Start:: CloseProcesses: AV: McAfee (Enabled - Up to date) {0BE13B34-492A-21C0-AE43-C1742279CCB6} FW: McAfee (Enabled) {33DABA11-0345-2098-851C-6841DCAA8BCD} FirewallRules: [{A661C7E5-3018-4C69-ADB5-EB2685920509}] => (Allow) C:\Users\user\AppData\Local\Temp\ACFL\ACSetup\ACSetup.exe => No File FirewallRules: [{E7E0D74D-648B-4F9D-B3E7-10ACFC424816}] => (Allow) C:\Users\user\AppData\Local\Temp\ACFL\ACSetup\ACSetup.exe => No File FirewallRules: [{4ED04619-E3E6-46E6-BD13-19509FA511BA}] => (Allow) C:\Users\user\AppData\Local\Temp\ACFL\ACSetup\ACSetup.exe => No File FirewallRules: [{A4809781-50EC-47D1-8F7B-8477636570E7}] => (Allow) C:\Users\user\AppData\Local\Temp\ACFL\ACSetup\ACSetup.exe => No File HKU\S-1-5-21-3657674130-1971568779-1918529931-1001\...\Run: [EPSDNMON] => "" (No File) HKU\S-1-5-21-3657674130-1971568779-1918529931-1001\Software\Classes\regfile: <==== ATTENTION HKU\S-1-5-21-3657674130-1971568779-1918529931-1001\Software\Classes\.reg: => <==== ATTENTION HKU\S-1-5-21-3657674130-1971568779-1918529931-1001\Software\Classes\.bat: => <==== ATTENTION HKU\S-1-5-21-3657674130-1971568779-1918529931-1001\Software\Classes\.cmd: => <==== ATTENTION HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION StartPowershell: # Replace /scanonly with /clean if you also want to delete items -- however, this will activate a trial license on the system, I do not recommend it $hmpExe = "$env:TEMP\HitmanPro_x64.exe" $logFile = "$env:TEMP\HitmanPro_ScanLog.txt" Invoke-WebRequest -Uri "https://dl.surfright.nl/HitmanPro_x64.exe" -OutFile $hmpExe -UseBasicParsing $proc = Start-Process $hmpExe -ArgumentList "/ews","/scanonly","/noinstall","/log=`"$logFile`"","/logtype=txt" -Wait -PassThru if (!(Test-Path $logFile)) { Write-Host "Scan failed (exit $($proc.ExitCode))"; exit 1 } Get-Content $logFile -Encoding Unicode EndPowershell: StartBatch: rem This snippet downloads KVRT (Kaspersky Virus Removal Tool) directly from Kaspersky and scans with it rem IMPORTANT: This currently (to my knowledge) scans only the following: System memory, Startup objects, Boot sectors rem To perform a full scan (which possibly may take longer than an hour, so not recommended,) please use the argument "-allvolumes" rem It is better to keep it only as a scanner because cleaning modes tend to restart which break the fix process. %windir%\System32\curl.exe --silent "https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe" -o "C:\FRST\KASVRT.exe" C:\FRST\KASVRT.exe -silent -adinsilent -accepteula -processlevel 0 -dontencrypt >> "C:\FRST\KVRT_log.txt" type "C:\FRST\KVRT_log.txt" exit EndBatch: EmptyTemp: End::