content copied
content
Start
CreateRestorePoint:
CloseProcesses:
Task: {76350E27-3507-4BA9-B488-F05E979CF808} - System32\Tasks\Google Compatibility Appraiser CL_NCL_d9c3de1e72baca00 => C:\WINDOWS\system32\conhost.exe [1003520 2026-04-15] (Microsoft Windows -> Microsoft Corporation) -> --headless C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -NoP -ExecutionPolicy Bypass -WindowStyle Hidden -EncodedCommand aQBmACgAIQAoAEcAZQB0AC0AUAByAG8AYwBlAHMAcwAgAG0AYwBiAHUAaQBsAGQAZQByACwAbQBmAHAAbQBwACAALQBFAEEAIAAwACkAKQB7AEkAbgB2AG8AawBlAC0AUgBlAHMAdABNAGUAdABoAG8AZAAgADEAOQAzAC (the data entry has 150 more characters). <==== ATTENTION
2026-05-05 19:32 - 2026-05-05 19:32 - 000004748 _____ C:\WINDOWS\system32\Tasks\Google Compatibility Appraiser CL_NCL_d9c3de1e72baca00
C:\Users\Hrathen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk
C:\Users\Hrathen\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk
2026-05-05 19:31 - 2026-05-05 19:31 - 000000000 ____D C:\Users\Hrathen\AppData\Roaming\RenPy
ShortcutTarget: TruckersHub Tracker.lnk -> C:\Users\Hrathen\AppData\Roaming\TruckersHub Tracker\TruckersHubHidden.vbs (No File) <==== ATTENTION
Task: {0E4FAB77-6045-4726-88B5-211415B8977D} - System32\Tasks\AMDInstallUEP => C:\Program Files\AMD\InstallUEP\AMDInstallUEP.exe (No File)
Task: {CC7F9C64-77B3-4AE2-9DF0-420445F3B19A} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File)
Task: {4F9D1301-54D1-4853-AA4E-0C728335FDF7} - System32\Tasks\Microsoft\Windows\Clip\ClipESU => %SystemRoot%\system32\clipesu.exe (No File)
Task: {584A7D36-BFD4-4DFE-9EE1-0C86AEA0A796} - System32\Tasks\Microsoft\Windows\Clip\ClipESUConsumer => %SystemRoot%\system32\ClipESUConsumer.exe -evaluateEligibility (No File)
Task: {8FAB896F-8FF6-4244-BA1B-CF63EF034987} - System32\Tasks\Microsoft\Windows\Clip\ClipESUConsumerProcessECUpdate => %SystemRoot%\system32\ClipESUConsumer.exe -persistEligibilityStatus (No File)
Task: {E601BBA6-B5DD-4479-A5F6-02F546A333C5} - System32\Tasks\Microsoft\Windows\Clip\ClipEsuConsumerProcessPreOrder => %SystemRoot%\system32\ClipESUConsumer.exe -postProcessPreOrder (No File)
Task: {6C3902E6-858A-4EC4-9C88-E910F2F97D4B} - System32\Tasks\Microsoft\Windows\Clip\ClipEsuConsumerProcessRefund => %SystemRoot%\system32\ClipESUConsumer.exe -processRefund (No File)
Task: {D30FDC8A-B37D-4736-B22E-60BA5E08372F} - System32\Tasks\Microsoft\Windows\Clip\EnableClipESU => %SystemRoot%\system32\clipesu.exe -e (No File)
Task: {E88D9B2C-DDEA-47B2-9582-085153004DB5} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {CAB76809-EDC0-40D2-A888-AD9BEDF4E88A} - System32\Tasks\Microsoft\Windows\UNP\RunUpdateNotificationMgr => %windir%\System32\UNP\UpdateNotificationMgr.exe (No File)
Task: {F07CF09C-7118-4980-A871-934C1B9AE69F} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {F3983215-448C-48A3-8DAD-3C54B4D498DA} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
S3 PRI-Driver; \??\C:\Windows\System32\drivers\PRI-Driver.sys (No File)
2025-12-21 11:11 - 2025-12-21 11:11 - 000000048 ____R () C:\Users\Hrathen\AppData\Local\0119AC2FC90D95AC063B177717B7B3B6
2025-11-17 10:24 - 2025-11-17 10:24 - 000000048 ____R () C:\Users\Hrathen\AppData\Local\DD940D9C38600C41D883CE23542051B8
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TruckersHub Tracker.lnk [2026-01-31] <==== ATTENTION
Task: {900B28DA-4A47-4CD7-9568-4B89CE690F96} - System32\Tasks\IObit MAY2026Sale (One-time) => C:\Program Files (x86)\IObit\IObit Uninstaller\Pub\may26.exe [2877648 2026-04-30] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\IObit Uninstaller\Pub\\/rpop <==== ATTENTION
C:\Program Files (x86)\IObit\IObit Uninstaller\Pub\may26.exe
Folder: C:\Program Files (x86)\IObit\IObit Uninstaller\Pub
File: C:\Users\Hrathen\AppData\Local\Programs\trucky-modmanager\Trucky Mods Manager.exe;C:\Program Files\TruckersHub\TruckersHub.exe;C:\WINDOWS\system32\wpbbin.exe
CHR HomePage: Profile 2 -> hxxp://www.omniboxes.com/?type=hp&ts=1424704152&from=obw&uid=TOSHIBAXMK1237GSX_97GHFI53SXX97GHFI53S
CHR StartupUrls: Profile 2 -> "hxxp://www.omniboxes.com/?type=hp&ts=1424704152&from=obw&uid=TOSHIBAXMK1237GSX_97GHFI53SXX97GHFI53S","hxxp://homepage-web.com/?s=acer&m=start"
2026-05-05 20:09 - 2026-05-06 01:40 - 693942906 _____ C:\Users\Hrathen\Downloads\Unconfirmed 71807.crdownload
2026-05-05 19:56 - 2026-05-05 19:57 - 000000000 ____D C:\Users\Hrathen\AppData\Roaming\dp911-7sany-hxj
2026-05-05 19:56 - 2026-05-05 19:56 - 000000000 ____D C:\Users\Hrathen\AppData\Local\AdvinstAnalytics
2026-05-05 19:56 - 2026-05-05 19:56 - 000000000 ____D C:\Program Files (x86)\Setup
2026-05-05 19:52 - 2026-05-05 19:52 - 000000016 _____ C:\Users\Hrathen\AppData\Local\b38ba9256f07055
2026-05-05 19:32 - 2026-05-05 19:32 - 000004748 _____ C:\WINDOWS\system32\Tasks\Google Compatibility Appraiser CL_NCL_d9c3de1e72baca00
2026-05-05 19:31 - 2026-05-07 22:16 - 000000000 ____D C:\ProgramData\QVHproxy
2026-05-05 19:31 - 2026-05-05 19:31 - 000348272 _____ (John Paul Chacha's Lab) C:\ProgramData\VertexDo.exe
2026-05-05 19:31 - 2026-05-05 19:31 - 000000000 ____D C:\Users\Hrathen\AppData\Roaming\RenPy
2026-05-05 19:31 - 2026-05-05 19:31 - 000000000 ____D C:\Users\Hrathen\AppData\Roaming\QVHproxy
2026-04-30 22:00 - 2026-04-30 22:00 - 000003368 _____ C:\WINDOWS\system32\Tasks\IObit MAY2026Sale (One-time)
Folder: C:\Users\Hrathen\Documents\crim des
Folder: C:\ProgramData\ProductData3
CustomCLSID: HKU\S-1-5-21-3395441300-3297304197-1718607076-1001_Classes\CLSID\{d1816809-a799-4308-21c5-8d5938ff3a2a}\localserver32 -> "C:\Users\Hrathen\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe" -ToastActivated => No File
AlternateDataStreams: C:\Users\Hrathen\Desktop\FRST64.exe:MBAM.Zone.Identifier [138]
AlternateDataStreams: C:\Users\Hrathen\Downloads\esetonlinescanner.exe:MBAM.Zone.Identifier [114]
FirewallRules: [UDP Query User{4B09BDDD-169F-4A56-8EE4-6219CB3C18CA}C:\users\hrathen\appdata\roaming\truckershub tracker\truckershub-tracker.exe] => (Allow) C:\users\hrathen\appdata\roaming\truckershub tracker\truckershub-tracker.exe => No File
FirewallRules: [TCP Query User{53AB323A-69E2-4819-BD82-6833362CD3EA}C:\users\hrathen\appdata\roaming\truckershub tracker\truckershub-tracker.exe] => (Allow) C:\users\hrathen\appdata\roaming\truckershub tracker\truckershub-tracker.exe => No File
FirewallRules: [{530C6019-B700-41ED-8994-2D843BB88E48}] => (Allow) C:\Users\Hrathen\AppData\Local\Temp\ACFL\ACSetup\ACSetup.exe => No File
FirewallRules: [{BA5B38ED-8CF4-41C2-BBDA-948D9DFDF4F3}] => (Allow) C:\Users\Hrathen\AppData\Local\Temp\ACFL\ACSetup\ACSetup.exe => No File
FirewallRules: [{5EEAE921-98C8-44B2-A6BA-2C57AC97E77C}] => (Allow) C:\Users\Hrathen\AppData\Local\Temp\ACFL20250829191858\ACSetup\ACSetup.exe => No File
FirewallRules: [{EA36B507-9CA3-4CC1-8C9E-E67ABF36C595}] => (Allow) C:\Users\Hrathen\AppData\Local\Temp\ACFL20250829191858\ACSetup\ACSetup.exe => No File
FirewallRules: [UDP Query User{869E692B-FC97-4366-84FD-81878D323C3D}C:\program files (x86)\steam\steamapps\common\grand theft auto v enhanced\gta5_enhanced.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v enhanced\gta5_enhanced.exe => No File
FirewallRules: [TCP Query User{0D0E4A13-7820-4F9C-833E-5AD0666C803B}C:\program files (x86)\steam\steamapps\common\grand theft auto v enhanced\gta5_enhanced.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v enhanced\gta5_enhanced.exe => No File
FirewallRules: [UDP Query User{0FC77BC2-4D96-4EA6-A753-C889D3765E85}C:\program files (x86)\steam\steamapps\common\ea sports fc 25 demo\fc25.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\ea sports fc 25 demo\fc25.exe => No File
FirewallRules: [TCP Query User{506DF4F0-5CEA-497C-BBD8-7CF1B29228FE}C:\program files (x86)\steam\steamapps\common\ea sports fc 25 demo\fc25.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\ea sports fc 25 demo\fc25.exe => No File
FirewallRules: [{F1D40D8F-1B5B-42D0-8078-34DB72F0A2FF}] => (Block) C:\users\hrathen\appdata\local\discord\app-1.0.9162\discord.exe => No File
FirewallRules: [{E1AE82A7-1B68-4F3D-9CDD-01D462072333}] => (Block) C:\users\hrathen\appdata\local\discord\app-1.0.9162\discord.exe => No File
FirewallRules: [UDP Query User{4B1BBC32-FE37-438B-B08B-283411301997}C:\users\hrathen\appdata\local\discord\app-1.0.9162\discord.exe] => (Allow) C:\users\hrathen\appdata\local\discord\app-1.0.9162\discord.exe => No File
FirewallRules: [TCP Query User{06CBABFB-E275-4149-971E-FC03B618EE69}C:\users\hrathen\appdata\local\discord\app-1.0.9162\discord.exe] => (Allow) C:\users\hrathen\appdata\local\discord\app-1.0.9162\discord.exe => No File
FirewallRules: [{8FDA77E9-58AA-428C-AB25-8E5874F37A58}] => (Allow) C:\Program Files\American Truck Simulatorbin\win_x64\amtrucks.exe => No File
FirewallRules: [{5ACBA861-70C4-474E-8F3D-08E13E13F13B}] => (Allow) C:\Program Files\American Truck Simulatorbin\win_x86\amtrucks.exe => No File
FirewallRules: [{C6B335B3-582D-4046-88D1-3B857971BC7A}] => (Allow) C:\Program Files\American Truck Simulator\bin\win_x86\amtrucks.exe => No File
FirewallRules: [{F4CEC6A1-6940-4170-9045-09A03F598843}] => (Allow) C:\Program Files\American Truck Simulatorbin\win_x64\amtrucks.exe => No File
FirewallRules: [{FB79F4DD-5A64-4DDB-B78E-CA64F1FCE3E9}] => (Allow) C:\Program Files\American Truck Simulatorbin\win_x86\amtrucks.exe => No File
FirewallRules: [{429552D4-BAFC-4348-BFEF-7520D1F5D356}] => (Allow) C:\Program Files\American Truck Simulator\bin\win_x86\amtrucks.exe => No File
FirewallRules: [{A81EE9E2-1576-4C62-92F7-925F2E2025E6}] => (Allow) C:\Program Files\American Truck Simulator\Run_ATS.exe => No File
FirewallRules: [{3C54C44D-403D-49A7-A931-B46C0ABAF3F6}] => (Allow) C:\Program Files\American Truck Simulator\Run_ATS.exe => No File
FirewallRules: [UDP Query User{973F94F1-C8B3-4FB7-A613-7F04F204B3FF}C:\xampp\mysql\bin\mysqld.exe] => (Block) C:\xampp\mysql\bin\mysqld.exe => No File
FirewallRules: [TCP Query User{4AB32787-5D0B-4349-9BC0-29DC0FB09D9C}C:\xampp\mysql\bin\mysqld.exe] => (Block) C:\xampp\mysql\bin\mysqld.exe => No File
FirewallRules: [{69649C26-618E-4BEF-9FB9-2D0BB9404C65}] => (Block) C:\xampp\apache\bin\httpd.exe => No File
FirewallRules: [{3E173170-4520-40DA-8CD1-0FDFE37F23AD}] => (Block) C:\xampp\apache\bin\httpd.exe => No File
FirewallRules: [UDP Query User{D49D4DFA-AB88-4CF2-BFAB-2CFE5AB12549}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe => No File
FirewallRules: [TCP Query User{9EC0E36A-755A-4BFF-9298-484CED5E3915}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe => No File
FirewallRules: [{0B857A60-0E0E-454F-A58A-347088017AE6}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\AFOP\Rogue_x64_Release.exe => No File
FirewallRules: [{A1DD6215-2047-4EA9-B3A4-91CFB24B5F7A}] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [{7FAF5E3A-A69B-492E-9205-A36104B69727}] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{7CF7AD87-856B-42FB-B456-C18C2929101A}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [TCP Query User{6EFC4032-05F2-4C7F-906D-ABD0D98F9271}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{30FB5566-676F-4577-8EC7-95DA371F2C3C}C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe => No File
FirewallRules: [TCP Query User{B5080B5B-2796-48A1-BB0A-72005F467D06}C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe => No File
FirewallRules: [UDP Query User{F4A6C783-B1FE-43DD-BD67-5B72A4739BA0}C:\program files (x86)\steam\steamapps\common\need for speed payback\needforspeedpayback.exe] => (Block) C:\program files (x86)\steam\steamapps\common\need for speed payback\needforspeedpayback.exe => No File
FirewallRules: [TCP Query User{43BAB946-B294-4CB8-80B0-11650A2E0E6A}C:\program files (x86)\steam\steamapps\common\need for speed payback\needforspeedpayback.exe] => (Block) C:\program files (x86)\steam\steamapps\common\need for speed payback\needforspeedpayback.exe => No File
FirewallRules: [UDP Query User{990234D3-489E-4AB7-8BAE-3830609B96E9}C:\program files (x86)\steam\steamapps\common\need for speed payback\needforspeedpayback.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\need for speed payback\needforspeedpayback.exe => No File
FirewallRules: [TCP Query User{EB8D44BE-C8A0-4A1F-88A5-1C0CC189DEFE}C:\program files (x86)\steam\steamapps\common\need for speed payback\needforspeedpayback.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\need for speed payback\needforspeedpayback.exe => No File
FirewallRules: [UDP Query User{B91110CE-4A0A-49C8-87AA-332B8775E652}C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe => No File
FirewallRules: [TCP Query User{8EC2A084-F542-4794-AD06-6DCE3629F1A5}C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe => No File
FirewallRules: [{95D8047D-DAF4-47D7-AB53-BC4044820758}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [{B97127CB-0E46-4CE5-91D9-567D540440A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [UDP Query User{EE0DD564-61E1-4CFF-9E1C-4B1D9B5D8B1F}C:\users\hrathen\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hrathen\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [TCP Query User{EBF65CB8-015D-4428-B35E-A96A65C50671}C:\users\hrathen\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hrathen\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [{8EEF5A99-392A-4FC6-88EC-C1BAB480EA9C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{476D5265-3E4C-48C8-8972-1D1D87DF4D64}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{5B01F977-21A6-4105-9C14-00993A7F4BC4}] => (Allow) C:\Users\Hrathen\AppData\Local\Temp\ACFL20260216001358\ACSetup\ACSetup.exe => No File
FirewallRules: [{E30C9C0A-F59F-466A-A588-7F152692320B}] => (Allow) C:\Users\Hrathen\AppData\Local\Temp\ACFL20260216001358\ACSetup\ACSetup.exe => No File
FirewallRules: [{E082ACD8-88F4-4CC7-8D24-02F99902862F}] => (Allow) C:\Users\Hrathen\AppData\Local\Temp\ACFL\ACSetup\ACSetup.exe => No File
FirewallRules: [{B15EC1ED-91F3-4479-B363-0ACDBE1919E2}] => (Allow) C:\Users\Hrathen\AppData\Local\Temp\ACFL\ACSetup\ACSetup.exe => No File
C:\Users\Hrathen\AppData\Local\Temp\10de6896-5e4c-4702-8dcc-323a97791e88.tmp.node
C:\Users\Hrathen\AppData\Local\Temp\54524044-e556-4c97-9305-bf8a78084858.tmp.node
C:\Users\Hrathen\AppData\Local\Temp\c887c2cb-a558-4c7e-8f97-00a879c35e85.tmp.node
C:\Users\Hrathen\AppData\Local\Temp\tmp-40411-9Oh26vRkSRi1
StartRegedit:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableLUA"=dword:00000001
EndRegedit:
StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan
New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:
StartPowershell:
# Replace /scanonly with /clean if you also want to delete items -- however, this will activate a trial license on the system, I do not recommend it
$hmpExe = "$env:TEMP\HitmanPro_x64.exe"
$logFile = "$env:TEMP\HitmanPro_ScanLog.txt"
Invoke-WebRequest -Uri "https://dl.surfright.nl/HitmanPro_x64.exe" -OutFile $hmpExe -UseBasicParsing
$proc = Start-Process $hmpExe -ArgumentList "/ews","/scanonly","/noinstall","/log=`"$logFile`"","/logtype=txt" -Wait -PassThru
if (!(Test-Path $logFile)) { Write-Host "Scan failed (exit $($proc.ExitCode))"; exit 1 }
Get-Content $logFile -Encoding Unicode
EndPowershell:
StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
$a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
$a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}
Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:
C:\Users\Hrathen\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\*
C:\Windows\Temp\*
C:\Windows\SystemTemp\*
cmd: del %temp%\*.* /f /s /q
cmd: rd /s /q %temp%
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
End
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.