Start::
CreateRestorePoint:
CloseProcesses:
File: C:\Windows\AAct_Tools\AAct.exe
Task: {56834795-CA66-4FDA-9BEA-701189CABDCD} - System32\Tasks\Windows Service Task => C:\Users\ACER\AppData\Local\Updates\WindowsService.exe [67072 2024-03-23] () [File not signed] <==== ATTENTION
2026-06-05 15:24 - 2024-12-15 11:26 - 000000000 ____D C:\Users\ACER\AppData\Local\Updates
CHR Extension: (Free VPN for Chrome - VPN Proxy VeePN) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\majdfhpaihoncoakbjgbdhglocklcgno [2026-05-18]
BRA Extension: (Free VPN for Chrome - VPN Proxy VeePN) - C:\Users\ACER\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\majdfhpaihoncoakbjgbdhglocklcgno [2026-05-24]
Task: {2452A984-881E-4F92-A794-495CBE2B0A8C} - System32\Tasks\CCleaner Update => D:\Program Files\CCUpdate.exe  (No File) <==== ATTENTION
Task: {729BB6AA-4041-4DCD-ABDD-4836A1F1F69C} - System32\Tasks\CosmosMigrate => "C:\Program Files\Chaos\Cosmos\migrate.bat"  (No File) <==== ATTENTION
Task: {70FCEE95-35F5-4E11-A81C-033BD72AE5E7} - System32\Tasks\CosmosStart => "C:\Program Files\Chaos\Cosmos\start.bat"  (No File) <==== ATTENTION
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe  (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Edge HKU\S-1-5-21-1045491263-157108934-2281518094-1002\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx <not found>
S2 CCleanerPerformanceOptimizerService; "D:\Program Files\CCleanerPerformanceOptimizerService.exe" (No File)
2026-06-03 22:25 - 2026-06-03 22:33 - 000000130 _____ C:\Users\ACER\AppData\LocalLow\3f13fadfe88bec9f01112ee58047c92fa58b241521181e683c09ac22a5f9b0ab
2026-06-03 22:25 - 2026-06-03 22:25 - 000000026 _____ C:\Users\ACER\AppData\LocalLow\f6a8494318df0429599c793e7bec8b733077dd15284fca8772d96cc9b9a5adcc
2026-06-03 22:25 - 2026-06-03 22:25 - 000000026 _____ C:\Users\ACER\AppData\LocalLow\6cc4af630286552e20686191d3c77c54bd9887d8b5ada770b3c577d259dfd476
2026-06-03 18:11 - 2026-06-03 18:11 - 000000026 _____ C:\Users\ACER\AppData\LocalLow\123578058ac6435e54272129a7234c075910f11e906f64ca5f4d04d19114420a
2026-05-29 15:57 - 2026-05-31 12:10 - 000123617 _____ C:\Users\ACER\AppData\LocalLow\447b897a6820a7b9b5c5a073efbac11d7f43f22d64f708f69d2de4728dcd7a5b
2026-05-29 15:57 - 2026-05-29 15:57 - 000000026 _____ C:\Users\ACER\AppData\LocalLow\438fc7036ef705704babbd0a1f96d345b79db5c8fc96e2f45cc51fc5b12d7ecb
2026-05-17 10:44 - 2026-05-27 13:44 - 000000130 _____ C:\Users\ACER\AppData\LocalLow\ee73237d1d921ea5db71dd21c3a1558176dcc6c734e2b948a2d022bb6579b835
2026-05-17 10:44 - 2026-05-17 10:44 - 000005918 _____ C:\Users\ACER\AppData\LocalLow\41bc3e70c7ff1f2b92ee16baab0f845c9673d16f14a1f1cb9d10ffc532d3cec9
2026-05-17 10:44 - 2026-05-17 10:44 - 000005897 _____ C:\Users\ACER\AppData\LocalLow\235b068359ed9c7918dbdf6e75d93f86b78533a12a68f453fca434bc9c11beb3
2026-05-17 10:44 - 2026-05-17 10:44 - 000000026 _____ C:\Users\ACER\AppData\LocalLow\78128a519bc5ac635edc92b3837392fec11c80280c627d45607d5d0bd1d4a8a0
2026-05-15 04:22 - 2026-06-04 01:49 - 000000130 _____ C:\Users\ACER\AppData\LocalLow\ca1c4eca13bb091977f603e97e24348593186f5ae3de4a0d33d20ebd3db8911f
2026-05-15 04:22 - 2026-05-25 15:29 - 000035486 _____ C:\Users\ACER\AppData\LocalLow\47e69eff7d365e773f2b66c4ad6a0c82fe6569c0829707d7e2ede5cb7855d660
2026-05-14 19:48 - 2026-06-06 00:26 - 000000130 _____ C:\Users\ACER\AppData\LocalLow\279b32f66703ad7fd8da3d73d16f56b3ac5739f7bfe997bc69dbdea138137869
2026-05-14 19:48 - 2026-05-14 19:48 - 000000026 _____ C:\Users\ACER\AppData\LocalLow\47c19eb33dda5c07ea48338f84808e01ebaa222a1da646b3b298dc6a7b534324
2026-05-14 01:07 - 2026-06-05 17:25 - 000000130 _____ C:\Users\ACER\AppData\LocalLow\9358e03516544a71a98bdd4e7cac8e4a0bb6126633a7d6f45ea6be8eef883e8c
2026-05-14 01:07 - 2026-05-31 12:11 - 000173434 _____ C:\Users\ACER\AppData\LocalLow\8dfd6257892491a2797ca236e860a5a666d0563920a03e040b4d649596856af8
2026-05-11 11:26 - 2026-06-02 01:42 - 000000130 _____ C:\Users\ACER\AppData\LocalLow\cf248d6bb5b5985b540e9403c512ea2e646dddd689221a98d106082ebeb98b34
2026-05-11 11:26 - 2026-05-11 11:26 - 000000026 _____ C:\Users\ACER\AppData\LocalLow\ebb9fc74402ee0457e61a48ccf68f2d8ae9b42e102c6f1bd24e60f2ebfff320e
2026-05-11 03:33 - 2026-05-11 03:33 - 000013533 _____ C:\Users\ACER\AppData\LocalLow\abab24240f9c8e040418c03ff9891fccff776bc91212c348e05dd9200f613684
2026-05-11 03:33 - 2026-05-11 03:33 - 000000026 _____ C:\Users\ACER\AppData\LocalLow\d65d4727fa6c6c11c869d4d256ccfceb0736c6ed5d6c1ec9ec2b37fffb3c63d7
2024-12-15 18:54 - 2024-12-15 18:54 - 000000048 ____R () C:\Users\ACER\AppData\Local\A88741956C2B97DE4FDC830538826EC3
CustomCLSID: HKU\S-1-5-21-1045491263-157108934-2281518094-1002_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> "C:\Program Files\HandBrake\HandBrake.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1045491263-157108934-2281518094-1002_Classes\CLSID\{c17179b4-163d-11eb-ab15-5454d5ccf028}\localserver32 -> "C:\Program Files\Clockify\ClockifyWindows.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1045491263-157108934-2281518094-1002_Classes\CLSID\{ff6bea42-bc38-403a-39d7-380983854a45}\localserver32 -> "D:\Program Files\ClockifyWindows.exe" -ToastActivated => No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
FirewallRules: [UDP Query User{EED0C300-1EC0-40B4-9D6A-84240B13EB03}D:\steamlibrary\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File
FirewallRules: [TCP Query User{A66A33C2-E76B-4893-B81F-B0535648C366}D:\steamlibrary\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File
FirewallRules: [UDP Query User{01A06EBB-F106-401E-8E93-0A5D092022D9}D:\steamlibrary\steamapps\common\rennsport\rennsport\binaries\win64\rennsport-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\rennsport\rennsport\binaries\win64\rennsport-win64-shipping.exe => No File
FirewallRules: [TCP Query User{FF803A97-134E-4C1F-AAED-1C5F8C701A38}D:\steamlibrary\steamapps\common\rennsport\rennsport\binaries\win64\rennsport-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\rennsport\rennsport\binaries\win64\rennsport-win64-shipping.exe => No File
FirewallRules: [UDP Query User{C1FA2FAB-2AE7-4E2F-9B9D-57F0B46F7C1E}D:\steamlibrary\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File
FirewallRules: [TCP Query User{F987C00B-F3A1-48A6-B436-C3C388DB635C}D:\steamlibrary\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File
FirewallRules: [UDP Query User{75FFC485-1808-4D86-A0C9-223498C8B00A}D:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) D:\riot games\riot client\riotclientelectron\riot client.exe => No File
FirewallRules: [TCP Query User{245807B7-CC9E-4720-B61F-1E76DE66C517}D:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) D:\riot games\riot client\riotclientelectron\riot client.exe => No File
FirewallRules: [{BA3CBD74-6B4B-435B-903D-7CC73B98CBD2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{30AEF871-E322-4188-9B22-59DF91DEE25A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{34DE5B5F-E186-4194-8C6B-6C2C30779347}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{027211D8-6757-4F20-9577-6966AE6587B2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [TCP Query User{5DB1F94B-8618-4BD0-B93E-7010F0109059}C:\users\acer\appdata\local\webtorrent\app-0.24.0\webtorrent.exe] => (Allow) C:\users\acer\appdata\local\webtorrent\app-0.24.0\webtorrent.exe => No File
FirewallRules: [UDP Query User{CBB3CC46-2677-4FDA-8F66-D7D94D442B31}C:\users\acer\appdata\local\webtorrent\app-0.24.0\webtorrent.exe] => (Allow) C:\users\acer\appdata\local\webtorrent\app-0.24.0\webtorrent.exe => No File
FirewallRules: [TCP Query User{051351B2-4F3A-4DB3-9FF3-C1A44757FD49}C:\users\acer\appdata\local\figma\app-125.1.5\figma.exe] => (Allow) C:\users\acer\appdata\local\figma\app-125.1.5\figma.exe => No File
FirewallRules: [UDP Query User{8BF3BCCA-350C-4363-945E-5CA4D7D034AA}C:\users\acer\appdata\local\figma\app-125.1.5\figma.exe] => (Allow) C:\users\acer\appdata\local\figma\app-125.1.5\figma.exe => No File
FirewallRules: [TCP Query User{5E5C24F8-CD28-45F8-9E95-193B51077FC3}C:\program files\ultimaker cura 5.10.0\ultimaker-cura.exe] => (Allow) C:\program files\ultimaker cura 5.10.0\ultimaker-cura.exe => No File
FirewallRules: [UDP Query User{75651929-A156-4EA3-ACB5-97C7BAC0AA5F}C:\program files\ultimaker cura 5.10.0\ultimaker-cura.exe] => (Allow) C:\program files\ultimaker cura 5.10.0\ultimaker-cura.exe => No File
FirewallRules: [{472325AE-EF72-48B9-8D9E-8B51340E4B25}] => (Allow) C:\Users\ACER\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{701BB790-2823-4FA3-AB57-BC6D378C0D09}] => (Allow) C:\Users\ACER\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{FC7278CA-F168-40EF-90A6-732D4F24489F}] => (Allow) C:\Users\ACER\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{7DBAE0EB-8DA2-4FD2-B179-8FEF1ABD7FD4}] => (Allow) D:\Games\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{76FCAB2B-EA4A-4418-A60C-3B63F2A36838}] => (Allow) D:\Games\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{AE01F23E-4008-4E17-A62A-34CC72276244}D:\program files\effect house\cef\orion_cef_helper.exe] => (Allow) D:\program files\effect house\cef\orion_cef_helper.exe => No File
FirewallRules: [UDP Query User{E1C87BAE-4BCD-42AA-A0A3-93BC270A6CEF}D:\program files\effect house\cef\orion_cef_helper.exe] => (Allow) D:\program files\effect house\cef\orion_cef_helper.exe => No File
FirewallRules: [TCP Query User{7DB1E65B-F606-4B55-A469-49B924323FFC}D:\program files\effect house\effect house.exe] => (Allow) D:\program files\effect house\effect house.exe => No File
FirewallRules: [UDP Query User{85DEA77A-28EB-4F34-9F5B-460916359473}D:\program files\effect house\effect house.exe] => (Allow) D:\program files\effect house\effect house.exe => No File
FirewallRules: [TCP Query User{9FD3F412-D1E3-4833-91FF-5E48B8E7F7D9}C:\users\acer\downloads\sex&blood-vampires2-futanights-bloodysluts\sex & blood vampires 2\futa nights bloody sluts.exe] => (Allow) C:\users\acer\downloads\sex&blood-vampires2-futanights-bloodysluts\sex & blood vampires 2\futa nights bloody sluts.exe => No File
FirewallRules: [UDP Query User{E8088AC6-6516-4978-98CC-2232E9F03B1D}C:\users\acer\downloads\sex&blood-vampires2-futanights-bloodysluts\sex & blood vampires 2\futa nights bloody sluts.exe] => (Allow) C:\users\acer\downloads\sex&blood-vampires2-futanights-bloodysluts\sex & blood vampires 2\futa nights bloody sluts.exe => No File
FirewallRules: [TCP Query User{34CCDB20-4AD8-45D9-9C33-086A91A865E3}D:\program files\revit 2023\revit.exe] => (Allow) D:\program files\revit 2023\revit.exe => No File
FirewallRules: [UDP Query User{F832E8FD-A103-4B40-940C-B0171639FC46}D:\program files\revit 2023\revit.exe] => (Allow) D:\program files\revit 2023\revit.exe => No File
FirewallRules: [TCP Query User{14C3D414-9139-428C-A477-6E85B256D94B}D:\program files\epic games\ue_5.3\engine\binaries\win64\unrealeditor.exe] => (Allow) D:\program files\epic games\ue_5.3\engine\binaries\win64\unrealeditor.exe => No File
FirewallRules: [UDP Query User{CC56DE5B-802E-47E8-ADEA-023DB8E7746A}D:\program files\epic games\ue_5.3\engine\binaries\win64\unrealeditor.exe] => (Allow) D:\program files\epic games\ue_5.3\engine\binaries\win64\unrealeditor.exe => No File
FirewallRules: [TCP Query User{94FC213B-A333-430F-9CDA-FE64910627B2}C:\users\acer\appdata\local\capcut\apps\7.5.0.3053\capcut.exe] => (Allow) C:\users\acer\appdata\local\capcut\apps\7.5.0.3053\capcut.exe => No File
FirewallRules: [UDP Query User{C395D2A1-84FB-4482-9031-D6989BABA391}C:\users\acer\appdata\local\capcut\apps\7.5.0.3053\capcut.exe] => (Allow) C:\users\acer\appdata\local\capcut\apps\7.5.0.3053\capcut.exe => No File
FirewallRules: [TCP Query User{E3802679-86FC-4326-9F17-BF9579493E7A}D:\program files\epic games\ue_5.3\engine\plugins\bridge\thirdparty\win\node-bifrost.exe] => (Allow) D:\program files\epic games\ue_5.3\engine\plugins\bridge\thirdparty\win\node-bifrost.exe => No File
FirewallRules: [UDP Query User{523C44FB-096F-438B-BB00-1733DDDEE8B1}D:\program files\epic games\ue_5.3\engine\plugins\bridge\thirdparty\win\node-bifrost.exe] => (Allow) D:\program files\epic games\ue_5.3\engine\plugins\bridge\thirdparty\win\node-bifrost.exe => No File
StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
    New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
    New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
    $a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
    $a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}
Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:

EmptyTemp:
End::