules: [{3B8A613B-2AAC-49F7-855B-D1B137A01EA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MonsterHunterWilds\MonsterHunterWilds.exe => No File
FirewallRules: [{B3F326DF-536A-48CF-A7B0-BA1E93BC89C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MonsterHunterWilds\MonsterHunterWilds.exe => No File
FirewallRules: [TCP Query User{D9E7E13A-BB79-427C-AF6F-3A2300AA343B}C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe => No File
FirewallRules: [UDP Query User{19551027-A745-412B-8005-79EEC80EA4ED}C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe => No File
FirewallRules: [TCP Query User{6A9A6FB8-B206-4C56-8194-5CBA083B9F02}C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3.exe => No File
FirewallRules: [UDP Query User{8D1DA914-5D5D-4CD0-B9E1-5989E266893A}C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3.exe => No File
FirewallRules: [TCP Query User{A60B0EF4-CE7E-45BB-9AA5-C4D1D7CC46B3}C:\program files (x86)\steam\steamapps\common\rematch playtest\runtime\binaries\win64\runtimeclient-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\rematch playtest\runtime\binaries\win64\runtimeclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{49EB2518-4796-4ABB-B360-9565B65BA953}C:\program files (x86)\steam\steamapps\common\rematch playtest\runtime\binaries\win64\runtimeclient-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\rematch playtest\runtime\binaries\win64\runtimeclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{CC3C96B8-D338-4DA2-A97D-C04DC4AE404D}C:\xboxgames\rematch\content\runtime\binaries\wingdk\runtimeclient-wingdk-shipping.exe] => (Allow) C:\xboxgames\rematch\content\runtime\binaries\wingdk\runtimeclient-wingdk-shipping.exe => No File
FirewallRules: [UDP Query User{839609F6-0742-4DFA-9294-8686D498FFEF}C:\xboxgames\rematch\content\runtime\binaries\wingdk\runtimeclient-wingdk-shipping.exe] => (Allow) C:\xboxgames\rematch\content\runtime\binaries\wingdk\runtimeclient-wingdk-shipping.exe => No File
FirewallRules: [{C712D0C6-DE61-4F4B-A471-83C4DEC269CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Suit for Hire\Suit4Hire\ThinWick.exe => No File
FirewallRules: [{56D690D1-9C89-4824-9849-E272E9DF6DD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Suit for Hire\Suit4Hire\ThinWick.exe => No File
FirewallRules: [TCP Query User{3309B1BB-DCA1-4808-90C7-5E120B66211A}C:\program files (x86)\steam\steamapps\common\suit for hire\suit4hire\thinwick\binaries\win64\thinwick-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\suit for hire\suit4hire\thinwick\binaries\win64\thinwick-win64-shipping.exe => No File
FirewallRules: [UDP Query User{49D86B73-5039-491D-959A-86B0311129A7}C:\program files (x86)\steam\steamapps\common\suit for hire\suit4hire\thinwick\binaries\win64\thinwick-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\suit for hire\suit4hire\thinwick\binaries\win64\thinwick-win64-shipping.exe => No File
FirewallRules: [{7BB5173D-A592-4D9D-A0AD-AA686DCAE898}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ready Or Not\Engine\Binaries\Win64\CrashReporter.exe => No File
FirewallRules: [{B72AB184-F48A-49E2-9608-97A12CB758DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ready Or Not\Engine\Binaries\Win64\CrashReporter.exe => No File
FirewallRules: [TCP Query User{2C713E0A-84CD-48C6-94B8-61B53E0E900C}C:\program files (x86)\steam\steamapps\common\hell clock\hell clock.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hell clock\hell clock.exe => No File
FirewallRules: [UDP Query User{90198E65-E06B-4DCF-8B57-46E285553010}C:\program files (x86)\steam\steamapps\common\hell clock\hell clock.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hell clock\hell clock.exe => No File
FirewallRules: [TCP Query User{161B13BF-E34C-4D58-8E18-BECE5F0B283A}C:\program files\guild wars 2\bin64\cef\cefhost.exe] => (Allow) C:\program files\guild wars 2\bin64\cef\cefhost.exe => No File
FirewallRules: [UDP Query User{93565C17-9E9C-435D-A0A6-F7393A2EC591}C:\program files\guild wars 2\bin64\cef\cefhost.exe] => (Allow) C:\program files\guild wars 2\bin64\cef\cefhost.exe => No File
FirewallRules: [{839FA72C-09FB-4065-A5BB-0529B0085D85}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.269.449.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{272C315B-38E7-458B-9F88-1CE93904F64A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.269.449.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{3D441982-2278-4F2C-8BA4-4787C4E61A9F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.269.449.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{2B7EEEF9-0E40-4DC5-833C-09ED22EBA1D1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.269.449.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{3D886FE5-203B-45FD-BD1B-EB21771E009E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.269.449.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{EDBFCE47-6AF9-4303-8A35-EEFFFCBDD28E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.269.449.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{46FB2FC9-0EBF-4BEB-9CAD-37B55A04C756}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.269.449.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{FA62C06E-A52C-4024-A9FC-893D9D583D60}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.269.449.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{903C14D7-BC15-416E-A43D-F02022F0351E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.269.449.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{E41585D7-B087-40DB-9FDE-CE7C13D56A11}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.269.449.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [TCP Query User{80EEE815-702C-4985-BC9A-2001B4CF80A5}C:\program files (x86)\steam\steamapps\common\glacier events\bf6event.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\glacier events\bf6event.exe => No File
FirewallRules: [UDP Query User{F26907E6-8292-437F-AA9C-A6F9CDF6AA42}C:\program files (x86)\steam\steamapps\common\glacier events\bf6event.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\glacier events\bf6event.exe => No File
FirewallRules: [TCP Query User{C6E8B6CC-C059-48AE-86DA-E44830553C4B}C:\program files (x86)\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{29D8BAEA-0648-49BF-8971-8978092D5F4A}C:\program files (x86)\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{7D975054-7E88-49A3-95E8-3343146839CA}C:\program files (x86)\steam\steamapps\common\skate\skate.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\skate\skate.exe => No File
FirewallRules: [UDP Query User{23C51D26-5D57-477D-8722-D5D8E534B570}C:\program files (x86)\steam\steamapps\common\skate\skate.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\skate\skate.exe => No File
FirewallRules: [{BADC891B-361D-4A4E-9E04-8F72168E94B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallen Aces\Tools\AceEd\AceEd.exe => No File
FirewallRules: [{08D4B432-5C44-4200-9440-92B90982AC92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallen Aces\Tools\AceEd\AceEd.exe => No File
FirewallRules: [{3F22D1A0-1B3D-4200-BFA9-B5D2A642D1C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallen Aces\Tools\Lead Pipe\LeadPipe.exe => No File
FirewallRules: [{F29C43C7-4C3D-4A46-A71C-EAD05E5F2EFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallen Aces\Tools\Lead Pipe\LeadPipe.exe => No File
FirewallRules: [{4D80E81F-12CC-4C13-8903-ECB1BA2EDD9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallen Aces\Tools\Mod Manager\Aces Mod Manager.exe => No File
FirewallRules: [{B64CDA63-1C09-420B-9F20-162B37AB4F47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallen Aces\Tools\Mod Manager\Aces Mod Manager.exe => No File
FirewallRules: [TCP Query User{8C4C7E06-4109-46AD-8538-AA3EAE281720}C:\program files (x86)\steam\steamapps\common\battlefield 6\bf6.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield 6\bf6.exe => No File
FirewallRules: [UDP Query User{2B3B98FD-ED26-40FB-A8C6-BBEFD90FD654}C:\program files (x86)\steam\steamapps\common\battlefield 6\bf6.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield 6\bf6.exe => No File
FirewallRules: [TCP Query User{5EB8349A-DD33-45A9-B6D6-76AF5F7A1064}C:\program files (x86)\diablo iv\diablo iv.exe] => (Allow) C:\program files (x86)\diablo iv\diablo iv.exe => No File
FirewallRules: [UDP Query User{EB1AA38D-BA07-4689-A324-DEA25BE0067B}C:\program files (x86)\diablo iv\diablo iv.exe] => (Allow) C:\program files (x86)\diablo iv\diablo iv.exe => No File
FirewallRules: [TCP Query User{D048AF52-0B4E-43FE-B56A-C32FFFED06C6}C:\users\ben\appdata\local\discord\app-1.0.9233\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9233\discord.exe => No File
FirewallRules: [UDP Query User{3C18C9F9-AA8A-4DBF-891C-336CA10A0299}C:\users\ben\appdata\local\discord\app-1.0.9233\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9233\discord.exe => No File
FirewallRules: [TCP Query User{92815102-E846-4AB5-9417-DDE877ABABA8}C:\users\ben\appdata\local\discord\app-1.0.9234\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9234\discord.exe => No File
FirewallRules: [UDP Query User{BE4EDA3E-BDC6-4BEC-BBCC-0F53EAF37D84}C:\users\ben\appdata\local\discord\app-1.0.9234\discord.exe] => (Allow) C:\users\ben\appdata\local\discord\app-1.0.9234\discord.exe => No File
HKU\S-1-5-21-2037030647-3268643156-1389443460-1001\...\Run: [electron.app.Grape] => C:\Users\Ben\AppData\Local\ProUtilMegaSoftlite\Grape.exe (No File)
S3 GoogleChromeElevationService; "C:\Program Files\Google\Chrome\Application\146.0.7680.165\elevation_service.exe" (No File)
S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\146.0.3856.84\elevation_service.exe" (No File)
StartPowerShell:
# Enable real-time protection
Set-MpPreference -DisableRealtimeMonitoring $false
# Enable behavioural protection
Set-MpPreference -DisableBehaviorMonitoring $false
# Enable PUP detection
Set-MpPreference -PUAProtection Enabled
# Enable cloud protection to level 4 - aggressively block unknowns and apply additional protection measures, alternatively use 2 for lower protection or 0 for default
Set-MpPreference -CloudBlockLevel 4
# Send advanced information about malicious/unwanted software present on your device
Set-MpPreference -MAPSReporting 2
# Send safe samples automatically to Microsoft
Set-MpPreference -SubmitSamplesConsent 1
# Enables inspection of HTTP traffic to detect malicious websites
Set-MpPreference -EnableNetworkProtection Enabled
# Enables block at first seen
Set-MpPreference -DisableBlockAtFirstSeen $false
# Allows scanning of archive files, such as .zip and .cab files for malware/PUP
Set-MpPreference -DisableArchiveScanning $false
# Enables automatic scanning of USB & removal drives
Set-MpPreference -DisableRemovableDriveScanning $false
# Enables scanning of network files
Set-MpPreference -DisableScanningNetworkFiles $false
# Forces signature check before running a scan
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true
# Extends cloud check timer from default 10 to 30 seconds
Set-MpPreference -CloudExtendedTimeout 30
# Enables automatic scanning of all downloaded files and attachments
Set-MpPreference -DisableIOAVProtection $false
# Enables script detection
Set-MpPreference -DisableScriptScanning $false
# Disables automatic exclusions from scanning
Set-MpPreference -DisableAutoExclusions 1
# Enables scanning of mapped network drives
Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan 0
# Enables scanning of email files
Set-MpPreference -DisableEmailScanning 0
# Enables blocking of malicious domains and IP's on DNS level
Set-MpPreference -EnableDnsSinkhole $true
# Enables signature updates every 12 hours
Set-MpPreference -SignatureUpdateInterval 12
# Enables automatic quarantine for threats labelled as high and severe
Set-MpPreference -HighThreatDefaultAction Quarantine
Set-MpPreference -SevereThreatDefaultAction Quarantine
# Updates signatures
Update-MpSignature
EndPowerShell:
StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
$a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
$a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}
Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:
StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan
New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:
Comment: Remove unwanted files from common folders using native removal power of Farbar to include remove on reboot if needed
C:\ProgramData\*.a3x
C:\ProgramData\*.ahk
C:\ProgramData\*.au3
C:\ProgramData\*.bat
C:\ProgramData\*.cab
C:\ProgramData\*.cmd
C:\ProgramData\*.com
C:\ProgramData\*.dll
C:\ProgramData\*.exe
C:\ProgramData\*.hta
C:\ProgramData\*.jar
C:\ProgramData\*.js
C:\ProgramData\*.jse
C:\ProgramData\*.lnk
C:\ProgramData\*.pif
C:\ProgramData\*.ps1
C:\ProgramData\*.py
C:\ProgramData\*.pyc
C:\ProgramData\*.pyd
C:\ProgramData\*.scr
C:\ProgramData\*.tmp
C:\ProgramData\*.vbe
C:\ProgramData\*.vbs
C:\ProgramData\*.wsf
C:\ProgramData\*.wsh
C:\ProgramData\*.zip
C:\Users\*\AppData\Roaming\*.au3
C:\Users\*\AppData\Roaming\*.bat
C:\Users\*\AppData\Roaming\*.cab
C:\Users\*\AppData\Roaming\*.cmd
C:\Users\*\AppData\Roaming\*.com
C:\Users\*\AppData\Roaming\*.dll
C:\Users\*\AppData\Roaming\*.exe
C:\Users\*\AppData\Roaming\*.hta
C:\Users\*\AppData\Roaming\*.jar
C:\Users\*\AppData\Roaming\*.js
C:\Users\*\AppData\Roaming\*.jse
C:\Users\*\AppData\Roaming\*.lnk
C:\Users\*\AppData\Roaming\*.pif
C:\Users\*\AppData\Roaming\*.ps1
C:\Users\*\AppData\Roaming\*.py
C:\Users\*\AppData\Roaming\*.pyc
C:\Users\*\AppData\Roaming\*.pyd
C:\Users\*\AppData\Roaming\*.scr
C:\Users\*\AppData\Roaming\*.tmp
C:\Users\*\AppData\Roaming\*.vbe
C:\Users\*\AppData\Roaming\*.vbs
C:\Users\*\AppData\Roaming\*.wsf
C:\Users\*\AppData\Roaming\*.wsh
C:\Users\*\AppData\Roaming\*.zip
C:\Users\CurrentUserName\AppData\Local\*.a3x
C:\Users\CurrentUserName\AppData\Local\*.ahk
C:\Users\CurrentUserName\AppData\Local\*.au3
C:\Users\CurrentUserName\AppData\Local\*.bat
C:\Users\CurrentUserName\AppData\Local\*.cab
C:\Users\CurrentUserName\AppData\Local\*.cmd
C:\Users\CurrentUserName\AppData\Local\*.com
C:\Users\CurrentUserName\AppData\Local\*.dll
C:\Users\CurrentUserName\AppData\Local\*.exe
C:\Users\CurrentUserName\AppData\Local\*.hta
C:\Users\CurrentUserName\AppData\Local\*.jar
C:\Users\CurrentUserName\AppData\Local\*.js
C:\Users\CurrentUserName\AppData\Local\*.jse
C:\Users\CurrentUserName\AppData\Local\*.lnk
C:\Users\CurrentUserName\AppData\Local\*.pif
C:\Users\CurrentUserName\AppData\Local\*.ps1
C:\Users\CurrentUserName\AppData\Local\*.py
C:\Users\CurrentUserName\AppData\Local\*.pyc
C:\Users\CurrentUserName\AppData\Local\*.pyd
C:\Users\CurrentUserName\AppData\Local\*.scr
C:\Users\CurrentUserName\AppData\Local\*.tmp
C:\Users\CurrentUserName\AppData\Local\*.vbe
C:\Users\CurrentUserName\AppData\Local\*.vbs
C:\Users\CurrentUserName\AppData\Local\*.wsf
C:\Users\CurrentUserName\AppData\Local\*.wsh
C:\Users\CurrentUserName\AppData\Local\*.zip
C:\Users\CurrentUserName\AppData\Roaming\*.a3x
C:\Users\CurrentUserName\AppData\Roaming\*.ahk
C:\Users\CurrentUserName\AppData\Roaming\*.au3
C:\Users\CurrentUserName\AppData\Roaming\*.bat
C:\Users\CurrentUserName\AppData\Roaming\*.cab
C:\Users\CurrentUserName\AppData\Roaming\*.cmd
C:\Users\CurrentUserName\AppData\Roaming\*.com
C:\Users\CurrentUserName\AppData\Roaming\*.dll
C:\Users\CurrentUserName\AppData\Roaming\*.exe
C:\Users\CurrentUserName\AppData\Roaming\*.hta
C:\Users\CurrentUserName\AppData\Roaming\*.jar
C:\Users\CurrentUserName\AppData\Roaming\*.js
C:\Users\CurrentUserName\AppData\Roaming\*.jse
C:\Users\CurrentUserName\AppData\Roaming\*.lnk
C:\Users\CurrentUserName\AppData\Roaming\*.pif
C:\Users\CurrentUserName\AppData\Roaming\*.ps1
C:\Users\CurrentUserName\AppData\Roaming\*.py
C:\Users\CurrentUserName\AppData\Roaming\*.pyc
C:\Users\CurrentUserName\AppData\Roaming\*.pyd
C:\Users\CurrentUserName\AppData\Roaming\*.scr
C:\Users\CurrentUserName\AppData\Roaming\*.tmp
C:\Users\CurrentUserName\AppData\Roaming\*.vbe
C:\Users\CurrentUserName\AppData\Roaming\*.vbs
C:\Users\CurrentUserName\AppData\Roaming\*.wsf
C:\Users\CurrentUserName\AppData\Roaming\*.wsh
C:\Users\CurrentUserName\AppData\Roaming\*.zip
C:\Windows\System32\config\systemprofile\AppData\Local\*.tmp
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
C:\Windows\System32\GroupPolicyUsers
C:\Windows\System32\GroupPolicy
CMD: DISM.exe /Online /Cleanup-image /Restorehealth
CMD: SFC.exe /scannow
CMD: netsh int ip reset
CMD: netsh int ipv6 reset
CMD: ipconfig /flushDNS
CMD: netsh winsock reset catalog
C:\Users\CurrentUserName\AppData\Local\Temp\*
C:\Windows\Temp\*
C:\Windows\SystemTemp\*
EmptyTemp:
End::
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.