content copied
content
Start::
CreateRestorePoint:
CloseProcesses:
D:\Dragonkin The Banished v1 2 64 53721-OFME
HKU\S-1-5-21-481162469-4243654991-1736207878-1001\...\Run: [AMDNoiseSuppression] => "C:\WINDOWS\system32\AMD\ANR\AMDNoiseSuppression.exe" (No File)
Task: {9B753AD3-F4FD-4801-9263-8B2689B1623E} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe --delay (No File)
Task: {93DC9CC4-FE27-4DC3-BBD3-298D4CA99F77} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {9252F852-CD65-4FB2-BCA8-F045DC2D219D} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe /s (No File)
2023-05-16 00:40 - 2023-05-16 00:40 - 000005382 _____ () C:\Users\ahmad\AppData\Local\91114846003
2023-02-08 16:29 - 2023-02-08 16:29 - 000005414 _____ () C:\Users\ahmad\AppData\Local\93086452306
CustomCLSID: HKU\S-1-5-21-481162469-4243654991-1736207878-1001_Classes\CLSID\{21211829-c056-cb61-257b-8c61c4fbb5e5}\localserver32 -> "C:\Program Files\ASUS\Virtual Pet\Virtual Pet.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-481162469-4243654991-1736207878-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\ahmad\AppData\Local\Kingsoft\WPS Office\12.2.0.18607\office6\kwpsmenushellext64.dll => No File
ContextMenuHandlers1_S-1-5-21-481162469-4243654991-1736207878-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\ahmad\AppData\Local\Kingsoft\WPS Office\12.2.0.18607\office6\kwpsmenushellext64.dll -> No File
ContextMenuHandlers4_S-1-5-21-481162469-4243654991-1736207878-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\ahmad\AppData\Local\Kingsoft\WPS Office\12.2.0.18607\office6\kwpsmenushellext64.dll -> No File
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [5146]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [5146]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\draw.io.lnk:803345E73D [4290]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [5146]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [4290]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk:C5112377E0 [5146]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [5146]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook (classic).lnk:BE800952D3 [5146]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [5146]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk:104946E0EA [5146]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk:7D9589121D [5146]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [3516]
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-481162469-4243654991-1736207878-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-481162469-4243654991-1736207878-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-481162469-4243654991-1736207878-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-481162469-4243654991-1736207878-1001\Software\Classes\.cmd: => <==== ATTENTION
cmd: sfc /scannow
cmd: DISM.exe /Online /Cleanup-image /Restorehealth
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
RemoveProxy:
EmptyTemp:
End::
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.