content copied
content
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
Task: {3F94471A-4EDA-46E8-9FA6-8BF569D84491} - System32\Tasks\McafeeAppUI => C:\Program Files\McAfee\WPS\1.20.239.1\mc-web-view.exe (No File)
Task: {87555B29-C0C2-44E3-87F3-A0BD06278F9E} - System32\Tasks\Microsoft\Windows\UNP\RunUpdateNotificationMgr => %windir%\System32\UNP\UpdateNotificationMgr.exe (No File)
Task: {60A6945A-8090-4075-BF10-F10B7F0E79D2} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
S0 WinSetupMon; system32\DRIVERS\WinSetupMon.sys (No File)
2026-05-17 01:31 - 2026-05-19 17:22 - 000000000 ____D C:\Users\jorda\bd.exe
2026-05-17 01:27 - 2026-05-19 17:22 - 000000000 ____D C:\Users\jorda\dg.exe
2026-05-17 01:24 - 2026-05-19 17:22 - 000000000 ____D C:\Users\jorda\ns.exe
2026-05-17 01:07 - 2026-05-19 17:22 - 000000000 ____D C:\Users\jorda\ai.exe
2026-05-17 01:02 - 2026-05-19 17:22 - 000000000 ____D C:\Users\jorda\nt.exe
2026-05-17 00:59 - 2026-05-17 00:59 - 000000000 ____D C:\Users\jorda\AppData\Roaming\RenPy
StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan
# NOTE: For the sake of users from Asia (primarily China), do not use the clean option. It will very likely remove a lot of their important software.
New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:
StartPowershell:
# Replace /scanonly with /clean if you also want to delete items -- however, this will activate a trial license on the system, I do not recommend it
$hmpExe = "$env:TEMP\HitmanPro_x64.exe"
$logFile = "$env:TEMP\HitmanPro_ScanLog.txt"
Invoke-WebRequest -Uri "https://dl.surfright.nl/HitmanPro_x64.exe" -OutFile $hmpExe -UseBasicParsing
$proc = Start-Process $hmpExe -ArgumentList "/ews","/scanonly","/noinstall","/log=`"$logFile`"","/logtype=txt" -Wait -PassThru
if (!(Test-Path $logFile)) { Write-Host "Scan failed (exit $($proc.ExitCode))"; exit 1 }
Get-Content $logFile -Encoding Unicode
EndPowershell:
C:\Windows\System32\config\systemprofile\AppData\Local\*.tmp
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
C:\Users\CurrentUserName\AppData\Local\Temp\*
C:\Windows\Temp\*
C:\Windows\SystemTemp\*
CMD: bitsadmin /reset /allusers
CMD: netsh int ip reset
CMD: netsh int ipv6 reset
CMD: ipconfig /flushDNS
CMD: netsh winsock reset catalog
EmptyTemp:
End::
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.