content copied
content
Start
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
(svchost.exe ->) (SweetLabs Inc -> SweetLabs, Inc) C:\Users\elias\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
Folder: C:\Users\elias\AppData\Local\Host App Service
Folder: C:\Users\elias\cc.exe
Folder: C:\ProgramData\JAVAsocket_x86
Folder: C:\Users\elias\AppData\Roaming\StruSoft
C:\Users\elias\AppData\Local\Google\Chrome\User Data\WasmTtsEngine
C:\Users\elias\AppData\Local\Host App Service
2026-05-18 15:03 - 2026-05-20 00:03 - 000000000 ____D C:\ProgramData\JAVAsocket_x86
2026-05-18 15:03 - 2026-05-18 15:03 - 000000000 ____D C:\Users\elias\cc.exe
2026-05-18 15:03 - 2026-05-18 15:03 - 000000000 ____D C:\Users\elias\AppData\Roaming\StruSoft
2026-05-18 18:34 - 2024-06-12 15:39 - 000000000 ____D C:\Users\elias\AppData\Roaming\RenPy
2024-12-23 01:02 - 2024-12-23 01:02 - 000000048 ____R () C:\Users\elias\AppData\Local\867E3963BE06D9339102C7FCECD3DD62
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {E5BCAA7F-1556-4746-A535-5392B395FB60} - System32\Tasks\App Explorer => C:\Users\elias\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [10495528 2026-03-12] (SweetLabs Inc -> SweetLabs, Inc) <==== ATTENTION
HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" (No File)
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {09315F25-7BEA-4D57-8A1E-548AE545CAD8} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (No File)
Task: {3662E3AF-22C7-4C03-9327-19EA294732F2} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (No File)
Task: {22749B6A-7A3E-4FEC-A7E1-90BF1CDC9F4C} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (No File)
Task: {BE5D0799-7BBD-4CF1-AA50-773421FDC8CD} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (No File)
Task: {D4C5EC01-14A3-42AF-A5D4-D89140F8A747} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-241164317-1283580447-877669952-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro 2022.lnk:C56174E6CE [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk:4C32B9D343 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk:09A0A90EF3 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forge of Empires.url:1368113D25 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.36.lnk:6725AE39E1 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk:159ADC9AA1 [3442]
AlternateDataStreams: C:\Users\elias\Desktop\FRST64.exe:MBAM.Zone.Identifier [450]
AlternateDataStreams: C:\Users\elias\Downloads\WiFi_University_at_Buffalo.exe:MBAM.Zone.Identifier [196]
FirewallRules: [UDP Query User{DD2C2111-6EE8-427F-9B54-F3DE519BA03F}C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File
FirewallRules: [TCP Query User{452CB35B-D91E-4F84-A8C1-FD681BB575C4}C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File
FirewallRules: [{DF934CA1-FE81-4528-86B3-42F79D615E5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MarvelRivals\MarvelRivals_Launcher.exe => No File
FirewallRules: [{E64FC458-C1BF-46C5-8917-EFE5179ECDC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MarvelRivals\MarvelRivals_Launcher.exe => No File
FirewallRules: [UDP Query User{CC165D6B-1B9D-48C8-B70E-CBD168BAB395}C:\program files (x86)\starcraft ii\versions\base92440\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base92440\sc2_x64.exe => No File
FirewallRules: [TCP Query User{0FE17FC5-EF4A-4C1F-9CE0-217F95013068}C:\program files (x86)\starcraft ii\versions\base92440\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base92440\sc2_x64.exe => No File
FirewallRules: [{1999ED42-A806-4609-B86D-06DD6AF0D1B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deadlock\game\bin\win64\project8.exe => No File
FirewallRules: [{612AB012-A5DD-4105-AC57-7AC76FC0DDC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deadlock\game\bin\win64\project8.exe => No File
FirewallRules: [UDP Query User{CC67AC33-2B53-4AF5-AE67-41EB98DCD2A7}C:\users\elias\appdata\local\discord\app-1.0.9158\discord.exe] => (Allow) C:\users\elias\appdata\local\discord\app-1.0.9158\discord.exe => No File
FirewallRules: [TCP Query User{B41FDCF7-6A63-4ADE-90BF-AAF5C1FDDBBF}C:\users\elias\appdata\local\discord\app-1.0.9158\discord.exe] => (Allow) C:\users\elias\appdata\local\discord\app-1.0.9158\discord.exe => No File
FirewallRules: [UDP Query User{AABE454F-CD7D-4FCE-BFBE-9AD3138328AD}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe => No File
FirewallRules: [TCP Query User{704BEC14-E826-41E5-9B4B-2A99DE29601F}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe => No File
FirewallRules: [UDP Query User{C020C7B9-CE34-4C95-8FB9-3E52D2E833E4}C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe => No File
FirewallRules: [TCP Query User{A9EA1BAA-1BF4-49D2-ABC1-78BBDA9162FC}C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe => No File
FirewallRules: [{292A896B-9239-4D38-859E-02A26CC7442D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\eac_wt_mlauncher.exe => No File
FirewallRules: [{7A4766E5-D35D-4358-8204-BFD8C0F6AAAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\eac_wt_mlauncher.exe => No File
FirewallRules: [{EDD79AF4-FD9D-455D-8609-783922DC4A61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe => No File
FirewallRules: [{B8323D9E-C9FD-4AE5-A752-0F25BEC02798}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe => No File
FirewallRules: [{DD9FD001-1494-4522-948A-88AA187ABFDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Garfield Kart\GarfieldKartNoMulti.exe => No File
FirewallRules: [{0BEAADE3-27C9-4A44-87E8-FE31B5014F71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Garfield Kart\GarfieldKartNoMulti.exe => No File
FirewallRules: [{26885B1B-6BFF-49F4-8E35-88C69FA012CF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{1D6B58B9-5DA3-4E17-A586-CC58F3B50C2E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{FC0C4A57-A35B-4BCA-9F5B-DBE649B2B673}] => (Allow) C:\Program Files\Google\Play Games\current\emulator\crosvm.exe => No File
FirewallRules: [{72EFDDC8-8E56-4120-9B43-F052FB3CAB5C}] => (Allow) C:\Program Files\Google\Play Games\current\emulator\crosvm.exe => No File
FirewallRules: [TCP Query User{13A6FAAE-AD72-4781-A47D-A9088193B720}C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\aurora\aurora.exe] => (Block) C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\aurora\aurora.exe => No File
FirewallRules: [UDP Query User{F3B0D0A9-E602-46C5-8001-D1133FE23007}C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\aurora\aurora.exe] => (Block) C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\aurora\aurora.exe => No File
FirewallRules: [TCP Query User{435012FA-0BAA-4103-9678-F119E11CD66E}C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\ai & the demon & the curse of lust\game.exe] => (Block) C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\ai & the demon & the curse of lust\game.exe => No File
FirewallRules: [UDP Query User{C9621E15-5D68-4AE5-813C-AE845641E7E8}C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\ai & the demon & the curse of lust\game.exe] => (Block) C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\ai & the demon & the curse of lust\game.exe => No File
FirewallRules: [TCP Query User{ABDE1823-8714-447F-88DB-402FA9D2855B}C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\tentacle.wars\tentacle wars.exe] => (Block) C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\tentacle.wars\tentacle wars.exe => No File
FirewallRules: [UDP Query User{C52BEB4A-0531-4727-A080-DE07F53D1A8C}C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\tentacle.wars\tentacle wars.exe] => (Block) C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\tentacle.wars\tentacle wars.exe => No File
FirewallRules: [TCP Query User{46B80475-BF23-41C0-9DC5-6AE113F094A2}C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\beautiful mystic defenders v1.0\beautifulmysticdefenders.exe] => (Block) C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\beautiful mystic defenders v1.0\beautifulmysticdefenders.exe => No File
FirewallRules: [UDP Query User{CB2CB78D-74C5-454B-B08A-6167E40C02DD}C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\beautiful mystic defenders v1.0\beautifulmysticdefenders.exe] => (Block) C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\beautiful mystic defenders v1.0\beautifulmysticdefenders.exe => No File
FirewallRules: [TCP Query User{999277A4-EDC5-49CD-8610-FD394F071B00}C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\_new\hypnotic eyes\hypnotic eyes.exe] => (Block) C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\_new\hypnotic eyes\hypnotic eyes.exe => No File
FirewallRules: [UDP Query User{9AFCE64B-D309-4B81-B798-D25DD76D900A}C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\_new\hypnotic eyes\hypnotic eyes.exe] => (Block) C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\_new\hypnotic eyes\hypnotic eyes.exe => No File
FirewallRules: [TCP Query User{8D896836-6B0D-49FD-80C9-8F267268B2ED}C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\_new\lure of passion\lureofpassion.exe] => (Block) C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\_new\lure of passion\lureofpassion.exe => No File
FirewallRules: [UDP Query User{75B39F5A-526A-4910-82A9-BF038932A870}C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\_new\lure of passion\lureofpassion.exe] => (Block) C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\_new\lure of passion\lureofpassion.exe => No File
FirewallRules: [TCP Query User{6187A214-2D4E-4957-BFFF-3A66E205F903}C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\_new\survivor girls sanctuary\survivor_girls_sanctuary.exe] => (Block) C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\_new\survivor girls sanctuary\survivor_girls_sanctuary.exe => No File
FirewallRules: [UDP Query User{8345B426-DD8B-4AA9-9530-01067DA65560}C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\_new\survivor girls sanctuary\survivor_girls_sanctuary.exe] => (Block) C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\_new\survivor girls sanctuary\survivor_girls_sanctuary.exe => No File
FirewallRules: [TCP Query User{2CC6370B-53D7-4737-8DDC-3E5BA34D2B00}C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\_new\immoral-bathhouse\immoral-bathhouse.exe] => (Block) C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\_new\immoral-bathhouse\immoral-bathhouse.exe => No File
FirewallRules: [UDP Query User{06D11F91-E8CF-46DB-9CDE-E21414FAA7AA}C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\_new\immoral-bathhouse\immoral-bathhouse.exe] => (Block) C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\_new\immoral-bathhouse\immoral-bathhouse.exe => No File
FirewallRules: [TCP Query User{29041AAE-D7D6-4AEF-8854-4CB35AFD5FB6}C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\___new\himo\himo.exe] => (Block) C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\___new\himo\himo.exe => No File
FirewallRules: [UDP Query User{214BB317-DC6D-44E0-8B1A-0003DC76E653}C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\___new\himo\himo.exe] => (Block) C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\___new\himo\himo.exe => No File
FirewallRules: [TCP Query User{511FB0DE-32FA-48C3-B0D6-6ABBDCB515F0}C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\___new\sister travel\game.exe] => (Block) C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\___new\sister travel\game.exe => No File
FirewallRules: [UDP Query User{6A127F4B-74B8-4FB7-8792-4EA36F997EF5}C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\___new\sister travel\game.exe] => (Block) C:\program files (x86)\steam\steamapps\common\jsk studio\ryuugames\___new\sister travel\game.exe => No File
Folder: C:\Users\elias\AppData\Roaming\RenPy\AnotherChance-1581295674\a8a9987fdb6feddc4e9f37dc386459f8
C:\Users\elias\AppData\Roaming\RenPy\AnotherChance-1581295674\a8a9987fdb6feddc4e9f37dc386459f8
Folder: C:\Users\elias\AppData\Roaming\RenPy\AnotherChance-1581295674
Powershell: Get-ScheduledTask | select -first 30 | Get-ScheduledTaskInfo
Powershell: @("$env:APPDATA","$env:LOCALAPPDATA") | ForEach-Object { Get-ChildItem $_ -Recurse -Filter "index.js" -ErrorAction SilentlyContinue } | Where-Object { $_.FullName -match "discord_desktop_core" } | ForEach-Object { Write-Host "--- $($_.FullName) ---"; (Get-Content $_.FullName -Raw).Substring(0,[Math]::Min(2000,(Get-Content $_.FullName -Raw).Length)) }
Powershell: (Get-ItemProperty "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU" -ErrorAction SilentlyContinue).PSObject.Properties | Where-Object { $_.Name -match "^[a-z]$" } | ForEach-Object { Write-Host "$($_.Name): $($_.Value)" }
C:\WINDOWS\Temp\*
C:\WINDOWS\SystemTemp\*
C:\Users\elias\AppData\Local\Temp\*
StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan
New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:
StartPowershell:
# Replace /scanonly with /clean if you also want to delete items -- however, this will activate a trial license on the system, I do not recommend it
$hmpExe = "$env:TEMP\HitmanPro_x64.exe"
$logFile = "$env:TEMP\HitmanPro_ScanLog.txt"
Invoke-WebRequest -Uri "https://dl.surfright.nl/HitmanPro_x64.exe" -OutFile $hmpExe -UseBasicParsing
$proc = Start-Process $hmpExe -ArgumentList "/ews","/scanonly","/noinstall","/log=`"$logFile`"","/logtype=txt" -Wait -PassThru
if (!(Test-Path $logFile)) { Write-Host "Scan failed (exit $($proc.ExitCode))"; exit 1 }
Get-Content $logFile -Encoding Unicode
EndPowershell:
StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
$a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
$a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}
Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:
cmd: del %temp%\*.* /f /s /q
cmd: rd /s /q %temp%
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
End
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.