Start::
CreateRestorePoint:
CloseProcesses:

2026-04-21 08:15 - 2026-04-21 08:15 - 005205072 _____ (Qihoo 360 Technology Co. Ltd.) C:\Users\ADMIN\OEngine86.exe
2026-04-21 08:15 - 2026-04-21 08:15 - 000000000 ____D C:\Users\ADMIN\AppData\Roaming\ATIdebug_v1_0_32
2026-04-21 08:15 - 2026-04-21 08:15 - 000000000 ____D C:\ProgramData\ATIdebug_v1_0_32
2026-04-21 08:15 - 2026-04-21 08:15 - 005205072 _____ (Qihoo 360 Technology Co. Ltd.) C:\Users\ADMIN\OEngine86.exe

AlternateDataStreams: C:\Windows\tracing:? [16]
FirewallRules: [{CC7CC9F9-18F5-4DF5-981D-1192C75902F8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{9642DB51-CD24-41F6-9FD7-240952466F04}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{5F3F72B1-9514-4711-B7B0-3F89010DAD4C}E:\terabox\teraboxunite.exe] => (Block) E:\terabox\teraboxunite.exe => No File
FirewallRules: [UDP Query User{934259C1-E7E4-4D5A-B082-5CC6A9AD9E1E}E:\terabox\teraboxunite.exe] => (Block) E:\terabox\teraboxunite.exe => No File
FirewallRules: [TCP Query User{3C7F777A-E1F4-415E-B912-237980FB2C59}E:\legend of mortal v1.0.3129 viet hoa\mortal.exe] => (Block) E:\legend of mortal v1.0.3129 viet hoa\mortal.exe => No File
FirewallRules: [UDP Query User{65B94B8A-5B47-4D50-931A-1B1439C9F90B}E:\legend of mortal v1.0.3129 viet hoa\mortal.exe] => (Block) E:\legend of mortal v1.0.3129 viet hoa\mortal.exe => No File
FirewallRules: [TCP Query User{487C7EF2-8B41-4946-999F-90C752223AA7}E:\tale of immortal v1.1.103.259 viet hoa\guigubahuang.exe] => (Allow) E:\tale of immortal v1.1.103.259 viet hoa\guigubahuang.exe => No File
FirewallRules: [UDP Query User{901257E7-568F-4C77-AC5F-6F77937687D6}E:\tale of immortal v1.1.103.259 viet hoa\guigubahuang.exe] => (Allow) E:\tale of immortal v1.1.103.259 viet hoa\guigubahuang.exe => No File
FirewallRules: [TCP Query User{CB3B93AD-AFA5-4396-81D1-3EF1CDEC4909}E:\qcbh ver 1.2.105\guigubahuang.exe] => (Allow) E:\qcbh ver 1.2.105\guigubahuang.exe => No File
FirewallRules: [UDP Query User{E78E1806-8F30-426C-835F-9E11DA2EB783}E:\qcbh ver 1.2.105\guigubahuang.exe] => (Allow) E:\qcbh ver 1.2.105\guigubahuang.exe => No File
FirewallRules: [TCP Query User{D3AF8FCE-95D6-4E35-8372-FF505C30C4F4}E:\teraboxdownload\isekai front line vh (gvnvh18)\isekai frontline.exe] => (Block) E:\teraboxdownload\isekai front line vh (gvnvh18)\isekai frontline.exe => No File
FirewallRules: [UDP Query User{DB461E0E-68DE-4160-B273-8D4918D706CF}E:\teraboxdownload\isekai front line vh (gvnvh18)\isekai frontline.exe] => (Block) E:\teraboxdownload\isekai front line vh (gvnvh18)\isekai frontline.exe => No File
FirewallRules: [TCP Query User{236533FB-A60C-4B70-A5C9-61A1D1FDEB6F}C:\users\admin\downloads\fairy.massage.fixed\game\fairy massage.exe] => (Block) C:\users\admin\downloads\fairy.massage.fixed\game\fairy massage.exe => No File
FirewallRules: [UDP Query User{D4809AC7-A4E3-4CFF-B9D2-AD7C52876BB4}C:\users\admin\downloads\fairy.massage.fixed\game\fairy massage.exe] => (Block) C:\users\admin\downloads\fairy.massage.fixed\game\fairy massage.exe => No File
FirewallRules: [TCP Query User{F8178E74-90BB-474B-A237-C779BF0A9AEA}C:\users\admin\downloads\my.sexy.neighbor.build.17017444\my sexy neighbor.exe] => (Block) C:\users\admin\downloads\my.sexy.neighbor.build.17017444\my sexy neighbor.exe => No File
FirewallRules: [UDP Query User{3018EB31-1D31-4C3E-9142-40343C8132C0}C:\users\admin\downloads\my.sexy.neighbor.build.17017444\my sexy neighbor.exe] => (Block) C:\users\admin\downloads\my.sexy.neighbor.build.17017444\my sexy neighbor.exe => No File
FirewallRules: [TCP Query User{FB0EC005-B4F7-4798-81FE-022BA58A2DCC}C:\users\admin\appdata\roaming\.tlauncher\starter\jre_default\jre-21.0.91-windows-x64\bin\java.exe] => (Block) C:\users\admin\appdata\roaming\.tlauncher\starter\jre_default\jre-21.0.91-windows-x64\bin\java.exe => No File
FirewallRules: [UDP Query User{6789CD4F-D69F-4E65-AD10-A77EF00A0D0A}C:\users\admin\appdata\roaming\.tlauncher\starter\jre_default\jre-21.0.91-windows-x64\bin\java.exe] => (Block) C:\users\admin\appdata\roaming\.tlauncher\starter\jre_default\jre-21.0.91-windows-x64\bin\java.exe => No File
FirewallRules: [TCP Query User{DBC9BC2E-CEBB-4A31-8C0A-2C67FD264D4C}E:\terabox\teraboxhost.exe] => (Allow) E:\terabox\teraboxhost.exe => No File
FirewallRules: [UDP Query User{C75490AD-7046-4EA2-9491-FCE769DCDCFD}E:\terabox\teraboxhost.exe] => (Allow) E:\terabox\teraboxhost.exe => No File
FirewallRules: [{903ED902-7F75-4E49-86FC-7865EB7BA072}] => (Allow) D:\SteamLibrary\steamapps\common\Downfall - A Slay the Spire Fan Expansion\jre\bin\javaw.exe => No File
FirewallRules: [{BEEAF7BD-478F-4502-8103-69F23C22DD3F}] => (Allow) D:\SteamLibrary\steamapps\common\Downfall - A Slay the Spire Fan Expansion\jre\bin\javaw.exe => No File
FirewallRules: [TCP Query User{4549FFB7-8790-46E0-BEFA-8CD996F35785}E:\teraboxdownload\[erovns]jerez's arena\jerez'sarena.exe] => (Block) E:\teraboxdownload\[erovns]jerez's arena\jerez'sarena.exe => No File
FirewallRules: [UDP Query User{F356593D-4D68-4706-A7DE-DD3C73376965}E:\teraboxdownload\[erovns]jerez's arena\jerez'sarena.exe] => (Block) E:\teraboxdownload\[erovns]jerez's arena\jerez'sarena.exe => No File
FirewallRules: [TCP Query User{5268B231-516E-4CD3-9AE8-7B53868BF1DA}D:\platform-tools\adb.exe] => (Allow) D:\platform-tools\adb.exe => No File
FirewallRules: [UDP Query User{1E0FB319-E431-4F14-AD32-75CC61C1E771}D:\platform-tools\adb.exe] => (Allow) D:\platform-tools\adb.exe => No File
FirewallRules: [TCP Query User{AD2D0AF9-999C-42F9-8E53-BCBF93E9CB42}D:\steamlibrary\steamapps\common\tom clancy's rainbow six siege\rainbowsix.exe] => (Allow) D:\steamlibrary\steamapps\common\tom clancy's rainbow six siege\rainbowsix.exe => No File
FirewallRules: [UDP Query User{299D82E7-0C8F-4484-B851-F7649CED2533}D:\steamlibrary\steamapps\common\tom clancy's rainbow six siege\rainbowsix.exe] => (Allow) D:\steamlibrary\steamapps\common\tom clancy's rainbow six siege\rainbowsix.exe => No File
FirewallRules: [TCP Query User{BB2AC943-D451-45AB-AA66-B02008FB6DA9}C:\users\admin\downloads\deadcells - v.v.m team\deadcells.exe] => (Allow) C:\users\admin\downloads\deadcells - v.v.m team\deadcells.exe => No File
FirewallRules: [UDP Query User{AA90DD4E-A516-46DF-9F97-19F0490B682D}C:\users\admin\downloads\deadcells - v.v.m team\deadcells.exe] => (Allow) C:\users\admin\downloads\deadcells - v.v.m team\deadcells.exe => No File
FirewallRules: [TCP Query User{454ED0A5-9560-4D25-8DB4-BF49D2CD06D7}C:\users\admin\downloads\project zomboid v41.78.16 viet hoa\projectzomboid32.exe] => (Allow) C:\users\admin\downloads\project zomboid v41.78.16 viet hoa\projectzomboid32.exe => No File
FirewallRules: [UDP Query User{4BB1F463-CC6D-4070-ACD3-F1F63ECAE194}C:\users\admin\downloads\project zomboid v41.78.16 viet hoa\projectzomboid32.exe] => (Allow) C:\users\admin\downloads\project zomboid v41.78.16 viet hoa\projectzomboid32.exe => No File
FirewallRules: [TCP Query User{A1197CBE-E9DB-48C6-ABE5-7D231D025351}C:\users\admin\downloads\project zomboid v41.78.16 viet hoa\projectzomboid64.exe] => (Allow) C:\users\admin\downloads\project zomboid v41.78.16 viet hoa\projectzomboid64.exe => No File
FirewallRules: [UDP Query User{17DCBB44-AC55-4A97-ABC5-8295E0CE9E78}C:\users\admin\downloads\project zomboid v41.78.16 viet hoa\projectzomboid64.exe] => (Allow) C:\users\admin\downloads\project zomboid v41.78.16 viet hoa\projectzomboid64.exe => No File
FirewallRules: [TCP Query User{DC75ECA9-9882-4F29-A6D8-66095DD9940E}C:\users\admin\downloads\project zomboid v41.78.16 viet hoa\jre64\bin\java.exe] => (Allow) C:\users\admin\downloads\project zomboid v41.78.16 viet hoa\jre64\bin\java.exe => No File
FirewallRules: [UDP Query User{24DFFB2D-89A3-4A82-93B3-B43A9A008E26}C:\users\admin\downloads\project zomboid v41.78.16 viet hoa\jre64\bin\java.exe] => (Allow) C:\users\admin\downloads\project zomboid v41.78.16 viet hoa\jre64\bin\java.exe => No File
FirewallRules: [TCP Query User{FEA603D4-6276-40F6-B957-B1AE349350AE}F:\teraboxdownload\[erovns]jerez's arena\jerez'sarena.exe] => (Block) F:\teraboxdownload\[erovns]jerez's arena\jerez'sarena.exe => No File
FirewallRules: [UDP Query User{FFD1DC99-63A1-4C26-B1BC-A7D713B5E6C4}F:\teraboxdownload\[erovns]jerez's arena\jerez'sarena.exe] => (Block) F:\teraboxdownload\[erovns]jerez's arena\jerez'sarena.exe => No File
FirewallRules: [TCP Query User{808EC949-ECA9-4C01-81E8-C61834DCBDAC}F:\terabox\teraboxunite.exe] => (Block) F:\terabox\teraboxunite.exe => No File
FirewallRules: [UDP Query User{FB5BCA13-C8E7-429C-B4F0-3FFC0E638953}F:\terabox\teraboxunite.exe] => (Block) F:\terabox\teraboxunite.exe => No File
2026-04-12 15:48 - 2026-04-12 15:48 - 000002264 _____ C:\Users\ADMIN\AppData\LocalLow\0cd49c19ec25ae712451bf5ec84d922283345266578b6efa8f459a7e8bf09703
2026-04-12 15:48 - 2026-04-12 15:48 - 000000026 _____ C:\Users\ADMIN\AppData\LocalLow\bbe88c3987e70bc29b976bd07b9eb7028c21cf5cb5ccd5ee4bba468791cea949
2026-04-08 11:05 - 2026-04-08 11:05 - 000002264 _____ C:\Users\ADMIN\AppData\LocalLow\92190f4223b5197c5d65c851e9ae4279b9796c5886eaf531b7010a49a1a9b610
2026-04-08 11:05 - 2026-04-08 11:05 - 000000026 _____ C:\Users\ADMIN\AppData\LocalLow\b4ee184518f263d5e6a3aece56a3a20300879171640d0afda140870d6b54df6e
2026-04-01 10:15 - 2026-03-21 19:16 - 000006591 _____ C:\Users\ADMIN\AppData\LocalLow\57ce254a041de90960abef343341ab92340cceedfebd30cdc2d01c0eef7852a3
2026-04-01 10:15 - 2025-10-16 11:51 - 000000026 _____ C:\Users\ADMIN\AppData\LocalLow\e76211ab8af3fbaab4b9326ad35b0a00969d95d0a64da56eb4ac7de2ee6b0277
2026-03-21 10:30 - 2026-03-21 10:30 - 000000048 ____R () C:\Users\ADMIN\AppData\Local\3B6062E234C974236CE891CB637B9E43

2026-04-21 21:28 - 2026-04-21 21:28 - 000000000 ____D C:\ProgramData\win_logger
2026-04-21 21:28 - 2026-04-21 21:28 - 000000000 ____D C:\Users\ADMIN\AppData\Roaming\win_logger


File: C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe



StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
    New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
    New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}

Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 500 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
    $a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
    $a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}

Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:

StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan

New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:

EmptyTemp:
End::