Solved Infected ddos attack?

[bushwhacker]

Wow I haven't been on for so long time, my apology to everyone elites. My life has been sidetracked way too many times. Joined here years ago to try and stay up and most of updates. Used to lurks on IRC with brunch of cool guys who don't mind me to not able having much to have conversation. I am still not used to discord and I had feeling you have discord... link me please?

Recently I noticed the rise of infection into my router, sending me the information. It's quite weird with it. Now I noticed I had to reset password too many times since it seem burned a memory of admin password that is been accessoble? It may remembered 3 passwords now or maybe it's me not being updated with technology changes for 10 years.

I'm willing to get procedures done on windows but I am not sure if android is also part of this ddos attack on my router or it was outside? An ip search lead me to a private ip. Do we have malware removal guide for android?

My router is custom set on admin ip where I log into; 192.75.232.9. Has opendns. Don't think it's part of attack.

Here is snippet of log since we are experiencing lot of internet slowdowns.

Have 2 windows 10, 2 androids, and 2 Nintendo switches with Brother DCP2520DW printer on Techcolour cabled modem; plugged into Netgear Rax80 6000.

Appreciate the help to understand some into my extreme busy life.

[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 04,2022 08:54:03
[DoS attack: ACK Scan] from source 31.13.80.21,port 443 Sunday, Dec 04,2022 08:52:03
[Admin login] from source 192.75.232.2, Sunday, Dec 04,2022 08:42:43
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 04,2022 08:41:56
[DHCP IP: (192.75.232.2)] to MAC address BE:E1:2F8:1D:B6, Sunday, Dec 04,2022 08:12:51
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 04,2022 08:11:36
[DoS attack: ACK Scan] from source 162.254.193.102,port 443 Sunday, Dec 04,2022 08:10:24
[DHCP IP: (192.75.232.6)] to MAC address C8:3A:35:CD:C9:74, Sunday, Dec 04,2022 08:09:57
[DHCP IP: (192.75.232.4)] to MAC address 74:F9:CA:EC:10:8B, Sunday, Dec 04,2022 08:00:19
[DoS attack: ACK Scan] from source 31.13.80.21,port 443 Sunday, Dec 04,2022 07:59:16
[DHCP IP: (192.75.232.7)] to MAC address 64:B8:53:8A:2C:4E, Sunday, Dec 04,2022 07:50:52
[DHCP IP: (192.75.232.2)] to MAC address BE:E1:2F8:1D:B6, Sunday, Dec 04,2022 07:47:40
[DoS attack: Fraggle Attack] from source 10.193.204.1,port 67 Sunday, Dec 04,2022 07:43:33
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 04,2022 07:41:19
[DoS attack: Fraggle Attack] from source 10.210.34.1,port 67 Sunday, Dec 04,2022 07:39:11
[DoS attack: Fraggle Attack] from source 10.193.204.1,port 67 Sunday, Dec 04,2022 07:36:21
[DoS attack: Fraggle Attack] from source 10.193.204.1,port 67 Sunday, Dec 04,2022 07:35:58
[DHCP IP: (192.75.232.6)] to MAC address C8:3A:35:CD:C9:74, Sunday, Dec 04,2022 07:31:04
[DHCP IP: (192.75.232.2)] to MAC address BE:E1:2F8:1D:B6, Sunday, Dec 04,2022 07:22:51
[DoS attack: Fraggle Attack] from source 10.64.196.1,port 67 Sunday, Dec 04,2022 07:17:11
[DHCP IP: (192.75.232.2)] to MAC address BE:E1:2F8:1D:B6, Sunday, Dec 04,2022 07:16:43
[DoS attack: Fraggle Attack] from source 10.64.196.1,port 67 Sunday, Dec 04,2022 07:14:44
[DoS attack: snmpQueryDrop] from source 64.62.197.86,port 14656 Sunday, Dec 04,2022 07:12:18
[DoS attack: Fraggle Attack] from source 10.193.196.1,port 67 Sunday, Dec 04,2022 07:11:42
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 04,2022 07:11:04
[DHCP IP: (192.75.232.6)] to MAC address C8:3A:35:CD:C9:74, Sunday, Dec 04,2022 06:57:36
[DHCP IP: (192.75.232.6)] to MAC address C8:3A:35:CD:C9:74, Sunday, Dec 04,2022 06:49:44
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec 31,1969 19:00:00
Wednesday, Dec

Edited again for last time: for 3 weeks of random times I experiences these. Never experienced problems with Teksavvy for 3 years until recently 3 weeks.

 

[Broni]

DDoS attacks happen. If it is still happening, your only option is to contact your ISP. You can't do much on your own.
Normally, it doesn't carry any malware threat to you systems. It just disrupts your internet service. It doesn't make much sense to scan your computer for malware.

 

[bushwhacker]

DDoS attacks happen. If it is still happening, your only option is to contact your ISP. You can't do much on your own.
Normally, it doesn't carry any malware threat to you systems. It just disrupts your internet service. It doesn't make much sense to scan your computer for malware.

I had tk find out it is coming from my phone. Why is this? Every 10 minutes I think.

[DHCP IP: (192.75.232.10)] to MAC address 48:E2:44:62:1E:78, Monday, Dec 05,2022 03:44:15
[DHCP IP: (192.75.232.2)] to MAC address BE:E1:2F8:1D:B6, Monday, Dec 05,2022 03:43:50
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 05,2022 03:24:40
[DoS attack: ACK Scan] from source 35.214.109.143,port 443 Monday, Dec 05,2022 03:19:42
[DoS attack: Fraggle Attack] from source 10.193.206.1,port 67 Monday, Dec 05,2022 03:01:47

 

[Broni]

If you're 100% sure, your phone is a source of that attack, you may have some rogue app on your phone which causes this.
In this case, your best bet is to back up your data and reset your phone to factory settings.

 

[bushwhacker]

If you're 100% sure, your phone is a source of that attack, you may have some rogue app on your phone which causes this.
In this case, your best bet is to back up your data and reset your phone to factory settings.

The ip address show me that it was from Google Drive. How comes this router is registering the attack if Google Drive is reputable source to use the app?

 

[Broni]

It's most likely fake IP. See here: https://www.abuseipdb.com/check/35.214.109.143

 

[bushwhacker]

Password is being changed on clean computer and will wipe the phone.

Thanks man, I got good idea so far. Just sucks.

 

[Broni]

Good luck

 

[bushwhacker]

The attack seem coming from somewhere through phone or spoofed address.

Changed Mac and got new ip. Attack continued with phone turned off.

I do not see anything other than ours to connect to RAX80. Isp said its from my side, they don't see anything from server-side.

 

[Broni]

Those logs, you presented, where are there from?
How does all this affect your computer?

 

[bushwhacker]

Rax80 has logging system and I took it from here to this post.

The attack continues. Phone already wiped. One thing I have noticed is google engine; many keys I searched in general, 5 to 10 of them has any address to .gov.tr/ but links are leading to different addresses.

All connection were shut down overnight so to see if attack continues, and it is still pointing to my phone (which it was off).

I am little purplexed on how people would inject the ddos attack when nobody is connected to this router.

Those logs, you presented, where are there from?
How does all this affect your computer?

 

[Broni]

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

 

[bushwhacker]

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

I am not sure why this is solved thread and it is not.
What do you mean attached logs wont reviewed? I believe you are asking me to paste here so I will use the CODE feature on this forum too... in the next post below you is your request.

 

[bushwhacker]

FRST First part


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-12-2022
Ran by Family (administrator) on DESKTOP-RC89NQT (LENOVO 3395A2U) (18-12-2022 01:32:59)
Running from C:\Users\Family\Downloads
Loaded Profiles: Family
Platform: Microsoft Windows 11 Pro Version 21H2 22000.1335 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe ->) (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_422.33900.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\108.0.1462.46\msedgewebview2.exe <6>
(C:\Users\Family\Desktop\you dont get to see this\STEAM\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Users\Family\Desktop\you dont get to see this\STEAM\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Discord Inc. -> Discord Inc.) C:\ProgramData\Family\Discord\app-1.0.9008\Discord.exe <6>
(explorer.exe ->) (Cambridge Silicon Radio Ltd. -> ) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe
(explorer.exe ->) (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe
(explorer.exe ->) (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe
(explorer.exe ->) (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe
(explorer.exe ->) (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe
(explorer.exe ->) (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <15>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.46\identity_helper.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe
(services.exe ->) (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe
(services.exe ->) (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (Nefarius Software Solutions) [File not signed] C:\Users\Family\Downloads\BetterJoy_v7.1\Drivers\HIDGuardian\_drivers\HidCerberus.Srv\HidCerberus.Srv.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22092.214.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_422.33900.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
(Valve Corp. -> Valve Corporation) C:\Users\Family\Desktop\you dont get to see this\STEAM\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-06-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [SteelSeriesGG] => C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe [12849016 2022-10-14] (SteelSeries ApS -> SteelSeries ApS)
HKLM\...\Run: [CsrHCRPServer] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe [1134288 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Run: [CsrAudioguiCtrl] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe [511696 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Run: [CsrSyncMLServer] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe [244944 2012-03-22] (Cambridge Silicon Radio Ltd. -> )
HKLM\...\Run: [vksts] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe [25792 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Run: [HarmonyUserStartup] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe [39128 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Run: [CSRHarmonySkypePlugin] => C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe [146656 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Run: [TrayApplication] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe [529616 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [194488 2022-11-10] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml (No File)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1161506908-2688264978-332761738-1001\...\Run: [Discord] => C:\ProgramData\Family\Discord\Update.exe [1525032 2022-08-08] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1161506908-2688264978-332761738-1001\...\Run: [MicrosoftEdgeAutoLaunch_FA11FA97D8D616EB448E68481CD20184] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3877280 2022-12-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1161506908-2688264978-332761738-1001\...\Run: [Steam] => C:\Users\Family\Desktop\you dont get to see this\STEAM\steam.exe [4246376 2022-12-15] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1161506908-2688264978-332761738-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38916432 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-1161506908-2688264978-332761738-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Family\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1161506908-2688264978-332761738-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Family\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1161506908-2688264978-332761738-1001\...\RunOnce: [Uninstall 22.227.1030.0001] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Family\AppData\Local\Microsoft\OneDrive\22.227.1030.0001" (No File)
HKLM\...\Print\Monitors\HCR Client Port Monitor: C:\Windows\system32\csrportmon.dll [73416 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\Software\...\Authentication\Credential Providers: [{5355DA8C-FE32-49b4-A567-A67535C86592}] -> C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BLEtokenCredentialProvider.dll [2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {020D2A4A-056B-4E61-BECC-CD5A8CC64059} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4669264 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "cb389552-c2d9-4c10-bf44-31bf7ecb02ee" --version "6.07.10191" --silent
Task: {2C65C165-6CE5-480B-9608-537F9876629F} - System32\Tasks\Microsoft\Windows\PI\SecureBootEncodeUEFI => C:\Windows\system32\SecureBootEncodeUEFI.exe [90112 2022-11-09] (Microsoft Windows -> )
Task: {566595F7-3992-41FA-9F7F-EB6A5E6C07DB} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [274912 2022-09-26] (Bluestack Systems, Inc -> BlueStack Systems, Inc.)
Task: {80ADCEDA-70D7-44D2-A957-6404F3D1CF0D} - System32\Tasks\CCleanerSkipUAC - Family => C:\Program Files\CCleaner\CCleaner.exe [32602448 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {ABD18220-37AF-4C32-9D22-9CE6718439DD} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-12-09] (Piriform Software Ltd -> Piriform)
Task: {ACF4A187-824A-4912-A14D-A9C16D175096} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {DCBD7008-9EFC-40FD-BB88-148FC5F69C6B} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.75.232.9
Tcpip\..\Interfaces\{23e46429-86ce-4a0b-895a-a1edc5a9e705}: [DhcpNameServer] 192.75.232.9

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Family\AppData\Local\Microsoft\Edge\User Data\Default [2022-12-18]
Edge Notifications: Default -> hxxps://www.duolingo.com

FireFox:
========
FF DefaultProfile: t8r5lzyg.default
FF ProfilePath: C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\t8r5lzyg.default [2022-09-27]
FF ProfilePath: C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\pnyf6b01.default-beta [2022-12-18]
FF Plugin: @java.com/DTPlugin,version=11.341.2 -> C:\Program Files\Java\jre1.8.0_341\bin\dtplugin\npDeployJava1.dll [2022-09-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.341.2 -> C:\Program Files\Java\jre1.8.0_341\bin\plugin2\npjp2.dll [2022-09-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2019-03-15] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-06-27] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-06-27] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-06-27] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-06-27] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2022-12-18]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BtSwitcherService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe [64216 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
R2 CSRBtAudioService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe [465624 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
R2 CsrBtOBEXService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [1041616 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S2 CsrBtService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [825032 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3549656 2022-11-10] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3549656 2022-11-10] (ESET, spol. s r.o. -> ESET)
R2 HidCerberus.Srv; C:\Users\Family\Downloads\BetterJoy_v7.1\Drivers\HIDGuardian\_drivers\HidCerberus.Srv\HidCerberus.Srv.exe [600064 2022-12-11] (Nefarius Software Solutions) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8892256 2022-12-18] (Malwarebytes Inc. -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [245224 2022-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe [3191264 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe [133592 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [321792 2022-09-26] (Bluestack Systems, Inc -> Bluestack System Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [507904 2022-09-25] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [98304 2021-06-05] (Microsoft Corporation) [File not signed]
S3 CsrBtPort; C:\Windows\system32\DRIVERS\CsrBtPort.sys [2784968 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrpan; C:\Windows\System32\drivers\csrpan.sys [39616 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrserial; C:\Windows\system32\DRIVERS\csrserial.sys [61128 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrusb; C:\Windows\System32\Drivers\csrusb.sys [47296 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [198400 2022-11-10] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [119896 2022-11-10] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [16336 2022-11-09] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [237672 2022-11-10] (ESET, spol. s r.o. -> ESET)
S2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [55400 2022-11-10] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [81696 2022-11-10] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [122504 2022-11-10] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2022-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 HidGuardian; C:\Windows\System32\drivers\HidGuardian.sys [37280 2022-12-11] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
R3 LBAI; C:\Windows\System32\Drivers\LBAI.sys [30432 2017-04-29] (Lenovo -> Lenovo)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197088 2022-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [76216 2022-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181816 2022-12-18] (Malwarebytes Inc. -> Malwarebytes)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [42912 2022-07-06] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries ApS)
R3 SteelSeries_Sonar_VAD; C:\Windows\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_5f23057de8eba7db\SteelSeries-Sonar-VAD.sys [92856 2022-09-21] (SteelSeries ApS -> Windows (R) Win 7 DDK provider)
R1 ViGEmBus; C:\Windows\System32\drivers\ViGEmBus.sys [165744 2020-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49568 2022-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [473376 2022-12-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99616 2022-12-09] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-12-18 01:32 - 2022-12-18 01:38 - 000020680 _____ C:\Users\Family\Downloads\FRST.txt
2022-12-18 01:29 - 2022-12-18 01:36 - 000000000 ____D C:\FRST
2022-12-18 01:25 - 2022-12-18 01:25 - 000002016 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2022-12-18 01:23 - 2022-12-18 01:25 - 000000000 ____D C:\New folder
2022-12-18 01:22 - 2022-12-18 01:22 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2022-12-18 01:20 - 2022-12-18 01:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2022-12-18 01:20 - 2022-12-18 01:20 - 000000000 ____D C:\ProgramData\ESET
2022-12-18 01:20 - 2022-12-18 01:20 - 000000000 ____D C:\Program Files\ESET
2022-12-18 01:16 - 2022-12-18 01:16 - 000197088 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2022-12-18 01:16 - 2022-12-18 01:16 - 000181816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2022-12-18 01:16 - 2022-12-18 01:16 - 000076216 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2022-12-18 01:16 - 2022-12-18 01:16 - 000000000 ____D C:\Users\Family\AppData\LocalLow\IGDump
2022-12-18 01:09 - 2022-12-18 01:16 - 000000000 ____D C:\Program Files\CCleaner
2022-12-18 01:09 - 2022-12-18 01:09 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2022-12-18 01:09 - 2022-12-18 01:09 - 000003474 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2022-12-18 01:09 - 2022-12-18 01:09 - 000002908 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - Family
2022-12-18 01:09 - 2022-12-18 01:09 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2022-12-18 01:09 - 2022-12-18 01:09 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2022-12-18 01:09 - 2022-12-18 01:09 - 000000000 ____D C:\Users\Family\AppData\Local\mbam
2022-12-18 01:09 - 2022-12-18 01:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2022-12-18 01:08 - 2022-12-18 01:08 - 000239544 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2022-12-18 01:08 - 2022-12-18 01:08 - 000223176 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-12-18 01:08 - 2022-12-18 01:08 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-12-18 01:08 - 2022-12-18 01:08 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-12-18 01:07 - 2022-12-18 01:07 - 053317056 _____ (Piriform Software Ltd) C:\Users\Family\Downloads\ccsetup607.exe
2022-12-18 01:07 - 2022-12-18 01:06 - 000158640 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2022-12-18 01:07 - 2022-12-18 01:06 - 000021480 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2022-12-18 01:05 - 2022-12-18 01:05 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-12-18 01:05 - 2022-12-18 01:05 - 000000000 ____D C:\Program Files\Malwarebytes
2022-12-18 01:04 - 2022-12-18 01:04 - 002542312 _____ (Malwarebytes) C:\Users\Family\Downloads\MBSetup-BB511A39.exe
2022-12-18 01:00 - 2022-12-18 01:14 - 002375680 _____ (Farbar) C:\Users\Family\Downloads\FRST64.exe
2022-12-18 00:59 - 2022-12-18 00:59 - 008971520 _____ (ESET) C:\Users\Family\Downloads\eset_internet_security_live_installer.exe
2022-12-14 19:06 - 2022-12-15 08:12 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-12-14 11:54 - 2022-12-14 11:54 - 000036251 _____ C:\Users\Family\Downloads\sp notes.pdf
2022-12-13 22:29 - 2022-12-13 22:29 - 000319488 _____ C:\Windows\system32\pnpdiag.dll
2022-12-13 22:29 - 2022-12-13 22:29 - 000221184 _____ C:\Windows\SysWOW64\Microsoft.Internal.FrameworkUdk.System.dll
2022-12-13 22:29 - 2022-12-13 22:29 - 000015505 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-12-13 22:28 - 2022-12-13 22:28 - 000335872 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-12-13 22:19 - 2022-12-13 22:19 - 000000000 ___HD C:\$WinREAgent
2022-12-12 17:57 - 2022-12-12 17:57 - 000154810 _____ C:\Users\Family\Downloads\Devastation_Meme.mp4
2022-12-12 16:05 - 2022-12-12 16:05 - 000004036 _____ C:\Windows\system32\Tasks\PostponeDeviceSetupToast_S-1-5-21-1161506908-2688264978-332761738-1001_1
2022-12-11 19:25 - 2022-12-11 19:25 - 000000000 ____D C:\Program Files\Nefarius Software Solutions
2022-12-11 19:14 - 2022-12-11 19:19 - 000000000 ____D C:\Users\Family\Downloads\BetterJoy_v7.1
2022-12-11 19:14 - 2022-12-11 19:14 - 000001053 _____ C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BetterJoyForCemu.lnk
2022-12-11 19:13 - 2022-12-11 19:14 - 004438028 _____ C:\Users\Family\Downloads\BetterJoy_v7.1.zip
2022-12-11 19:06 - 2022-12-11 19:44 - 000000000 ____D C:\BluetoothExchangeFolder
2022-12-11 19:06 - 2022-12-11 19:06 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_csrserial_01009.Wdf
2022-12-11 19:04 - 2022-12-11 19:04 - 000000000 ____D C:\Windows\system32\es-cl
2022-12-11 19:04 - 2022-12-11 19:04 - 000000000 ____D C:\Program Files (x86)\CSR
2022-12-11 19:03 - 2022-12-11 19:03 - 000000000 ____D C:\Program Files\CSR
2022-12-11 18:56 - 2022-12-11 18:58 - 427938830 _____ C:\Users\Family\Downloads\UB400_Driver.zip
2022-12-11 18:56 - 2022-12-11 18:56 - 010051221 _____ C:\Users\Family\Downloads\Unconfirmed 47476.crdownload
2022-12-06 16:41 - 2022-12-06 16:41 - 014206273 _____ C:\Users\Family\Downloads\y2mate.com - Get Mario Karted_1080p.mp4
2022-12-04 19:16 - 2022-12-04 19:16 - 000000000 ____D C:\Users\Family\AppData\LocalLow\Sayan
2022-12-04 19:14 - 2022-12-04 19:15 - 000000000 ____D C:\Users\Family\Downloads\Apes vs Helium v1-5-1
2022-12-04 18:58 - 2022-12-04 18:58 - 093763934 _____ C:\Users\Family\Downloads\Apes vs Helium v1-5-1.zip
2022-12-04 10:52 - 2022-12-04 10:52 - 000005376 _____ C:\Users\Family\Downloads\930464315629244436 (1).webp
2022-12-04 08:16 - 2022-12-04 09:02 - 000005376 _____ C:\Users\Family\Downloads\930464315629244436.webp
2022-12-03 08:56 - 2022-12-03 08:57 - 016267184 _____ C:\Users\Family\Downloads\ssohv3.2.zip
2022-12-02 17:05 - 2022-12-02 17:07 - 000031640 _____ C:\Users\Family\Downloads\11zon_21.jpeg
2022-12-02 16:53 - 2022-12-02 16:54 - 071318096 _____ (Opera Software) C:\Users\Family\Downloads\Unconfirmed 451100.crdownload
2022-12-02 16:52 - 2022-12-02 16:53 - 003538992 _____ (Opera Software) C:\Users\Family\Downloads\OperaGXSetup (1).exe
2022-12-02 16:52 - 2022-12-02 16:52 - 003538952 _____ (Opera Software) C:\Users\Family\Downloads\OperaGXSetup.exe
2022-12-02 16:52 - 2022-12-02 16:52 - 001121568 _____ C:\Users\Family\Downloads\Unconfirmed 767904.crdownload
2022-12-02 16:52 - 2022-12-02 16:52 - 000000000 ____D C:\Users\Family\AppData\Roaming\Opera Software
2022-11-30 16:57 - 2009-10-22 03:50 - 733476864 ____R C:\Up.avi
2022-11-30 16:25 - 2022-11-30 16:25 - 000000000 ____D C:\Users\Family\AppData\Local\OneDrive
2022-11-30 16:18 - 2022-11-30 16:18 - 000000000 ____D C:\Users\Family\AppData\Roaming\MPC-HC
2022-11-30 16:17 - 2022-11-30 16:17 - 000001743 _____ C:\Users\Public\Desktop\MPC-HC x64.lnk
2022-11-30 16:17 - 2022-11-30 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2022-11-30 16:17 - 2022-11-30 16:17 - 000000000 ____D C:\Program Files\MPC-HC
2022-11-29 18:42 - 2022-11-29 18:42 - 000000000 ____D C:\Users\Family\Documents\My Games
2022-11-29 18:42 - 2022-11-29 18:42 - 000000000 ____D C:\Program Files (x86)\Microsoft XNA
2022-11-29 17:39 - 2022-11-29 17:39 - 000000248 _____ C:\Users\Family\Desktop\Terraria.url
2022-11-29 16:32 - 2022-12-14 17:01 - 000000000 ____D C:\Users\Family\AppData\Local\GeometryDash
2022-11-29 16:27 - 2022-11-29 17:39 - 000000000 ____D C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2022-11-29 16:27 - 2022-11-29 16:27 - 000000248 _____ C:\Users\Family\Desktop\Geometry Dash.url
2022-11-28 19:16 - 2022-11-29 16:09 - 000000000 ____D C:\Users\Family\AppData\Local\Steam
2022-11-28 16:49 - 2022-11-28 16:49 - 000000966 _____ C:\Users\Public\Desktop\Steam.lnk
2022-11-28 16:49 - 2022-11-28 16:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2022-11-28 16:47 - 2022-11-28 16:47 - 002296488 _____ C:\Users\Family\Downloads\SteamSetup.exe
2022-11-27 20:48 - 2022-11-27 20:48 - 000000091 _____ C:\Users\Family\Desktop\Sound Effects - Creator Marketplace.url
2022-11-26 20:03 - 2022-11-26 20:03 - 001179456 _____ C:\Users\Family\Downloads\Some_cat_that_you_used_to_know.mp4
2022-11-26 20:03 - 2022-11-26 20:03 - 001179456 _____ C:\Users\Family\Downloads\Some_cat_that_you_used_to_know (1).mp4
2022-11-26 17:24 - 2022-11-27 12:02 - 000000000 ____D C:\Users\Family\Documents\Sound Recordings
2022-11-24 17:43 - 2022-11-24 17:43 - 000000000 ____D C:\Users\Family\AppData\Roaming\Bytedance
2022-11-20 07:32 - 2022-11-20 07:56 - 000000000 ____D C:\Users\Family\AppData\Local\SilvrPS
2022-11-20 07:23 - 2022-11-20 07:23 - 001575742 _____ (Igor Pavlov) C:\Users\Family\Downloads\7z2201-x64 (1).exe
2022-11-20 07:22 - 2022-11-20 07:23 - 103797328 _____ C:\Users\Family\Downloads\SilvrPS (1).rar
2022-11-20 07:21 - 2022-11-20 07:21 - 003473784 _____ (Alexander Roshal) C:\Users\Family\Downloads\winrar-x64-611 (1).exe
2022-11-20 07:16 - 2022-11-20 07:26 - 000000000 ____D C:\Users\Family\Desktop\SilvrPS
2022-11-20 07:14 - 2022-11-20 07:14 - 003473784 _____ (Alexander Roshal) C:\Users\Family\Downloads\winrar-x64-611.exe
2022-11-20 07:13 - 2022-11-20 07:14 - 103797328 _____ C:\Users\Family\Downloads\SilvrPS.rar
2022-11-20 07:11 - 2022-11-20 07:11 - 000000000 ____D C:\Users\Family\Downloads\SilvrPS
2022-11-20 07:08 - 2022-11-20 07:09 - 105060137 _____ C:\Users\Family\Desktop\SilvrPS.zip
2022-11-19 18:57 - 2022-11-19 18:57 - 000583759 _____ C:\Users\Family\Downloads\you_just_said_some_goofy_shit.mov

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-12-18 01:33 - 2022-09-28 17:27 - 000000000 ____D C:\Users\Family\AppData\Roaming\discord
2022-12-18 01:27 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\AppReadiness
2022-12-18 01:22 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\SystemTemp
2022-12-18 01:22 - 2021-06-05 07:09 - 000000000 ____D C:\Windows\INF
2022-12-18 01:20 - 2022-09-26 13:14 - 000000000 ____D C:\ProgramData\Packages
2022-12-18 01:20 - 2022-09-26 13:13 - 000000000 ____D C:\Users\Family\AppData\Local\Packages
2022-12-18 01:20 - 2021-06-05 07:10 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-12-18 01:20 - 2021-06-05 07:10 - 000000000 ___HD C:\Program Files\WindowsApps
2022-12-18 01:20 - 2021-06-05 07:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-12-18 00:52 - 2022-09-29 20:28 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1161506908-2688264978-332761738-1001
2022-12-18 00:52 - 2022-09-26 13:17 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1161506908-2688264978-332761738-1001
2022-12-18 00:52 - 2022-09-26 13:17 - 000002382 _____ C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-12-18 00:51 - 2022-09-26 12:15 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-12-18 00:50 - 2022-09-27 22:06 - 000000000 ____D C:\Users\Family\AppData\LocalLow\Mozilla
2022-12-15 08:13 - 2022-09-27 21:56 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2022-12-15 08:12 - 2022-09-27 21:56 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-12-15 08:12 - 2022-09-27 21:56 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-12-14 11:22 - 2022-09-26 12:09 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-12-14 07:13 - 2022-09-26 12:20 - 000848788 _____ C:\Windows\system32\PerfStringBackup.INI
2022-12-14 07:06 - 2022-09-26 12:09 - 000292696 _____ C:\Windows\system32\FNTCACHE.DAT
2022-12-14 07:06 - 2022-09-26 12:09 - 000012288 ___SH C:\DumpStack.log.tmp
2022-12-14 07:06 - 2022-09-26 12:09 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-12-14 07:05 - 2021-06-05 07:01 - 000524288 _____ C:\Windows\system32\config\BBI
2022-12-14 02:48 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2022-12-14 02:48 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2022-12-14 02:48 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2022-12-14 02:48 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2022-12-14 02:48 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2022-12-14 02:48 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\SystemResources
2022-12-14 02:48 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\system32\WinMetadata
2022-12-14 02:47 - 2021-06-05 09:30 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-12-14 02:47 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\SystemApps
2022-12-14 02:47 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\system32\oobe
2022-12-14 02:47 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\system32\lv-LV
2022-12-14 02:47 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\system32\lt-LT
2022-12-14 02:47 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\system32\et-EE
2022-12-14 02:47 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\system32\es-MX
2022-12-14 02:47 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\system32\appraiser
2022-12-14 02:47 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\Provisioning
2022-12-14 02:47 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\bcastdvr
2022-12-14 02:47 - 2021-06-05 07:10 - 000000000 ____D C:\Program Files\Common Files\System
2022-12-13 22:43 - 2022-09-28 17:44 - 000000000 ____D C:\Windows\system32\MRT
2022-12-13 22:40 - 2022-09-28 17:43 - 148633544 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-12-13 22:40 - 2021-06-05 07:01 - 000000000 ____D C:\Windows\CbsTemp
2022-12-13 22:28 - 2022-09-26 12:12 - 003110912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2022-12-11 19:14 - 2020-04-22 17:07 - 001740432 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2022-12-11 19:14 - 2020-04-22 17:07 - 000037280 _____ (Benjamin Höglinger-Stelzer) C:\Windows\system32\Drivers\HidGuardian.sys
2022-12-11 19:04 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\system32\gl-ES
2022-12-11 19:04 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\system32\eu-ES
2022-12-11 19:04 - 2021-06-05 07:10 - 000000000 ____D C:\Windows\system32\ca-ES
2022-12-10 21:13 - 2022-10-06 13:11 - 000000000 ____D C:\ProgramData\BlueStacks_nxt
2022-12-10 21:12 - 2022-10-06 13:12 - 000000000 ____D C:\ProgramData\boost_interprocess
2022-12-10 09:57 - 2022-10-23 16:11 - 000000000 ____D C:\Users\Family\AppData\Roaming\obs-studio
2022-12-10 06:02 - 2022-09-28 17:27 - 000002006 _____ C:\Users\Family\Desktop\Discord.lnk
2022-12-10 06:01 - 2022-09-27 21:58 - 000000000 ____D C:\Windows\system32\Macromed
2022-12-10 06:00 - 2022-09-27 21:58 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2022-12-09 16:09 - 2022-09-26 12:09 - 000000000 ____D C:\Windows\system32\Drivers\wd
2022-12-08 16:47 - 2022-10-05 16:53 - 000001422 _____ C:\Users\Family\Desktop\Roblox Player.lnk
2022-12-08 16:47 - 2022-10-05 16:52 - 000001245 _____ C:\Users\Family\Desktop\Roblox Studio.lnk
2022-12-08 16:47 - 2022-10-05 16:52 - 000000000 ____D C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2022-12-07 20:22 - 2022-09-26 13:13 - 000000000 ____D C:\Users\Family
2022-12-03 10:55 - 2022-09-27 22:06 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-11-29 18:41 - 2022-10-22 08:17 - 000000000 ____D C:\Users\Family\AppData\Local\CrashDumps
2022-11-28 16:49 - 2022-11-01 09:14 - 000000000 ____D C:\Users\Family\Desktop\you dont get to see this
2022-11-27 07:03 - 2022-09-27 21:56 - 000000000 ____D C:\Program Files\7-Zip
2022-11-25 08:01 - 2022-10-05 16:52 - 000000000 ____D C:\Users\Family\AppData\Local\Roblox
2022-11-25 08:00 - 2022-10-05 16:52 - 000000252 _____ C:\Users\Family\AppData\LocalLow\rbxcsettings.rbx
2022-11-24 17:45 - 2022-11-01 10:29 - 000000000 ____D C:\Users\Family\AppData\Local\CapCut
2022-11-20 07:31 - 2022-09-27 21:59 - 000000000 ____D C:\ProgramData\Package Cache
2022-11-20 07:31 - 2021-06-05 07:10 - 000000000 ____D C:\Program Files\Common Files\microsoft shared

==================== Files in the root of some directories ========

2022-11-09 22:11 - 2022-11-09 22:11 - 000002207 _____ () C:\Users\Family\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[bushwhacker]

Additional part 1 of 2

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-12-2022
Ran by Family (18-12-2022 01:45:20)
Running from C:\Users\Family\Downloads
Microsoft Windows 11 Pro Version 21H2 22000.1335 (X64) (2022-09-26 17:18:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1161506908-2688264978-332761738-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1161506908-2688264978-332761738-503 - Limited - Disabled)
Family (S-1-5-21-1161506908-2688264978-332761738-1001 - Administrator - Enabled) => C:\Users\Family
Guest (S-1-5-21-1161506908-2688264978-332761738-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1161506908-2688264978-332761738-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {DF8BEACB-94C9-218A-73AD-A78362A8C516}
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\{B7CB94F6-B20E-499F-987B-7269A41FD185}) (Version: 32.0.0.453 - Adobe)
Adobe Shockwave Player 12.3 (HKLM-x32\...\{4487064C-F31E-4499-A1EF-9B8E809A0358}) (Version: 12.3.5.205 - Adobe, Inc)
AMD Accelerated Video Transcoding (HKLM\...\{034B6AC8-DCF6-585B-2AFD-3FF0D4A559BB}) (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.)
AMD APP SDK Runtime (HKLM\...\{503F672D-6C84-448A-8F8F-4BC35AC83441}) (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (HKLM\...\{999DB5B3-EE44-8837-2B51-4AF44CD1FD22}) (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (HKLM\...\{30921AC4-6875-F7DF-B48B-2BB68C000BB6}) (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In (HKLM\...\{338CE2A1-7BD6-AC18-0069-4A90F7C3D836}) (Version: 2.06.0000 - AMD)
BlueStacks 5 (HKLM\...\BlueStacks_nxt) (Version: 5.9.300.1014 - BlueStack Systems, Inc.)
BlueStacks X (HKU\S-1-5-21-1161506908-2688264978-332761738-1001\...\BlueStacks X) (Version: 0.18.31.1 - BlueStack Systems, Inc.)
CapCut (HKU\S-1-5-21-1161506908-2688264978-332761738-1001\...\CapCut) (Version: 1.2.0.112 - Bytedance Pte. Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 6.07 - Piriform)
CSR Harmony Wireless Software Stack (HKLM\...\{17DEA095-8EE1-49A2-AC5A-9663DB098FA9}) (Version: 2.1.63.0 - Cambridge Silicon Radio Limited.)
Discord (HKU\S-1-5-21-1161506908-2688264978-332761738-1001\...\Discord) (Version: 1.0.9006 - Discord Inc.)
ESET Security (HKLM\...\{AC01C534-2ECB-460E-9D4E-D4D158076F50}) (Version: 16.0.24.0 - ESET, spol. s r.o.)
Foxit Reader (HKLM-x32\...\{32797A74-9CCB-11E9-90DE-54BF64A63C26}) (Version: 9.6.0.25114 - Foxit Software Inc.)
GIMP 2.10.32-1 (HKLM\...\GIMP-2_is1) (Version: 2.10.32 - The GIMP Team)
Java 8 Update 341 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180341F0}) (Version: 8.0.3410.10 - Oracle Corporation)
Malwarebytes version 4.5.19.229 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.19.229 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 108.0.1462.54 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 108.0.1462.46 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1161506908-2688264978-332761738-1001\...\OneDriveSetup.exe) (Version: 22.238.1114.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{6A2A8076-135F-4F55-BB02-DED67C8C6934}) (Version: 4.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40649 (HKLM\...\{20C1086D-C843-36B1-B678-990089D1BD44}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40649 (HKLM\...\{ABB19BB4-838D-3082-BDA4-87C6604181A2}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30133 (HKLM-x32\...\{38b2c744-ad08-4d5b-91a2-3fb6f739ff3e}) (Version: 14.29.30133.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31931 (HKLM-x32\...\{d4cecf3b-b68f-4995-8840-52ea0fab646e}) (Version: 14.34.31931.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30133 (HKLM-x32\...\{42667D2E-B054-46C1-9D46-2EE1332C14C1}) (Version: 14.29.30133 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30133 (HKLM-x32\...\{EC9807DE-B577-47B1-A024-0251805ACF24}) (Version: 14.29.30133 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931 (HKLM\...\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931 (HKLM\...\{CF4C347D-954E-4543-88D2-EC17F07F466F}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 109.0 (x64 en-GB)) (Version: 109.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 104.0 - Mozilla)
MPC-HC 1.9.8 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.9.8 - MPC-HC Team)
Nefarius Virtual Gamepad Emulation Bus Driver (HKLM\...\{93D91F60-7C94-4A79-863F-EA713D2EB3F3}) (Version: 1.17.333.0 - Nefarius Software Solutions e.U.)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 28.0.3 - OBS Project)
Roblox Player for Family (HKU\S-1-5-21-1161506908-2688264978-332761738-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for Family (HKU\S-1-5-21-1161506908-2688264978-332761738-1001\...\roblox-studio) (Version: - Roblox Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries GG 26.0.0 (HKLM\...\SteelSeries GG) (Version: 26.0.0 - SteelSeries ApS)

Packages:
=========
ESET Context Menu -> C:\Program Files\ESET\ESET Security [2022-12-18] (0)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-09] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-11-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-06-28] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-11-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-12-18] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2013-04-30] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-11-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-06-28] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-12-18] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2009-01-20 16:51 - 2009-01-20 16:51 - 000007168 _____ () [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
2013-04-30 01:08 - 2013-04-30 01:08 - 000369152 _____ () [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2022-11-28 19:15 - 2022-11-10 01:19 - 134859776 _____ () [File not signed] C:\Users\Family\Desktop\you dont get to see this\STEAM\bin\cef\cef.win7x64\libcef.dll
2022-11-28 19:15 - 2022-11-07 05:17 - 000387072 _____ () [File not signed] C:\Users\Family\Desktop\you dont get to see this\STEAM\bin\cef\cef.win7x64\libegl.dll
2022-11-28 19:15 - 2022-11-07 05:17 - 008052736 _____ () [File not signed] C:\Users\Family\Desktop\you dont get to see this\STEAM\bin\cef\cef.win7x64\libglesv2.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Actions.CCAA.Shared.dll
2013-04-30 01:06 - 2013-04-30 01:06 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.DPPE.Shared.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.EEU.Shared.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.GD.Shared.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Hotkeys.Shared.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.REG.Shared.dll
2013-04-30 01:06 - 2013-04-30 01:06 - 000045568 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Source.Kit.Server.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.WinMessages.Shared.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000034816 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000006144 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.Shared.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000024576 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Foundation.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ATICCCom.dll
2013-04-30 01:06 - 2013-04-30 01:06 - 000022016 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll
2013-04-30 01:08 - 2013-04-30 01:08 - 000014336 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Runtime.dll
2013-04-30 01:08 - 2013-04-30 01:08 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.shared.dll
2013-04-30 01:08 - 2013-04-30 01:08 - 000040448 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Dashboard.dll
2013-04-30 01:08 - 2013-04-30 01:08 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Runtime.dll
2013-04-30 01:06 - 2013-04-30 01:06 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Shared.dll
2013-04-30 01:08 - 2013-04-30 01:08 - 000044544 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Audio.Graphics.Dashboard.dll
2013-04-30 01:08 - 2013-04-30 01:08 - 000019456 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CPUOverDrive.Fuel.Shared.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000028672 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CustomFormats.Graphics.Shared.dll
2013-04-30 01:06 - 2013-04-30 01:06 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private.dll
2013-04-30 01:07 - 2013-04-30 01:07 - 000380928 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000053248 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.shared.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000069632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000040960 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCV.Graphics.Shared.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000053248 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000049152 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000077824 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000065536 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceTV.Graphics.shared.dll
2013-04-29 23:38 - 2013-04-29 23:38 - 000025600 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
2013-04-30 01:07 - 2013-04-30 01:07 - 000441856 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000036864 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000028672 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.shared.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000057344 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
2013-04-29 23:38 - 2013-04-29 23:38 - 000110592 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Runtime.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000081920 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Shared.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000024576 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MultiVPU2.Graphics.Shared.dll
2013-04-30 01:06 - 2013-04-30 01:06 - 000101376 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
2013-04-30 01:06 - 2013-04-30 01:06 - 000071168 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
2013-04-30 01:06 - 2013-04-30 01:06 - 000050688 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.shared.dll
2013-04-30 01:07 - 2013-04-30 01:07 - 002400256 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000110592 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000081920 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Shared.dll
2013-04-30 01:06 - 2013-04-30 01:06 - 000160256 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Dashboard.dll
2013-04-30 01:06 - 2013-04-30 01:06 - 000013824 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Runtime.dll
2013-04-30 01:06 - 2013-04-30 01:06 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.shared.dll
2013-04-30 01:08 - 2013-04-30 01:08 - 000021504 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Dashboard.dll
2013-04-30 01:08 - 2013-04-30 01:08 - 000016384 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Runtime.dll
2013-04-30 01:08 - 2013-04-30 01:08 - 000012288 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Shared.dll
2013-04-30 01:06 - 2013-04-30 01:06 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Dashboard.dll
2013-04-30 01:06 - 2013-04-30 01:06 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Runtime.dll
2013-04-30 01:06 - 2013-04-30 01:06 - 000010752 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Shared.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000172032 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 001007616 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.Shared.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.Shared.Private.dll
2013-04-30 01:06 - 2013-04-30 01:06 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Dashboard.dll
2013-04-30 01:06 - 2013-04-30 01:06 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Runtime.dll
2013-04-30 01:06 - 2013-04-30 01:06 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Shared.dll
2013-04-30 01:08 - 2013-04-30 01:08 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Dashboard.dll
2013-04-30 01:08 - 2013-04-30 01:08 - 000011264 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Runtime.dll
2013-04-30 01:08 - 2013-04-30 01:08 - 000009216 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Shared.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.dll
2013-04-30 01:07 - 2013-04-30 01:07 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.ProfileManager2.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 001395200 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.Private.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Extension.EEU.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000038400 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.Private.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000413696 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Systemtray.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000303104 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Client.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000019968 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.CoreAudioAPI.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000029184 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Private.dll
2013-04-30 01:06 - 2013-04-30 01:06 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.XManifest.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.dll
2013-04-30 01:06 - 2013-04-30 01:06 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Fuel.Foundation.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000031744 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000047616 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000025088 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll
2013-04-30 01:06 - 2013-04-30 01:06 - 000097280 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll
2012-04-02 19:38 - 2012-04-02 19:38 - 000138752 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000066048 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Server.dll
2013-04-30 01:08 - 2013-04-30 01:08 - 000393216 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000065536 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000036864 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
2013-04-30 01:06 - 2013-04-30 01:06 - 000528384 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000043520 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
2013-04-30 01:07 - 2013-04-30 01:07 - 000242688 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000036864 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.Private.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000380928 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000061440 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.dll
2007-05-02 19:44 - 2007-05-02 19:44 - 000020480 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0703.dll
2007-08-09 18:58 - 2007-08-09 18:58 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0706.dll
2009-06-17 07:27 - 2009-06-17 07:27 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll
2009-06-17 12:24 - 2009-06-17 12:24 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0712.dll
2008-04-03 18:29 - 2008-04-03 18:29 - 000020480 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0804.dll
2009-04-22 14:13 - 2009-04-22 14:13 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0805.dll
2008-12-30 14:04 - 2008-12-30 14:04 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0812.dll
2009-12-08 09:49 - 2009-12-08 09:49 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0912.dll
2010-10-07 15:07 - 2010-10-07 15:07 - 000020480 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I1010.dll
2010-11-05 16:18 - 2010-11-05 16:18 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I1011.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000323584 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Implementation.default_Localization.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000491520 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Private.dll
2013-04-30 01:06 - 2013-04-30 01:06 - 000175104 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Implementation.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000008704 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Private.dll
2013-04-30 01:08 - 2013-04-30 01:08 - 000028160 _____ (Advanced Mirco Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2013-04-30 01:05 - 2013-04-30 01:05 - 000311296 _____ (Advanced Mirco Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2013-04-30 01:04 - 2013-04-30 01:04 - 000192512 _____ (Advanced Mirco Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2010-03-04 03:27 - 2010-03-04 03:27 - 000016384 _____ (ATI Technologies Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Foundation.dll
2009-04-22 14:13 - 2009-04-22 14:13 - 000045056 _____ (ATI Technologies Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0601.dll
2022-11-20 07:24 - 2022-07-15 09:00 - 000094720 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2022-11-28 19:15 - 2022-11-07 05:17 - 000992256 _____ (The Chromium Authors) [File not signed] C:\Users\Family\Desktop\you dont get to see this\STEAM\bin\cef\cef.win7x64\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

 

[bushwhacker]

Additional part 2 of 2


==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_341\bin\ssv.dll [2022-09-27] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_341\bin\jp2ssv.dll [2022-09-27] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-01-19] (Skype Technologies SA -> Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-06-05 07:08 - 2021-06-05 07:08 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-1161506908-2688264978-332761738-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Family\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.75.232.9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SteelSeriesGG"
HKU\S-1-5-21-1161506908-2688264978-332761738-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7F7E7079-BB34-448E-8229-C8809698FB78}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E4BBF7DC-7D74-47C5-9322-9582B8F13ACB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7A2B753B-2207-42E9-82B5-1046A84DF9D7}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe (Bluestack Systems, Inc -> Bluestack Systems, Inc.)
FirewallRules: [{0A25DF90-822C-4778-AE6A-6547F754C724}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe (Bluestack Systems, Inc -> Bluestack Systems, Inc.)
FirewallRules: [{1CF3A0D6-5626-4831-8D82-012F0E8A377D}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Bluestack Systems, Inc -> BlueStack Systems)
FirewallRules: [TCP Query User{90BF607D-06F8-4D6C-9F94-5DBE2C902173}C:\programdata\family\discord\app-1.0.9007\discord.exe] => (Allow) C:\programdata\family\discord\app-1.0.9007\discord.exe => No File
FirewallRules: [UDP Query User{0731BC77-059C-4063-9059-09F79E0E9AA8}C:\programdata\family\discord\app-1.0.9007\discord.exe] => (Allow) C:\programdata\family\discord\app-1.0.9007\discord.exe => No File
FirewallRules: [{832AF344-7847-4F13-9012-B6F6C9408336}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22287.702.1670.9453_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A89E51D2-C1C4-4741-9F23-5D3EE180068B}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22287.702.1670.9453_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{68F0551B-E555-4DFD-ADF4-27E8010CD208}] => (Allow) C:\Users\Family\Desktop\you dont get to see this\STEAM\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{309DF3F3-EF32-4167-B9D8-4C7B3A36C729}] => (Allow) C:\Users\Family\Desktop\you dont get to see this\STEAM\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{64744ACA-64FF-41CC-966C-74E79F4A3C14}] => (Allow) C:\Users\Family\Desktop\you dont get to see this\STEAM\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{9CDC0475-05C7-44FC-889D-B1FC3245E7EA}] => (Allow) C:\Users\Family\Desktop\you dont get to see this\STEAM\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{9B0D7DFD-5550-4017-94C1-F7C67BF5D572}] => (Allow) C:\Users\Family\Desktop\you dont get to see this\STEAM\steamapps\common\Geometry Dash\GeometryDash.exe () [File not signed]
FirewallRules: [{C1711B15-DA02-434B-896F-D81FB834463B}] => (Allow) C:\Users\Family\Desktop\you dont get to see this\STEAM\steamapps\common\Geometry Dash\GeometryDash.exe () [File not signed]
FirewallRules: [{B388CC9E-2BBF-4243-96F2-38227226BB27}] => (Allow) C:\Users\Family\Desktop\you dont get to see this\STEAM\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{6FF858B7-EA23-41BC-AC53-680454FEEC29}] => (Allow) C:\Users\Family\Desktop\you dont get to see this\STEAM\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{BE875EC2-1F02-45FA-AA55-C8B93596789C}] => (Allow) C:\Users\Family\Desktop\you dont get to see this\STEAM\steamapps\common\Team Fortress 2\hl2.exe (Valve Corp. -> )
FirewallRules: [{AF1EA413-A8AA-405F-BB1A-E91EFF9252F6}] => (Allow) C:\Users\Family\Desktop\you dont get to see this\STEAM\steamapps\common\Team Fortress 2\hl2.exe (Valve Corp. -> )
FirewallRules: [{43A609D1-C4AE-4EFB-9CF1-68C4D34853F3}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\108.0.1462.46\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

07-12-2022 18:25:09 Scheduled Checkpoint
10-12-2022 07:46:46 Installed DirectX
11-12-2022 19:02:53 Installed CSR Harmony Wireless Software Stack.
13-12-2022 22:14:47 Windows Modules Installer

==================== Faulty Device Manager Devices ============

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (12/18/2022 01:39:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.22000.1, time stamp: 0xb3908376
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x80131623
Fault offset: 0x00007ffe68e5210f
Faulting process id: 0x28f4
Faulting application start time: 0x01d912ab787ba2c7
Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe
Faulting module path: unknown
Report Id: abf2ad39-f86a-47b1-9904-08f081566705
Faulting package full name:
Faulting package-relative application ID:

Error: (12/18/2022 01:39:44 AM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: wmiprvse.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Unexpected exception thrown from the provider:
System.IO.FileLoadException:
File name: 'Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'
at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers()


Stack:
at System.Environment.FailFast(System.String)
at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)

Error: (12/18/2022 01:39:24 AM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (12/18/2022 01:39:23 AM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (12/18/2022 01:39:23 AM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (12/18/2022 01:31:31 AM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (9764,D,23) WebCacheLocal: Data inconsistency detected in table BlobEntry_1 of database C:\Users\Family\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (522,0x80000000800003bb).

Error: (12/18/2022 01:29:17 AM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (9764,D,19) WebCacheLocal: Data inconsistency detected in table BlobEntry_1 of database C:\Users\Family\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (522,0x80000000800003bc).

Error: (12/18/2022 01:29:17 AM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (9764,D,18) WebCacheLocal: Data inconsistency detected in table BlobEntry_1 of database C:\Users\Family\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (522,0x80000000800003bc).


System errors:
=============
Error: (12/18/2022 12:53:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CSR Bluetooth Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/18/2022 12:49:01 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RC89NQT)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (12/18/2022 12:46:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/18/2022 12:46:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (12/18/2022 12:42:45 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{23E46429-86CE-4A0B-895A-A1EDC5A9E705} because another computer on the network has the same name. The server could not start.

Error: (12/16/2022 04:02:31 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{23E46429-86CE-4A0B-895A-A1EDC5A9E705} because another computer on the network has the same name. The server could not start.

Error: (12/15/2022 08:06:24 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{23E46429-86CE-4A0B-895A-A1EDC5A9E705} because another computer on the network has the same name. The server could not start.

Error: (12/14/2022 08:27:20 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RC89NQT)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2022-12-08 17:57:47
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-12-07 18:08:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-12-05 16:48:32
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-12-02 20:13:47
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-11-30 18:35:17
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2022-12-18 01:39:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO 9SKT9CAUS 12/11/2018
Motherboard: LENOVO MAHOBAY
Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 53%
Total physical RAM: 8115.5 MB
Available physical RAM: 3754.9 MB
Total Virtual: 9395.5 MB
Available Virtual: 4169.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.44 GB) (Free:150.35 GB) (Model: WDC WD3200AAJS-60Z0A0) NTFS
Drive d: () (CDROM) (Total:3.88 GB) (Free:0 GB) UDF

\\?\Volume{06064d39-349d-4993-8395-cc1a34b5de1b}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
\\?\Volume{e6167582-7456-4188-a255-ebf958da5e80}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 5A240DB6)

Partition: GPT.

==================== End of Addition.txt =======================

 

[Broni]

Do NOT wrap logs in "code".
Just paste them.

=========================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 

[bushwhacker]

RKKiller - Cleaned

Program : RogueKiller Anti-Malware
Version : 15.6.4.0
x64 : Yes
Program Date : Dec 15 2022
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 11 (10.0.22000) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Family
User is Admin : Yes
Date : 2022/12/18 12:35:59
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 10035
Found items : 2
Total scanned : 77827
Signatures Version : 20221215_093220
Truesight Driver : Yes
Updates Count : 7

************************* Warnings *************************
(124:118) C:\Users\Family\Downloads, LONG_FOLDER_SCAN
[+] path : C:\Users\Family\Downloads
[+] message : LONG_FOLDER_SCAN
[+] int1 : 124
[+] int2 : 118

(125:18) C:\Users\Family, LONG_FOLDER_SCAN
[+] path : C:\Users\Family
[+] message : LONG_FOLDER_SCAN
[+] int1 : 125
[+] int2 : 18


************************* Updates *************************
BlueStacks 5 (64-bit), version 5.9.300.1014
[+] Available Version : 5.9.410.1001
[+] Size : 1.99 GB
[+] Wow6432 : No
[+] Portable : No

7-Zip 19.00 (x64 edition) (64-bit), version 19.00.00.0
[+] Available Version : 22.01
[+] Size : 5.13 MB
[+] Wow6432 : No
[+] Portable : No

MPC-HC 1.9.8 (64-bit) (64-bit), version 1.9.8
[+] Available Version : 1.9.24
[+] Size : 55.8 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\MPC-HC\

OBS Studio (32-bit), version 28.0.3
[+] Available Version : 28.1.2
[+] Wow6432 : Yes
[+] Portable : No

BlueStacks X (64-bit), version 0.18.31.1
[+] Available Version : 5.9.410.1001
[+] Size : 224 MB
[+] Wow6432 : No
[+] Portable : No

Discord (64-bit), version 1.0.9006
[+] Available Version : 1.0.9008
[+] Size : 78.3 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\ProgramData\Family\Discord

AdwCleaner (32-bit), version 8.3.2.0
[+] Available Version : 8.4.0
[+] Size : 8.15 MB
[+] Wow6432 : Yes
[+] Portable : Yes
[+] update_location : C:\Users\Family\Downloads\AdwCleaner.exe


************************* Processes *************************

************************* Modules *************************

************************* Services *************************

************************* Scheduled Tasks *************************

************************* Registry *************************
>>>>>> O87 - Firewall
├── [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{90BF607D-06F8-4D6C-9F94-5DBE2C902173}C:\programdata\family\discord\app-1.0.9007\discord.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\programdata\family\discord\app-1.0.9007\discord.exe|Name=Discord|Desc=Discord|Defer=User| (missing) -> Found
└── [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{0731BC77-059C-4063-9059-09F79E0E9AA8}C:\programdata\family\discord\app-1.0.9007\discord.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\programdata\family\discord\app-1.0.9007\discord.exe|Name=Discord|Desc=Discord|Defer=User| (missing) -> Found

************************* WMI *************************

************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts


************************* Filesystem *************************

************************* Web Browsers *************************

************************* Antirootkit *************************

 

[bushwhacker]

My son's SilverPS is actually a modified game for Geometry Dash and may be wrongfully detected, they are in the log but is not going to be quarantined as it's needed for it's game functions. However if this may be an issue, ill be happy to wipe it off but please consider this as last resort.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/18/22
Scan Time: 4:50 AM
Log File: 62b84604-7eb9-11ed-94ba-cc52af4b2f53.json

-Software Information-
Version: 4.5.19.229
Components Version: 1.0.1860
Update Package Version: 1.0.63553
License: Trial

-System Information-
OS: Windows 11 (Build 22000.1335)
CPU: x64
File System: NTFS
User: DESKTOP-RC89NQT\Family

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 296519
Threats Detected: 2
Threats Quarantined: 0
Time Elapsed: 21 min, 47 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
Malware.AI.4090165058, C:\USERS\FAMILY\DESKTOP\SILVRPS\SILVRPS\STEAM_API.DLL, No Action By User, 1000000, -204802238, 1.0.63553, 76CCBEA80D608FF9F3CAF742, dds, 02084189, BFEE9B4B18F4C7D65137C2DFF8D70836, 7D0CB1E60E8A1CA2E82EC35B7A971CD52C57C139A194812E249AA68185BF5FD8
Malware.AI.4090165058, C:\USERS\FAMILY\DESKTOP\SILVRPS\STEAM_API.DLL, No Action By User, 1000000, -204802238, 1.0.63553, 76CCBEA80D608FF9F3CAF742, dds, 02084189, BFEE9B4B18F4C7D65137C2DFF8D70836, 7D0CB1E60E8A1CA2E82EC35B7A971CD52C57C139A194812E249AA68185BF5FD8

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

[bushwhacker]

None found - yellow border on Microsoft's Edge is noticed. don't know why.

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-18-2022
# Duration: 00:00:35
# OS: Windows 11 (Build 22000.1335)
# Scanned: 32104
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

[Broni]

There is nothing malicious there, so your computer is not a problem.
This is pretty much all, we can do in this forum.
If that DDoS attack is still there, I suggest new topic in Windows forum. Hopefully someone with networking background will help there.

 

[bushwhacker]

Went on the router and taken the fresh log that ran for a week. I now noticed the DDOS is having spread attack between my devices especially Nintendo Switch, but the address seemed be spoofed from outside of internet. I will definitely inform ISP, but will want your opinion.

Part one

[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 16:16:52
[Admin login] from source 192.75.232.6, Monday, Dec 19,2022 16:15:41
[DoS attack: Fraggle Attack] from source 10.64.196.1,port 67 Monday, Dec 19,2022 16:08:03
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 16:04:45
[DHCP IP: (192.75.232.4)] to MAC address 74:F9:CA:EC:10:8B, Monday, Dec 19,2022 16:03:09
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 16:01:06
[DHCP IP: (192.75.232.6)] to MAC address BC:77:37:B0:5BF, Monday, Dec 19,2022 15:58:28
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 15:53:32
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 15:52:07
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 15:50:27
[DHCP IP: (192.75.232.5)] to MAC address 12:81:821:E2:E9, Monday, Dec 19,2022 15:43:21
[DHCP IP: (192.75.232.3)] to MAC address BE:E1:2F8:1D:B6, Monday, Dec 19,2022 15:43:15
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 15:43:12
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 15:40:02
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 15:38:24
[Time synchronized with NTP server] Monday, Dec 19,2022 15:32:09
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 15:30:49
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 15:30:08
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 15:27:44
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 15:19:40
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 15:10:12
[DoS attack: Fraggle Attack] from source 10.193.204.1,port 67 Monday, Dec 19,2022 15:09:40
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 15:04:13
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 15:01:40
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 15:00:46
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 14:59:43
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 14:56:17
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 14:52:51
[DoS attack: Fraggle Attack] from source 10.200.158.1,port 67 Monday, Dec 19,2022 14:44:28
[DoS attack: Fraggle Attack] from source 10.193.204.1,port 67 Monday, Dec 19,2022 14:42:07
[DoS attack: Fraggle Attack] from source 10.200.158.1,port 67 Monday, Dec 19,2022 14:38:40
[DoS attack: ACK Scan] from source 168.100.163.201,port 606 Monday, Dec 19,2022 14:36:16
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 14:35:47
[DoS attack: snmpQueryDrop] from source 71.6.232.26,port 56310 Monday, Dec 19,2022 14:33:04
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 14:30:21
[DoS attack: Fraggle Attack] from source 10.193.202.1,port 67 Monday, Dec 19,2022 14:25:38
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 14:15:27
[DoS attack: Fraggle Attack] from source 10.193.196.1,port 67 Monday, Dec 19,2022 14:12:05
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 14:06:56
[DHCP IP: (192.75.232.10)] to MAC address 48:E2:44:62:1E:78, Monday, Dec 19,2022 14:01:10
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 14:00:12
[DoS attack: ACK Scan] from source 31.13.80.21,port 443 Monday, Dec 19,2022 13:53:29
[DoS attack: Fraggle Attack] from source 10.64.196.1,port 67 Monday, Dec 19,2022 13:44:08
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 13:39:53
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 13:37:16
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 13:35:46
[DoS attack: Fraggle Attack] from source 10.193.204.1,port 67 Monday, Dec 19,2022 13:33:46
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 13:29:51
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 13:17:17
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 13:14:53
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 13:13:25
[DoS attack: snmpQueryDrop] from source 192.241.211.123,port 52578 Monday, Dec 19,2022 13:04:53
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 13:01:38
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 12:59:50
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 12:58:27
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 12:52:03
[DoS attack: Fraggle Attack] from source 10.193.196.1,port 67 Monday, Dec 19,2022 12:45:57
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 12:38:25
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 12:34:59
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 12:29:21
[DoS attack: Fraggle Attack] from source 10.193.202.1,port 67 Monday, Dec 19,2022 12:26:50
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 12:18:19
[DoS attack: Fraggle Attack] from source 10.193.196.1,port 67 Monday, Dec 19,2022 12:13:53
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 12:09:09
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 12:03:11
[DHCP IP: (192.75.232.8)] to MAC address D4:F0:57:F6:18:F6, Monday, Dec 19,2022 12:02:12
[DoS attack: Fraggle Attack] from source 10.64.196.1,port 67 Monday, Dec 19,2022 12:01:19
[DoS attack: Fraggle Attack] from source 10.193.202.1,port 67 Monday, Dec 19,2022 12:00:44
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 11:59:18
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 11:59:08
[DoS attack: snmpQueryDrop] from source 185.180.143.148,port 40130 Monday, Dec 19,2022 11:50:15
[DoS attack: snmpQueryDrop] from source 185.180.143.148,port 40129 Monday, Dec 19,2022 11:50:15
[DoS attack: snmpQueryDrop] from source 185.180.143.148,port 34336 Monday, Dec 19,2022 11:48:50
[DoS attack: snmpQueryDrop] from source 185.180.143.148,port 34338 Monday, Dec 19,2022 11:48:50
[DoS attack: snmpQueryDrop] from source 198.199.95.197,port 50749 Monday, Dec 19,2022 11:46:31
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 11:41:06
[DoS attack: snmpQueryDrop] from source 205.210.31.177,port 52091 Monday, Dec 19,2022 11:40:36
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 11:29:05
[DoS attack: Fraggle Attack] from source 10.193.196.1,port 67 Monday, Dec 19,2022 11:20:09
[DoS attack: Fraggle Attack] from source 10.193.204.1,port 67 Monday, Dec 19,2022 11:19:42
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 11:00:50
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 11:00:03
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 10:58:35
[DoS attack: Fraggle Attack] from source 10.210.34.1,port 67 Monday, Dec 19,2022 10:58:35
[DHCP IP: (192.75.232.4)] to MAC address 74:F9:CA:EC:10:8B, Monday, Dec 19,2022 10:57:40
[DoS attack: Fraggle Attack] from source 10.193.204.1,port 67 Monday, Dec 19,2022 10:53:50
[DoS attack: Fraggle Attack] from source 10.193.206.1,port 67 Monday, Dec 19,2022 10:51:47
[DoS attack: Fraggle Attack] from source 10.193.196.1,port 67 Monday, Dec 19,2022 10:50:38
[DoS attack: Fraggle Attack] from source 10.193.196.1,port 67 Monday, Dec 19,2022 10:43:27
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 10:43:08
[DoS attack: Fraggle Attack] from source 10.193.204.1,port 67 Monday, Dec 19,2022 10:39:02
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 10:37:32
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 10:33:56
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 10:28:20
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 10:23:00
[DoS attack: Fraggle Attack] from source 10.193.204.1,port 67 Monday, Dec 19,2022 10:22:27
[DoS attack: ACK Scan] from source 31.13.80.21,port 443 Monday, Dec 19,2022 10:18:12
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 10:17:51
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 10:14:05
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 10:10:43
[DoS attack: Fraggle Attack] from source 10.64.196.1,port 67 Monday, Dec 19,2022 09:45:16
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 09:44:16
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 09:42:39
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 09:40:57
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 09:38:47
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 09:36:14
[DoS attack: Fraggle Attack] from source 10.193.202.1,port 67 Monday, Dec 19,2022 09:34:24
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 09:33:44
[Time synchronized with NTP server] Monday, Dec 19,2022 09:32:08
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 09:30:24
[DoS attack: snmpQueryDrop] from source 71.6.134.204,port 59066 Monday, Dec 19,2022 09:25:31
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 09:23:57
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 09:14:33
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 09:11:37
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 09:09:24
[DHCP IP: (192.75.232.5)] to MAC address 12:81:821:E2:E9, Monday, Dec 19,2022 09:06:49
[DoS attack: Fraggle Attack] from source 10.198.88.1,port 67 Monday, Dec 19,2022 09:02:13
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 08:59:06
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 08:53:20
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 08:45:53
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 08:43:56
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 08:39:54
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 08:36:44
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 08:36:28
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 08:35:27
[DoS attack: Fraggle Attack] from source 10.64.196.1,port 67 Monday, Dec 19,2022 08:35:18
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 08:32:21
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 08:28:23
[DoS attack: snmpQueryDrop] from source 192.241.192.236,port 52811 Monday, Dec 19,2022 08:28:16
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 08:23:13
[DoS attack: Fraggle Attack] from source 10.193.200.1,port 67 Monday, Dec 19,2022 08:22:10
[DoS attack: Fraggle Attack] from source 10.193.200.1,port 67 Monday, Dec 19,2022 08:20:33
[DoS attack: Fraggle Attack] from source 10.193.200.1,port 67 Monday, Dec 19,2022 08:20:21
[DoS attack: Fraggle Attack] from source 10.193.200.1,port 67 Monday, Dec 19,2022 08:18:15
[DoS attack: Fraggle Attack] from source 10.193.200.1,port 67 Monday, Dec 19,2022 08:17:58
[DoS attack: snmpQueryDrop] from source 185.142.236.35,port 29538 Monday, Dec 19,2022 08:07:14
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 08:06:14
[DoS attack: Fraggle Attack] from source 10.64.196.1,port 67 Monday, Dec 19,2022 07:59:46
[DoS attack: Fraggle Attack] from source 10.210.34.1,port 67 Monday, Dec 19,2022 07:53:38
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 07:52:36
[DoS attack: TCP SYN Flood] from source 68.129.184.108,port 12014 Monday, Dec 19,2022 07:44:01
[DoS attack: Fraggle Attack] from source 10.193.204.1,port 67 Monday, Dec 19,2022 07:28:31
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 07:22:27
[DoS attack: Fraggle Attack] from source 10.193.204.1,port 67 Monday, Dec 19,2022 07:00:30
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 06:52:06
[DoS attack: Fraggle Attack] from source 10.210.34.1,port 67 Monday, Dec 19,2022 06:49:29
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 06:38:03
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 06:21:54
[DoS attack: snmpQueryDrop] from source 45.142.192.11,port 30708 Monday, Dec 19,2022 06:02:37
[DoS attack: Fraggle Attack] from source 10.193.208.1,port 67 Monday, Dec 19,2022 05:58:06
[DoS attack: Fraggle Attack] from source 10.200.158.1,port 67 Monday, Dec 19,2022 05:52:29
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 05:51:37
[DoS attack: ACK Scan] from source 31.13.80.21,port 443 Monday, Dec 19,2022 05:42:07
[DoS attack: Fraggle Attack] from source 10.193.204.1,port 67 Monday, Dec 19,2022 05:38:34
[DoS attack: Fraggle Attack] from source 10.64.196.1,port 67 Monday, Dec 19,2022 05:21:38
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 05:21:06
[DoS attack: Fraggle Attack] from source 10.193.196.1,port 67 Monday, Dec 19,2022 05:20:05
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 05:17:22
[DoS attack: Fraggle Attack] from source 10.193.202.1,port 67 Monday, Dec 19,2022 05:01:07
[DoS attack: RST Scan] from source 142.251.41.74,port 443 Monday, Dec 19,2022 04:54:42
[DoS attack: snmpQueryDrop] from source 45.56.125.191,port 34359 Monday, Dec 19,2022 04:54:30
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 04:50:51
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 04:43:23
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 04:37:36
[DoS attack: Fraggle Attack] from source 10.200.158.1,port 67 Monday, Dec 19,2022 04:32:43
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 04:20:36
[DHCP IP: (192.75.232.5)] to MAC address 12:81:821:E2:E9, Monday, Dec 19,2022 04:19:23
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 04:09:33
[DoS attack: Fraggle Attack] from source 10.210.34.1,port 67 Monday, Dec 19,2022 04:02:09
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 03:58:16
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 03:50:28
[DHCP IP: (192.75.232.3)] to MAC address BE:E1:2F8:1D:B6, Monday, Dec 19,2022 03:49:02
[DoS attack: TCP SYN Flood] from source 72.210.60.94,port 14502 Monday, Dec 19,2022 03:42:04
[DoS attack: Fraggle Attack] from source 10.64.196.1,port 67 Monday, Dec 19,2022 03:35:25
[Time synchronized with NTP server] Monday, Dec 19,2022 03:32:09
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 03:20:05
[DoS attack: Fraggle Attack] from source 10.64.196.1,port 67 Monday, Dec 19,2022 03:12:02
[DoS attack: Fraggle Attack] from source 10.193.206.1,port 67 Monday, Dec 19,2022 03:01:48
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 03:01:37
[DoS attack: Fraggle Attack] from source 10.193.204.1,port 67 Monday, Dec 19,2022 03:01:21
[DoS attack: Fraggle Attack] from source 10.193.204.1,port 67 Monday, Dec 19,2022 03:00:49
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 03:00:15
[DoS attack: Fraggle Attack] from source 10.193.204.1,port 67 Monday, Dec 19,2022 03:00:04
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 02:49:54
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 02:36:36
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 02:19:36
[DoS attack: Fraggle Attack] from source 10.210.34.1,port 67 Monday, Dec 19,2022 02:12:28
[DoS attack: Fraggle Attack] from source 10.193.206.1,port 67 Monday, Dec 19,2022 02:01:27
[DHCP IP: (192.75.232.10)] to MAC address 48:E2:44:62:1E:78, Monday, Dec 19,2022 02:01:09
[DoS attack: Fraggle Attack] from source 10.193.206.1,port 67 Monday, Dec 19,2022 02:00:50
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 02:00:22
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 01:55:42
[DoS attack: Fraggle Attack] from source 10.193.196.1,port 67 Monday, Dec 19,2022 01:51:27
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 01:49:20
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 01:19:05
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 01:05:25
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 00:49:04
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 00:38:36
[DoS attack: snmpQueryDrop] from source 146.88.240.4,port 44172 Monday, Dec 19,2022 00:35:53
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 00:18:35
[DoS attack: Fraggle Attack] from source 10.198.88.1,port 67 Monday, Dec 19,2022 00:11:37
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Monday, Dec 19,2022 00:09:10
[DHCP IP: (192.75.232.8)] to MAC address D4:F0:57:F6:18:F6, Monday, Dec 19,2022 00:02:10
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 23:48:22
[DoS attack: Fraggle Attack] from source 10.64.196.1,port 67 Sunday, Dec 18,2022 23:43:19
[DoS attack: Fraggle Attack] from source 10.193.202.1,port 67 Sunday, Dec 18,2022 23:31:59
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 23:21:33
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 23:18:06
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 23:08:37
[DoS attack: ACK Scan] from source 31.13.80.21,port 443 Sunday, Dec 18,2022 22:58:13
[DoS attack: Fraggle Attack] from source 10.193.196.1,port 67 Sunday, Dec 18,2022 22:56:35
[DoS attack: Fraggle Attack] from source 10.64.196.1,port 67 Sunday, Dec 18,2022 22:52:04
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 18416 Sunday, Dec 18,2022 22:50:13
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 14292 Sunday, Dec 18,2022 22:50:03
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 24562 Sunday, Dec 18,2022 22:49:23
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 2042 Sunday, Dec 18,2022 22:48:47
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 14328 Sunday, Dec 18,2022 22:48:30
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 14292 Sunday, Dec 18,2022 22:48:24
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 18424 Sunday, Dec 18,2022 22:48:14
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 6096 Sunday, Dec 18,2022 22:48:13
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 18416 Sunday, Dec 18,2022 22:47:55
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 22:47:51
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 28626 Sunday, Dec 18,2022 22:47:27
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 4058 Sunday, Dec 18,2022 22:47:19
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 28666 Sunday, Dec 18,2022 22:46:59
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 22:39:40
[DHCP IP: (192.75.232.4)] to MAC address 74:F9:CA:EC:10:8B, Sunday, Dec 18,2022 22:38:31
[DoS attack: Fraggle Attack] from source 10.193.196.1,port 67 Sunday, Dec 18,2022 22:23:18
[DoS attack: snmpQueryDrop] from source 64.62.197.154,port 43973 Sunday, Dec 18,2022 22:18:28
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 22:17:39
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 22:14:15
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 24572 Sunday, Dec 18,2022 22:13:15
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 2044 Sunday, Dec 18,2022 22:12:54
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 4050 Sunday, Dec 18,2022 22:11:34
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 22:10:20
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 21:47:17
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 22526 Sunday, Dec 18,2022 21:44:12
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 6102 Sunday, Dec 18,2022 21:43:49
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 22518 Sunday, Dec 18,2022 21:43:01
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 8176 Sunday, Dec 18,2022 21:42:45
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 20440 Sunday, Dec 18,2022 21:42:27
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 2042 Sunday, Dec 18,2022 21:42:11
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 32762 Sunday, Dec 18,2022 21:41:17
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 21:40:51
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 10192 Sunday, Dec 18,2022 21:40:28
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 26614 Sunday, Dec 18,2022 21:40:27
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 2044 Sunday, Dec 18,2022 21:40:19
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 28656 Sunday, Dec 18,2022 21:40:14
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 18416 Sunday, Dec 18,2022 21:39:47
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 21:33:49

 

[bushwhacker]

Part two

[Time synchronized with NTP server] Sunday, Dec 18,2022 21:32:14
[DHCP IP: (192.75.232.3)] to MAC address BE:E1:2F8:1D:B6, Sunday, Dec 18,2022 21:28:00
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 21:18:49
[DoS attack: ACK Scan] from source 31.13.80.21,port 443 Sunday, Dec 18,2022 21:18:31
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 21:16:05
[DoS attack: Fraggle Attack] from source 10.200.158.1,port 67 Sunday, Dec 18,2022 21:05:15
[DoS attack: Fraggle Attack] from source 10.200.158.1,port 67 Sunday, Dec 18,2022 21:00:28
[DoS attack: Fraggle Attack] from source 10.193.204.1,port 67 Sunday, Dec 18,2022 20:59:47
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 20:48:29
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 20:45:51
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 20:42:43
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 20:41:19
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 20:39:33
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 20:39:01
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 20:37:46
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 20:28:18
[DoS attack: Fraggle Attack] from source 10.193.196.1,port 67 Sunday, Dec 18,2022 20:28:08
[DoS attack: Fraggle Attack] from source 10.193.206.1,port 67 Sunday, Dec 18,2022 20:24:22
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 20:15:35
[DoS attack: RST Scan] from source 172.217.1.2,port 443 Sunday, Dec 18,2022 20:11:44
[DoS attack: RST Scan] from source 172.217.1.14,port 443 Sunday, Dec 18,2022 20:11:25
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 20:04:40
[DoS attack: Fraggle Attack] from source 10.64.196.1,port 67 Sunday, Dec 18,2022 19:55:56
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 19:54:38
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 19:51:42
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 19:46:01
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 19:45:30
[DoS attack: snmpQueryDrop] from source 185.94.111.1,port 55806 Sunday, Dec 18,2022 19:45:07
[DoS attack: snmpQueryDrop] from source 147.203.255.20,port 52633 Sunday, Dec 18,2022 19:42:02
[DoS attack: Fraggle Attack] from source 10.193.196.1,port 67 Sunday, Dec 18,2022 19:36:10
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 19:16:39
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 19:15:11
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 19:09:27
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 18:56:44
[DoS attack: Fraggle Attack] from source 10.193.210.1,port 67 Sunday, Dec 18,2022 18:53:07
[DoS attack: Fraggle Attack] from source 10.193.210.1,port 67 Sunday, Dec 18,2022 18:47:08
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 18:44:14
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 18:43:28
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 18:39:28
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 18:38:21
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 16340 Sunday, Dec 18,2022 18:34:02
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 14330 Sunday, Dec 18,2022 18:33:26
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 6140 Sunday, Dec 18,2022 18:33:13
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 30676 Sunday, Dec 18,2022 18:33:02
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 18424 Sunday, Dec 18,2022 18:32:49
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 6100 Sunday, Dec 18,2022 18:32:39
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 12242 Sunday, Dec 18,2022 18:32:34
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 16350 Sunday, Dec 18,2022 18:32:32
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 28636 Sunday, Dec 18,2022 18:31:43
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 22488 Sunday, Dec 18,2022 18:31:39
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 10194 Sunday, Dec 18,2022 18:31:26
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 8146 Sunday, Dec 18,2022 18:30:54
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 2036 Sunday, Dec 18,2022 18:29:30
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 18:18:44
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 18:13:56
[DoS attack: Fraggle Attack] from source 10.64.196.1,port 67 Sunday, Dec 18,2022 18:13:36
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 18:07:52
[DHCP IP: (192.75.232.3)] to MAC address BE:E1:2F8:1D:B6, Sunday, Dec 18,2022 17:45:50
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 17:43:36
[DoS attack: ACK Scan] from source 31.13.80.21,port 443 Sunday, Dec 18,2022 17:40:51
[DoS attack: snmpQueryDrop] from source 94.102.61.30,port 55696 Sunday, Dec 18,2022 17:33:21
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 17:18:56
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 17:14:31
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 17:13:26
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 17:10:07
[DoS attack: snmpQueryDrop] from source 147.203.255.20,port 40124 Sunday, Dec 18,2022 17:05:40
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 17:01:37
[DoS attack: Fraggle Attack] from source 10.193.196.1,port 67 Sunday, Dec 18,2022 16:59:28
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 16:59:11
[DoS attack: Fraggle Attack] from source 10.193.210.1,port 67 Sunday, Dec 18,2022 16:57:56
[DoS attack: Fraggle Attack] from source 10.193.204.1,port 67 Sunday, Dec 18,2022 16:49:05
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 16:43:05
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 16:35:55
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 16:34:40
[DoS attack: RST Scan] from source 142.251.41.74,port 443 Sunday, Dec 18,2022 16:32:54
[DoS attack: Fraggle Attack] from source 10.193.204.1,port 67 Sunday, Dec 18,2022 16:28:07
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 16:26:43
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 16:24:59
[DoS attack: Fraggle Attack] from source 10.64.196.1,port 67 Sunday, Dec 18,2022 16:22:30
[DHCP IP: (192.75.232.5)] to MAC address 12:81:821:E2:E9, Sunday, Dec 18,2022 16:19:22
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 16:19:09
[DoS attack: Fraggle Attack] from source 10.210.34.1,port 67 Sunday, Dec 18,2022 16:15:38
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 16:12:50
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 16:03:13
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 15:55:27
[DoS attack: Fraggle Attack] from source 10.193.204.1,port 67 Sunday, Dec 18,2022 15:54:17
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 15:43:19
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 15:42:36
[Time synchronized with NTP server] Sunday, Dec 18,2022 15:32:08
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 15:26:49
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 15:26:37
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 15:24:51
[DoS attack: Fraggle Attack] from source 10.198.88.1,port 67 Sunday, Dec 18,2022 15:21:04
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 15:17:10
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 15:12:20
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 15:10:09
[DoS attack: Fraggle Attack] from source 10.64.196.1,port 67 Sunday, Dec 18,2022 14:57:21
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 14:52:44
[DoS attack: Fraggle Attack] from source 10.64.196.1,port 67 Sunday, Dec 18,2022 14:51:18
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 14:42:07
[DoS attack: snmpQueryDrop] from source 147.203.255.20,port 46986 Sunday, Dec 18,2022 14:33:22
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 14:32:10
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 14:13:10
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 14:12:00
[DHCP IP: (192.75.232.10)] to MAC address 48:E2:44:62:1E:78, Sunday, Dec 18,2022 14:01:09
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 13:54:45
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 13:51:16
[DoS attack: snmpQueryDrop] from source 45.148.10.241,port 16348 Sunday, Dec 18,2022 13:48:31
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 13:45:18
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 13:45:03
[DoS attack: Fraggle Attack] from source 10.76.128.1,port 67 Sunday, Dec 18,2022 13:41:44

Your thoughts?

 

[bushwhacker]

I had to take a peek in Netgear Community and it seem to be very common, Ill make some changes and hopefully to see the positive results within a week. Please do leave the thread open until I decided to say its solved.

 

[Broni]

OK.