Malware found on my PC via discord | #firefox | #chrome | #microsoftedge | #education | #technology | #infosec



Here is the Latest MalwareByte Log
 

Malwarebytes

www.malwarebytes.com

 

-Log Details-

Scan Date: 11/21/21

Scan Time: 10:01 AM

Log File: fc09cfba-4a6e-11ec-95d8-04d4c45869c8.json

 

-Software Information-

Version: 4.4.10.144

Components Version: 1.0.1499

Update Package Version: 1.0.47437

License: Trial

 

-System Information-

OS: Windows 10 (Build 19043.1348)

CPU: x64

File System: NTFS

User: System

 

-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Scheduler

Result: Completed

Objects Scanned: 349699

Threats Detected: 9

Threats Quarantined: 9

Time Elapsed: 9 min, 19 sec

 

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

 

-Scan Details-

Process: 0

(No malicious items detected)

 

Module: 0

(No malicious items detected)

 

Registry Key: 0

(No malicious items detected)

 

Registry Value: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Data Stream: 0

(No malicious items detected)

 

Folder: 1

Adware.Elex.ShrtCln, C:USERSDREAMCOREAPPDATALOCALGOOGLECHROMEUSER DATADefaultSync DataLevelDB, Quarantined, 289, 454749, , , , , , 

 

File: 8

Adware.Elex.ShrtCln, C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultSync DataLevelDB 00003.log, Quarantined, 289, 454749, , , , , 5F40FFBB0B9CBDCDE0B54BB5B460EF52, 6C45A9B7B4F8D2A78CBC42D1234951307CBF23F73991FAC5ED22747BAC1BC030

Adware.Elex.ShrtCln, C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultSync DataLevelDBCURRENT, Quarantined, 289, 454749, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443

Adware.Elex.ShrtCln, C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultSync DataLevelDBLOCK, Quarantined, 289, 454749, , , , , , 

Adware.Elex.ShrtCln, C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultSync DataLevelDBLOG, Quarantined, 289, 454749, , , , , A7556EDD7ED3C29BB244CBF2967E2D5B, 4DB68D4EB4EBB103CA815541B1E0B6F6655CE121BC57D0010031C5058B5DEB2C

Adware.Elex.ShrtCln, C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultSync DataLevelDBLOG.old, Quarantined, 289, 454749, , , , , BFACEAD7086131E0818C0DBE933E9370, 930777B05631767CDEE32AB3C215FDC6779D1B3DD513BEA6688CB48AF66EC8DD

Adware.Elex.ShrtCln, C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultSync DataLevelDBMANIFEST-000001, Quarantined, 289, 454749, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4

Adware.Elex.ShrtCln, C:USERSDREAMCOREAPPDATALOCALGOOGLECHROMEUSER DATADefaultPreferences, Replaced, 289, 454749, , , , , 52C45E68E7DF51C65FA202AFEC7E0E45, 0DF1AA2F6419A5E5CC7B6E3E964CF6BE280AE96F45771490D48F3922795D2734

Adware.Elex.ShrtCln, C:USERSDREAMCOREAPPDATALOCALGOOGLECHROMEUSER DATADefaultSecure Preferences, Replaced, 289, 454749, 1.0.47437, , ame, , D17B057F2B4D1AC30485407048BD9BC0, 87EA423A62E49D6B8BEC22EADB66C8527B6C462F346889A60FFCFB574DD169C6

 

Physical Sector: 0

(No malicious items detected)

 

WMI: 0

(No malicious items detected)

 

 

(end)

 

——————————————————

 

This is the log from yesterday

 

Malwarebytes

www.malwarebytes.com

 

-Log Details-

Scan Date: 11/20/21

Scan Time: 11:50 PM

Log File: 93da5dba-4a19-11ec-9c7c-04d4c45869c8.json

 

-Software Information-

Version: 4.4.10.144

Components Version: 1.0.1499

Update Package Version: 1.0.47419

License: Trial

 

-System Information-

OS: Windows 10 (Build 19043.1348)

CPU: x64

File System: NTFS

User: DESKTOP-SF20KARDreamcore

 

-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Manual

Result: Completed

Objects Scanned: 349723

Threats Detected: 13

Threats Quarantined: 13

Time Elapsed: 3 min, 43 sec

 

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

 

-Scan Details-

Process: 0

(No malicious items detected)

 

Module: 0

(No malicious items detected)

 

Registry Key: 1

PUP.Optional.InstallCore, HKUS-1-5-21-2656865711-843267994-3140244163-1002SOFTWARECSASTATSic, Quarantined, 502, 586068, 1.0.47419, , ame, , , 

 

Registry Value: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Data Stream: 0

(No malicious items detected)

 

Folder: 1

Adware.Elex.ShrtCln, C:USERSDREAMCOREAPPDATALOCALGOOGLECHROMEUSER DATADefaultSync DataLevelDB, Quarantined, 289, 454749, , , , , , 

 

File: 11

Adware.Elex.ShrtCln, C:USERSDREAMCOREAPPDATALOCALMICROSOFTEDGEUSER DATADefaultSecure Preferences, Replaced, 289, 454749, 1.0.47419, , ame, , AA94ED4891176DF2F5CE640DF3EA06EA, 2251173607E7A4E1E1AD026794F83D27CF0B855881EDE4E2AE5EAAE031A46C5B

Adware.Elex.ShrtCln, C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultSync DataLevelDB 00005.ldb, Quarantined, 289, 454749, , , , , 5F48EBAA29BC74DCD62532FA4BE0DBA2, 96C4C329BD5F17606061B4182736D7F6020221A584738C98B872DDDDE4783797

Adware.Elex.ShrtCln, C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultSync DataLevelDB 10671.ldb, Quarantined, 289, 454749, , , , , 57565211A1122136D943C25D42370DA5, 5E1D5A7C0E30BE957294B0C3D6B997E841F8820985810102BB35CCF2838B123E

Adware.Elex.ShrtCln, C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultSync DataLevelDB 10672.log, Quarantined, 289, 454749, , , , , 3CE67DAC9F8AA1CB21B8F85018E7A6C5, 4B2BB40548DB9192AA7C2E85EF44D9CC8EF6D1DFE2FB7721A6E3FA8AF1B8C273

Adware.Elex.ShrtCln, C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultSync DataLevelDB 10673.ldb, Quarantined, 289, 454749, , , , , 957DD7E98E8FBE9B6F6C880876D0F71D, 1BAFECE87CAF207CCA0853009A28941F8AB832D3218285650F74BFD76BA64FE9

Adware.Elex.ShrtCln, C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultSync DataLevelDBCURRENT, Quarantined, 289, 454749, , , , , 9628A51636ADD1E8F842879AA2B458AB, E1600A2597DA72AFE4745006CFC2102DC014C209AEAD2C1E86AE0504B17FCE2D

Adware.Elex.ShrtCln, C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultSync DataLevelDBLOCK, Quarantined, 289, 454749, , , , , , 

Adware.Elex.ShrtCln, C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultSync DataLevelDBLOG, Quarantined, 289, 454749, , , , , 320CFE7A6FF99AFC75A4D027E319F3D3, 734FB47FF403748E2805989446A699D7F1A315C9717BF652862E8E7F44A47496

Adware.Elex.ShrtCln, C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultSync DataLevelDBLOG.old, Quarantined, 289, 454749, , , , , 9ECD21D35A83181955CEBC9A5EC20449, C048C32D1EF0B40B6669436AD8589A8DF14E6A6D84416DE36839022643B74CD0

Adware.Elex.ShrtCln, C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultSync DataLevelDBMANIFEST-010281, Quarantined, 289, 454749, , , , , 8D5139E4DD9482E40A149DB0C099D57E, 4E5F927522BB2DA2B8F99FD345BE6014105D519B062CB9B4F06A6A9EA45D4E77

Adware.Elex.ShrtCln, C:USERSDREAMCOREAPPDATALOCALGOOGLECHROMEUSER DATADefaultSecure Preferences, Replaced, 289, 454749, 1.0.47419, , ame, , 10C8F9D54AA6FB14E868E5D2C0EC7AE7, 5570B4E04CAB55CEA75957C5E9F03E6D85B704647EBBAC4818DB68EA089ED0FE

 

Physical Sector: 0

(No malicious items detected)

 

WMI: 0

(No malicious items detected)

 

 

(end)

 

——————————————————

 

Rootkit didn’t detect anything suspicious after removal of the initial files with the first scan

 

——————————————————

 

Here is the FRST.TXT Log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2021

Ran by Dreamcore (administrator) on DESKTOP-SF20KAR (21-11-2021 10:20:32)

Running from C:UsersDreamcoreDownloads

Loaded Profiles: Dreamcore

Platform: Microsoft Windows 10 Home Single Language Version 21H1 19043.1348 (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Adobe Inc. -> Adobe Systems, Incorporated) C:Program Files (x86)Common FilesAdobeAdobeGCClientAGMService.exe

(Adobe Inc. -> Adobe Systems, Incorporated) C:Program Files (x86)Common FilesAdobeAdobeGCClientAGSService.exe

(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:Program Files (x86)Battle.netBattle.net.exe <3>

(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:ProgramDataBattle.netAgentAgent.7600Agent.exe

(Discord Inc. -> Discord Inc.) C:UsersDreamcoreAppDataLocalDiscordapp-1.0.9003Discord.exe <6>

(Electronic Arts, Inc. -> Electronic Arts) C:Program Files (x86)OriginOriginWebHelperService.exe

(Even Balance, Inc. -> ) C:WindowsSysWOW64PnkBstrA.exe

(Garena Online Pte Ltd -> Garena Online) C:Program Files (x86)GarenaGarena2.0.1909.2618gxxsvc.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleChromeApplicationchrome.exe <17>

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.112GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.112GoogleCrashHandler64.exe

(Guangzhou Ugee Computers Technology Co.,Ltd -> ) C:Program FilesPentabletPenTablet.exe

(Guangzhou Ugee Computers Technology Co.,Ltd -> Ugee Technology Company Ltd) C:Program FilesPentabletPentabletService.exe

(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembam.exe

(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe

(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe

(McAfee, LLC -> McAfee, LLC) C:Program FilesMcAfeeWebAdvisorbrowserhost.exe

(McAfee, LLC -> McAfee, LLC) C:Program FilesMcAfeeWebAdvisorservicehost.exe

(McAfee, LLC -> McAfee, LLC) C:Program FilesMcAfeeWebAdvisoruihost.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe

(Microsoft Corporation -> Microsoft Corporation) C:UsersDreamcoreAppDataLocalMicrosoftTeamscurrentTeams.exe <9>

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.ZuneMusic_10.21102.11411.0_x64__8wekyb3d8bbweMusic.UI.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32cmd.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe <2>

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32InputMethodCHSChsIME.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32rundll32.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32wlanext.exe

(NVIDIA Corporation -> Node.js) C:Program Files (x86)NVIDIA CorporationNvNodeNVIDIA Web Helper.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA Share.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationShadowPlaynvsphelper64.exe

(Nvidia Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_5292bbfbf575e2d2Display.NvContainerNVDisplay.Container.exe <2>

(Oculus VR, LLC -> Facebook Technologies, LLC) C:Program FilesOculusSupportoculus-runtimeOVRRedir.exe

(Oculus VR, LLC -> Facebook Technologies, LLC) C:Program FilesOculusSupportoculus-runtimeOVRServer_x64.exe

(Oculus VR, LLC -> Facebook Technologies, LLC) C:Program FilesOculusSupportoculus-runtimeOVRServiceLauncher.exe

(Oracle America, Inc. -> Oracle Corporation) C:Program Files (x86)Common FilesJavaJava Updatejucheck.exe

(Oracle America, Inc. -> Oracle Corporation) C:Program Files (x86)Common FilesJavaJava Updatejusched.exe

(Parsec Cloud, Inc. -> Parsec) C:Program FilesParsecparsecd.exe

(Parsec Cloud, Inc. -> Parsec) C:Program FilesParsecpservice.exe

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:WindowsSystem32RtkAudUService64.exe <2>

(SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.) C:Program FilesSoftEther VPN Clientvpnclient_x64.exe <2>

(SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.) C:Program FilesSoftEther VPN Clientvpncmgr_x64.exe

(Valve Corp. -> Valve Corporation) C:Program Files (x86)Common FilesSteamSteamService.exe

(Valve Corp. -> Valve Corporation) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe <7>

(Valve Corp. -> Valve Corporation) C:Program Files (x86)Steamsteam.exe

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM…Run: [RtkAudUService] => C:WINDOWSSystem32RtkAudUService64.exe [876536 2019-05-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM…Run: [SoftEther VPN Client UI Helper] => C:Program FilesSoftEther VPN Clientvpnclient_x64.exe [5886264 2020-03-30] (SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.)

HKLM…Run: [AdobeGCInvoker-1.0] => C:Program Files (x86)Common FilesAdobeAdobeGCClientAGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)

HKLM…Run: [PentabletService] => C:Program FilesPentabletPentabletService.exe [2242328 2020-07-20] (Guangzhou Ugee Computers Technology Co.,Ltd -> Ugee Technology Company Ltd)

HKLM…Run: [RZSurroundHelper] => C:WINDOWSsystem32RZSurroundHelper.exe (No File)

HKLM-x32…Run: [Wondershare Helper Compact.exe] => C:Program Files (x86)Common FilesWondershareWondershare Helper CompactWSHelper.exe (No File)

HKLM-x32…Run: [SunJavaUpdateSched] => C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [706680 2020-09-16] (Oracle America, Inc. -> Oracle Corporation)

HKLM-x32…Run: [TeamsMachineInstaller] => C:Program Files (x86)Teams InstallerTeams.exe [114379544 2021-01-28] (Microsoft Corporation -> Microsoft Corporation)

HKLM-x32…Run: [Genshin Impact_launcher__1_1] => [X]

HKUS-1-5-21-2656865711-843267994-3140244163-1002…Run: [Steam] => C:Program Files (x86)Steamsteam.exe [4267944 2021-11-20] (Valve Corp. -> Valve Corporation)

HKUS-1-5-21-2656865711-843267994-3140244163-1002…Run: [Discord] => C:UsersDreamcoreAppDataLocalDiscordUpdate.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)

HKUS-1-5-21-2656865711-843267994-3140244163-1002…Run: [FACEIT] => C:UsersDreamcoreAppDataLocalFACEITAppupdate.exe [2204616 2020-03-20] (FACE IT LIMITED -> )

HKUS-1-5-21-2656865711-843267994-3140244163-1002…Run: [com.squirrel.Teams.Teams] => C:UsersDreamcoreAppDataLocalMicrosoftTeamsUpdate.exe [2459280 2021-11-04] (Microsoft 3rd Party Application Component -> Microsoft Corporation)

HKUS-1-5-21-2656865711-843267994-3140244163-1002…Run: [CCXProcess] => “C:Program FilesAdobeAdobe Creative Cloud ExperienceCCXProcess.exe” (No File)

HKUS-1-5-21-2656865711-843267994-3140244163-1002…Run: [EpicGamesLauncher] => “C:Program Files (x86)Epic GamesLauncherPortalBinariesWin64EpicGamesLauncher.exe” -silent (No File)

HKUS-1-5-21-2656865711-843267994-3140244163-1002…Run: [electron.app.Lowkey.gg] => C:UsersDreamcoreAppDataLocalProgramslowkey-electronLowkey.gg.exe –was-opened-at-login (No File)

HKUS-1-5-21-2656865711-843267994-3140244163-1002…Run: [Battle.net] => C:Program Files (x86)Battle.netBattle.net.exe [1087376 2021-11-12] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)

HKUS-1-5-21-2656865711-843267994-3140244163-1002…Run: [Parsec.App.0] => C:Program FilesParsecparsecd.exe [432320 2021-10-05] (Parsec Cloud, Inc. -> Parsec)

HKUS-1-5-18…Run: [Synapse3] => C:Program Files (x86)RazerSynapse3WPFUIFrameworkRazer Synapse 3 HostRazer Synapse 3.exe /StartMinimized (No File)

HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program Files (x86)GoogleChromeApplication96.0.4664.45Installerchrmstp.exe [2021-11-16] (Google LLC -> Google LLC)

Startup: C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupSoftEther VPN Client Manager Startup.lnk [2020-03-30]

ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:Program FilesSoftEther VPN Clientvpncmgr_x64.exe (SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.)

Startup: C:UsersDreamcoreAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupRemotePCUIU.lnk [2021-11-04]

ShortcutTarget: RemotePCUIU.lnk -> C:Program Files (x86)RemotePCRemotePCUIU.exe (No File)

Startup: C:UsersDreamcoreAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupTwitch.lnk [2019-12-04]

ShortcutTarget: Twitch.lnk -> C:UsersDreamcoreAppDataRoamingTwitchBinTwitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)

 

==================== Scheduled Tasks (Whitelisted) ============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {1684F570-DC2C-42D8-857E-7D893EE5FF73} – System32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {1FA898A3-F05C-47FC-8A29-03B33FC02B66} – System32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {28F6F106-B319-414C-8571-A6399D41A019} – System32TasksMicrosoftOfficeOffice Automatic Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [21978480 2021-10-23] (Microsoft Corporation -> Microsoft Corporation)

Task: {3009F852-CADC-49CF-8174-41E4298FC761} – System32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {57DA1062-E491-4279-AEAC-F2C5577CB14F} – System32TasksMicrosoftWindowsEnterpriseMgmtNonCritical1F2185AD-58A5-430A-B6C3-9FB9F7DBE87CQueued Schedule created for queued alerts => C:WINDOWSsystem32deviceenroller.exe [458752 2021-09-15] (Microsoft Windows -> Microsoft Corporation)

Task: {63053F03-1BB8-417F-B760-585CAF6BAFAB} – System32TasksMicrosoftOfficeOffice Feature Updates => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [134472 2021-11-15] (Microsoft Corporation -> Microsoft Corporation)

Task: {67996DB2-2428-48C5-A6E7-C40D49EBBDD0} – System32Tasksgxx speed launcher => C:Program Files (x86)GarenaGarenaGarena.exe [457600 2019-09-26] (Garena Online Pte Ltd -> Garena Online)

Task: {6E1D1528-D850-4268-9E75-6F9C57190895} – System32TasksRPCServiceHealthCheck => C:Program Files (x86)RemotePCRPCDownloader.exe /Servicehealth (No File)

Task: {708E5461-36BB-4E4B-ACE0-D4A4495B2E27} – System32TasksMicrosoftVisualStudioUpdatesBackgroundDownload => C:Program Files (x86)Microsoft Visual StudioInstallerresourcesappServiceHubServicesMicrosoft.VisualStudio.Setup.ServiceBackgroundDownload.exe [64920 2019-12-01] (Microsoft Corporation -> Microsoft)

Task: {872C2F81-663B-4713-A134-AF854D7728AD} – System32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvDriverUpdateCheck” -l 3 -f C:ProgramDataNVIDIANvContainerDriverUpdateCheck.log

Task: {8EBFD924-FA5A-4848-974E-DC507D9DDCA2} – System32TasksNvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {920A523F-5AAC-4D4C-AB2F-E8C19292E8A7} – System32TasksMicrosoftOfficeOfficeTelemetryAgentLogOn2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [5729200 2021-11-15] (Microsoft Corporation -> Microsoft Corporation)

Task: {96B55395-A2F7-4DF1-9799-C151D3C76CD4} – System32TasksMicrosoftOfficeOffice Feature Updates Logon => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [134472 2021-11-15] (Microsoft Corporation -> Microsoft Corporation)

Task: {9B544582-CB2C-4E7B-A225-32FB95EC0E70} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [154920 2019-09-08] (Google Inc -> Google LLC)

Task: {ACCD6287-EA57-4E3E-8D89-ADC6F381BF50} – System32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program Files (x86)NVIDIA CorporationNvNodenvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {B3FA421D-19A2-4D7B-B223-12E3F2343671} – System32TasksMicrosoftOfficeOfficeTelemetryAgentFallBack2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [5729200 2021-11-15] (Microsoft Corporation -> Microsoft Corporation)

Task: {B9D1F509-A0D1-4C52-9A36-6B7B6389ED2D} – System32TasksRPCPerformance => C:Program Files (x86)RemotePCRPCDownloader.exe codecAutoupdate (No File)

Task: {BF0766A5-BBB7-413C-B7D5-51D58DC6DE6E} – System32TasksNvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {CBBF70B4-44AE-4C78-AA88-7D0A6DDEAD9E} – System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [21978480 2021-10-23] (Microsoft Corporation -> Microsoft Corporation)

Task: {CC6A2717-1A9C-4A70-BDD1-D1CCEA15C7C1} – System32TasksAdobeGCInvoker-1.0 => C:Program Files (x86)Common FilesAdobeAdobeGCClientAGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)

Task: {CD98E0C4-4E34-43AA-A073-66A13946D512} – System32TasksDriver Easy Scheduled Scan => C:Program FilesEasewareDriverEasyDriverEasy.exe [3817392 2020-06-18] (Easeware Technology Limited -> Easeware)

Task: {CDE441F1-E6DF-4B18-A645-A9ABB1FDA4D5} – System32TasksNvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {D265DA71-ECAF-4119-A2BA-F088B39ADA83} – System32TasksNvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {E29FD357-6437-4F8C-B47F-DB7C21F1D394} – System32TasksMicrosoftOfficeOffice Serviceability Manager => C:Program FilesCommon FilesMicrosoft SharedClickToRunofficesvcmgr.exe [4103280 2021-09-25] (Microsoft Corporation -> Microsoft Corporation)

Task: {E4A7A812-D49B-49CE-B2B4-3C9891304A3F} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [154920 2019-09-08] (Google Inc -> Google LLC)

Task: {E54CDF65-D535-406B-A699-9000495287B3} – System32TasksStartRPCService => NET [Argument = START RPCService]

Task: {F85ECABE-6D35-4F85-908D-93BDD1B7C932} – System32TasksBlueStacksHelper => C:ProgramDataBlueStacksClientHelperBlueStacksHelper.exe [754104 2021-01-07] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)

Task: {FC70AC4C-E7BC-4BCF-BA83-F897E344B7F6} – System32TasksNvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvBackendNvBatteryBoostCheck” -l 3 -f C:ProgramDataNVIDIANvContainerBatteryBoostCheck.log

Task: {FE107B28-F546-4A9D-8E98-7CED0D688264} – System32TasksSamsungMagician => C:Program Files (x86)SamsungSamsung MagicianSamsungMagician.exe [1146000 2019-03-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:WINDOWSTasksDriver Easy Scheduled Scan.job => C:Program FilesEasewareDriverEasyDriverEasy.exe

Task: C:WINDOWSTasksgxx speed launcher.job => C:Program Files (x86)GarenaGarenaGarena.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

TcpipParameters: [DhcpNameServer] 192.168.10.1

Tcpip..Interfaces{3ed1ccbf-a06a-4ffa-91f0-c1743378267d}: [DhcpNameServer] 192.168.1.1

Tcpip..Interfaces{b9d7dddf-e152-4313-ab8d-4c2e98f15856}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip..Interfaces{b9d7dddf-e152-4313-ab8d-4c2e98f15856}: [DhcpNameServer] 192.168.10.1

 

Edge: 

=======

Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [not found]

Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [not found]

Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [not found]

Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [not found]

Edge DefaultProfile: Default

Edge Profile: C:UsersDreamcoreAppDataLocalMicrosoftEdgeUser DataDefault [2021-11-20]

Edge HKLM-x32…EdgeExtension: [ihcjicgdanjaechkgeegckofjjedodee]

 

FireFox:

========

FF HKLM…FirefoxExtensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] – C:Program FilesMcAfeeWebAdvisore10ssaffplg.xpi

FF Extension: (McAfee® WebAdvisor) – C:Program FilesMcAfeeWebAdvisore10ssaffplg.xpi [2021-11-09] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]

FF HKLM-x32…FirefoxExtensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] – C:Program FilesMcAfeeWebAdvisore10ssaffplg.xpi

FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:Program FilesJavajre1.8.0_271bindtpluginnpDeployJava1.dll [2020-11-01] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:Program FilesJavajre1.8.0_271binplugin2npjp2.dll [2020-11-01] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootOffice16NPSPWRAP.DLL [2021-07-17] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Mozilla Firefoxpluginsnpmeetingjoinpluginoc.dll [2021-07-17] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16NPSPWRAP.DLL [2021-07-17] (Microsoft Corporation -> Microsoft Corporation)

 

Chrome: 

=======

CHR Profile: C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefault [2021-11-21]

CHR Notifications: Default -> hxxps://aternos.org; hxxps://web.whatsapp.com

CHR StartupUrls: Default -> “hxxp://www.google.com/”

CHR Extension: (Slides) – C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2019-09-08]

CHR Extension: (?) – C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultExtensionsagoldndkmifmggljapglenadljijdgof [2021-04-23]

CHR Extension: (Docs) – C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2019-09-08]

CHR Extension: (Google Drive) – C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2020-10-25]

CHR Extension: (YouTube) – C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2019-09-08]

CHR Extension: (Honey) – C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultExtensionsbmnlcjabgnpnenekpadlanbbkooimhnj [2021-11-19]

CHR Extension: (Share on Rabbit) – C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultExtensionsdplabnbcafdgpcjmibgkekpaejlfhnkl [2019-09-08]

CHR Extension: (Sheets) – C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2019-09-08]

CHR Extension: (McAfee® WebAdvisor) – C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultExtensionsfheoggkfdfchfphceeifdbepaooicaho [2021-11-01]

CHR Extension: (Google Docs Offline) – C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-15]

CHR Extension: (Shopback Button – Cashback & Coupons) – C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultExtensionshjngckebbndpdeeakdgohmcdnecidcjk [2020-08-19]

CHR Extension: (Malwarebytes Browser Guard) – C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultExtensionsihcjicgdanjaechkgeegckofjjedodee [2021-11-20]

CHR Extension: (Chrome Web Store Payments) – C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]

CHR Extension: (Gmail) – C:UsersDreamcoreAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]

CHR HKLM…ChromeExtension: [fheoggkfdfchfphceeifdbepaooicaho]

CHR HKLM-x32…ChromeExtension: [fheoggkfdfchfphceeifdbepaooicaho]

CHR HKLM-x32…ChromeExtension: [ihcjicgdanjaechkgeegckofjjedodee]

 

Opera: 

=======

OPR Profile: C:UsersDreamcoreAppDataRoamingOpera SoftwareOpera Stable [2020-08-15]

OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AGMService; C:Program Files (x86)Common FilesAdobeAdobeGCClientAGMService.exe [3833088 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)

R2 AGSService; C:Program Files (x86)Common FilesAdobeAdobeGCClientAGSService.exe [3603200 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)

S3 BEService; C:Program Files (x86)Common FilesBattlEyeBEService.exe [6076936 2021-10-21] (BattlEye Innovations e.K. -> )

R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [9251696 2021-10-23] (Microsoft Corporation -> Microsoft Corporation)

S3 EasyAntiCheat; C:Program Files (x86)EasyAntiCheatEasyAntiCheat.exe [805488 2021-08-04] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

S3 EasyAntiCheat_EOS; C:Program Files (x86)EasyAntiCheat_EOSEasyAntiCheat_EOS.exe [595888 2021-09-04] (EasyAntiCheat Oy -> Epic Games, Inc.)

S3 EQU8_19; C:ProgramDataEQU8Totally Accurate Battlegroundsbinanticheat.x64.equ8.exe [5673048 2021-04-04] (Int3 Software AB -> Int3 Software AB)

R2 GarenaPlatform; C:Program Files (x86)GarenaGarena2.0.1909.2618gxxsvc.exe [320512 2019-09-26] (Garena Online Pte Ltd -> Garena Online)

R2 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [7848632 2021-11-20] (Malwarebytes Inc -> Malwarebytes)

R2 McAfee WebAdvisor; C:Program FilesMcAfeeWebAdvisorServiceHost.exe [971504 2021-11-09] (McAfee, LLC -> McAfee, LLC)

S3 npggsvc; C:WindowsSysWOW64GameMon.des [9473408 2021-01-18] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)

S3 OfficeSvcManagerAddons; C:WINDOWSsystem32dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-10-15] (Microsoft Windows -> Microsoft Corporation)

S3 Origin Client Service; C:Program Files (x86)OriginOriginClientService.exe [2557656 2021-10-19] (Electronic Arts, Inc. -> Electronic Arts)

R2 Origin Web Helper Service; C:Program Files (x86)OriginOriginWebHelperService.exe [3476184 2021-10-19] (Electronic Arts, Inc. -> Electronic Arts)

S3 OVRLibraryService; C:Program FilesOculusSupportoculus-librarianOVRLibraryService.exe [144632 2021-11-16] (Oculus VR, LLC -> Facebook Technologies, LLC)

R2 OVRService; C:Program FilesOculusSupportoculus-runtimeOVRServiceLauncher.exe [511736 2021-11-16] (Oculus VR, LLC -> Facebook Technologies, LLC)

R2 Parsec; C:Program FilesParsecpservice.exe [396488 2021-10-05] (Parsec Cloud, Inc. -> Parsec)

R2 PnkBstrA; C:WindowsSysWOW64PnkBstrA.exe [66872 2019-12-30] (Even Balance, Inc. -> )

R2 SEVPNCLIENT; C:Program FilesSoftEther VPN Clientvpnclient_x64.exe [5886264 2020-03-30] (SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.)

S3 uncheater_bgl; C:Program FilesCommon FilesUncheateruncheater_bgl.exe [2097008 2019-10-15] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

S3 WdNisSvc; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0NisSrv.exe [2872024 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0MsMpEng.exe [128376 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; C:WINDOWSSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_5292bbfbf575e2d2Display.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVIDIANVDisplay.ContainerLocalSystem.log -l 3 -d C:WINDOWSSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_5292bbfbf575e2d2Display.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem

S3 WsDrvInst; “C:Program Files (x86)WondershareVideo Converter Ultimate(CPC)TransferDriverInstall.exe” [X]

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 BlueStacksDrv; C:Program FilesBlueStacksBstkDrv_bgp.sys [315976 2020-10-05] (Bluestack Systems, Inc -> Bluestack System Inc.)

S3 EQU8_HELPER_19; C:WINDOWSsystem32DRIVERSEQU8_HELPER_19.sys [38032 2021-04-04] (Int3 Software AB -> )

R1 ESProtectionDriver; C:WINDOWSsystem32driversmbae64.sys [160176 2021-11-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R2 MBAMChameleon; C:WINDOWSSystem32DriversMbamChameleon.sys [210352 2021-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [19912 2021-11-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C:WINDOWSSystem32DRIVERSfarflt.sys [193448 2021-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMProtection; C:WINDOWSsystem32DRIVERSmbam.sys [69040 2021-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [248992 2021-11-20] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMWebProtection; C:WINDOWSsystem32DRIVERSmwac.sys [149424 2021-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 Neo_VPN; C:WINDOWSSystem32driversNeo6_x64_VPN.sys [37824 2020-03-30] (SoftEther Corporation -> SoftEther Corporation)

R3 Neo_VPN2; C:WINDOWSSystem32driversNeo6_x64_VPN2.sys [37824 2020-05-15] (SoftEther Corporation -> SoftEther Corporation)

R3 oculusvad_oculusvad; C:WINDOWSSystem32driversoculusvad.sys [75280 2021-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)

R3 Oculus_ViGEmBus; C:WINDOWSSystem32driversOculus_ViGEmBus.sys [32856 2021-11-16] (Oculus VR, LLC -> Facebook Inc.)

R1 SeLow; C:WINDOWSsystem32DRIVERSSeLow_x64.sys [50624 2020-03-30] (SoftEther Corporation -> SoftEther Corporation)

R3 SteamStreamingMicrophone; C:WINDOWSsystem32driversSteamStreamingMicrophone.sys [40736 2017-07-29] (Valve Corp. -> )

R3 SteamStreamingSpeakers; C:WINDOWSsystem32driversSteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )

S3 UniFairy; C:Windowssystem32UniFairy.sys [885224 2021-06-16] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)

R1 ViGEmBus; C:WINDOWSSystem32driversViGEmBus.sys [165744 2021-08-24] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)

R3 vmulti; C:WINDOWSSystem32driversvmulti.sys [10752 2018-12-11] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)

U5 vsock; C:WindowsSystem32Driversvsock.sys [105912 2020-08-11] (VMware, Inc. -> VMware, Inc.)

S3 WdBoot; C:WINDOWSsystem32driverswdWdBoot.sys [48520 2021-11-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:WINDOWSsystem32driverswdWdFilter.sys [435424 2021-11-03] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [86240 2021-11-03] (Microsoft Windows -> Microsoft Corporation)

S3 xhunter1; C:WINDOWSxhunter1.sys [2719256 2021-06-24] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-11-21 10:20 – 2021-11-21 10:21 – 000030742 _____ C:UsersDreamcoreDownloadsFRST.txt

2021-11-21 10:17 – 2021-11-21 10:20 – 000000000 ____D C:FRST

2021-11-21 10:17 – 2021-11-21 10:17 – 002311680 _____ (Farbar) C:UsersDreamcoreDownloadsFRST64.exe

2021-11-21 10:16 – 2021-11-21 10:16 – 000003174 _____ C:UsersDreamcoreDocumentsMBLog.txt

2021-11-21 10:12 – 2021-11-21 10:12 – 000210352 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys

2021-11-21 10:12 – 2021-11-21 10:12 – 000193448 _____ (Malwarebytes) C:WINDOWSsystem32Driversfarflt.sys

2021-11-21 10:12 – 2021-11-21 10:12 – 000149424 _____ (Malwarebytes) C:WINDOWSsystem32Driversmwac.sys

2021-11-21 10:12 – 2021-11-21 10:12 – 000069040 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbam.sys

2021-11-21 00:00 – 2021-11-21 00:00 – 000004080 _____ C:UsersDreamcoreDocumentsmdb.txt

2021-11-20 23:50 – 2021-11-20 23:50 – 000000000 ____D C:UsersDreamcoreAppDataLocalmbam

2021-11-20 23:49 – 2021-11-20 23:49 – 000255928 _____ (Malwarebytes) C:WINDOWSsystem32Drivers9157A371.sys

2021-11-20 23:49 – 2021-11-20 23:49 – 000248992 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys

2021-11-20 23:49 – 2021-11-20 23:49 – 000160176 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys

2021-11-20 23:49 – 2021-11-20 23:49 – 000019912 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamElam.sys

2021-11-20 23:49 – 2021-11-20 23:49 – 000002033 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk

2021-11-20 23:49 – 2021-11-20 23:49 – 000002021 _____ C:UsersPublicDesktopMalwarebytes.lnk

2021-11-20 23:49 – 2021-11-20 23:49 – 000000000 ____D C:ProgramDataMalwarebytes

2021-11-20 23:49 – 2021-11-20 23:49 – 000000000 ____D C:Program FilesMalwarebytes

2021-11-20 23:48 – 2021-11-20 23:48 – 204896952 _____ (Malwarebytes) C:UsersDreamcoreDownloadsMBSetup-0076911.0076911-4.4.10.144.exe

2021-11-20 23:47 – 2021-11-21 00:20 – 000000000 ____D C:UsersDreamcoreDesktopmbar

2021-11-20 23:47 – 2021-11-21 00:20 – 000000000 ____D C:ProgramDataMalwarebytes’ Anti-Malware (portable)

2021-11-20 23:47 – 2021-11-20 23:47 – 014178840 _____ (Malwarebytes Corp.) C:UsersDreamcoreDownloadsmbar-1.10.3.1001.exe

2021-11-20 21:33 – 2021-11-20 21:33 – 000000760 _____ C:UsersDreamcoreDocumentsDesktop – Shortcut (2).lnk

2021-11-19 17:26 – 2021-11-19 17:26 – 000000000 ____D C:UsersDreamcore.nexe_natives

2021-11-18 00:20 – 2021-11-18 00:20 – 001035307 _____ C:UsersDreamcoreDownloads8-slot_Units_niche_explanation.pdf

2021-11-17 07:37 – 2021-11-17 07:37 – 000000000 ____D C:UsersDreamcoreAppDataRoamingFLT

2021-11-17 07:35 – 2021-09-30 21:54 – 000000000 ___RD C:UsersDreamcoreDesktopMELTY BLOOD TYPE LUMINA

2021-11-17 07:04 – 2021-11-17 07:14 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsGridinSoft Anti-Malware

2021-11-17 07:04 – 2021-11-17 07:04 – 000000000 ____D C:ProgramDataGridinSoft

2021-11-17 07:03 – 2021-11-17 07:03 – 000989584 _____ (GridinSoft LLC) C:UsersDreamcoreDownloadsinstall-antimalware.exe

2021-11-16 22:23 – 2021-11-16 22:23 – 000000000 ____D C:UsersDreamcoreDesktopBeat Saber

2021-11-16 22:23 – 2021-11-16 22:23 – 000000000 ____D C:UsersDreamcoreAppDataLocalLowHyperbolic Magnetism

2021-11-16 19:44 – 2021-11-16 19:44 – 000000000 ____D C:UsersDreamcoreDocumentssteamvr

2021-11-16 19:44 – 2021-11-16 19:44 – 000000000 ____D C:UsersDreamcoreAppDataLocalSteamVR

2021-11-16 19:42 – 2021-11-16 19:42 – 000000000 ____D C:UsersDreamcoreAppDataLocalopenvr

2021-11-16 19:39 – 2021-11-16 19:39 – 000000222 _____ C:UsersDreamcoreDesktopSteamVR.url

2021-11-16 19:38 – 2021-11-16 19:51 – 000000000 ____D C:UsersDreamcoreDocumentsDash

2021-11-16 19:38 – 2021-11-16 19:38 – 000000000 ____D C:UsersDreamcoreAppDataLocalLowOculus

2021-11-16 19:38 – 2021-11-16 19:38 – 000000000 ____D C:UsersDreamcoreAppDataLocalHome2

2021-11-16 19:33 – 2021-11-21 02:20 – 000000000 ____D C:UsersDreamcoreAppDataRoamingOculus

2021-11-16 19:33 – 2021-11-17 20:24 – 000000000 ____D C:UsersDreamcoreAppDataRoamingOculusClient

2021-11-16 19:33 – 2021-11-17 05:35 – 000000000 ____D C:ProgramDataOculus

2021-11-16 19:33 – 2021-11-16 19:33 – 000000000 ____D C:UsersDreamcoreAppDataLocalDBG

2021-11-16 19:32 – 2021-11-16 19:32 – 000948056 _____ (Windows ® Win 7 DDK provider) C:WINDOWSsystem32oculusvadapo.dll

2021-11-16 19:32 – 2021-11-16 19:32 – 000075280 _____ (Windows ® Win 7 DDK provider) C:WINDOWSsystem32Driversoculusvad.sys

2021-11-16 19:32 – 2021-11-16 19:32 – 000032856 _____ (Facebook Inc.) C:WINDOWSsystem32DriversOculus_ViGEmBus.sys

2021-11-16 19:32 – 2021-11-16 19:32 – 000002011 _____ C:UsersPublicDesktopOculus.lnk

2021-11-16 19:32 – 2021-11-16 19:32 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuOculus

2021-11-16 19:28 – 2021-11-16 19:40 – 000000000 ____D C:Program FilesOculus

2021-11-16 19:28 – 2021-11-16 19:28 – 000000000 ____D C:Program Files (x86)VulkanRT

2021-11-16 19:23 – 2021-11-21 10:13 – 000000000 ____D C:UsersDreamcoreAppDataLocalOculus

2021-11-16 19:23 – 2021-11-16 19:23 – 005072120 _____ (Facebook Technologies, LLC) C:UsersDreamcoreDownloadsOculusSetup.exe

2021-11-15 22:14 – 2021-11-15 22:14 – 000000760 _____ C:UsersDreamcoreDocumentsDesktop – Shortcut.lnk

2021-11-11 19:40 – 2021-11-11 19:40 – 000011363 _____ C:WINDOWSsystem32DrtmAuthTxt.wim

2021-11-11 19:39 – 2021-11-11 19:40 – 000223744 _____ C:WINDOWSSysWOW64TpmTool.exe

2021-11-11 19:39 – 2021-11-11 19:39 – 000272384 _____ C:WINDOWSsystem32TpmTool.exe

2021-11-11 19:39 – 2021-11-11 19:39 – 000060928 _____ C:WINDOWSsystem32runexehelper.exe

2021-11-11 19:31 – 2021-11-11 19:31 – 000000000 ___HD C:$WinREAgent

2021-11-06 17:20 – 2021-11-06 17:20 – 000000000 ____D C:UsersDreamcoreDocumentsBabyRan

2021-11-04 21:52 – 2021-11-04 21:53 – 000000000 ____D C:UsersDreamcoreAppDataRoamingParsec

2021-11-04 21:52 – 2021-11-04 21:52 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsParsec

2021-11-04 21:51 – 2021-11-04 21:52 – 000000000 ____D C:Program FilesParsec

2021-11-04 21:51 – 2021-11-04 21:51 – 005962896 _____ C:UsersDreamcoreDownloadsparsec-windows.exe

2021-11-03 12:46 – 2021-11-17 20:49 – 2788125142 _____ C:WINDOWSMEMORY.DMP

2021-11-03 06:29 – 2021-11-03 06:29 – 000000000 ____D C:WINDOWSDefender Duplication Data

2021-11-02 13:17 – 2021-11-02 13:17 – 000001146 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsPC Health Check.lnk

2021-11-02 13:17 – 2021-11-02 13:17 – 000000000 ____D C:Program FilesPCHealthCheck

2021-11-02 11:31 – 2021-11-02 21:16 – 000000118 _____ C:WINDOWSRPCSettings.ini

2021-11-02 11:31 – 2021-11-02 11:31 – 000000190 _____ C:WINDOWSsystem32RPCPrinterDownloader.txt

2021-11-02 11:31 – 2020-03-19 17:59 – 018674688 _____ C:WINDOWSsystem32gsdll64.dll

2021-11-02 11:30 – 2021-11-04 18:14 – 000000000 ____D C:ProgramDataRemotePC

2021-11-02 11:30 – 2021-11-04 18:14 – 000000000 ____D C:Program Files (x86)RemotePC

2021-11-02 11:30 – 2021-11-02 21:16 – 000002326 _____ C:WINDOWSSysWOW64RemotePCService.txt

2021-11-02 11:30 – 2021-11-02 11:30 – 027134048 _____ (IDrive Inc ) C:UsersDreamcoreDownloadsRemotePC.exe

2021-11-02 11:30 – 2021-11-02 11:30 – 000003810 _____ C:WINDOWSsystem32TasksRPCPerformance

2021-11-02 11:30 – 2021-11-02 11:30 – 000003760 _____ C:WINDOWSsystem32TasksRPCServiceHealthCheck

2021-11-02 11:30 – 2021-11-02 11:30 – 000003462 _____ C:WINDOWSsystem32TasksStartRPCService

2021-11-02 11:30 – 2021-11-02 11:30 – 000000106 _____ C:RPCSettings.ini

2021-11-02 11:30 – 2021-11-02 11:30 – 000000000 ____D C:UsersDreamcoreAppDataRoamingRemotePC

2021-11-01 18:31 – 2021-11-01 18:31 – 000025576 _____ (EasyAntiCheat Oy) C:WINDOWSsystem32eac_usermode_13762731426882.dll

2021-10-31 17:25 – 2021-10-31 17:25 – 000000000 ____D C:UsersDreamcoreAppDataLocalLowDani

2021-10-29 19:11 – 2021-10-29 19:11 – 014648611 _____ C:UsersDreamcoreDocumentsbanner.clip

2021-10-28 15:09 – 2021-10-28 15:09 – 001034823 _____ C:UsersDreamcoreDownloadssearch.htm

2021-10-26 20:45 – 2021-10-26 20:45 – 006091147 _____ C:UsersDreamcoreDownloadsIm_losing_it.mp4

2021-10-26 10:15 – 2021-10-26 10:15 – 000000000 ____D C:UsersDreamcoreAppDataLocalFoxhole

2021-10-26 09:35 – 2021-10-26 09:35 – 000000222 _____ C:UsersDreamcoreDesktopPhasmophobia.url

2021-10-26 01:01 – 2021-10-26 01:03 – 000000000 ____D C:UsersDreamcoreDocumentsPSO2 Screencaptures

2021-10-25 21:11 – 2021-11-04 16:25 – 007744243 _____ C:UsersDreamcoreDocumentsPadoru.clip

2021-10-25 16:10 – 2021-10-25 16:10 – 000075928 _____ C:UsersDreamcoreDownloads167046961_4180781248601281_7037546701098201491_n.mp4

2021-10-24 11:33 – 2021-10-24 11:33 – 000362427 _____ C:UsersDreamcoreDownloadsPain..mp4

2021-10-24 11:17 – 2021-10-24 11:17 – 000100162 _____ C:UsersDreamcoreDownloadscri_2.mp4

2021-10-24 11:16 – 2021-10-24 11:16 – 000127013 _____ C:UsersDreamcoreDownloadsme_you.mp4

2021-10-24 10:47 – 2021-10-24 10:47 – 000268382 _____ C:UsersDreamcoreDownloadsvideo0.mov

2021-10-24 10:47 – 2021-10-24 10:47 – 000108948 _____ C:UsersDreamcoreDownloadspepper_dot_mp3.mp4

 

==================== One month (modified) ==================

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-11-21 10:21 – 2019-09-08 17:15 – 000000000 ____D C:UsersDreamcoreAppDataRoamingDiscord

2021-11-21 10:19 – 2020-09-28 18:11 – 001299060 _____ C:WINDOWSsystem32perfh011.dat

2021-11-21 10:19 – 2020-09-28 18:11 – 000384076 _____ C:WINDOWSsystem32perfc011.dat

2021-11-21 10:19 – 2020-09-28 18:09 – 001238100 _____ C:WINDOWSsystem32prfh0804.dat

2021-11-21 10:19 – 2020-09-28 18:09 – 000383946 _____ C:WINDOWSsystem32prfc0804.dat

2021-11-21 10:19 – 2020-09-28 02:37 – 000005854 _____ C:WINDOWSsystem32PerfStringBackup.INI

2021-11-21 10:17 – 2019-10-15 16:55 – 000000000 ____D C:ProgramDataboost_interprocess

2021-11-21 10:17 – 2019-09-21 11:18 – 000000000 ____D C:UsersDreamcoreAppDataLocalBattle.net

2021-11-21 10:14 – 2019-09-08 17:11 – 000000000 ____D C:Program Files (x86)Google

2021-11-21 10:14 – 2019-08-27 18:13 – 000000000 ____D C:ProgramDataNVIDIA

2021-11-21 10:13 – 2019-09-08 17:15 – 000000000 ____D C:UsersDreamcoreAppDataLocalDiscord

2021-11-21 10:13 – 2019-09-08 17:13 – 000000000 ____D C:Program Files (x86)Steam

2021-11-21 10:13 – 2019-09-03 20:39 – 000000000 ___RD C:UsersDreamcoreOneDrive

2021-11-21 10:12 – 2020-09-28 02:33 – 000000006 ____H C:WINDOWSTasksSA.DAT

2021-11-21 10:12 – 2020-09-28 02:26 – 000008192 ___SH C:DumpStack.log.tmp

2021-11-21 10:12 – 2020-03-30 23:02 – 000000000 ____D C:Program FilesSoftEther VPN Client

2021-11-21 10:12 – 2019-12-07 17:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2021-11-21 10:11 – 2019-12-07 17:03 – 000524288 _____ C:WINDOWSsystem32configBBI

2021-11-21 02:26 – 2021-04-23 20:03 – 000000000 ____D C:UsersDreamcoreDocumentsImportant

2021-11-21 02:20 – 2020-09-28 02:28 – 000000000 ____D C:UsersDreamcore

2021-11-21 00:37 – 2019-12-07 17:14 – 000000000 ____D C:WINDOWSAppReadiness

2021-11-20 23:49 – 2019-12-07 17:14 – 000000000 ___HD C:WINDOWSELAMBKUP

2021-11-20 19:52 – 2020-09-28 02:33 – 000003386 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-2656865711-843267994-3140244163-1002

2021-11-20 19:52 – 2020-09-28 02:28 – 000002391 _____ C:UsersDreamcoreAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk

2021-11-20 09:55 – 2020-09-28 02:26 – 000000000 ____D C:WINDOWSsystem32SleepStudy

2021-11-20 08:22 – 2020-04-27 10:47 – 000000000 ___HD C:UsersPublicDocumentsAdobeGCData

2021-11-20 08:07 – 2019-12-07 17:14 – 000000000 ___HD C:Program FilesWindowsApps

2021-11-19 17:02 – 2019-09-10 09:47 – 000000000 ____D C:UsersDreamcoreAppDataLocalCrashDumps

2021-11-19 01:07 – 2020-11-24 00:30 – 000000000 ____D C:WINDOWSMinidump

2021-11-18 21:50 – 2019-09-07 18:15 – 000000000 ____D C:UsersDreamcoreAppDataLocalD3DSCache

2021-11-18 07:08 – 2019-08-27 17:39 – 000000000 __RHD C:UsersPublicAccountPictures

2021-11-17 19:27 – 2020-09-28 02:33 – 000003480 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA

2021-11-17 19:27 – 2020-09-28 02:33 – 000003356 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore

2021-11-17 19:23 – 2019-12-07 17:13 – 000000000 ____D C:WINDOWSINF

2021-11-16 23:24 – 2019-09-03 20:38 – 000000000 ____D C:UsersDreamcoreAppDataLocalConnectedDevicesPlatform

2021-11-16 19:33 – 2020-09-28 18:23 – 000000000 ____D C:WINDOWSServiceProfiles

2021-11-16 07:39 – 2019-09-08 17:11 – 000002301 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2021-11-16 07:39 – 2019-09-08 17:11 – 000002260 _____ C:UsersPublicDesktopGoogle Chrome.lnk

2021-11-15 04:38 – 2021-04-23 01:42 – 000000000 ____D C:Program FilesMicrosoft Office

2021-11-15 04:32 – 2021-10-10 16:54 – 000023981 _____ C:UsersDreamcoreDownloadsTaskList_Hawko_Edmund.xlsx

2021-11-14 22:32 – 2020-06-04 09:09 – 000002438 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk

2021-11-14 11:40 – 2021-05-08 00:10 – 000000000 ____D C:Program FilesGenshin Impact

2021-11-13 11:39 – 2021-07-28 11:24 – 000000000 ____D C:Program Files (x86)Battle.net

2021-11-12 00:24 – 2019-12-07 17:14 – 000000000 ___SD C:WINDOWSsystem32DiagSvcs

2021-11-12 00:24 – 2019-12-07 17:14 – 000000000 ____D C:WINDOWSSystemResources

2021-11-12 00:24 – 2019-12-07 17:14 – 000000000 ____D C:WINDOWSsystem32oobe

2021-11-12 00:24 – 2019-12-07 17:14 – 000000000 ____D C:WINDOWSbcastdvr

2021-11-11 19:41 – 2019-12-07 17:03 – 000000000 ____D C:WINDOWSCbsTemp

2021-11-11 19:31 – 2019-08-27 18:20 – 000000000 ____D C:WINDOWSsystem32MRT

2021-11-11 19:30 – 2019-08-27 18:20 – 141529560 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe

2021-11-06 01:06 – 2020-03-07 02:47 – 000000000 ____D C:Program Files (x86)Wondershare

2021-11-04 06:52 – 2020-04-08 10:08 – 000002384 _____ C:UsersDreamcoreAppDataRoamingMicrosoftWindowsStart MenuProgramsMicrosoft Teams.lnk

2021-11-04 06:52 – 2020-04-08 10:08 – 000002376 _____ C:UsersDreamcoreDesktopMicrosoft Teams.lnk

2021-11-03 23:52 – 2019-09-16 18:41 – 000000000 ____D C:UsersDreamcoreAppDataRoamingslobs-client

2021-11-03 18:00 – 2020-09-28 02:26 – 000543832 _____ C:WINDOWSsystem32FNTCACHE.DAT

2021-11-03 18:00 – 2019-12-07 17:14 – 000000000 ___RD C:WINDOWSImmersiveControlPanel

2021-11-03 18:00 – 2019-12-07 17:14 – 000000000 ____D C:WINDOWSSysWOW64setup

2021-11-03 18:00 – 2019-12-07 17:14 – 000000000 ____D C:WINDOWSSysWOW64Dism

2021-11-03 18:00 – 2019-12-07 17:14 – 000000000 ____D C:WINDOWSsystem32setup

2021-11-03 18:00 – 2019-12-07 17:14 – 000000000 ____D C:WINDOWSsystem32Dism

2021-11-03 18:00 – 2019-12-07 17:14 – 000000000 ____D C:WINDOWSShellExperiences

2021-11-03 18:00 – 2019-12-07 17:03 – 000000000 ____D C:WINDOWSservicing

2021-11-03 06:29 – 2019-08-27 17:37 – 000000000 ____D C:WINDOWSsystem32Driverswd

2021-11-03 04:37 – 2019-10-15 16:55 – 000000000 ____D C:Garena

2021-11-03 04:35 – 2019-12-07 17:14 – 000000000 ____D C:WINDOWSLiveKernelReports

2021-11-01 18:35 – 2021-04-04 00:01 – 000000000 ____D C:Program FilesStreamlabs OBS

2021-10-31 20:54 – 2019-09-03 20:38 – 000000000 ____D C:UsersDreamcoreAppDataLocalPackages

2021-10-29 22:13 – 2019-09-03 20:39 – 000000000 ____D C:UsersDreamcoreAppDataLocalNVIDIA Corporation

2021-10-29 13:28 – 2020-07-01 17:30 – 000000000 ____D C:UsersDreamcoreDocumentsChallenges

2021-10-23 18:01 – 2021-10-17 17:36 – 002300193 _____ C:UsersDreamcoreDocumentsNGS.clip

 

==================== Files in the root of some directories ========

 

2020-08-15 18:21 – 2020-08-15 18:21 – 000000068 _____ () C:UsersDreamcoreAppDataRoamingchangzhi_leidian.data

2020-08-22 00:07 – 2020-08-22 00:07 – 000000068 _____ () C:UsersDreamcoreAppDataRoamingchangzhi_mplayer.data

2020-12-03 10:58 – 2020-12-03 10:58 – 000000116 _____ () C:UsersDreamcoreAppDataRoamingdebug.log

2020-12-12 20:47 – 2020-12-12 20:47 – 000000356 _____ () C:UsersDreamcoreAppDataLocalkarboncalligraphyrc

2020-12-12 20:32 – 2021-06-08 17:47 – 000002699 _____ () C:UsersDreamcoreAppDataLocalkrita-sysinfo.log

2020-12-12 20:32 – 2021-06-08 17:47 – 000494916 _____ () C:UsersDreamcoreAppDataLocalkrita.log

2020-12-14 02:02 – 2020-12-20 21:17 – 000022192 _____ () C:UsersDreamcoreAppDataLocalkritacrash.log

2021-06-08 17:47 – 2021-06-08 17:47 – 000000178 _____ () C:UsersDreamcoreAppDataLocalkritadisplayrc

2020-12-12 20:32 – 2021-06-08 17:47 – 000028539 _____ () C:UsersDreamcoreAppDataLocalkritarc

2020-12-13 17:43 – 2021-01-12 14:24 – 000000214 _____ () C:UsersDreamcoreAppDataLocalkritashortcutsrc

2020-04-27 10:45 – 2020-04-27 10:45 – 000000410 _____ () C:UsersDreamcoreAppDataLocaloobelibMkey.log

2021-03-30 12:55 – 2021-03-30 12:55 – 000002262 _____ () C:UsersDreamcoreAppDataLocalrecently-used.xbel

2020-08-10 19:25 – 2020-08-10 19:26 – 000007597 _____ () C:UsersDreamcoreAppDataLocalResmon.ResmonCfg

 

==================== SigCheck ============================

 

(There is no automatic fix for files that do not pass verification.)

 

==================== End of FRST.txt ========================

 

——————————————————



Source link