Start::
CreateRestorePoint:
CloseProcesses:

2026-04-15 18:19 - 2026-04-22 00:51 - 000000000 ____D C:\Users\chris\nn.exe
2026-04-15 18:11 - 2026-04-22 00:51 - 000000000 ____D C:\Users\chris\ww.exe
2026-04-15 17:51 - 2026-04-15 17:51 - 000000000 ____D C:\Users\chris\AppData\Local\Yandex
2026-04-15 17:49 - 2025-12-13 03:51 - 000000000 ____D C:\Users\chris\AppData\Roaming\RenPy
CustomCLSID: HKU\S-1-5-21-3220209519-700985615-3621761659-1003_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> "C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3220209519-700985615-3621761659-1003_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> "C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe" -ToastActivated => No File
FirewallRules: [{3B224101-C08C-4DF1-93BE-215E18B1C096}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{9ACDF3F0-1CA7-4BDB-B8D5-A861DD024562}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{6593DC76-E301-4E0C-8AAF-8DFC62A7FBBE}] => (Allow) C:\Users\chris\AppData\Local\Temp\ACFL\ACSetup\ACSetup.exe => No File
FirewallRules: [{B7127A29-9191-45B7-AA1B-870954041E4E}] => (Allow) C:\Users\chris\AppData\Local\Temp\ACFL\ACSetup\ACSetup.exe => No File
FirewallRules: [TCP Query User{AE3A42D3-55AF-434E-B2BD-CAF89BE0B242}C:\program files (x86)\steam\steamapps\common\seekers of skyveil\blueberry\binaries\win64\skiesclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\seekers of skyveil\blueberry\binaries\win64\skiesclient.exe => No File
FirewallRules: [UDP Query User{8247F020-6598-4D65-8631-4DF26AA9DDC8}C:\program files (x86)\steam\steamapps\common\seekers of skyveil\blueberry\binaries\win64\skiesclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\seekers of skyveil\blueberry\binaries\win64\skiesclient.exe => No File
FirewallRules: [TCP Query User{3C15BC54-AD30-4009-B97F-0A985B8C28BF}C:\users\chris\desktop\33 immortals\33 immortals\33immortals.exe] => (Allow) C:\users\chris\desktop\33 immortals\33 immortals\33immortals.exe => No File
FirewallRules: [UDP Query User{C331CBFB-BD7D-40B6-AEEF-1A29F64A04FA}C:\users\chris\desktop\33 immortals\33 immortals\33immortals.exe] => (Allow) C:\users\chris\desktop\33 immortals\33 immortals\33immortals.exe => No File
FirewallRules: [TCP Query User{523D6920-CA6B-4EDB-9A33-5DBBD839B0C7}C:\users\chris\desktop\plateup\plateup.build.16778082\plateup\plateup.exe] => (Allow) C:\users\chris\desktop\plateup\plateup.build.16778082\plateup\plateup.exe => No File
FirewallRules: [UDP Query User{51D46BFB-D1A6-42EE-8959-350A2D4D5481}C:\users\chris\desktop\plateup\plateup.build.16778082\plateup\plateup.exe] => (Allow) C:\users\chris\desktop\plateup\plateup.build.16778082\plateup\plateup.exe => No File
FirewallRules: [TCP Query User{94FB7914-4D55-462B-BB38-DED6AF93AF41}C:\users\chris\desktop\into the dead\into.the.dead.our.darkest.days\game\intothedeadourdarkestdays.exe] => (Allow) C:\users\chris\desktop\into the dead\into.the.dead.our.darkest.days\game\intothedeadourdarkestdays.exe => No File
FirewallRules: [UDP Query User{4884A4FF-9DE6-43C4-91CD-3E4FD6C643CB}C:\users\chris\desktop\into the dead\into.the.dead.our.darkest.days\game\intothedeadourdarkestdays.exe] => (Allow) C:\users\chris\desktop\into the dead\into.the.dead.our.darkest.days\game\intothedeadourdarkestdays.exe => No File
FirewallRules: [TCP Query User{AC14FE1C-B310-458B-A5FF-0C02BE164ECC}C:\users\chris\desktop\entropy\entropy survivors\entropysurvivors\binaries\win64\entropysurvivors-win64-shipping.exe] => (Allow) C:\users\chris\desktop\entropy\entropy survivors\entropysurvivors\binaries\win64\entropysurvivors-win64-shipping.exe => No File
FirewallRules: [UDP Query User{43D2316E-5981-40C6-9984-DEB83985CDC3}C:\users\chris\desktop\entropy\entropy survivors\entropysurvivors\binaries\win64\entropysurvivors-win64-shipping.exe] => (Allow) C:\users\chris\desktop\entropy\entropy survivors\entropysurvivors\binaries\win64\entropysurvivors-win64-shipping.exe => No File
FirewallRules: [TCP Query User{77504935-30C9-457B-AC99-5A7CA63A1C7C}C:\users\chris\desktop\tem tem\temtem swarm\temtemswarm.exe] => (Allow) C:\users\chris\desktop\tem tem\temtem swarm\temtemswarm.exe => No File
FirewallRules: [UDP Query User{DC0E9575-43DD-4C6E-96C8-D5547DDF216C}C:\users\chris\desktop\tem tem\temtem swarm\temtemswarm.exe] => (Allow) C:\users\chris\desktop\tem tem\temtem swarm\temtemswarm.exe => No File
FirewallRules: [TCP Query User{F3AFCF28-5B83-4C66-BCDD-92F14DB61DBA}C:\users\chris\desktop\democracy 4\democracy.4.v1.66\democracy.4.v1.66\democracy4.exe] => (Allow) C:\users\chris\desktop\democracy 4\democracy.4.v1.66\democracy.4.v1.66\democracy4.exe => No File
FirewallRules: [UDP Query User{3F6EFF5B-3CB6-453F-A2DC-30DD913CA715}C:\users\chris\desktop\democracy 4\democracy.4.v1.66\democracy.4.v1.66\democracy4.exe] => (Allow) C:\users\chris\desktop\democracy 4\democracy.4.v1.66\democracy.4.v1.66\democracy4.exe => No File
FirewallRules: [TCP Query User{9840B643-DBBA-4489-AD9E-42B9D6450E4E}C:\program files (x86)\steam\steamapps\common\abyssus demo\rgame\binaries\win64\rgame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\abyssus demo\rgame\binaries\win64\rgame-win64-shipping.exe => No File
FirewallRules: [UDP Query User{54CEBF67-F80B-4194-9FF3-89D64FA8C576}C:\program files (x86)\steam\steamapps\common\abyssus demo\rgame\binaries\win64\rgame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\abyssus demo\rgame\binaries\win64\rgame-win64-shipping.exe => No File
FirewallRules: [TCP Query User{20D0BB2B-3A1B-43B7-9B06-AD1BDF4F727C}C:\users\chris\desktop\haste\haste.v1.2.g\game\haste.exe] => (Allow) C:\users\chris\desktop\haste\haste.v1.2.g\game\haste.exe => No File
FirewallRules: [UDP Query User{1B0A7756-F7C1-49EF-B644-C6D21788BDEB}C:\users\chris\desktop\haste\haste.v1.2.g\game\haste.exe] => (Allow) C:\users\chris\desktop\haste\haste.v1.2.g\game\haste.exe => No File
FirewallRules: [TCP Query User{C28CA4DB-A684-4423-BFBD-7480410D2AEE}C:\program files (x86)\steam\steamapps\common\heroes of valor playtest\heroesofvalor\binaries\win64\heroesofvalor-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\heroes of valor playtest\heroesofvalor\binaries\win64\heroesofvalor-win64-shipping.exe => No File
FirewallRules: [UDP Query User{B9709827-B965-4CA7-9664-317DEFA9B8B9}C:\program files (x86)\steam\steamapps\common\heroes of valor playtest\heroesofvalor\binaries\win64\heroesofvalor-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\heroes of valor playtest\heroesofvalor\binaries\win64\heroesofvalor-win64-shipping.exe => No File
FirewallRules: [TCP Query User{E520C107-FA12-406F-B124-8730A45A3682}C:\program files (x86)\steam\steamapps\common\mistfall hunter playtest\win64-gsdk-steam-shipping\mistfallhunter\binaries\win64\mistfallhunter-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\mistfall hunter playtest\win64-gsdk-steam-shipping\mistfallhunter\binaries\win64\mistfallhunter-win64-shipping.exe => No File
FirewallRules: [UDP Query User{4D99DC11-A05A-4A6C-87FC-6FC49AA41E1F}C:\program files (x86)\steam\steamapps\common\mistfall hunter playtest\win64-gsdk-steam-shipping\mistfallhunter\binaries\win64\mistfallhunter-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\mistfall hunter playtest\win64-gsdk-steam-shipping\mistfallhunter\binaries\win64\mistfallhunter-win64-shipping.exe => No File
FirewallRules: [TCP Query User{58929D3E-B365-4AAC-9153-12D70E6A706F}C:\program files (x86)\steam\steamapps\common\evercore heroes demo\projectv\binaries\win64\projectv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\evercore heroes demo\projectv\binaries\win64\projectv.exe => No File
FirewallRules: [UDP Query User{796352B1-933D-46A2-9EAC-75271232502B}C:\program files (x86)\steam\steamapps\common\evercore heroes demo\projectv\binaries\win64\projectv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\evercore heroes demo\projectv\binaries\win64\projectv.exe => No File
FirewallRules: [TCP Query User{CA59A1AC-C55B-497D-969C-1D6D2AB31279}C:\users\chris\desktop\clutch\clutchtime.basketball.deckbuilder\game\game.exe] => (Allow) C:\users\chris\desktop\clutch\clutchtime.basketball.deckbuilder\game\game.exe => No File
FirewallRules: [UDP Query User{8E03BCF5-C0F3-4CD2-8B18-F6E33AF47237}C:\users\chris\desktop\clutch\clutchtime.basketball.deckbuilder\game\game.exe] => (Allow) C:\users\chris\desktop\clutch\clutchtime.basketball.deckbuilder\game\game.exe => No File
FirewallRules: [TCP Query User{99A3FAAC-1989-4237-8832-52405543C271}C:\program files (x86)\steam\steamapps\common\marchofgiants playtest\theline\binaries\win64\thelineclient-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\marchofgiants playtest\theline\binaries\win64\thelineclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{B0CD93FF-D9DA-4A3F-9251-AAF6F61C978F}C:\program files (x86)\steam\steamapps\common\marchofgiants playtest\theline\binaries\win64\thelineclient-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\marchofgiants playtest\theline\binaries\win64\thelineclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{81B5E954-58E8-4714-BB6B-403D9D07DC6E}C:\users\chris\desktop\ballpit\ball.x.pit\game\balls.exe] => (Allow) C:\users\chris\desktop\ballpit\ball.x.pit\game\balls.exe => No File
FirewallRules: [UDP Query User{27CAD6E2-1F87-48CD-B5DC-58F70D77DD74}C:\users\chris\desktop\ballpit\ball.x.pit\game\balls.exe] => (Allow) C:\users\chris\desktop\ballpit\ball.x.pit\game\balls.exe => No File
FirewallRules: [TCP Query User{9206BD1C-5792-4E4B-9554-48CF1CE9ECDB}C:\users\chris\desktop\dispatch\dispatch\binaries\win64\dispatch-win64-shipping.exe] => (Allow) C:\users\chris\desktop\dispatch\dispatch\binaries\win64\dispatch-win64-shipping.exe => No File
FirewallRules: [UDP Query User{975591F2-E180-4303-A23F-46AD54C6C2C3}C:\users\chris\desktop\dispatch\dispatch\binaries\win64\dispatch-win64-shipping.exe] => (Allow) C:\users\chris\desktop\dispatch\dispatch\binaries\win64\dispatch-win64-shipping.exe => No File
FirewallRules: [{BBE36471-C974-489E-92F4-F1C757BED918}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{DAD66E7D-410A-43C0-8161-2AE9DD61B8FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe => No File
FirewallRules: [{5E48F58F-69CF-4021-80B1-51E2557CBFD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe => No File
FirewallRules: [TCP Query User{2D7AE756-2BC6-4873-91C4-0D14C165CA66}C:\users\chris\desktop\slots and daggers\slots.and.daggers.v1.0.19\game\slots and daggers.exe] => (Allow) C:\users\chris\desktop\slots and daggers\slots.and.daggers.v1.0.19\game\slots and daggers.exe => No File
FirewallRules: [UDP Query User{E685766B-8E57-47D6-8456-F787F1FD3EBC}C:\users\chris\desktop\slots and daggers\slots.and.daggers.v1.0.19\game\slots and daggers.exe] => (Allow) C:\users\chris\desktop\slots and daggers\slots.and.daggers.v1.0.19\game\slots and daggers.exe => No File
FirewallRules: [TCP Query User{664D283B-858F-4E11-9C89-0FAA6D262597}C:\users\chris\desktop\stacklands\stacklands.v1.5.0.25.all.dlcs\stacklands\stacklands.exe] => (Allow) C:\users\chris\desktop\stacklands\stacklands.v1.5.0.25.all.dlcs\stacklands\stacklands.exe => No File
FirewallRules: [UDP Query User{D3609B8F-0F7F-41FB-A750-CC4F0596CB33}C:\users\chris\desktop\stacklands\stacklands.v1.5.0.25.all.dlcs\stacklands\stacklands.exe] => (Allow) C:\users\chris\desktop\stacklands\stacklands.v1.5.0.25.all.dlcs\stacklands\stacklands.exe => No File
FirewallRules: [{45CC138B-EC86-401B-8316-C907A7FEA8FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RIG Riot Demo\Windows\RIGRiot.exe => No File
FirewallRules: [{9BAB0900-3869-4A15-A174-98D562260396}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RIG Riot Demo\Windows\RIGRiot.exe => No File
FirewallRules: [{F41EB039-A4F4-4F6C-8F57-D3F046BBD2D3}] => (Allow) C:\Users\chris\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [{1D3A9446-27BF-4050-A1AB-FEADC9E42528}] => (Allow) C:\Users\chris\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [TCP Query User{5AAE28F9-10EA-43DE-B239-B6B4B8EFC49F}C:\users\chris\downloads\ready or not\ready or not\readyornot\binaries\win64\readyornotsteam-win64-shipping.exe] => (Allow) C:\users\chris\downloads\ready or not\ready or not\readyornot\binaries\win64\readyornotsteam-win64-shipping.exe => No File
FirewallRules: [UDP Query User{69ED30A4-0EBD-4358-B6A0-ABD67AC11782}C:\users\chris\downloads\ready or not\ready or not\readyornot\binaries\win64\readyornotsteam-win64-shipping.exe] => (Allow) C:\users\chris\downloads\ready or not\ready or not\readyornot\binaries\win64\readyornotsteam-win64-shipping.exe => No File
HKU\S-1-5-21-3220209519-700985615-3621761659-1003\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" (No File)
Task: {8083550D-4438-489C-ADE5-1C1AA144D862} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe  (No File)
Task: {98EC4476-93B9-4F44-8259-AB12489AF4E8} - System32\Tasks\Microsoft\Windows\PI\SecureBootEncodeUEFI => %WINDIR%\system32\SecureBootEncodeUEFI.exe  (No File)
Task: {A399DFBE-6472-46F2-90B2-9852D8526EF1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
S2 AUEPLauncher; "C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPDU.exe" (No File)
S0 WinSetupMon; system32\DRIVERS\WinSetupMon.sys (No File)
HKU\S-1-5-21-3220209519-700985615-3621761659-1003\...\Run: [OBS Studio Tools] => C:\Users\chris\mm.exe\obs64.exe [5405968 2026-04-15] (OBS Project, LLC -> OBS) <==== ATTENTION
Task: {30F0A5B2-73A9-429D-BF5A-3DDFA20AE882} - System32\Tasks\OBS Studio Tools => C:\Users\chris\mm.exe\obs64.exe [5405968 2026-04-15] (OBS Project, LLC -> OBS) <==== ATTENTION
S3 cpuz158; \??\C:\WINDOWS\temp\cpuz158\cpuz158_x64.sys (No File) <==== ATTENTION

2026-04-15 18:58 - 2026-04-22 00:51 - 000000000 ____D C:\Users\chris\ii.exe
2026-04-15 18:51 - 2026-04-22 00:51 - 000000000 ____D C:\Users\chris\ss.exe
2026-04-15 18:19 - 2026-04-15 18:28 - 000000000 ____D C:\Users\chris\AppData\Roaming\Lutahoxa
2026-04-15 18:06 - 2026-04-15 18:28 - 000000000 ____D C:\Users\chris\AppData\Roaming\Badurukuxe
2026-04-15 17:49 - 2026-04-15 17:49 - 000000000 ____D C:\Users\chris\AppData\Roaming\listener_watcher_v12
2026-04-15 17:49 - 2026-04-17 00:36 - 000000000 ____D C:\ProgramData\listener_watcher_v12
2026-04-15 17:50 - 2026-04-22 00:51 - 000000000 ____D C:\Users\chris\mm.exe
2026-04-15 18:00 - 2026-04-22 00:51 - 000000000 ____D C:\Users\chris\oo.exe

Folder: C:\Users\chris\AppData\Local\Progress_Software_Corpora

StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
    New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
    New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
    $a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
    $a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}
Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:


StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan

New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:

EmptyTemp:
End::