Malware Log Analysis

shared / u/Green_Ordinary_7089
content copied

content

Start:: CloseProcesses: Folder: C:\Users\Kenny\AppData\LocalLow\Secret Door Folder: C:\Users\Kenny\AppData\LocalLow\IronOak Games DeleteValue: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\Kenny\AppData\Local\Temp DeleteValue: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes|powershell.exe DeleteValue: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes|cmd.exe DeleteValue: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes|cscript.exe DeleteValue: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes|msiexec.exe DeleteValue: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes|rundll32.exe AVG Update Helper (HKLM-x32\...\{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}) (Version: 1.8.1996.6 - AVG Technologies) Hidden GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION CustomCLSID: HKU\S-1-5-21-686295120-2568837326-1309011834-1001_Classes\CLSID\{03B29243-35DA-4858-920E-B70A007DF5AA}\InprocServer32 -> C:\Users\Kenny\AppData\Local\Microsoft\EdgeUpdate\1.3.217.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-686295120-2568837326-1309011834-1001_Classes\CLSID\{0982FB18-B2DC-43DF-9DA3-A54C41F699EA}\InprocServer32 -> C:\Users\Kenny\AppData\Local\Microsoft\EdgeUpdate\1.3.233.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-686295120-2568837326-1309011834-1001_Classes\CLSID\{1C67DF85-7959-43C0-92F8-2CAD0314C31C}\InprocServer32 -> C:\Users\Kenny\AppData\Local\Microsoft\EdgeUpdate\1.3.201.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-686295120-2568837326-1309011834-1001_Classes\CLSID\{22D49062-B8D3-4DD5-B9C2-A044EA04D5CD}\InprocServer32 -> C:\Users\Kenny\AppData\Local\Microsoft\EdgeUpdate\1.3.223.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-686295120-2568837326-1309011834-1001_Classes\CLSID\{2B49DB21-41C5-44C0-8358-CA4C76205AE1}\InprocServer32 -> C:\Users\Kenny\AppData\Local\Microsoft\EdgeUpdate\1.3.209.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-686295120-2568837326-1309011834-1001_Classes\CLSID\{448DD314-7FBB-429C-9DAA-C05A00D235A8}\InprocServer32 -> C:\Users\Kenny\AppData\Local\Microsoft\EdgeUpdate\1.3.215.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-686295120-2568837326-1309011834-1001_Classes\CLSID\{5247F326-2FF0-4920-998E-12AA35F0883C}\InprocServer32 -> C:\Users\Kenny\AppData\Local\Microsoft\EdgeUpdate\1.3.213.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-686295120-2568837326-1309011834-1001_Classes\CLSID\{5E9DEE2B-5F44-4C87-84B8-D2E7B11D7017}\InprocServer32 -> C:\Users\Kenny\AppData\Local\Microsoft\EdgeUpdate\1.3.229.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-686295120-2568837326-1309011834-1001_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\Kenny\AppData\Local\Microsoft\EdgeUpdate\1.3.233.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-686295120-2568837326-1309011834-1001_Classes\CLSID\{674CB023-C9D4-4286-B1FF-A1FF76AD4B27}\InprocServer32 -> C:\Users\Kenny\AppData\Local\Microsoft\EdgeUpdate\1.3.227.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-686295120-2568837326-1309011834-1001_Classes\CLSID\{6A49690B-7DB6-424B-81CE-F51078F2A58D}\InprocServer32 -> C:\Users\Kenny\AppData\Local\Microsoft\EdgeUpdate\1.3.203.13\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-686295120-2568837326-1309011834-1001_Classes\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32 -> C:\Users\Kenny\AppData\Local\Microsoft\EdgeUpdate\1.3.233.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-686295120-2568837326-1309011834-1001_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 -> => No File CustomCLSID: HKU\S-1-5-21-686295120-2568837326-1309011834-1001_Classes\CLSID\{8DC94452-5748-435A-B24F-B0F57718821E}\InprocServer32 -> C:\Users\Kenny\AppData\Local\Microsoft\EdgeUpdate\1.3.225.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-686295120-2568837326-1309011834-1001_Classes\CLSID\{9C391760-8CB8-4F1E-AB7D-0C9915EFB004}\InprocServer32 -> C:\Users\Kenny\AppData\Local\Microsoft\EdgeUpdate\1.3.211.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-686295120-2568837326-1309011834-1001_Classes\CLSID\{A78355B5-2A4D-486B-B97A-43448FC8C34D}\InprocServer32 -> C:\Users\Kenny\AppData\Local\Microsoft\EdgeUpdate\1.3.207.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-686295120-2568837326-1309011834-1001_Classes\CLSID\{BB04C6F8-598E-4733-ABB4-07489C863436}\InprocServer32 -> C:\Users\Kenny\AppData\Local\Microsoft\EdgeUpdate\1.3.205.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-686295120-2568837326-1309011834-1001_Classes\CLSID\{BCF99248-58CE-4562-B227-14D1E171B49D}\InprocServer32 -> C:\Users\Kenny\AppData\Local\Microsoft\EdgeUpdate\1.3.221.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-686295120-2568837326-1309011834-1001_Classes\CLSID\{C88B3957-621C-415B-8EE5-B688FC7EF924}\InprocServer32 -> C:\Users\Kenny\AppData\Local\Microsoft\EdgeUpdate\1.3.195.61\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-686295120-2568837326-1309011834-1001_Classes\CLSID\{D2188EEC-2B0F-488C-8ECA-5285E8ECD87D}\InprocServer32 -> C:\Users\Kenny\AppData\Local\Microsoft\EdgeUpdate\1.3.195.69\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-686295120-2568837326-1309011834-1001_Classes\CLSID\{D8599F80-3D26-46D2-8CF1-0AD21B0ECF31}\InprocServer32 -> C:\Users\Kenny\AppData\Local\Microsoft\EdgeUpdate\1.3.195.65\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-686295120-2568837326-1309011834-1001_Classes\CLSID\{ECCE2756-C45D-4E13-BC2D-EC9F138997E6}\InprocServer32 -> C:\Users\Kenny\AppData\Local\Microsoft\EdgeUpdate\1.3.199.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-686295120-2568837326-1309011834-1001_Classes\CLSID\{F46A78BD-06FC-442C-88DF-0500F08F2379}\InprocServer32 -> C:\Users\Kenny\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\psuser_64.dll => No File AlternateDataStreams: C:\ProgramData:B31246EAB3F41121 [217] AlternateDataStreams: C:\ProgramData:EEF49EE5D3688B03 [217] AlternateDataStreams: C:\WINDOWS\tracing:? [16] AlternateDataStreams: C:\Users\All Users:B31246EAB3F41121 [217] AlternateDataStreams: C:\Users\All Users:EEF49EE5D3688B03 [217] AlternateDataStreams: C:\ProgramData\Application Data:B31246EAB3F41121 [217] AlternateDataStreams: C:\ProgramData\Application Data:EEF49EE5D3688B03 [217] AlternateDataStreams: C:\ProgramData\PACE:FEAE9A79F3A942F9 [217] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [9670] FirewallRules: [{4819446D-4F1F-497A-8230-3807067CC22F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{2C4165E6-1B2F-4A1C-B975-EEAD12589855}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{659F071F-015F-4C0B-8E68-FBFB76E116BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark Demo\bin\x64\3DMark.exe => No File FirewallRules: [{2413689A-8E52-46A9-AD24-98F3A40F9AB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark Demo\bin\x64\3DMark.exe => No File FirewallRules: [TCP Query User{8F99E34D-52C6-45C0-A56E-41C906A6DD76}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File FirewallRules: [UDP Query User{46360446-F259-4E79-B8F7-00AFEC0B5470}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File FirewallRules: [TCP Query User{801FA608-037E-419B-AC1E-A9AAE06DFCF2}C:\users\kenny\appdata\local\discord\app-1.0.9190\discord.exe] => (Allow) C:\users\kenny\appdata\local\discord\app-1.0.9190\discord.exe => No File FirewallRules: [UDP Query User{F8003F89-78AD-40E6-99D4-68CA20603467}C:\users\kenny\appdata\local\discord\app-1.0.9190\discord.exe] => (Allow) C:\users\kenny\appdata\local\discord\app-1.0.9190\discord.exe => No File FirewallRules: [TCP Query User{9E708079-C77F-41E5-8573-F1B2FA6AD4B3}C:\program files (x86)\steam\steamapps\common\blackmythwukong\b1\binaries\win64\b1-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\blackmythwukong\b1\binaries\win64\b1-win64-shipping.exe => No File FirewallRules: [UDP Query User{269B3E11-93CC-416A-9329-C2B1D3AF2F26}C:\program files (x86)\steam\steamapps\common\blackmythwukong\b1\binaries\win64\b1-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\blackmythwukong\b1\binaries\win64\b1-win64-shipping.exe => No File FirewallRules: [TCP Query User{E072E6B0-2D8E-4777-9F89-758472ADDD18}C:\program files\epic games\rivercitygirls\rivercitygirls.exe] => (Allow) C:\program files\epic games\rivercitygirls\rivercitygirls.exe => No File FirewallRules: [UDP Query User{DBF3C274-4A53-419E-8684-C1D15C924D6D}C:\program files\epic games\rivercitygirls\rivercitygirls.exe] => (Allow) C:\program files\epic games\rivercitygirls\rivercitygirls.exe => No File FirewallRules: [TCP Query User{18EDA228-15CF-49BC-B488-3E2EE419D8E1}C:\program files (x86)\steam\steamapps\common\stellarbladedemo\sb\binaries\win64\sb-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\stellarbladedemo\sb\binaries\win64\sb-win64-shipping.exe => No File FirewallRules: [UDP Query User{F3616CA6-388C-4402-9280-F5BBFC068802}C:\program files (x86)\steam\steamapps\common\stellarbladedemo\sb\binaries\win64\sb-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\stellarbladedemo\sb\binaries\win64\sb-win64-shipping.exe => No File FirewallRules: [{A6C1BF99-89BA-4211-91E4-B83BA3DA1803}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe => No File FirewallRules: [{65353AEA-305F-4A7C-AFA9-82CD41B9A3AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe => No File FirewallRules: [{7A7287C5-2283-456E-A214-0BDBD7B74039}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe => No File FirewallRules: [{B201DEBD-0237-4150-A616-290C645B2CF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe => No File FirewallRules: [TCP Query User{8EFB850B-0934-4403-B2C8-38851B72700E}C:\users\kenny\appdata\local\microsoft\edgewebview\application\136.0.3240.92\msedgewebview2.exe] => (Allow) C:\users\kenny\appdata\local\microsoft\edgewebview\application\136.0.3240.92\msedgewebview2.exe => No File FirewallRules: [UDP Query User{08869919-93E9-4835-A2A1-25205E09751E}C:\users\kenny\appdata\local\microsoft\edgewebview\application\136.0.3240.92\msedgewebview2.exe] => (Allow) C:\users\kenny\appdata\local\microsoft\edgewebview\application\136.0.3240.92\msedgewebview2.exe => No File FirewallRules: [TCP Query User{EC108251-452E-48A1-9B06-2429DAD08DC9}C:\program files (x86)\steam\steamapps\common\stellarblade\sb\binaries\win64\sb-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\stellarblade\sb\binaries\win64\sb-win64-shipping.exe => No File FirewallRules: [UDP Query User{4586FE41-1BC3-436E-B4ED-92AA9FB05BB9}C:\program files (x86)\steam\steamapps\common\stellarblade\sb\binaries\win64\sb-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\stellarblade\sb\binaries\win64\sb-win64-shipping.exe => No File FirewallRules: [TCP Query User{5DB1DDCC-0698-4434-8148-2146C7FA9678}C:\users\kenny\appdata\local\discord\app-1.0.9197\discord.exe] => (Allow) C:\users\kenny\appdata\local\discord\app-1.0.9197\discord.exe => No File FirewallRules: [UDP Query User{24F8EF17-0085-4224-9D0E-166531AA7F29}C:\users\kenny\appdata\local\discord\app-1.0.9197\discord.exe] => (Allow) C:\users\kenny\appdata\local\discord\app-1.0.9197\discord.exe => No File FirewallRules: [TCP Query User{FC7FB34F-879F-499B-8662-42AFD1C52884}C:\programdata\ableton\live 12 lite\program\ableton live 12 lite.exe] => (Allow) C:\programdata\ableton\live 12 lite\program\ableton live 12 lite.exe => No File FirewallRules: [UDP Query User{33AAE7DF-87C7-416E-A691-3ABB1BA30235}C:\programdata\ableton\live 12 lite\program\ableton live 12 lite.exe] => (Allow) C:\programdata\ableton\live 12 lite\program\ableton live 12 lite.exe => No File FirewallRules: [TCP Query User{0691F8F2-B318-44A0-965D-9D21F7542CB3}C:\program files (x86)\steam\steamapps\common\backrooms_escape_together\bet\binaries\win64\betgame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\backrooms_escape_together\bet\binaries\win64\betgame-win64-shipping.exe => No File FirewallRules: [UDP Query User{9A932C91-C172-4FDB-AC01-4757E4E90AA3}C:\program files (x86)\steam\steamapps\common\backrooms_escape_together\bet\binaries\win64\betgame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\backrooms_escape_together\bet\binaries\win64\betgame-win64-shipping.exe => No File FirewallRules: [{0656B162-097C-4983-AA94-8B561CB71F9D}] => (Allow) C:\Program Files\Oculus\Support\oculus-client\OculusClient.exe => No File FirewallRules: [{CFF19D5E-CEA3-4BA9-A763-5F404D957DAB}] => (Allow) C:\Program Files\Oculus\Support\oculus-client\OculusClient.exe => No File FirewallRules: [TCP Query User{1DC7BAFC-52BB-40E0-92CA-D9CBF1EB6E15}C:\program files (x86)\steam\steamapps\common\palworld\pal\binaries\win64\palworld-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\palworld\pal\binaries\win64\palworld-win64-shipping.exe => No File FirewallRules: [UDP Query User{9617691A-F497-4524-93F8-71D20201B3E8}C:\program files (x86)\steam\steamapps\common\palworld\pal\binaries\win64\palworld-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\palworld\pal\binaries\win64\palworld-win64-shipping.exe => No File FirewallRules: [TCP Query User{380CC723-084D-48D7-8301-2B264FEC8B2A}C:\program files (x86)\steam\steamapps\common\the finals\discovery\binaries\win64\discovery-d.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the finals\discovery\binaries\win64\discovery-d.exe => No File FirewallRules: [UDP Query User{D3180025-3AD7-4D09-9B92-15ADFAA000F1}C:\program files (x86)\steam\steamapps\common\the finals\discovery\binaries\win64\discovery-d.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the finals\discovery\binaries\win64\discovery-d.exe => No File FirewallRules: [TCP Query User{823C1987-06AA-475E-A922-697329081D51}C:\program files (x86)\steam\steamapps\common\backrooms_escape_together\bet\binaries\win64\betgamesteam-win64-shipping.exe] => (Block) C:\program files (x86)\steam\steamapps\common\backrooms_escape_together\bet\binaries\win64\betgamesteam-win64-shipping.exe => No File FirewallRules: [UDP Query User{6AE9A655-1883-4374-8650-5C4566E45F43}C:\program files (x86)\steam\steamapps\common\backrooms_escape_together\bet\binaries\win64\betgamesteam-win64-shipping.exe] => (Block) C:\program files (x86)\steam\steamapps\common\backrooms_escape_together\bet\binaries\win64\betgamesteam-win64-shipping.exe => No File FirewallRules: [TCP Query User{4383D6CB-6D9C-4CE1-A859-EA3830A02A0A}C:\program files (x86)\steam\steamapps\common\emissary zero demo\project_f\binaries\win64\project_f-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\emissary zero demo\project_f\binaries\win64\project_f-win64-shipping.exe => No File FirewallRules: [UDP Query User{9537B360-1BC1-4C2B-A44E-BA2266E43479}C:\program files (x86)\steam\steamapps\common\emissary zero demo\project_f\binaries\win64\project_f-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\emissary zero demo\project_f\binaries\win64\project_f-win64-shipping.exe => No File FirewallRules: [{87C7F470-F521-4789-B9B7-949C4913BFEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Infinity Nikki\1.2.4\xstarter.exe => No File FirewallRules: [{3D4AEDFD-757D-424F-A427-5AD0E2C7166C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Infinity Nikki\InfinityNikki\X6Game\Binaries\Win64\X6Game-Win64-Shipping.exe => No File FirewallRules: [{2F7738A1-26E4-4869-9D46-DA8C1482C1AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Infinity Nikki\InfinityNikki\InfinityNikki.exe => No File FirewallRules: [{7A37521F-66FB-4FB9-A9E5-F6E85B77EF9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Infinity Nikki\InfinityNikki\X6Game\Binaries\Win64\X6Game-Win64-Shipping.exe => No File FirewallRules: [{4B769819-7F93-4670-B89F-F2DAC86FF220}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Infinity Nikki\InfinityNikki\InfinityNikki.exe => No File FirewallRules: [{72E13B64-B88D-4A1F-AD55-DEA93A936492}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File Task: {7AC20B7E-E4D6-4E03-B6FC-770192311896} - System32\Tasks\GPU Tweak III => C:\Program Files (x86)\ASUS\GPUTweakIII\GPU Tweak III.exe (No File) Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File) S3 cpuz158; \??\C:\WINDOWS\temp\cpuz158\cpuz158_x64.sys (No File) <==== ATTENTION S3 HWiNFO_204; \??\C:\Users\Kenny\AppData\Local\Temp\HWiNFO_x64_204.sys (No File) <==== ATTENTION StartRegedit: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=dword:00000005 "ConsentPromptBehaviorUser"=dword:00000003 "EnableLUA"=dword:00000001 EndRegedit: StartPowerShell: # Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console # Does not clean preinstalled objects, only PUP/Adware # If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument # If you would like to only scan with it, change the argument from /clean to /scan # NOTE: For the sake of users from Asia (primarily China), do not use the clean option. It will very likely remove a lot of their important software. New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden $logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt" Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile Get-Content $logFile -Encoding Unicode Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue EndPowerShell: CMD: netsh int ip reset CMD: netsh int ipv6 reset CMD: ipconfig /flushDNS CMD: netsh winsock reset catalog C:\Users\CurrentUserName\AppData\Local\Temp\* C:\Windows\Temp\* C:\Windows\SystemTemp\* EmptyTemp: End::