Start:: SystemRestore: On CreateRestorePoint: CloseProcesses: 2025-05-26 22:23 - 2025-05-26 22:23 - 000000612 _____ () C:\Users\Woluyism\AppData\Roaming\AppState.json 2025-05-26 22:23 - 2025-05-26 22:23 - 000000067 _____ () C:\Users\Woluyism\AppData\Roaming\SIDF.json Edge HKLM-x32\...\Edge\Extension: [fdhgeoginicibhagdmblfikbgbkahibd] CustomCLSID: HKU\S-1-5-21-2162756203-951362179-3238007230-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\Inventor Interoperability 2023\Bin\TestServer.dll => No File CustomCLSID: HKU\S-1-5-21-2162756203-951362179-3238007230-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\Woluyism\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-2162756203-951362179-3238007230-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\Inventor Interoperability 2023\Bin\TestServer.dll => No File CustomCLSID: HKU\S-1-5-21-2162756203-951362179-3238007230-1001_Classes\CLSID\{df39a82d-a682-9d74-8c38-1701e42f71ae}\localserver32 -> "C:\Program Files\SuperDisplay\SuperDisplay.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-2162756203-951362179-3238007230-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\Inventor Interoperability 2023\Bin\TestServer.dll => No File AlternateDataStreams: C:\WINDOWS\tracing:? [16] FirewallRules: [{0277F56D-625D-4D1C-BEE5-195F9C018337}] => (Allow) %ProgramFiles%\Java\jdk-17\bin\javaw.exe => No File FirewallRules: [TCP Query User{86294300-E564-47AD-BFEE-B57410B22451}C:\users\woluyism\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe] => (Allow) C:\users\woluyism\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe => No File FirewallRules: [UDP Query User{9D0007C7-8303-4064-81CF-3154B637F75F}C:\users\woluyism\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe] => (Allow) C:\users\woluyism\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe => No File FirewallRules: [{75A22C07-0A12-49CE-972F-01B76D6D1D02}] => (Allow) %ProgramFiles%\Java\jdk-17\bin\javaw.exe => No File FirewallRules: [{549CC95D-9DEF-458B-8CF3-F1EB3C13F07F}] => (Allow) %ProgramFiles%\Java\jdk-17\bin\javaw.exe => No File FirewallRules: [{AE0B9247-459D-46C1-93A2-85985933761F}] => (Allow) %ProgramFiles%\Java\jdk-17\bin\javaw.exe => No File FirewallRules: [{66E5985E-925A-4C84-BCE4-875C6839B197}] => (Allow) %ProgramFiles%\Java\jdk-17\bin\javaw.exe => No File FirewallRules: [TCP Query User{304A4AFF-D513-4340-9F3F-DC2CF1DA7F63}C:\program files\hoyoplay\games\genshin impact game\genshinimpact.exe] => (Allow) C:\program files\hoyoplay\games\genshin impact game\genshinimpact.exe => No File FirewallRules: [UDP Query User{F3FA88EA-E47B-4B05-B97F-42F16AC31424}C:\program files\hoyoplay\games\genshin impact game\genshinimpact.exe] => (Allow) C:\program files\hoyoplay\games\genshin impact game\genshinimpact.exe => No File FirewallRules: [TCP Query User{52AB5C7D-F4C3-494A-ACBF-74B49F9346DB}C:\program files\hoyoplay\games\genshin impact game\genshinimpact_data\plugins\zfgamebrowser.exe] => (Block) C:\program files\hoyoplay\games\genshin impact game\genshinimpact_data\plugins\zfgamebrowser.exe => No File FirewallRules: [UDP Query User{91DDF845-6E9D-40B5-B4D4-D2783C4FA20F}C:\program files\hoyoplay\games\genshin impact game\genshinimpact_data\plugins\zfgamebrowser.exe] => (Block) C:\program files\hoyoplay\games\genshin impact game\genshinimpact_data\plugins\zfgamebrowser.exe => No File FirewallRules: [TCP Query User{5208B5DB-4935-4A09-AE84-23FF382A5DB9}C:\games\hytale.v15.01.2026.rexagames.com\package\game\latest\client\hytaleclient.exe] => (Block) C:\games\hytale.v15.01.2026.rexagames.com\package\game\latest\client\hytaleclient.exe => No File FirewallRules: [UDP Query User{0A03C28E-2C10-4D43-992C-0230DD86685A}C:\games\hytale.v15.01.2026.rexagames.com\package\game\latest\client\hytaleclient.exe] => (Block) C:\games\hytale.v15.01.2026.rexagames.com\package\game\latest\client\hytaleclient.exe => No File FirewallRules: [TCP Query User{CA278E63-E98E-445B-8939-CD3D61F03EFC}C:\Games\factorio b20494576~ag\Factorio\bin\x64\factorio.exe] => (Allow) C:\Games\factorio b20494576~ag\Factorio\bin\x64\factorio.exe => No File FirewallRules: [UDP Query User{05FA79E1-AD8F-44E3-8F25-BA991DCBDBA3}C:\Games\factorio b20494576~ag\Factorio\bin\x64\factorio.exe] => (Allow) C:\Games\factorio b20494576~ag\Factorio\bin\x64\factorio.exe => No File FirewallRules: [TCP Query User{DEEF04EB-F8A0-4A99-852F-67C5C3C03C17}C:\users\woluyism\downloads\3681010-gamedrive.org\nioh 3\nioh3.exe] => (Block) C:\users\woluyism\downloads\3681010-gamedrive.org\nioh 3\nioh3.exe => No File FirewallRules: [UDP Query User{F0825D43-635A-41DC-855F-45199560E676}C:\users\woluyism\downloads\3681010-gamedrive.org\nioh 3\nioh3.exe] => (Block) C:\users\woluyism\downloads\3681010-gamedrive.org\nioh 3\nioh3.exe => No File FirewallRules: [TCP Query User{7C354F22-8A56-4695-9F69-CA66ACC094BE}C:\games\surroundead-steamrip.com\surroundead\surroundead\binaries\win64\surroundead-win64-shipping.exe] => (Block) C:\games\surroundead-steamrip.com\surroundead\surroundead\binaries\win64\surroundead-win64-shipping.exe => No File FirewallRules: [UDP Query User{5649FDBF-D022-4398-8D61-C19B49B017E8}C:\games\surroundead-steamrip.com\surroundead\surroundead\binaries\win64\surroundead-win64-shipping.exe] => (Block) C:\games\surroundead-steamrip.com\surroundead\surroundead\binaries\win64\surroundead-win64-shipping.exe => No File FirewallRules: [TCP Query User{64A1A99E-5463-4660-99BA-BB192EA19490}C:\games\state of decay 2 - juggernaut edition\stateofdecay2\binaries\win64\stateofdecay2-win64-shipping.exe] => (Block) C:\games\state of decay 2 - juggernaut edition\stateofdecay2\binaries\win64\stateofdecay2-win64-shipping.exe => No File FirewallRules: [UDP Query User{8632BBD2-B3A2-4C4F-9483-CF4A8D927D9A}C:\games\state of decay 2 - juggernaut edition\stateofdecay2\binaries\win64\stateofdecay2-win64-shipping.exe] => (Block) C:\games\state of decay 2 - juggernaut edition\stateofdecay2\binaries\win64\stateofdecay2-win64-shipping.exe => No File FirewallRules: [{422314EF-2EA5-4189-B649-67C79734FAB1}] => (Allow) C:\Users\Woluyism\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe => No File FirewallRules: [{C7C81664-C7B5-4AFE-88B2-31FB7A81C213}] => (Allow) C:\Users\Woluyism\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe => No File FirewallRules: [{5C7A4A75-34C9-46C6-867A-CDF719B302B6}] => (Allow) C:\Users\Woluyism\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe => No File FirewallRules: [{9BE2A11A-1AA6-4C3E-A3CB-7DD699AC83C6}] => (Allow) C:\Users\Woluyism\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe => No File FirewallRules: [{F1130AD3-556C-4F73-906D-0837DBF27285}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\game\bin\win64\cs2.exe => No File FirewallRules: [{A6472351-11FB-4660-96BE-1845541FD9F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\game\bin\win64\cs2.exe => No File FirewallRules: [TCP Query User{1DA98A77-6EF1-4D4C-8653-269A59900DAB}D:\games\call of duty - modern warfare iii\cod23-cod.exe] => (Block) D:\games\call of duty - modern warfare iii\cod23-cod.exe => No File FirewallRules: [UDP Query User{96633F44-BA64-47F7-BBCD-60D40DE8A9B8}D:\games\call of duty - modern warfare iii\cod23-cod.exe] => (Block) D:\games\call of duty - modern warfare iii\cod23-cod.exe => No File FirewallRules: [TCP Query User{1AA191BB-9924-4551-84F2-453760FFF793}D:\games\dead space\dead space.exe] => (Block) D:\games\dead space\dead space.exe => No File FirewallRules: [UDP Query User{D139776A-13C2-4E60-B912-51D25FE7D5C8}D:\games\dead space\dead space.exe] => (Block) D:\games\dead space\dead space.exe => No File FirewallRules: [TCP Query User{DEF415EF-296A-45F3-A23C-B4B310CF113D}D:\games\honey select 2 - libido\[utility] kkmanager\kkmanager.exe] => (Allow) D:\games\honey select 2 - libido\[utility] kkmanager\kkmanager.exe => No File FirewallRules: [UDP Query User{B82CEBAF-6D7E-4141-B24E-B39E2789233B}D:\games\honey select 2 - libido\[utility] kkmanager\kkmanager.exe] => (Allow) D:\games\honey select 2 - libido\[utility] kkmanager\kkmanager.exe => No File FirewallRules: [TCP Query User{596B5FC0-6393-4EE4-A1AD-009AA6D436BF}D:\games\mimesis-steamrip.com\mimesis\mimesis.exe] => (Allow) D:\games\mimesis-steamrip.com\mimesis\mimesis.exe => No File FirewallRules: [UDP Query User{AED7905E-51B4-4C89-B903-BA783E3ADA7A}D:\games\mimesis-steamrip.com\mimesis\mimesis.exe] => (Allow) D:\games\mimesis-steamrip.com\mimesis\mimesis.exe => No File FirewallRules: [TCP Query User{1DAC3025-6F23-4A80-B4F8-D7DDE3922BD1}D:\games\escape-the-backrooms-steamrip.com\escape the backrooms\escapethebackrooms\binaries\win64\backrooms-win64-shipping.exe] => (Allow) D:\games\escape-the-backrooms-steamrip.com\escape the backrooms\escapethebackrooms\binaries\win64\backrooms-win64-shipping.exe => No File FirewallRules: [UDP Query User{1E95375C-F706-43C9-99C0-32ADEDD15380}D:\games\escape-the-backrooms-steamrip.com\escape the backrooms\escapethebackrooms\binaries\win64\backrooms-win64-shipping.exe] => (Allow) D:\games\escape-the-backrooms-steamrip.com\escape the backrooms\escapethebackrooms\binaries\win64\backrooms-win64-shipping.exe => No File FirewallRules: [{C30C8D83-E96B-4D8C-A6CC-E657FE2CBB06}] => (Allow) D:\Games\Neverness To Everness\NTEGlobal\NTEGlobalGame.exe => No File FirewallRules: [{82C1B31A-D4D7-49BB-804A-D3279E0E3327}] => (Allow) D:\Games\Neverness To Everness\NTEGlobal\NTEGlobalGame.exe => No File FirewallRules: [{D1075BB9-96EC-43A3-B4E5-CAFC4B59A03D}] => (Allow) D:\Games\Neverness To Everness\NTEGlobal\NTEGlobalUpdate.exe => No File FirewallRules: [{6A5B7378-52DC-45E5-9D18-7B2A55CFE66F}] => (Allow) D:\Games\Neverness To Everness\NTEGlobal\NTEGlobalUpdate.exe => No File FirewallRules: [{1E8497BD-4F6F-4BCA-B9A9-A0D9EF11042A}] => (Allow) D:\Games\Neverness To Everness\NTEGlobal\NTEGlobalBrowser.exe => No File FirewallRules: [{B8C2BA3B-D26F-484C-9897-EABE5FD9C376}] => (Allow) D:\Games\Neverness To Everness\NTEGlobal\NTEGlobalBrowser.exe => No File FirewallRules: [{1E355CD9-2D9C-42FD-8D9A-F2D1E679AAD3}] => (Allow) D:\Games\Neverness To Everness\NTEGlobal\NTEGlobalWebBooster.exe => No File FirewallRules: [{F0BF96C9-63D9-4F04-AF59-3D2201B77B5C}] => (Allow) D:\Games\Neverness To Everness\NTEGlobal\NTEGlobalWebBooster.exe => No File FirewallRules: [{3D47AC2B-17ED-4BBE-9901-5927F8E69703}] => (Allow) D:\Games\Neverness To Everness\Client\WindowsNoEditor\HT\Binaries\Win64\HTGame.exe => No File FirewallRules: [{A40AFA79-09D6-45AF-8ED4-4EEA3B55A853}] => (Allow) D:\Games\Neverness To Everness\Client\WindowsNoEditor\HT\Binaries\Win64\HTGame.exe => No File HKU\S-1-5-21-2162756203-951362179-3238007230-1001\...\Run: [FilmoraTray] => "C:\Users\Woluyism\Downloads\Wondershare Filmora 15.3.20.18660 Portable 7997\Filmora\App\Filmora\FilmoraTray.exe" --autostart (No File) Task: {18F76A44-8292-47A1-BE84-5AA4F3845A52} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-2162756203-951362179-3238007230-1001 => C:\Users\Woluyism\AppData\Local\Programs\Messenger\MessengerHelper.exe --lassie (No File) Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File) Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File) Task: {37F6B256-239E-4F10-9171-227AB1903D1F} - System32\Tasks\NahimicSvc64 => C:\Users\Woluyism\NahimicSvc64.exe (No File) <==== ATTENTION S2 NativePushService; "C:\Users\Woluyism\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe" (No File) S3 zksvc; "C:\Program Files\Common Files\PUBG\zksvc.exe" (No File) S3 ace-game-0; \SystemRoot\System32\drivers\ace-game-0.sys (No File) S3 atvi-randgrid_sr; \??\C:\Users\Woluyism\Downloads\Call of Duty Modern Warfare II Campaign\Call of Duty\Randgrid.sys (No File) S1 auognhyl; \??\C:\WINDOWS\system32\drivers\auognhyl.sys (No File) S1 axeapyag; \??\C:\WINDOWS\system32\drivers\axeapyag.sys (No File) S1 ddeeyuyn; \??\C:\WINDOWS\system32\drivers\ddeeyuyn.sys (No File) S1 fpbtmdtf; \??\C:\WINDOWS\system32\drivers\fpbtmdtf.sys (No File) S1 gberzbvh; \??\C:\WINDOWS\system32\drivers\gberzbvh.sys (No File) S1 gpxtlclc; \??\C:\WINDOWS\system32\drivers\gpxtlclc.sys (No File) S1 guniefmf; \??\C:\WINDOWS\system32\drivers\guniefmf.sys (No File) U3 HtAntiCheatDriver; \??\D:\Games\Neverness To Everness\NTEGlobal\driver\gamedriverX64.sys (No File) S4 IDMWFP; \SystemRoot\System32\drivers\idmwfp.sys (No File) S3 PredatorService; \SystemRoot\System32\DriverStore\FileRepository\predatorservice.inf_amd64_ec38587b71ef8108\PredatorServiceSoftwareComponent.sys (No File) 2025-11-17 23:09 - 2025-11-17 23:09 - 000000048 ____R () C:\Users\Woluyism\AppData\Local\0791F02974248A192FE102FE65927C3B GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKU\S-1-5-21-2162756203-951362179-3238007230-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION Task: {3157BCFB-6219-4E06-9D89-6B457042F69F} - System32\Tasks\Matrix Socket Ireland 81281-S-1-5-21-2162756203-951362179-3238007230-1001 => C:\Users\Woluyism\AppData\Local\Stalker2\Saved\LocalCache\pythonw.exe [102232 2026-05-07] (Python Software Foundation -> Python Software Foundation) -> "C:\Users\Woluyism\AppData\Local\Stalker2\Saved\LocalCache\helper.py" <==== ATTENTION File: C:\Users\Woluyism\AppData\Local\Wondershare\Wondershare Filmora\15.2.5.17803\wsUpgrade.dll File: C:\Users\Woluyism\AppData\Local\Wondershare\Wondershare Filmora\15.2.5.17803\FMediaLibraryView.dll 2026-05-07 18:40 - 2026-05-07 18:40 - 000003452 _____ C:\WINDOWS\system32\Tasks\Matrix Socket Ireland 81281-S-1-5-21-2162756203-951362179-3238007230-1001 C:\Users\Woluyism\AppData\Local\Stalker2\Saved\LocalCache 2025-05-26 22:22 - 2025-05-26 22:22 - 000000167 _____ () C:\Users\Woluyism\hjksfpb.exe 2025-05-26 22:22 - 2025-05-26 22:22 - 000000000 _____ () C:\Users\Woluyism\hjksffi.exe 2025-05-26 22:22 - 2025-05-19 17:35 - 000548864 ____N (Microsoft Corporation) C:\Users\Woluyism\msvcp80.dll 2025-05-26 22:22 - 2025-05-19 17:35 - 000626688 ____N (Microsoft Corporation) C:\Users\Woluyism\msvcr80.dll 2025-01-15 12:20 - 2025-02-20 18:13 - 000000108 ___SH () C:\Users\Woluyism\AppData\Local\00000106 2026-03-13 18:03 - 2026-03-13 18:03 - 000000000 _____ () C:\Users\Woluyism\AppData\Local\Temp86dbca0a2b4a9f2a_fps_debug.tmp 2026-03-13 18:03 - 2026-03-13 18:03 - 000000000 _____ () C:\Users\Woluyism\AppData\Local\Temp86dbca0a2b4a9f2a_fps_verbose.tmp StartPowerShell: # Enable real-time protection Set-MpPreference -DisableRealtimeMonitoring $false # Enable behavioural protection Set-MpPreference -DisableBehaviorMonitoring $false # Enable PUP detection Set-MpPreference -PUAProtection Enabled # Enable cloud protection to level 4 - aggressively block unknowns and apply additional protection measures, alternatively use 2 for lower protection or 0 for default Set-MpPreference -CloudBlockLevel 4 # Send advanced information about malicious/unwanted software present on your device Set-MpPreference -MAPSReporting 2 # Send safe samples automatically to Microsoft Set-MpPreference -SubmitSamplesConsent 1 # Enables inspection of HTTP traffic to detect malicious websites Set-MpPreference -EnableNetworkProtection Enabled # Enables block at first seen Set-MpPreference -DisableBlockAtFirstSeen $false # Allows scanning of archive files, such as .zip and .cab files for malware/PUP Set-MpPreference -DisableArchiveScanning $false # Enables automatic scanning of USB & removal drives Set-MpPreference -DisableRemovableDriveScanning $false # Enables scanning of network files Set-MpPreference -DisableScanningNetworkFiles $false # Forces signature check before running a scan Set-MpPreference -CheckForSignaturesBeforeRunningScan $true # Extends cloud check timer from default 10 to 30 seconds Set-MpPreference -CloudExtendedTimeout 30 # Enables automatic scanning of all downloaded files and attachments Set-MpPreference -DisableIOAVProtection $false # Enables script detection Set-MpPreference -DisableScriptScanning $false # Disables automatic exclusions from scanning Set-MpPreference -DisableAutoExclusions 1 # Enables scanning of mapped network drives Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan 0 # Enables scanning of email files Set-MpPreference -DisableEmailScanning 0 # Enables blocking of malicious domains and IP's on DNS level Set-MpPreference -EnableDnsSinkhole $true # Enables signature updates every 12 hours Set-MpPreference -SignatureUpdateInterval 12 # Enables automatic quarantine for threats labelled as high and severe Set-MpPreference -HighThreatDefaultAction Quarantine Set-MpPreference -SevereThreatDefaultAction Quarantine # Updates signatures Update-MpSignature EndPowerShell: StartPowerShell: # This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it. # Do note that the executable is 300MB and may take some time to download. # --- # This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says # It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests # --- # You can use argument "/delete" to delete found objects including references but this is permanent and irreversible. # You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle. # You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections. $downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe" $systemDrive = $env:SystemDrive $frstPath = "$systemDrive\FRST" $savePath = "$frstPath\EEK.exe" $extractPath = "$frstPath\EEK" if (-not (Test-Path $frstPath)) { New-Item -Path $frstPath -ItemType Directory -Force | Out-Null } if (-not (Test-Path $extractPath)) { New-Item -Path $extractPath -ItemType Directory -Force | Out-Null } Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing $proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 } Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue if ([Environment]::Is64BitOperatingSystem) { $a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe" } else { $a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe" } Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow Get-Content "$frstPath\EEK_scan.log" exit EndPowerShell: StartPowerShell: # Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console # Does not clean preinstalled objects, only PUP/Adware # If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument # If you would like to only scan with it, change the argument from /clean to /scan New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden $logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt" Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile Get-Content $logFile -Encoding Unicode Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue EndPowerShell: CMD: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Warn" /f CMD: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d 1 /f CMD: netsh int ip reset CMD: netsh int ipv6 reset CMD: ipconfig /flushDNS CMD: netsh winsock reset catalog C:\Users\CurrentUserName\AppData\Local\Temp\* C:\Windows\Temp\* C:\Windows\SystemTemp\* EmptyTemp: End::