content copied
content
Start
CreateRestorePoint:
CloseProcesses:
(svchost.exe ->) (StruSoft AB -> StruSoft AB) C:\Users\jsnip\vi.exe\fdupdate.exe
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-3657836926-1678181867-2864478933-1002\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-3657836926-1678181867-2864478933-1002\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-3657836926-1678181867-2864478933-1002\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-3657836926-1678181867-2864478933-1002\Software\Classes\.cmd: => <==== ATTENTION
CMD: type "C:\Users\jsnip\test.js"
C:\Users\jsnip\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
C:\Users\jsnip\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho
C:\Users\jsnip\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fheoggkfdfchfphceeifdbepaooicaho
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
2026-05-20 22:36 - 2025-06-04 23:01 - 000000000 ____D C:\Users\jsnip\AppData\Roaming\RenPy
HKU\S-1-5-21-3657836926-1678181867-2864478933-1002\...\Run: [FEM Designer Updater] => C:\Users\jsnip\vi.exe\fdupdate.exe [573768 2026-05-21] (StruSoft AB -> StruSoft AB) <==== ATTENTION
HKU\S-1-5-21-3657836926-1678181867-2864478933-1002\...\Run: [FEM Designer] => C:\Users\jsnip\uw.exe\fdsec.exe [564544 2026-05-21] (StruSoft AB -> StruSoft AB) <==== ATTENTION
Task: {0BB8328E-7A8F-40D2-978E-1B13B3879BEA} - System32\Tasks\FEM Designer Updater => C:\Users\jsnip\vi.exe\fdupdate.exe [573768 2026-05-21] (StruSoft AB -> StruSoft AB) <==== ATTENTION
2026-05-20 23:05 - 2026-05-20 23:05 - 000003410 _____ C:\Windows\system32\Tasks\FEM Designer Updater
2026-05-20 23:51 - 2026-05-20 23:55 - 000000000 ____D C:\Users\jsnip\uw.exe
2026-05-20 23:51 - 2026-05-20 23:51 - 000000000 ____D C:\Users\jsnip\AppData\Roaming\StruSoft
2026-05-20 22:50 - 2026-05-20 22:50 - 000000000 ____D C:\Users\jsnip\AppData\Local\Yandex
2026-05-20 22:49 - 2026-05-20 22:49 - 000000000 ____D C:\Users\jsnip\vi.exe
2026-05-20 22:41 - 2026-05-20 22:41 - 000000000 ____D C:\Users\jsnip\sx.exe
HKU\S-1-5-21-3657836926-1678181867-2864478933-1002\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-3657836926-1678181867-2864478933-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\jsnip\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-3657836926-1678181867-2864478933-1002\...\MountPoints2: {dfb2674b-25d2-11ec-bc52-ec2e98161236} - "D:\OnePlus_setup.exe" /s
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level (No File)
S3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe" (No File)
S3 EAAntiCheat; system32\drivers\eaanticheat.sys (No File)
S4 NvModuleTracker; \SystemRoot\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_ea6cec41fc5b2a8b\NvModuleTracker.sys (No File)
CustomCLSID: HKU\S-1-5-21-3657836926-1678181867-2864478933-1002_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> "C:\Program Files\HandBrake\HandBrake.exe" -ToastActivated => No File
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [9466]
FirewallRules: [{1A10CF45-5C69-4AAD-B10B-4E111184E357}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{54770D8A-4267-46BC-9293-AE71CEF711C9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{8AE3378F-B99C-4245-961E-5BF0349C6C16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sekiro\Artwork_MiniSoundtrack\DigitalArtwork_MiniSoundtrack.exe => No File
FirewallRules: [{EFF1D7D3-9EEC-4536-9F3E-862FE220A24D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sekiro\Artwork_MiniSoundtrack\DigitalArtwork_MiniSoundtrack.exe => No File
FirewallRules: [TCP Query User{E6DC417F-9150-405A-BB29-7BB07A405584}C:\users\jsnip\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\jsnip\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe => No File
FirewallRules: [UDP Query User{30291893-E0D3-4CCE-8DE2-79706C9F5CB2}C:\users\jsnip\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\jsnip\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe => No File
FirewallRules: [{0743A508-293D-4793-998C-8870DFB40C28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TotallyAccurateBattlegrounds\TotallyAccurateBattlegrounds.exe => No File
FirewallRules: [{DB767F28-A660-4CB7-9FFA-2F8F32F47CFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TotallyAccurateBattlegrounds\TotallyAccurateBattlegrounds.exe => No File
FirewallRules: [TCP Query User{F6DA740A-2E6C-4BCE-9003-B931F6FBC27A}D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3.exe] => (Allow) D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3.exe => No File
FirewallRules: [UDP Query User{EE97620E-817C-4324-84C6-1D2E79FCBE0F}D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3.exe] => (Allow) D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3.exe => No File
FirewallRules: [TCP Query User{531BC1D6-F871-4436-B8D3-93061CD1B54E}D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe => No File
FirewallRules: [UDP Query User{CE4510DE-4375-4668-800B-761617635BE0}D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe => No File
FirewallRules: [{9FE39CC2-810B-4CD9-9E9F-B225B0B61D16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe => No File
FirewallRules: [{24011A7A-EC2A-4BC2-A901-D839EAACD4D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe => No File
FirewallRules: [TCP Query User{3A0C33BC-8500-417B-8FAD-AB52ECDED3F9}D:\steamlibrary\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe] => (Block) D:\steamlibrary\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe => No File
FirewallRules: [UDP Query User{7B855271-9FA7-4758-855A-D53B47189F9A}D:\steamlibrary\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe] => (Block) D:\steamlibrary\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe => No File
FirewallRules: [{AD1FB194-9CB1-4519-AB5B-693724B179D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe => No File
FirewallRules: [{3919175B-16BE-4241-9308-3F6E30AFEBF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe => No File
FirewallRules: [{C4BC708B-30EA-4151-968E-06F12A31D9A9}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{F20AF124-7F5D-472E-B1EC-D408BB200AFA}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{D4E0AD32-0A92-45BD-A233-C395B6CDA065}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{FA7358F1-3185-4935-8C5B-4A4EB3F370B6}] => (Allow) D:\SteamLibrary\steamapps\common\The Dark Pictures Anthology - Man of Medan\SMG019\Binaries\Win64\ManOfMedanTrial-Win64-Shipping.exe => No File
FirewallRules: [{1796B7CE-69E6-4302-BB00-71C59969FE16}] => (Allow) D:\SteamLibrary\steamapps\common\The Dark Pictures Anthology - Man of Medan\SMG019\Binaries\Win64\ManOfMedanTrial-Win64-Shipping.exe => No File
FirewallRules: [{A3483F07-D51F-4638-8EB6-8E65B1622985}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [{6DBC307D-8FF8-4322-84BD-DBF51595C422}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [{2BD1404A-A484-4FA5-B14F-C47217E13C0B}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [{1F86402D-D0AF-4B93-8D90-3160A01C8787}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [TCP Query User{CC537B0D-FEF9-4B77-832B-644344EAA46C}D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3.exe] => (Allow) D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3.exe => No File
FirewallRules: [UDP Query User{FE7A7C6D-69AC-43DA-BDED-90D2B04D2891}D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3.exe] => (Allow) D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3.exe => No File
FirewallRules: [{4489F153-AA1C-430B-8209-5EA574F9F5BC}] => (Allow) D:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe => No File
FirewallRules: [{95DA5C97-2DD9-4714-B02D-6DE2DED8E025}] => (Allow) D:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe => No File
FirewallRules: [{9958A399-5ADD-4ADC-AEAB-D5518832EB6B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{8549F2F7-BABE-4FC5-BE75-2E57943567BF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{C8271C31-B1A1-48E4-8687-AF24BBB98E84}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{832DBCEB-89BE-4658-97FE-C4A46A80640C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{418FC5A7-0D22-4E37-9CD2-80EC351FE7FD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{735FD85A-6368-43CF-8563-081FCC075DBA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{8CD1BF70-36F7-4BB7-9FDC-767C31A27BB9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{270D072A-5945-4A3F-B7A2-B669E26E6690}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{92DEEE53-52B1-40CB-A63F-FB36DBB50241}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{676B4B79-E0A7-4072-AF14-083E36580EE7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [TCP Query User{753CAAB6-90E0-4AB1-8A1F-76DBBDC8E5D1}D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe => No File
FirewallRules: [UDP Query User{55812DE3-2FAC-4F00-A1C1-01CB07389973}D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe => No File
FirewallRules: [TCP Query User{EE64AF5D-7A79-452A-B514-141CDE9E39C1}C:\users\jsnip\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\jsnip\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe => No File
FirewallRules: [UDP Query User{8D21AEF1-63B4-4AA6-8520-169656D83DAA}C:\users\jsnip\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\jsnip\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe => No File
FirewallRules: [TCP Query User{F779D6DC-009B-4246-BDD1-998FF5D47195}C:\users\jsnip\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\jsnip\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe => No File
FirewallRules: [UDP Query User{06F9347B-700D-411A-B3CE-5071A3B8CEE7}C:\users\jsnip\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\jsnip\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe => No File
FirewallRules: [{06436B89-5869-42C3-8681-E09DCEAF385F}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe => No File
FirewallRules: [{7BF46D1D-6CD4-475C-8A1A-C65C038D963C}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe => No File
FirewallRules: [{A01860CC-D216-4A2B-B8A7-99D6934538E0}] => (Allow) D:\SteamLibrary\steamapps\common\Satisfactory\FactoryGame.exe => No File
FirewallRules: [{269D3D62-8324-42D7-B5D2-130B26D6C2B4}] => (Allow) D:\SteamLibrary\steamapps\common\Satisfactory\FactoryGame.exe => No File
FirewallRules: [TCP Query User{30CAD7AA-80FC-4B04-BA0E-00A2EF2A1CBE}D:\steamlibrary\steamapps\common\satisfactory\engine\binaries\win64\factorygame-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\satisfactory\engine\binaries\win64\factorygame-win64-shipping.exe => No File
FirewallRules: [UDP Query User{546E1FB9-CD8E-41DC-8466-3F15DDBC3FB8}D:\steamlibrary\steamapps\common\satisfactory\engine\binaries\win64\factorygame-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\satisfactory\engine\binaries\win64\factorygame-win64-shipping.exe => No File
FirewallRules: [TCP Query User{5B03D039-7C4A-4B3C-962B-163B9749D78C}D:\steamlibrary\steamapps\common\conan exiles\conansandbox\binaries\win64\conansandbox.exe] => (Allow) D:\steamlibrary\steamapps\common\conan exiles\conansandbox\binaries\win64\conansandbox.exe => No File
FirewallRules: [UDP Query User{A47DA976-5871-49EC-9750-6A04A242B98F}D:\steamlibrary\steamapps\common\conan exiles\conansandbox\binaries\win64\conansandbox.exe] => (Allow) D:\steamlibrary\steamapps\common\conan exiles\conansandbox\binaries\win64\conansandbox.exe => No File
FirewallRules: [TCP Query User{952D43D9-DDAF-47BF-8EF4-B89F354A0CED}C:\users\jsnip\appdata\roaming\vortex\stardewvalley\mods\smapi 4.0.8-2400-4-0-8-1713751744\stardewmoddingapi.exe] => (Allow) C:\users\jsnip\appdata\roaming\vortex\stardewvalley\mods\smapi 4.0.8-2400-4-0-8-1713751744\stardewmoddingapi.exe => No File
FirewallRules: [UDP Query User{0087E275-6274-43C7-9AA0-B3C393ADC82E}C:\users\jsnip\appdata\roaming\vortex\stardewvalley\mods\smapi 4.0.8-2400-4-0-8-1713751744\stardewmoddingapi.exe] => (Allow) C:\users\jsnip\appdata\roaming\vortex\stardewvalley\mods\smapi 4.0.8-2400-4-0-8-1713751744\stardewmoddingapi.exe => No File
FirewallRules: [TCP Query User{6D43D39E-7520-48C0-A12C-6220AF9F9E38}C:\users\jsnip\curseforge\minecraft\install\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe] => (Block) C:\users\jsnip\curseforge\minecraft\install\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe => No File
FirewallRules: [UDP Query User{241E8F56-C7D8-4B46-8A96-E18F4D715B30}C:\users\jsnip\curseforge\minecraft\install\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe] => (Block) C:\users\jsnip\curseforge\minecraft\install\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7422FF09-0110-4127-A620-462D2332362C}C:\program files\ea games\skate\skate.exe] => (Allow) C:\program files\ea games\skate\skate.exe => No File
FirewallRules: [UDP Query User{FB2BB719-F858-438D-A0EE-E9B0DA5C797B}C:\program files\ea games\skate\skate.exe] => (Allow) C:\program files\ea games\skate\skate.exe => No File
FirewallRules: [{CCA4A729-916A-47ED-A3DD-F88C91C2B936}] => (Allow) D:\SteamLibrary\steamapps\common\CRSED\eaccrlauncher.exe => No File
FirewallRules: [{E0080F22-A811-484C-82C2-6AC9BE774B04}] => (Allow) D:\SteamLibrary\steamapps\common\CRSED\eaccrlauncher.exe => No File
FirewallRules: [TCP Query User{7F2C3981-EC46-4415-832B-1C585F141FD2}D:\steamlibrary\steamapps\common\halo infinite\game\haloinfinite.exe] => (Allow) D:\steamlibrary\steamapps\common\halo infinite\game\haloinfinite.exe => No File
FirewallRules: [UDP Query User{441F39A3-6713-4E9D-9CCA-7D37BCB1C568}D:\steamlibrary\steamapps\common\halo infinite\game\haloinfinite.exe] => (Allow) D:\steamlibrary\steamapps\common\halo infinite\game\haloinfinite.exe => No File
FirewallRules: [{0D8E063A-9A4D-46E7-B336-7A73800F6D6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Splitgate 2\PortalWars2\Binaries\Win64\PortalWars2Client-Win64-Shipping.exe => No File
FirewallRules: [{A2034B33-9EA2-4CCC-9619-1C0B4E29DE43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Splitgate 2\PortalWars2\Binaries\Win64\PortalWars2Client-Win64-Shipping.exe => No File
FirewallRules: [TCP Query User{93E09F6F-1BEC-4574-BC4F-5E31DD6C21DB}C:\users\jsnip\appdata\local\wand\app-12.7.0\wand.exe] => (Allow) C:\users\jsnip\appdata\local\wand\app-12.7.0\wand.exe => No File
FirewallRules: [UDP Query User{0037229F-8849-4C0B-8857-333EE0DF7EAA}C:\users\jsnip\appdata\local\wand\app-12.7.0\wand.exe] => (Allow) C:\users\jsnip\appdata\local\wand\app-12.7.0\wand.exe => No File
FirewallRules: [TCP Query User{DFAF56A2-E6A0-4D77-A638-652AE71A6BE3}C:\users\jsnip\appdata\local\wand\app-12.8.0\wand.exe] => (Allow) C:\users\jsnip\appdata\local\wand\app-12.8.0\wand.exe => No File
FirewallRules: [UDP Query User{DA952024-6D1F-4C54-B761-1218CAE16EDF}C:\users\jsnip\appdata\local\wand\app-12.8.0\wand.exe] => (Allow) C:\users\jsnip\appdata\local\wand\app-12.8.0\wand.exe => No File
FirewallRules: [TCP Query User{4890BD09-4C88-42BA-B919-9E102834F64F}C:\users\jsnip\appdata\local\discord\app-1.0.9220\discord.exe] => (Allow) C:\users\jsnip\appdata\local\discord\app-1.0.9220\discord.exe => No File
FirewallRules: [UDP Query User{1169E18E-787A-4A29-997D-9A14EE8E0D7D}C:\users\jsnip\appdata\local\discord\app-1.0.9220\discord.exe] => (Allow) C:\users\jsnip\appdata\local\discord\app-1.0.9220\discord.exe => No File
FirewallRules: [TCP Query User{F96F24D7-A830-429A-ABAA-C9B666AC5053}C:\users\jsnip\onedrive\documents\tgames\the mortuary assistant\the mortuary assistant.exe] => (Allow) C:\users\jsnip\onedrive\documents\tgames\the mortuary assistant\the mortuary assistant.exe => No File
FirewallRules: [UDP Query User{2654AD2C-BF11-425E-9A6C-EA1851BD1443}C:\users\jsnip\onedrive\documents\tgames\the mortuary assistant\the mortuary assistant.exe] => (Allow) C:\users\jsnip\onedrive\documents\tgames\the mortuary assistant\the mortuary assistant.exe => No File
FirewallRules: [{B8579988-3A1A-483E-91BD-148B1C07BB14}] => (Allow) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File
FirewallRules: [{A94CB1D2-452C-4F8E-B0E0-1C92B72DE90A}] => (Allow) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File
FirewallRules: [{0B4EE667-38B4-43BA-904E-7CC5FAD9197E}] => (Block) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File
FirewallRules: [{094CD2F5-F269-4876-9B06-A35BAA251254}] => (Block) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File
File: C:\BakkesMod\BakkesMod.exe;C:\Users\jsnip\AppData\Local\Programs\untapped-companion\Untapped.gg Companion.exe;C:\Users\jsnip\AppData\Local\Programs\untapped-companion\resources\app.asar.unpacked\node_modules\lzma-native\prebuilds\win32-x64\liblzma.dll
Folder: C:\Users\jsnip\OneDrive\Desktop\Cream
Folder: C:\Users\jsnip\AppData\Local\Programs
C:\Users\jsnip\AppData\Roaming\EA\AC\c699c10d063e11943b80372d99fb5a78
Powershell: Get-ScheduledTask | select -first 30 | Get-ScheduledTaskInfo
Powershell: @("$env:APPDATA","$env:LOCALAPPDATA") | ForEach-Object { Get-ChildItem $_ -Recurse -Filter "index.js" -ErrorAction SilentlyContinue } | Where-Object { $_.FullName -match "discord_desktop_core" } | ForEach-Object { Write-Host "--- $($_.FullName) ---"; (Get-Content $_.FullName -Raw).Substring(0,[Math]::Min(2000,(Get-Content $_.FullName -Raw).Length)) }
Powershell: (Get-ItemProperty "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU" -ErrorAction SilentlyContinue).PSObject.Properties | Where-Object { $_.Name -match "^[a-z]$" } | ForEach-Object { Write-Host "$($_.Name): $($_.Value)" }
C:\WINDOWS\Temp\*
C:\WINDOWS\SystemTemp\*
C:\Users\jsnip\AppData\Local\Temp\*
StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan
New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:
StartPowershell:
# Replace /scanonly with /clean if you also want to delete items -- however, this will activate a trial license on the system, I do not recommend it
$hmpExe = "$env:TEMP\HitmanPro_x64.exe"
$logFile = "$env:TEMP\HitmanPro_ScanLog.txt"
Invoke-WebRequest -Uri "https://dl.surfright.nl/HitmanPro_x64.exe" -OutFile $hmpExe -UseBasicParsing
$proc = Start-Process $hmpExe -ArgumentList "/ews","/scanonly","/noinstall","/log=`"$logFile`"","/logtype=txt" -Wait -PassThru
if (!(Test-Path $logFile)) { Write-Host "Scan failed (exit $($proc.ExitCode))"; exit 1 }
Get-Content $logFile -Encoding Unicode
EndPowershell:
StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
$a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
$a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}
Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:
cmd: del %temp%\*.* /f /s /q
cmd: rd /s /q %temp%
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
End
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.