Start:: CloseProcesses: CustomCLSID: HKU\S-1-5-21-699025938-3818395997-3756346237-1001_Classes\CLSID\{50726f74-6f6e-2e56-504e-000000000000}\localserver32 -> "C:\Program Files\Proton\VPN\v3.5.1\ProtonVPN.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-699025938-3818395997-3756346237-1001_Classes\CLSID\{5C4D8D77-5B87-40CA-884E-F56858227E5C}\localserver32 -> C:\Users\piper\AppData\Local\Programs\TeamSpeak\notification_helper.exe => No File CustomCLSID: HKU\S-1-5-21-699025938-3818395997-3756346237-1001_Classes\CLSID\{8B1F50F0-32C9-4F30-A3DB-A813176C961D}\localserver32 -> "c:\program files\musehub\current\musehub.exe" ----AppNotificationActivated: => No File AlternateDataStreams: C:\WINDOWS\tracing:? [16] AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`bfjhjjiihq [0] AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`bfjhjkiihj [0] AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`pgyih [0] AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`vovtfe.qpsu.obnfih [0] AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`vovtfe.qpsu.obnfjhjjiihq [0] AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`vovtfe.qpsu.obnfjhjkiihj [0] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NZXT CAM.lnk:AB04221C49 [3442] AlternateDataStreams: C:\Users\piper\Application Data:a4f3a4460331e5db92483d18f7474c91 [394] AlternateDataStreams: C:\Users\piper\AppData\Roaming:a4f3a4460331e5db92483d18f7474c91 [394] FirewallRules: [{9AE40562-448B-4954-B574-19B3B1EE6E2F}] => (Allow) X:\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe => No File FirewallRules: [{39558BAF-9462-4E5C-8F70-8E03B1AEE368}] => (Allow) X:\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe => No File FirewallRules: [{1EBA3904-B23B-48A8-88DD-BB8311776B5D}] => (Allow) X:\SteamLibrary\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe => No File FirewallRules: [{27EEE2EE-3F8C-453F-9B72-1E6975813F79}] => (Allow) X:\SteamLibrary\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe => No File FirewallRules: [{399E78F8-5D4E-4D2D-A908-A35234D71BAB}] => (Allow) X:\SteamLibrary\steamapps\common\Rusty's Retirement\RustyLauncher.exe => No File FirewallRules: [{A4F7CC6F-3B3E-4B35-A124-355C16B575B5}] => (Allow) X:\SteamLibrary\steamapps\common\Rusty's Retirement\RustyLauncher.exe => No File FirewallRules: [{74FF180F-B007-4F7A-AB7C-884E3A3D9C9B}] => (Allow) X:\SteamLibrary\steamapps\common\Goose Goose Duck\GGDLauncher.exe => No File FirewallRules: [{A7F7EE9F-BED9-4BFF-BBCA-10AF00F9D33E}] => (Allow) X:\SteamLibrary\steamapps\common\Goose Goose Duck\GGDLauncher.exe => No File FirewallRules: [{B9F8E4B6-AD5D-4DE7-9FEB-098442B8E019}] => (Allow) X:\SteamLibrary\steamapps\common\Travellers Rest\Windows\TravellersRest.exe => No File FirewallRules: [{436BFA3C-E42F-481B-BD77-FDD95ED13060}] => (Allow) X:\SteamLibrary\steamapps\common\Travellers Rest\Windows\TravellersRest.exe => No File FirewallRules: [{018627A4-83D4-433F-90D0-9CFC6B9A668F}] => (Allow) X:\SteamLibrary\steamapps\common\Monster Hunter World\MonsterHunterWorld.exe => No File FirewallRules: [{5E5650AC-7F8E-47A7-B5F7-529A12A96BC0}] => (Allow) X:\SteamLibrary\steamapps\common\Monster Hunter World\MonsterHunterWorld.exe => No File FirewallRules: [{F9FEDB9F-BE1B-4162-AB42-4FFE26EAA69A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Car Mechanic Simulator 2021 Demo\playway-launcher-win32-ia32\playway-launcher.exe => No File FirewallRules: [{22720A5A-9D88-4EAC-91C4-0BA7D871114C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Car Mechanic Simulator 2021 Demo\playway-launcher-win32-ia32\playway-launcher.exe => No File FirewallRules: [{16005321-C04D-481D-906C-95A9FCC9A762}] => (Allow) C:\Program Files\Topaz Labs LLC\Topaz Video Enhance AI\Topaz Video Enhance AI.exe => No File FirewallRules: [{86927E20-33D6-46E6-846A-601F5F7D47A4}] => (Allow) C:\Program Files\Topaz Labs LLC\Topaz Video Enhance AI\Topaz Video Enhance AI.exe => No File FirewallRules: [{5E36B535-E2DD-44FE-AAB9-6B9E0A905202}] => (Allow) C:\Program Files\Topaz Labs LLC\Topaz Video Enhance AI\Topaz Video Enhance AI.exe => No File FirewallRules: [{2B363A16-FA9A-4D35-9CB3-8C13C42C8F83}] => (Allow) C:\Program Files\Topaz Labs LLC\Topaz Video Enhance AI\Topaz Video Enhance AI.exe => No File FirewallRules: [{424A1415-EDA0-423F-BEE0-FADEF689DA4E}] => (Allow) C:\Program Files\Audials\Audials 2024\Audials.exe => No File FirewallRules: [{73486449-C292-4360-8A1B-759E75679D9C}] => (Allow) X:\SteamLibrary\steamapps\common\PlateUp\PlateUp\PlateUp.exe => No File FirewallRules: [{93ECAC94-7773-4DEC-AD92-141416F1E877}] => (Allow) X:\SteamLibrary\steamapps\common\PlateUp\PlateUp\PlateUp.exe => No File FirewallRules: [{AF183771-F901-4F45-96BB-B2AACA0526E5}] => (Allow) X:\SteamLibrary\steamapps\common\Enshrouded\enshrouded.exe => No File FirewallRules: [{C02C03DF-20F9-46BD-8968-D8B498E3BEFA}] => (Allow) X:\SteamLibrary\steamapps\common\Enshrouded\enshrouded.exe => No File FirewallRules: [{0B31576F-21AA-4955-A013-0B62A567061F}] => (Allow) X:\SteamLibrary\steamapps\common\Marvel's Spider-Man Remastered\Spider-Man.exe => No File FirewallRules: [{6B2EC679-2F6E-4F57-812A-3417F07A2E9E}] => (Allow) X:\SteamLibrary\steamapps\common\Marvel's Spider-Man Remastered\Spider-Man.exe => No File FirewallRules: [{077C592D-D5F9-44D0-A82B-904E18906BC4}] => (Allow) X:\SteamLibrary\steamapps\common\Mark of the Ninja Remastered\bin\Ninja.exe => No File FirewallRules: [{0CD71D91-1E0A-4D66-8E0A-172BFA2757FA}] => (Allow) X:\SteamLibrary\steamapps\common\Mark of the Ninja Remastered\bin\Ninja.exe => No File FirewallRules: [{A75DE0E3-39FB-4C45-8EDA-3582047B9D43}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe => No File FirewallRules: [{4C87D24F-0839-4883-970A-FB17E0F80446}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File FirewallRules: [{FE444656-9A0F-45E4-87FC-B3EFAA1243BD}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File FirewallRules: [{8B58BAAF-E378-4013-9752-29104669783F}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File FirewallRules: [{83245CB2-574C-43A2-975A-3A46D7031220}] => (Allow) X:\SteamLibrary\steamapps\common\dont_starve\bin\dontstarve_steam.exe => No File FirewallRules: [{7AAAD85D-EDFF-4CC6-9CB6-45C579855D67}] => (Allow) X:\SteamLibrary\steamapps\common\dont_starve\bin\dontstarve_steam.exe => No File FirewallRules: [{521E53BA-9460-4FFF-8817-A1DF9EA81F0C}] => (Allow) X:\SteamLibrary\steamapps\common\Magicka 2\engine\Magicka2.exe => No File FirewallRules: [{7489381D-8C7D-486D-8569-A979873821B9}] => (Allow) X:\SteamLibrary\steamapps\common\Magicka 2\engine\Magicka2.exe => No File FirewallRules: [{1BC8B8D0-F1A7-484F-B2A0-F107EF5EC0E7}] => (Allow) X:\SteamLibrary\steamapps\common\Rise of the Tomb Raider\ROTTR.exe => No File FirewallRules: [{3BF37059-6D61-4B5F-9777-EB50502212D1}] => (Allow) X:\SteamLibrary\steamapps\common\Rise of the Tomb Raider\ROTTR.exe => No File FirewallRules: [{86BE66DB-54AD-4AB4-8A19-1B8B05B82C77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Settlement Survival\URP\Settlement SurvivalURP.exe => No File FirewallRules: [{8D752894-E050-4E39-913F-BA3584A40BC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Settlement Survival\URP\Settlement SurvivalURP.exe => No File FirewallRules: [{B9E80D7A-E178-44C0-8965-884DA8F04499}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Settlement Survival\Settlement Survival.exe => No File FirewallRules: [{58144653-677E-488A-AF09-A29B00106A75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Settlement Survival\Settlement Survival.exe => No File FirewallRules: [{838C6C72-D9DB-40F9-98A1-F46BC9100C77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe => No File FirewallRules: [{65B12BA6-7FC9-4BA8-BAB4-2E88931C5A88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe => No File FirewallRules: [{BDF99ED3-72C5-400E-AE6C-B0359C3A8996}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe => No File FirewallRules: [{2C9992EA-C691-4E94-8CD6-15B33619369C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe => No File FirewallRules: [{0AFFEA22-3A69-4D95-B9C4-438A586F9863}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe => No File FirewallRules: [{C52BB3FB-3E88-426A-BF70-EFE6E8518024}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe => No File FirewallRules: [{9B5956F1-0FB4-49DF-A346-23F28A0CEDCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe => No File FirewallRules: [{2A85DAE7-88C5-4D81-A781-75B913DA330F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe => No File FirewallRules: [{EC1C1DA7-721B-4354-9C57-0FB388076605}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sons Of The Forest\SonsOfTheForest.exe => No File FirewallRules: [{9CD672B6-95B7-48BD-AF90-BB71AEB29C4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sons Of The Forest\SonsOfTheForest.exe => No File FirewallRules: [{3FA43E58-CE70-4932-8CF0-8CC4669B4CD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe => No File FirewallRules: [{B4676D72-9644-4920-A0D7-931AE304F462}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe => No File FirewallRules: [{A4ACAEB3-29EB-400F-AEF7-9EBC6599ABB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe => No File FirewallRules: [{7292CD83-70B9-4404-B89D-D2E54E738B26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe => No File FirewallRules: [{146605BD-CA6F-4CC0-A35B-02A188DF20B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe => No File FirewallRules: [{87CD28B6-00E8-4113-A775-53F26BCE8234}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe => No File FirewallRules: [{0B2F1A44-6DD0-49B2-B173-1E18C2653754}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe => No File FirewallRules: [{42F423D4-AB30-40DC-ACE6-6E6108578D6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe => No File FirewallRules: [{8038CEF5-DF31-49E3-8B39-57AEA31F0FED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Dead Redemption 2\PlayRDR2.exe => No File FirewallRules: [{A7977611-D214-4145-85C9-4C56567F559F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Dead Redemption 2\PlayRDR2.exe => No File FirewallRules: [{7B89759A-2011-4F68-8428-523B625E0E8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Satisfactory\FactoryGame.exe => No File FirewallRules: [{61E61D3F-119A-4811-8855-6C8F652D70AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Satisfactory\FactoryGame.exe => No File FirewallRules: [{5F0B5C85-412C-48C8-86AB-B99D625F3C53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Raft\Raft.exe => No File FirewallRules: [{90E5681D-25EF-483C-B5AF-E8109EF97F18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Raft\Raft.exe => No File FirewallRules: [UDP Query User{53367687-0ECE-4274-899E-DB14A8256672}C:\program files (x86)\steam\steamapps\common\astroneer\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\astroneer\astro\binaries\win64\astro-win64-shipping.exe => No File FirewallRules: [TCP Query User{8C6DC64D-C88D-4E57-B062-8B7B9BDA6263}C:\program files (x86)\steam\steamapps\common\astroneer\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\astroneer\astro\binaries\win64\astro-win64-shipping.exe => No File FirewallRules: [{3B12B8F9-1DBA-45C7-BB8D-EF5E32D060D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ASTRONEER\Astro.exe => No File FirewallRules: [{1E8A708E-EFE6-4A09-A65C-AA71F6E3EE3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ASTRONEER\Astro.exe => No File FirewallRules: [{6FD87CA4-1EFF-456E-9CB4-4C1C313EFC8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Craftopia\Craftopia.exe => No File FirewallRules: [{3D7BCE68-2062-4103-9E55-C019FEEE1C01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Craftopia\Craftopia.exe => No File FirewallRules: [{6D95EB44-8A5D-4427-8420-91CF2D48BDFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Planet Crafter\Planet Crafter.exe => No File FirewallRules: [{89D249EF-F28F-4FED-BF31-836B1E4B8CC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Planet Crafter\Planet Crafter.exe => No File FirewallRules: [{46A8B1BF-75E8-4591-B0B2-D13C367488C1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{2B9DA88C-99E7-45E2-970D-C3D2F880694B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{1D957A88-A3B8-496F-B4B7-7010EC2529C7}] => (Allow) Z:\SteamLibrary\steamapps\common\Cities Skylines II\Launcher\dowser.exe => No File FirewallRules: [{9BAB6DCF-C6B9-4F4C-ACE1-ED64DFEF3083}] => (Allow) Z:\SteamLibrary\steamapps\common\Cities Skylines II\Launcher\dowser.exe => No File FirewallRules: [{E6ECE330-B36C-427C-B4ED-0057023EE691}] => (Allow) X:\SteamLibrary\steamapps\common\Viscera\Binaries\UDKLift.exe => No File FirewallRules: [{039A01CB-865D-4FC0-81F1-1136F68FB81D}] => (Allow) X:\SteamLibrary\steamapps\common\Viscera\Binaries\UDKLift.exe => No File FirewallRules: [{C512B137-D0C1-4B6B-B3D1-47A77F322E8C}] => (Allow) X:\SteamLibrary\steamapps\common\Leaf it Alone\Leaf it Alone.exe => No File FirewallRules: [{5CF9266D-E4D8-4E1D-80F3-08AF8F84C99D}] => (Allow) X:\SteamLibrary\steamapps\common\Leaf it Alone\Leaf it Alone.exe => No File FirewallRules: [{F11E8078-5F89-4B40-B8B9-9D5DFA114A2D}] => (Allow) X:\Hytale\install\pre-release\package\game\latest\Client\HytaleClient.exe => No File FirewallRules: [{21D22A00-370B-413B-9C4E-0C9C2529963F}] => (Allow) X:\Hytale\install\pre-release\package\game\latest\Client\HytaleClient.exe => No File FirewallRules: [{1C7344CF-0CB6-4589-9DB1-1C560B0E55F3}] => (Allow) X:\Hytale\install\pre-release\package\jre\latest\bin\java.exe => No File FirewallRules: [{67AF9073-4496-478C-9408-9A984A06E56B}] => (Allow) X:\Hytale\install\pre-release\package\jre\latest\bin\java.exe => No File FirewallRules: [{8FB81670-6EF8-4ED7-A9AB-0718266C7778}] => (Allow) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File FirewallRules: [{134D1049-D086-45E9-A956-9D39BF9C49C9}] => (Allow) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File FirewallRules: [{9B5548C2-0707-4453-9B17-E207C96A63E5}] => (Block) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File FirewallRules: [{C268FDCD-6D10-4533-95A8-E1ED730D61FF}] => (Block) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [] => [X] Task: {A7113C03-899F-4370-A437-AEC3D5DE2872} - \GoogleUpdate -> No File <==== ATTENTION Task: {FD6F4E7B-F859-4025-A71C-17412B86EA95} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe /checkin (No File) Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File) Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File) Task: {D8AC8EFD-68F6-47C1-B498-784ED4B35A35} - System32\Tasks\Red Giant Link => "C:\Program Files\Red Giant Link\Red Giant Link.exe" --silent (No File) 2026-05-14 12:36 - 2026-05-14 12:36 - 000000000 ____D C:\Users\piper\AppData\Local\22bfc34d90b64054809542014fc9eb32 2025-11-15 18:15 - 2025-11-15 18:15 - 000000048 ____R () C:\Users\piper\AppData\Local\41A8E72215BA6F875283828CEBD2661B HKU\S-1-5-21-699025938-3818395997-3756346237-1001\...\Policies\system: [shell] explorer.exe <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION File: C:\WINDOWS\System32\drivers\webshieldfilter.sys File: C:\WINDOWS\SysWOW64\muachost.exe Folder: C:\Users\piper\AppData\Local\ServiceApp Comment: This snippet reverts SmartScreen settings to default StartRegedit: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer] "SmartScreenEnabled"="Warn" [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter] "EnabledV9"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\AppHost] "EnableWebContentEvaluation"=dword:00000001 [HKU\S-1-5-21-699025938-3818395997-3756346237-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost] "EnableWebContentEvaluation"=dword:00000001 EndRegedit: StartPowershell: # Replace /scanonly with /clean if you also want to delete items -- however, this will activate a trial license on the system, I do not recommend it $hmpExe = "$env:TEMP\HitmanPro_x64.exe" $logFile = "$env:TEMP\HitmanPro_ScanLog.txt" Invoke-WebRequest -Uri "https://dl.surfright.nl/HitmanPro_x64.exe" -OutFile $hmpExe -UseBasicParsing $proc = Start-Process $hmpExe -ArgumentList "/ews","/scanonly","/noinstall","/log=`"$logFile`"","/logtype=txt" -Wait -PassThru if (!(Test-Path $logFile)) { Write-Host "Scan failed (exit $($proc.ExitCode))"; exit 1 } Get-Content $logFile -Encoding Unicode EndPowershell: StartPowerShell: # Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console # Does not clean preinstalled objects, only PUP/Adware # If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument # If you would like to only scan with it, change the argument from /clean to /scan # NOTE: For the sake of users from Asia (primarily China), do not use the clean option. It will very likely remove a lot of their important software. New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden $logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt" Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile Get-Content $logFile -Encoding Unicode Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue EndPowerShell: Comment: Verify that Discord does not have any injected code to intercept personal data. If anything is prompted here, it needs to be checked that it isn't malicious code. Powershell: @("$env:APPDATA","$env:LOCALAPPDATA") | ForEach-Object { Get-ChildItem $_ -Recurse -Filter "index.js" -ErrorAction SilentlyContinue } | Where-Object { $_.FullName -match "discord_desktop_core" } | ForEach-Object { Write-Host "--- $($_.FullName) ---"; (Get-Content $_.FullName -Raw).Substring(0,[Math]::Min(2000,(Get-Content $_.FullName -Raw).Length)) } Comment: Remove unwanted files from common folders using native removal power of Farbar to include remove on reboot if needed. Please double check the user does not have any applications incorrectly installed in the directories listed below. C:\ProgramData\*.a3x C:\ProgramData\*.ahk C:\ProgramData\*.au3 C:\ProgramData\*.bat C:\ProgramData\*.cab C:\ProgramData\*.cmd C:\ProgramData\*.com C:\ProgramData\*.dll C:\ProgramData\*.exe C:\ProgramData\*.hta C:\ProgramData\*.jar C:\ProgramData\*.js C:\ProgramData\*.jse C:\ProgramData\*.lnk C:\ProgramData\*.pif C:\ProgramData\*.ps1 C:\ProgramData\*.py C:\ProgramData\*.pyc C:\ProgramData\*.pyd C:\ProgramData\*.scr C:\ProgramData\*.tmp C:\ProgramData\*.vbe C:\ProgramData\*.vbs C:\ProgramData\*.wsf C:\ProgramData\*.wsh C:\ProgramData\*.zip C:\ProgramData\*.rar C:\ProgramData\*.7z C:\Users\*\AppData\Roaming\*.au3 C:\Users\*\AppData\Roaming\*.bat C:\Users\*\AppData\Roaming\*.cab C:\Users\*\AppData\Roaming\*.cmd C:\Users\*\AppData\Roaming\*.com C:\Users\*\AppData\Roaming\*.dll C:\Users\*\AppData\Roaming\*.exe C:\Users\*\AppData\Roaming\*.hta C:\Users\*\AppData\Roaming\*.jar C:\Users\*\AppData\Roaming\*.js C:\Users\*\AppData\Roaming\*.jse C:\Users\*\AppData\Roaming\*.lnk C:\Users\*\AppData\Roaming\*.pif C:\Users\*\AppData\Roaming\*.ps1 C:\Users\*\AppData\Roaming\*.py C:\Users\*\AppData\Roaming\*.pyc C:\Users\*\AppData\Roaming\*.pyd C:\Users\*\AppData\Roaming\*.scr C:\Users\*\AppData\Roaming\*.tmp C:\Users\*\AppData\Roaming\*.vbe C:\Users\*\AppData\Roaming\*.vbs C:\Users\*\AppData\Roaming\*.wsf C:\Users\*\AppData\Roaming\*.wsh C:\Users\*\AppData\Roaming\*.zip C:\Users\*\AppData\Roaming\*.rar C:\Users\*\AppData\Roaming\*.7z C:\Users\CurrentUserName\AppData\Local\*.a3x C:\Users\CurrentUserName\AppData\Local\*.ahk C:\Users\CurrentUserName\AppData\Local\*.au3 C:\Users\CurrentUserName\AppData\Local\*.bat C:\Users\CurrentUserName\AppData\Local\*.cab C:\Users\CurrentUserName\AppData\Local\*.cmd C:\Users\CurrentUserName\AppData\Local\*.com C:\Users\CurrentUserName\AppData\Local\*.dll C:\Users\CurrentUserName\AppData\Local\*.exe C:\Users\CurrentUserName\AppData\Local\*.hta C:\Users\CurrentUserName\AppData\Local\*.jar C:\Users\CurrentUserName\AppData\Local\*.js C:\Users\CurrentUserName\AppData\Local\*.jse C:\Users\CurrentUserName\AppData\Local\*.lnk C:\Users\CurrentUserName\AppData\Local\*.pif C:\Users\CurrentUserName\AppData\Local\*.ps1 C:\Users\CurrentUserName\AppData\Local\*.py C:\Users\CurrentUserName\AppData\Local\*.pyc C:\Users\CurrentUserName\AppData\Local\*.pyd C:\Users\CurrentUserName\AppData\Local\*.scr C:\Users\CurrentUserName\AppData\Local\*.tmp C:\Users\CurrentUserName\AppData\Local\*.vbe C:\Users\CurrentUserName\AppData\Local\*.vbs C:\Users\CurrentUserName\AppData\Local\*.wsf C:\Users\CurrentUserName\AppData\Local\*.wsh C:\Users\CurrentUserName\AppData\Local\*.zip C:\Users\CurrentUserName\AppData\Local\*.rar C:\Users\CurrentUserName\AppData\Local\*.7z C:\Users\CurrentUserName\AppData\Roaming\*.a3x C:\Users\CurrentUserName\AppData\Roaming\*.ahk C:\Users\CurrentUserName\AppData\Roaming\*.au3 C:\Users\CurrentUserName\AppData\Roaming\*.bat C:\Users\CurrentUserName\AppData\Roaming\*.cab C:\Users\CurrentUserName\AppData\Roaming\*.cmd C:\Users\CurrentUserName\AppData\Roaming\*.com C:\Users\CurrentUserName\AppData\Roaming\*.dll C:\Users\CurrentUserName\AppData\Roaming\*.exe C:\Users\CurrentUserName\AppData\Roaming\*.hta C:\Users\CurrentUserName\AppData\Roaming\*.jar C:\Users\CurrentUserName\AppData\Roaming\*.js C:\Users\CurrentUserName\AppData\Roaming\*.jse C:\Users\CurrentUserName\AppData\Roaming\*.lnk C:\Users\CurrentUserName\AppData\Roaming\*.pif C:\Users\CurrentUserName\AppData\Roaming\*.ps1 C:\Users\CurrentUserName\AppData\Roaming\*.py C:\Users\CurrentUserName\AppData\Roaming\*.pyc C:\Users\CurrentUserName\AppData\Roaming\*.pyd C:\Users\CurrentUserName\AppData\Roaming\*.scr C:\Users\CurrentUserName\AppData\Roaming\*.tmp C:\Users\CurrentUserName\AppData\Roaming\*.vbe C:\Users\CurrentUserName\AppData\Roaming\*.vbs C:\Users\CurrentUserName\AppData\Roaming\*.wsf C:\Users\CurrentUserName\AppData\Roaming\*.wsh C:\Users\CurrentUserName\AppData\Roaming\*.zip C:\Users\CurrentUserName\AppData\Roaming\*.rar C:\Users\CurrentUserName\AppData\Roaming\*.7z Comment: Force policy removal C:\Windows\System32\GroupPolicyUsers C:\Windows\System32\GroupPolicy Comment: System repair commands CMD: DISM.exe /Online /Cleanup-image /Restorehealth CMD: SFC.exe /scannow Comment: Network reset commands CMD: netsh int ip reset CMD: netsh int ipv6 reset CMD: ipconfig /flushDNS CMD: netsh winsock reset catalog Comment: Additional temp file removal C:\Windows\System32\config\systemprofile\AppData\Local\*.tmp C:\WINDOWS\system32\*.tmp C:\WINDOWS\syswow64\*.tmp C:\Users\CurrentUserName\AppData\Local\Temp\* C:\Windows\Temp\* C:\Windows\SystemTemp\* EmptyTemp: End::