Originally from MarioXXL Under attack and disabled – Virus, Trojan, Spyware, and Malware Removal Help – BleepingComputer

Originally from MarioXXL Under attack and disabled – Virus, Trojan, Spyware, and Malware Removal Help – BleepingComputer

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2021
Ran by roiki (12-11-2021 00:08:42)
Running from C:UsersroikiDownloads
Microsoft Windows 10 Pro Version 21H1 19043.1348 (X64) (2020-09-30 03:39:10)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3585060817-1390663791-933909649-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-3585060817-1390663791-933909649-503 – Limited – Disabled)
DevToolsUser (S-1-5-21-3585060817-1390663791-933909649-1008 – Limited – Enabled) => C:UsersDevToolsUser
evaro (S-1-5-21-3585060817-1390663791-933909649-1001 – Limited – Enabled) => C:Usersevaro
Guest (S-1-5-21-3585060817-1390663791-933909649-501 – Limited – Disabled)
roiki (S-1-5-21-3585060817-1390663791-933909649-1004 – Administrator – Enabled) => C:Usersroiki
WDAGUtilityAccount (S-1-5-21-3585060817-1390663791-933909649-504 – Limited – Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled – Up to date) {BAD274F4-FA00-8560-1CDE-6C830442BEFA}
AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {82E9F5D1-B06F-8438-3781-C5B6FA91F981}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Active Directory Authentication Library for SQL Server (HKLM…{6BF11ECE-3CE8-4FBA-991A-1F55AA6BE5BF}) (Version: 15.0.1300.359 – Microsoft Corporation) Hidden
AdoptOpenJDK JRE with Hotspot 11.0.7.10 (x64) (HKLM…{1B5CD899-5DA3-411F-B85F-B4FC08F2D564}) (Version: 11.0.7.10 – AdoptOpenJDK)
AMD Ryzen Master SDK (HKLM…{DBD50508-5F75-416B-995D-C42433A00944}) (Version: 2.6.0.1644 – Advanced Micro Devices, Inc.)
Android Studio (HKLM…Android Studio) (Version: 2020.3 – Google LLC)
AnyDesk (HKLM-x32…AnyDesk) (Version: ad 6.2.6 – AnyDesk Software GmbH)
Application Verifier x64 External Package (HKLM…{8A4CD158-E6B3-6D91-D7DE-10098BC980E2}) (Version: 10.1.19041.685 – Microsoft) Hidden
Avast Update Helper (HKLM-x32…{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 – AVAST Software) Hidden
Bing Wallpaper (HKLM-x32…{9C94D5E4-22D6-457B-9263-9C68DBF669DD}) (Version: 1.0.9.3 – Microsoft Corporation)
Bitdefender Agent (HKLM…Bitdefender Agent) (Version: 26.0.1.198 – Bitdefender)
Bitdefender Total Security (HKLM…Bitdefender) (Version: 26.0.3.27 – Bitdefender)
Bitdefender VPN (HKLM…Bitdefender VPN) (Version: 25.4.4.44 – Bitdefender)
Brave (HKLM-x32…BraveSoftware Brave-Browser) (Version: 95.1.31.91 – Brave Software Inc)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32…{5A260D5A-95D3-4956-8E0A-E182CC4144ED}) (Version: 4.8.04162 – Microsoft Corporation) Hidden
CPUID CPU-Z 1.98 (HKLM…CPUID CPU-Z_is1) (Version: 1.98 – CPUID, Inc.)
DiagnosticsHub_CollectionService (HKLM…{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 – Microsoft Corporation) Hidden
Discord (HKUS-1-5-21-3585060817-1390663791-933909649-1001…Discord) (Version: 0.0.309 – Discord Inc.)
Docker Desktop (HKLM…Docker Desktop) (Version: 4.1.1 – Docker Inc.)
Exodus (HKUS-1-5-21-3585060817-1390663791-933909649-1004…exodus) (Version: 21.10.25 – Exodus Movement Inc)
GNU Privacy Guard (HKLM-x32…GnuPG) (Version: 2.2.28 – The GnuPG Project)
Google Chrome (HKLM-x32…Google Chrome) (Version: 95.0.4638.69 – Google LLC)
Google Update Helper (HKLM-x32…{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 – Google LLC) Hidden
Gpg4win (3.1.16) (HKLM-x32…Gpg4win) (Version: 3.1.16 – The Gpg4win Project)
HP Audio Switch (HKLM-x32…{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 – HP Inc.)
HP Connection Optimizer (HKLM-x32…{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.19.0 – HP)
HP Documentation (HKLM…HP_Documentation) (Version: 1.0.0.1 – HP Inc.)
HP PC Hardware Diagnostics Windows (HKLM-x32…{CE4A8339-A880-404E-8E5D-17B33F9542D6}) (Version: 1.6.7.0 – HP Inc.)
icecap_collection_neutral (HKLM-x32…{1036893D-9917-4E70-B96C-8D72A2B224BC}) (Version: 16.10.31306 – Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM…{289873DF-80D0-4D7D-8068-D25D342A26FA}) (Version: 16.10.31306 – Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32…{D2B4539C-173B-4B8D-A021-E22E9566BC24}) (Version: 16.10.31306 – Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32…{38CE202D-7880-4101-9739-83619300EC58}) (Version: 16.10.31306 – Microsoft Corporation) Hidden
iCloud Outlook (HKLM…{F35C51FC-B854-4106-89D2-50709F12A4B5}) (Version: 12.5.0.74 – Apple Inc.)
IIS 10.0 Express (HKLM…{A517D4FE-30EC-4210-8888-12F5530543F2}) (Version: 10.0.05512 – Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM…{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: – ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM…{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: – ) Hidden
IntelliTraceProfilerProxy (HKLM-x32…{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 – Microsoft Corporation) Hidden
KIOXIA NVMe FW Update Tool 1.0.3.4 (HKLM-x32…KIOXIA NVMe FW Update Tool_is1) (Version: – )
Kits Configuration Installer (HKLM-x32…{E75A9998-E979-760B-6AEB-49763F279EDD}) (Version: 10.1.19041.685 – Microsoft) Hidden
Logitech Options (HKLM…LogiOptions) (Version: 9.40.86 – Logitech)
Logitech SetPoint 6.70 (HKLM…sp6) (Version: 6.70.55 – Logitech)
Logitech Unifying Software 2.50 (HKLM…Logitech Unifying) (Version: 2.50.25 – Logitech)
Maltego (HKLM-x32…Maltego) (Version: 4 – Paterva)
Malwarebytes Privacy version 3.8.0.725 (HKLM…{934873BE-C9BC-4F19-B698-9B3E3F8FF07F}_is1) (Version: 3.8.0.725 – Malwarebytes)
Malwarebytes Privacy VPN Tunnel Driver (HKLM…{C76ADF6A-26EB-4526-A452-49FCFE6E801D}) (Version: 1.0.0.0 – Malwarebytes)
Microsoft .NET Core SDK 3.1.415 (x64) (HKLM-x32…{c85207f2-c520-4f87-8671-0d6cf09298ff}) (Version: 3.1.415.15859 – Microsoft Corporation)
Microsoft .NET SDK 5.0.402 (x64) from Visual Studio (HKLM…{A6889A2D-DA5E-4DED-B563-DAF5BE5252AA}) (Version: 5.4.221.47606 – Microsoft Corporation)
Microsoft .NET SDK 5.0.403 (x64) (HKLM-x32…{81aba691-7919-4e81-9d4a-e5df954b0b1d}) (Version: 5.4.321.52708 – Microsoft Corporation)
Microsoft 365 – en-us (HKLM…O365HomePremRetail – en-us) (Version: 16.0.14527.20234 – Microsoft Corporation)
Microsoft ASP.NET Core 3.1.21 – Shared Framework (x86) (HKLM-x32…{1c97c9ca-6ccd-4b0e-99e1-59d8fe266e9f}) (Version: 3.1.21.21523 – Microsoft Corporation)
Microsoft ASP.NET Core 5.0.12 – Shared Framework (x86) (HKLM-x32…{94465683-9acc-4036-8f33-71177d10a8e8}) (Version: 5.0.12.21524 – Microsoft Corporation)
Microsoft Azure Authoring Tools – v2.9.6 (HKLM…{EDADFA19-7F96-4075-A4AB-2209910626C5}) (Version: 2.9.8899.26 – Microsoft Corporation)
Microsoft Azure Compute Emulator – v2.9.6 (HKLM…Microsoft Azure Compute Emulator – v2.9.6) (Version: 2.9.8899.26 – Microsoft Corporation)
Microsoft Azure Libraries for .NET v2.9 (HKLM…{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 – Microsoft Corporation)
Microsoft Azure PowerShell – April 2018 (HKLM…{3BA7CAA9-97BA-4528-B7E1-B640910BB149}) (Version: 5.7.0.18831 – Microsoft Corporation)
Microsoft Azure Storage Emulator – v5.10 (HKLM-x32…Microsoft Azure Storage Emulator – v5.10) (Version: 5.10.19227.2113 – Microsoft Corporation)
Microsoft Edge (HKLM-x32…{FDC4602B-46D5-30CB-8DF9-C36A1C7C24C6}) (Version: 95.0.1020.44 – Microsoft Corporation)
Microsoft Garage Mouse without Borders (HKLM-x32…{D3BC954F-D661-474C-B367-30EB6E56542E}) (Version: 2.2.1.327 – Microsoft Garage)
Microsoft ODBC Driver 17 for SQL Server (HKLM…{8D98AC2C-FC5C-440D-A2D3-6C9655F957D8}) (Version: 17.2.0.1 – Microsoft Corporation)
Microsoft OneDrive (HKLM…OneDriveSetup.exe) (Version: 21.205.1003.0005 – Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB (HKLM…{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 – Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM…{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 – Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM…{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 – Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32…{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 – Microsoft Corporation)
Microsoft Update Health Tools (HKLM…{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.17 (HKLM…{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.6161 (HKLM…{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32…{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32…{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.29.30135 (HKLM-x32…{fa7f6d52-f85e-48ef-8f56-a37268aa5772}) (Version: 14.29.30135.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.29.30135 (HKLM-x32…{b7a2b241-3f54-4d7d-94d1-8ce0146e03c7}) (Version: 14.29.30135.0 – Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM…Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 – Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM…{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.11.40.25675 – Microsoft Corporation)
Microsoft Web Deploy 4.0 (HKLM…{2EC26D34-FB67-4C58-AC20-235697551222}) (Version: 10.0.3802 – Microsoft Corporation)
Microsoft Windows Desktop Runtime – 3.1.21 (x86) (HKLM-x32…{d1c9f155-e14a-4486-b545-dde658719aac}) (Version: 3.1.21.30622 – Microsoft Corporation)
Microsoft Windows Desktop Runtime – 5.0.12 (x86) (HKLM-x32…{802fde85-84c2-447a-9da5-c3bb0d312ea2}) (Version: 5.0.12.30623 – Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM…Mozilla Firefox 94.0.1 (x64 en-US)) (Version: 94.0.1 – Mozilla)
Mozilla Maintenance Service (HKLM…MozillaMaintenanceService) (Version: 93.0 – Mozilla)
MSI Development Tools (HKLM-x32…{7AAC93B0-F3D7-6B24-6B37-9E74980C1C81}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden
NordPass (HKUS-1-5-21-3585060817-1390663791-933909649-1004…f7c32559-6c31-590a-9972-0bea54b04213) (Version: 4.14.20 – NordPass Team)
NordVPN (HKLM…{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.40.5.0 – TEFINCOM S.A.)
NordVPN network TAP (HKLM-x32…{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 – NordVPN)
NordVPN network TUN (HKLM…{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 – NordVPN)
Office 16 Click-to-Run Extensibility Component (HKLM…{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM…{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM…{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13901.20336 – Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (HKLM-x32…{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 – Microsoft Corporation) Hidden
Opera Stable 80.0.4170.72 (HKUS-1-5-21-3585060817-1390663791-933909649-1004…Opera 80.0.4170.72) (Version: 80.0.4170.72 – Opera Software)
Pidgin (HKLM-x32…Pidgin) (Version: 2.14.7 – )
PowerShell 7-x64 (HKLM…{A1D5CE14-6581-4CD0-8371-5B8AEC70D77E}) (Version: 7.1.5.0 – Microsoft Corporation)
REALTEK Bluetooth Driver (HKLM-x32…{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.113 – REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32…{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.39.212.2020 – Realtek)
Roblox Player for evaro (HKUS-1-5-21-3585060817-1390663791-933909649-1001…roblox-player) (Version: – Roblox Corporation)
SDK ARM Additions (HKLM-x32…{FCF9D89E-6F79-64FB-B08D-B0E69FF54DEE}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32…{72DB07D6-E166-5A3F-B6E6-4664383781B8}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden
SMSCaster E-Marketer GSM Enterprise v3.7 (HKLM-x32…SMSCaster E-Marketer GSM Enterprise_is1) (Version: v3.7 (build 1784) – SDJ Software Limited)
sptools_Microsoft.VisualStudio.OfficeDeveloperTools.Msi (HKLM-x32…{26778A28-6410-4CCA-B7D4-63A23C58526F}) (Version: 16.0.29931 – Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi (HKLM-x32…{F8AA44A5-5B1F-4802-9B7B-3B6373AC51FB}) (Version: 16.0.28030 – Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32…{3CF6EEAF-072E-47EB-8065-B628379449D3}) (Version: 16.0.28030 – Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.x64 (HKLM-x32…{D629D35F-A26E-4CF7-A512-3C890257A790}) (Version: 16.0.28030 – Microsoft Corporation) Hidden
TypeScript SDK (HKLM-x32…{6D0FC687-BA41-4DFD-80B4-3469E567AA0F}) (Version: 4.3.5.0 – Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32…{4D69FB64-4443-F2DD-DE1C-F14FD98AAC59}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32…{6B56745A-F6A4-C51C-933A-AD96C00683EA}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32…{A57CD0A6-4297-FD30-34A4-34758B6F5F69}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM…{CD06199B-41C1-AE6D-7567-984CC68792C3}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32…{BD75F257-50A4-E0CD-9942-C3550CA3E66A}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32…{A7E95C47-B5F4-110C-D27A-DECB03412B96}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32…{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 – Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32…{54109AAF-995B-4463-AE95-B9ED6B5631AA}) (Version: 14.29.30135 – Microsoft Corporation) Hidden
Visual Studio Community 2019 (HKLM-x32…608cca5f) (Version: 16.11.5 – Microsoft Corporation)
VS Immersive Activate Helper (HKLM-x32…{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 – Microsoft Corporation) Hidden
VS JIT Debugger (HKLM…{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 – Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM…{A4272808-82F5-410F-A5F9-1BF6F63F6B9A}) (Version: 16.0.102.0 – Microsoft Corporation) Hidden
VS WCF Debugging (HKLM…{E90279BA-36B4-4477-A1B7-C81B571172F2}) (Version: 16.0.102.0 – Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32…{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 – Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32…{6F7948F9-8EED-4FA5-A1D9-7DD512A2CA26}) (Version: 16.10.31206 – Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32…{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 – Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32…{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 – Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32…{CE912A42-1D6A-4F54-A263-F54E7D3F8E09}) (Version: 16.11.31613 – Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32…{3751D1CF-9A44-43D2-B4BB-80FA6E7925A8}) (Version: 16.10.31213 – Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32…{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 – Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32…{102E83BD-B6A0-4C74-AD22-7D594A3435D3}) (Version: 16.11.31503 – Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32…{6CBDE7BE-E956-4E0E-81FB-2CB79190C924}) (Version: 16.11.31503 – Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32…{05CA3463-0B45-425D-9AF2-E1964AB85CBB}) (Version: 16.10.31303 – Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM…{76133D32-1325-48F3-929A-27EC7A323FBA}) (Version: 16.10.31213 – Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32…{E42F1CFF-80C7-4865-B378-1EFCF312C1BF}) (Version: 16.10.31213 – Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32…{883D29E5-9A41-4C45-A192-C10B8078BF0C}) (Version: 16.10.31306 – Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32…{53D1C36A-E35A-45B3-801B-F49BDD425293}) (Version: 16.11.31503 – Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32…{0916C6E1-6A0A-4887-9E00-D96FD44AFACE}) (Version: 16.10.31303 – Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32…{9A9E968E-1C75-4B85-BCBF-D1E26D6F7A6B}) (Version: 16.10.31205 – Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32…{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 – Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32…{2ADF1977-BF31-E127-B651-AC28A8658317}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden
Windows Driver Package – Exar Corporation (xrusbser) Ports (11/18/2014 2.2.0.0) (HKLM…2010BBD0422AFC8BD27D0F5799FA7C5ED0461D1) (Version: 11/18/2014 2.2.0.0 – Exar Corporation)
Windows PC Health Check (HKLM…{77ACFAF7-E5AB-410D-BA14-BBEBF89422DE}) (Version: 3.1.2109.29003 – Microsoft Corporation)
Windows SDK AddOn (HKLM-x32…{E18618EC-D9DB-4BCE-B382-85ADA2CBB340}) (Version: 10.1.0.0 – Microsoft Corporation)
Windows Software Development Kit – Windows 10.0.19041.685 (HKLM-x32…{4591faf1-a2db-4a3d-bfda-aa5a4ebb1587}) (Version: 10.1.19041.685 – Microsoft Corporation)
Windows Subsystem for Linux Update (HKLM…{8BC9BA1B-F6F3-471D-8773-5283F0C52B84}) (Version: 5.10.60.1 – Microsoft Corporation)
WinRAR 6.02 (64-bit) (HKLM…WinRAR archiver) (Version: 6.02.0 – win.rar GmbH)
WinRT Intellisense Desktop – en-us (HKLM-x32…{BCF7CA0F-E53C-2A4F-B128-A751EC9A1016}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden
WinRT Intellisense Desktop – Other Languages (HKLM-x32…{B42BF427-AFDB-C00F-DB60-6F51395D74A1}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden
WinRT Intellisense IoT – en-us (HKLM-x32…{3335615C-ABEB-960E-2226-4274CD28E046}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden
WinRT Intellisense IoT – Other Languages (HKLM-x32…{216D5F47-257D-6284-5849-B51037875EFA}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden
WinRT Intellisense Mobile – en-us (HKLM-x32…{443FF51E-16C3-F23B-18FC-0D1D66024B0B}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden
WinRT Intellisense PPI – en-us (HKLM-x32…{15E29AFF-CB19-A20B-9A81-B0765A63115F}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden
WinRT Intellisense PPI – Other Languages (HKLM-x32…{FF2B49B7-0254-3D6A-4BE0-EF4C59DBCC2B}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden
WinRT Intellisense UAP – en-us (HKLM-x32…{0AF3B821-474B-1885-473A-6E3FB4F1CF71}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden
WinRT Intellisense UAP – Other Languages (HKLM-x32…{8832F8ED-1035-9ABE-FD73-4E5ABAA84A5C}) (Version: 10.1.19041.685 – Microsoft Corporation) Hidden
Workflow Manager Client 1.0 (HKLM…{69CD1F2D-DF68-4E23-9108-1B70783F2855}) (Version: 2.1.10525.2 – Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM…{1991EF35-D0B4-49AA-A239-6A25096525D2}) (Version: 2.1.50623.2 – Microsoft Corporation) Hidden
Xamarin Offline Packages (HKLM-x32…{3FD115BA-CD0E-4770-AD07-AF0EB6BA15C8}) (Version: 16.10.5 – Xamarin) Hidden
Xamarin PCL Profiles v1.0.9 (HKLM-x32…{5E6844AB-A867-419C-A376-B12B574AA5F7}) (Version: 1.0.9.0 – Xamarin) Hidden
Xamarin Remoted iOS Simulator (HKLM-x32…{133F3464-C283-4AF7-998A-B0DCD13AE9D0}) (Version: 16.10.0.380 – Xamarin) Hidden
Xoreax IncrediBuild 9.5.0 (build 3385) (HKLM-x32…XoreaxIncrediBuild) (Version: – )
Zoom (HKUS-1-5-21-3585060817-1390663791-933909649-1001…ZoomUMX) (Version: 5.3.1 (52879.0927) – Zoom Video Communications, Inc.)

Packages:
=========
Advanced Recovery Companion -> C:Program FilesWindowsAppsMicrosoft.AdvancedRecoveryCompanion_1.20040.1221.0_x86__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation)
All My LAN -> C:Program FilesWindowsApps13258Thoroughsoft.AllMyLAN_1.1.7.0_x64__set6qczgvnq5g [2021-11-05] (Thoroughsoft)
AMD Radeon Software -> C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4m [2021-10-30] (Advanced Micro Devices Inc.) [Startup Task]
AV1 Video Extension -> C:Program FilesWindowsAppsMicrosoft.AV1VideoExtension_1.1.41601.0_x64__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation)
Azure VPN Client -> C:Program FilesWindowsAppsMicrosoft.AzureVpn_1.1196.33.0_x64__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation)
BeWidgets -> C:Program FilesWindowsApps55290BeXCool.BeWidgets_0.4.2.0_neutral__n3myysfhx5594 [2021-11-10] (BeXCool) [Startup Task]
Diagnostic Data Viewer -> C:Program FilesWindowsAppsMicrosoft.DiagnosticDataViewer_4.2007.11582.0_x64__8wekyb3d8bbwe [2021-10-22] (Microsoft Corporation)
DTS Sound Unbound -> C:Program FilesWindowsAppsDTSInc.DTSSoundUnbound_2021.4.11.0_x64__t5j2fzbtdg37r [2021-10-31] (DTS, Inc.)
Earth from Above PREMIUM -> C:Program FilesWindowsAppsMicrosoft.EarthfromAbovePREMIUM_1.0.0.0_neutral__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation)
Energy Star -> C:Program FilesWindowsAppsAD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2021-10-24] (HP Inc.)
Files -> C:Program FilesWindowsApps49306atecsolution.FilesUWP_2.0.34.0_x64__et10x9a9vyk8t [2021-11-05] (Yair A)
Fluent Terminal -> C:Program FilesWindowsApps53621FSApps.FluentTerminal_0.7.5.0_x64__87x1pks76srcp [2021-11-05] (FS Apps) [Startup Task]
HP Audio Center -> C:Program FilesWindowsAppsAD2F1837.HPAudioCenter_1.26.249.0_x64__v10z8vjag6ke6 [2021-10-24] (HP Inc.)
HP JumpStarts -> C:Program FilesWindowsAppsAD2F1837.HPJumpStarts_1.10.1627.0_x64__v10z8vjag6ke6 [2021-10-24] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:Program FilesWindowsAppsAD2F1837.HPPCHardwareDiagnosticsWindows_1.8.0.0_x64__v10z8vjag6ke6 [2021-11-09] (HP Inc.)
HP Privacy Settings -> C:Program FilesWindowsAppsAD2F1837.HPPrivacySettings_1.0.42.0_x64__v10z8vjag6ke6 [2021-10-24] (HP Inc.)
HP Smart -> C:Program FilesWindowsAppsAD2F1837.HPPrinterControl_132.2.261.0_x64__v10z8vjag6ke6 [2021-11-10] (HP Inc.)
HP Support Assistant -> C:Program FilesWindowsAppsAD2F1837.HPSupportAssistant_9.10.85.0_x64__v10z8vjag6ke6 [2021-11-03] (HP Inc.)
HP System Event Utility -> C:Program FilesWindowsAppsAD2F1837.HPSystemEventUtility_1.2.11.0_x64__v10z8vjag6ke6 [2021-10-24] (HP Inc.)
iCloud -> C:Program FilesWindowsAppsAppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa [2021-10-04] (Apple Inc.) [Startup Task]
iTunes -> C:Program FilesWindowsAppsAppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa [2021-10-29] (Apple Inc.) [Startup Task]
Linux Cheatsheet -> C:Program FilesWindowsApps51231akshay2000.LinuxCheatsheet_1.2.0.0_neutral__1y7n7bzn5h0zw [2021-11-05] (akshay2000)
Microsoft Accessory Center -> C:Program FilesWindowsAppsMicrosoft.MicrosoftAccessoryCenter_2.16.137.0_x64__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation) [MS Ad]
Microsoft Defender Application Guard Companion -> C:Program FilesWindowsAppsMicrosoft.WindowsDefenderApplicationGuard_1.0.11.0_x64__8wekyb3d8bbwe [2021-11-10] (Microsoft Corporation)
Microsoft Emulator -> C:Program FilesWindowsAppsMicrosoft.MicrosoftEmulator_1.1.1081.0_x64__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation)
Microsoft Remote Desktop -> C:Program FilesWindowsAppsMicrosoft.RemoteDesktop_10.2.1815.0_x64__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-29] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:Program FilesWindowsAppsMicrosoft.Whiteboard_51.0.116.0_x64__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation)
Microsoft Wireless Display Adapter -> C:Program FilesWindowsAppsMicrosoft.SurfaceWirelessDisplayAdapter_4.232.137.0_x64__8wekyb3d8bbwe [2021-10-04] (Microsoft Corporation) [Startup Task]
My Files-X Free -> C:Program FilesWindowsApps21152NeolyonDevs.MyFiles-XFree_7.2.1.0_x64__vm8jndjmd3wd0 [2021-11-05] (Neolyon Devs)
Netflix -> C:Program FilesWindowsApps4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-04-22] (Netflix, Inc.)
Network Inspector -> C:Program FilesWindowsApps48425ShipwreckSoftware.NetworkInspector_2.3.24.0_x64__jh2negtepkzpr [2021-11-05] (Shipwreck Software) [MS Ad]
NFC Kits -> C:Program FilesWindowsApps26830TonyLin.NFCKits_1.1.2.0_x64__xzh44wb246sn4 [2021-11-05] (Tony Lin)
Night Skies PREMIUM -> C:Program FilesWindowsAppsMicrosoft.NightSkiesPREMIUM_1.0.0.0_neutral__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation)
Notifications Visualizer -> C:Program FilesWindowsApps58300WindowsNotifications.NotificationsVisualizer_5.0.2.0_x64__8rkfj2ay7vd1w [2021-11-05] (Windows Notifications)
OneDrive -> C:Program FilesWindowsAppsmicrosoft.microsoftskydrive_19.23.17.0_x64__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation)
OpenCL and OpenGL® Compatibility Pack -> C:Program FilesWindowsAppsMicrosoft.D3DMappingLayers_0.2109.1.0_x64__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation)
Photos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation)
Power BI Desktop -> C:Program FilesWindowsAppsMicrosoft.MicrosoftPowerBIDesktop_2.98.1025.0_x64__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation)
PowerShell -> C:Program FilesWindowsAppsMicrosoft.PowerShell_7.2.0.0_x64__8wekyb3d8bbwe [2021-11-10] (Microsoft Corporation)
Python 3.9 -> C:Program FilesWindowsAppsPythonSoftwareFoundation.Python.3.9_3.9.2288.0_x64__qbz5n2kfra8p0 [2021-11-08] (Python Software Foundation)
Simple HTTP Server -> C:Program FilesWindowsApps4000Firefly.SimpleHTTPServer_1.1.10.1000_x64__81c33pmqjvr8w [2021-11-05] (Firefly)
Simple Solitaire -> C:Program FilesWindowsApps26720RandomSaladGamesLLC.SimpleSolitaire_7.4.4.0_x64__kx24dqmazqk8j [2021-10-24] (Random Salad Games LLC)
Speedtest by Ookla -> C:Program FilesWindowsAppsOokla.SpeedtestbyOokla_1.15.163.0_x64__43tkc6nmykmb6 [2021-10-21] (Ookla)
Street Views PREMIUM -> C:Program FilesWindowsAppsMicrosoft.StreetViewsPREMIUM_1.0.0.0_neutral__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation)
Surface Diagnostic Toolkit -> C:Program FilesWindowsAppsMicrosoft.SurfaceDiagnostics_2.168.139.0_x64__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation) [Startup Task]
Telegram Desktop -> C:Program FilesWindowsAppsTelegramMessengerLLP.TelegramDesktop_3.2.1.0_x64__t4vj0pshhgkwm [2021-11-05] (Telegram Messenger LLP) [Startup Task]
WhatsApp Desktop -> C:Program FilesWindowsApps5319275A.WhatsAppDesktop_2.2142.12.0_x64__cv1g1gvanyjgm [2021-11-06] (WhatsApp Inc.)
WiFi Analyzer -> C:Program FilesWindowsApps19965MATTHAFNER.WIFIANALYZER_2.6.1.0_x64__gs5k5vmxr2ste [2021-10-23] (Matt Hafner)
Windbg Preview -> C:Program FilesWindowsAppsMicrosoft.WinDbg_1.2111.9001.0_neutral__8wekyb3d8bbwe [2021-11-10] (Microsoft Corporation)
Windows App Studio Installer -> C:Program FilesWindowsAppsMicrosoft.WindowsAppStudioInstaller_1.0.18.0_x86__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation) [MS Ad]
Windows Community Toolkit Sample App -> C:Program FilesWindowsAppsMicrosoft.UWPCommunityToolkitSampleApp_7.1.0.0_x64__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation)
Windows File Manager -> C:Program FilesWindowsAppsMicrosoft.WindowsFileManager_10.1.4.0_x64__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation)
Windows File Recovery -> C:Program FilesWindowsAppsMicrosoft.WindowsFileRecovery_0.1.20151.0_x64__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation)
Windows Performance Analyzer -> C:Program FilesWindowsAppsMicrosoft.WindowsPerformanceAnalyzer_10.0.19041.0_x64__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation)
Windows Terminal Preview -> C:Program FilesWindowsAppsMicrosoft.WindowsTerminalPreview_1.12.2931.0_x64__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation) [Startup Task]
Windows® 10X Emulator Image 10.0.19578.0 (Preview) -> C:Program FilesWindowsAppsMicrosoft.Windows10XEmulatorImage10.0.19578.0Previ_1.0.1.0_x64__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation)
World National Parks -> C:Program FilesWindowsAppsMicrosoft.WorldNationalParks_1.0.0.0_neutral__8wekyb3d8bbwe [2021-11-05] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKUS-1-5-21-3585060817-1390663791-933909649-1004_ClassesCLSID{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive – Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:Program FilesMicrosoft OneDrive21.205.1003.0005FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:Program FilesMicrosoft OneDrive21.205.1003.0005FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:Program FilesMicrosoft OneDrive21.205.1003.0005FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:Program FilesMicrosoft OneDrive21.205.1003.0005FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:Program FilesMicrosoft OneDrive21.205.1003.0005FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:Program FilesMicrosoft OneDrive21.205.1003.0005FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:Program FilesMicrosoft OneDrive21.205.1003.0005FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:Program FilesMicrosoft OneDrive21.205.1003.0005FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:Program FilesMicrosoft OneDrive21.205.1003.0005FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:Program FilesMicrosoft OneDrive21.205.1003.0005FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:Program FilesMicrosoft OneDrive21.205.1003.0005FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:Program FilesMicrosoft OneDrive21.205.1003.0005FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:Program FilesMicrosoft OneDrive21.205.1003.0005FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:Program FilesMicrosoft OneDrive21.205.1003.0005FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:Program FilesMicrosoft OneDrive21.205.1003.0005FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:Program Files (x86)Gpg4winbin_64gpgex.dll [2021-06-11] (g10 Code GmbH) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:Program FilesMicrosoft OneDrive21.205.1003.0005FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:Program Files (x86)Gpg4winbin_64gpgex.dll [2021-06-11] (g10 Code GmbH) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:Program FilesMicrosoft OneDrive21.205.1003.0005FileSyncShell64.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:windowsSystem32atiacm64.dll [2021-07-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:UsersroikiOneDriveDesktopYouTube.lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) -> –profile-directory=Default –app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:UsersroikiAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsYouTube.lnk -> C:Program FilesGoogleChromeApplicationchrome_proxy.exe (Google LLC) -> –profile-directory=Default –app-id=agimnkijcaahngcdmfeangaknmldooml

==================== Loaded Modules (Whitelisted) =============

2021-11-05 09:48 – 2021-11-05 09:48 – 001497600 _____ () [File not signed] C:Program FilesWindowsApps49306atecsolution.FilesUWP_2.0.34.0_x64__et10x9a9vyk8te_sqlite3.dll
2021-11-05 23:49 – 2021-11-05 23:49 – 030006272 _____ () [File not signed] C:Program FilesWindowsApps49306atecsolution.FilesUWP_2.0.34.0_x64__et10x9a9vyk8tFiles.dll
2021-10-30 21:51 – 2021-10-30 21:51 – 000438784 _____ () [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareamdlinkremoteserver.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000017920 _____ () [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwarelibEGL.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 003567616 _____ () [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwarelibGLESv2.dll
2021-10-30 21:51 – 2021-10-30 21:51 – 000258560 _____ () [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareWirelessVR-windesktop64.dll
2021-09-01 05:23 – 2021-09-01 05:23 – 000144896 _____ () [File not signed] C:ProgramDataLogishrdLogiOptionsSoftwareCurrentlaclientlibssh2.dll
2021-09-01 05:23 – 2021-09-01 05:23 – 000077824 _____ () [File not signed] C:ProgramDataLogishrdLogiOptionsSoftwareCurrentlaclientzlib.dll
2021-11-11 12:21 – 2021-11-11 01:29 – 000152064 _____ () [File not signed] C:UsersroikiAppDataLocalProgramsnordpassresourcesapp.asar.unpackeddistdesktopmainbinding.node
2021-11-11 12:21 – 2021-11-11 01:29 – 000637440 _____ () [File not signed] C:UsersroikiAppDataLocalProgramsnordpassresourcesapp.asar.unpackeddistdesktopmainkeytar.node
2021-10-07 15:05 – 2021-10-07 15:05 – 000138240 _____ () [File not signed] C:windowsassemblyNativeImages_v4.0.30319_32Interop.IWs06dcaa36#92637a3c2065a1153c4f965968887fe1Interop.IWshRuntimeLibrary.ni.dll
2021-06-11 10:51 – 2021-06-11 10:51 – 000454144 _____ (g10 Code GmbH) [File not signed] C:Program Files (x86)Gpg4winbin_64gpgex.dll
2021-10-07 15:04 – 2021-10-07 15:04 – 000134656 _____ (hardcodet.net) [File not signed] C:windowsassemblyNativeImages_v4.0.30319_32Hardcodet.W6cab32f3#5f1fd4492ede1ca24611f23f2df7e520Hardcodet.Wpf.TaskbarNotification.ni.dll
2020-09-29 18:18 – 2020-09-29 18:18 – 000014336 _____ (HP Inc.) [File not signed] C:Program FilesWindowsAppsAD2F1837.HPSystemEventUtility_1.2.11.0_x64__v10z8vjag6ke6SystemEventUtilityNativeRpcClient.DLL
2021-10-07 15:05 – 2021-10-07 15:05 – 001701888 _____ (Mark Heath & Contributors) [File not signed] C:windowsassemblyNativeImages_v4.0.30319_32NAudio3261e6eb39c8964c36ff26b92e490c1fNAudio.ni.dll
2020-09-15 14:53 – 2020-09-15 14:53 – 000000000 ____L (Microsoft Corporation) [simlink -> C:Program FilesCommon FilesMicrosoft SharedClickToRunAppvIsvSubsystems64.dll] C:Program FilesMicrosoft OfficeRootOffice16AppVIsvSubsystems64.dll
2020-09-15 14:53 – 2020-09-15 14:53 – 000000000 ____L (Microsoft Corporation) [simlink -> C:Program FilesCommon FilesMicrosoft SharedClickToRunC2R64.dll] C:Program FilesMicrosoft OfficeRootOffice16c2r64.dll
2021-10-07 15:05 – 2021-10-07 15:05 – 003060736 _____ (Newtonsoft) [File not signed] C:windowsassemblyNativeImages_v4.0.30319_32Newtonsoft.Json30e697f36d1cf7be451e81623dd8262Newtonsoft.Json.ni.dll
2021-10-11 10:06 – 2021-10-11 10:06 – 003864576 _____ (Newtonsoft) [File not signed] C:windowsassemblyNativeImages_v4.0.30319_64Newtonsoft.Jsonfbb7efe1ef62c41c0bc661bac8028aa3Newtonsoft.Json.ni.dll
2021-10-07 15:04 – 2021-10-07 15:04 – 000793088 _____ (The Apache Software Foundation) [File not signed] C:windowsassemblyNativeImages_v4.0.30319_32log4net80b5521fcdbb4c7192f671464274f9blog4net.ni.dll
2021-09-01 05:23 – 2021-09-01 05:23 – 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:ProgramDataLogishrdLogiOptionsSoftwareCurrentlaclientLIBCURL.dll
2021-09-01 05:23 – 2021-09-01 05:23 – 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:ProgramDataLogishrdLogiOptionsSoftwareCurrentlaclientLIBEAY32.dll
2021-09-01 05:23 – 2021-09-01 05:23 – 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:ProgramDataLogishrdLogiOptionsSoftwareCurrentlaclientSSLEAY32.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000031744 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwarepluginsimageformatsqgif.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000039424 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwarepluginsimageformatsqicns.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000031744 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwarepluginsimageformatsqico.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000414720 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwarepluginsimageformatsqjpeg.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000025088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwarepluginsimageformatsqsvg.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000024576 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwarepluginsimageformatsqtga.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000023552 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwarepluginsimageformatsqwbmp.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000532992 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwarepluginsimageformatsqwebp.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 001441792 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwarepluginsplatformsqwindows.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 001189888 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwarepluginssqldriversqsqlite.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000134656 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwarepluginsstylesqwindowsvistastyle.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 006184448 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQt5Core.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 006867456 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQt5Gui.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000735232 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQt5Multimedia.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000120832 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQt5MultimediaQuick.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 001104896 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQt5Network.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000325120 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQt5Positioning.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 003668480 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQt5Qml.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000517120 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQt5QmlModels.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000051712 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQt5QmlWorkerScript.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 004228608 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQt5Quick.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000171008 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQt5QuickControls2.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 001085440 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQt5QuickTemplates2.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000480256 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQt5RemoteObjects.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000205824 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQt5Sql.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000329728 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQt5Svg.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000127488 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQt5WebChannel.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000390656 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQt5WebEngine.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 095598080 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQt5WebEngineCore.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 005587968 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQt5Widgets.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000462848 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQt5WinExtras.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000188928 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQt5Xml.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 002878464 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQt5XmlPatterns.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000055808 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQtGraphicalEffectsprivateqtgraphicaleffectsprivate.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000059392 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQtGraphicalEffectsqtgraphicaleffectsplugin.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000262144 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQtMultimediadeclarative_multimedia.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000017920 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQtQmlqmlplugin.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000017920 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQtQuick.2qtquick2plugin.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000284160 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQtQuickControls.2qtquickcontrols2plugin.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000333824 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQtQuickControlsqtquickcontrolsplugin.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000136704 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQtQuickDialogsdialogplugin.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000090112 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQtQuickLayoutsqquicklayoutsplugin.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000313856 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQtQuickTemplates.2qtquicktemplates2plugin.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000017920 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQtQuickWindow.2windowplugin.dll
2021-10-15 13:25 – 2021-10-15 13:25 – 000091648 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.20025.0_x64__0a9344xs7nr4mradeonsoftwareQtWebEngineqtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBVpnService => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBVpnService => “”=”Service”

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM -> {972F8748-4C50-463A-BABD-CB3859E28731} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {972F8748-4C50-463A-BABD-CB3859E28731} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKUS-1-5-21-3585060817-1390663791-933909649-1001 -> {972F8748-4C50-463A-BABD-CB3859E28731} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:Program FilesBitdefenderBitdefender Securitybdtbie.dll [2021-10-26] (Bitdefender SRL -> Bitdefender)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:Program FilesBitdefenderBitdefender Securitypmbxie.dll [2021-10-26] (Bitdefender SRL -> Bitdefender)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:Program FilesLogitechSetPointPSetPointSmooth.dll [2020-11-20] (Logitech Inc -> Logitech, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:Program Files (x86)HPHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPluginx64.dll [2020-09-15] (HP Inc. -> HP Inc.)
BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:Program FilesBitdefenderBitdefender Securityantispam32bdtbie.dll [2021-10-26] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:Program FilesBitdefenderBitdefender SecurityAntispam32pmbxie.dll [2021-10-26] (Bitdefender SRL -> Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16OCHelper.dll [2021-10-30] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:Program FilesLogitechSetPointP32-bitSetPointSmooth.dll [2020-11-20] (Logitech Inc -> Logitech, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:Program Files (x86)HPHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll [2020-09-15] (HP Inc. -> HP Inc.)
Toolbar: HKLM – Bitdefender Wallet – {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} – C:Program FilesBitdefenderBitdefender Securitypmbxie.dll [2021-10-26] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM-x32 – Bitdefender Wallet – {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} – C:Program FilesBitdefenderBitdefender SecurityAntispam32pmbxie.dll [2021-10-26] (Bitdefender SRL -> Bitdefender)
Handler: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-10-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-10-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-10-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-10-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-10-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-10-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-10-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-10-30] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 04:14 – 2021-11-11 22:24 – 000001056 _____ C:windowssystem32driversetchosts
127.0.0.1 kubernetes.docker.internal

2021-10-11 18:34 – 2021-11-11 23:36 – 000000507 _____ C:windowssystem32driversetchosts.ics
172.25.16.1 DESKTOP-7O72RF3.mshome.net # 2026 11 3 11 4 36 44 446
8.137.119 LG-K30.mshome.net # 2021 11 1 1 5 23 33 729

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLMSystemCurrentControlSetControlSession ManagerEnvironment\Path -> C:Program FilesAdoptOpenJDKjre-11.0.7.10-hotspotbin;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;%SYSTEMROOT%System32OpenSSH;C:Program Files (x86)Gpg4win..GnuPGbin;C:Program FilesPowerShell7;C:Program Filesdotnet;C:Program FilesMicrosoft SQL Server130ToolsBinn;C:Program FilesMicrosoft SQL ServerClient SDKODBC170ToolsBinn;C:Program Files (x86)IncrediBuild;C:Program FilesDockerDockerresourcesbin;C:ProgramDataDockerDesktopversion-bin;C:Program Files (x86)dotnet
HKUS-1-5-21-3585060817-1390663791-933909649-1001Control PanelDesktop\Wallpaper -> c:windowswebwallpapertheme1img13.jpg
HKUS-1-5-21-3585060817-1390663791-933909649-1004Control PanelDesktop\Wallpaper -> C:UsersroikiAppDataLocalMicrosoftBingWallpaperAppWPImages20211111.jpg
HKUS-1-5-21-3585060817-1390663791-933909649-1008Control PanelDesktop\Wallpaper -> C:WindowsWebWallpaperWindowsimg0.jpg
DNS Servers: 75.75.75.75 – 75.75.76.76
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

Network Binding:
=============
Local Area Connection: NordVPN LightWeight Firewall -> NordLwf (enabled)
vEthernet (Default Switch): NordVPN LightWeight Firewall -> NordLwf (enabled)
vEthernet (Ethernet): NordVPN LightWeight Firewall -> NordLwf (enabled)
vEthernet (Wi-Fi): NordVPN LightWeight Firewall -> NordLwf (enabled)
Wi-Fi: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM…StartupApprovedStartupFolder: => “Avast SecureLine VPN.lnk”
HKLM…StartupApprovedStartupFolder: => “AnyDesk.lnk”
HKLM…StartupApprovedRun: => “Logitech Download Assistant”
HKLM…StartupApprovedRun: => “TuneupUI.exe”
HKLM…StartupApprovedRun32: => “SunJavaUpdateSched”
HKLM…StartupApprovedRun32: => “IncrediBuild Agent Monitor”
HKUS-1-5-21-3585060817-1390663791-933909649-1004…StartupApprovedRun: => “NordVPN”
HKUS-1-5-21-3585060817-1390663791-933909649-1004…StartupApprovedRun: => “LogiBolt”

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{9B57EFF9-5883-4F70-A647-0C4DF1D37DE0}C:programdatalogishrdlogioptionssoftwarecurrentlogioptionsmgr.exe] => (Allow) C:programdatalogishrdlogioptionssoftwarecurrentlogioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{14F289DD-155A-483B-961C-2D79BA327999}C:programdatalogishrdlogioptionssoftwarecurrentlogioptionsmgr.exe] => (Allow) C:programdatalogishrdlogioptionssoftwarecurrentlogioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{DCDEF9F4-AB37-45DB-BCFA-D4000CD4D62A}] => (Block) C:programdatalogishrdlogioptionssoftwarecurrentlogioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{774CA8E6-8BFD-4485-9282-77C125A7049E}] => (Block) C:programdatalogishrdlogioptionssoftwarecurrentlogioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{1E20FFCD-EA0D-4435-8324-D3F7B48DE950}C:program filesgooglechromeapplicationchrome.exe] => (Allow) C:program filesgooglechromeapplicationchrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{E7A0AB82-8BB0-4E4D-A403-1A4102153E8A}C:program filesgooglechromeapplicationchrome.exe] => (Allow) C:program filesgooglechromeapplicationchrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A2F6F634-D4E9-4F03-966D-BFAF3495331C}] => (Block) C:program filesgooglechromeapplicationchrome.exe (Google LLC -> Google LLC)
FirewallRules: [{7A00778A-B570-4C16-A176-EC8287564DF2}] => (Block) C:program filesgooglechromeapplicationchrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C694E8DB-3F3E-4DA4-8837-DCA4B8C8B4AE}] => (Allow) C:UsersroikiDownloadsbitdefender_windows_29287fc8-e2df-4104-98f4-8d8c942255d6.exe (Bitdefender SRL -> )
FirewallRules: [{19701425-C1E4-4437-A023-83A9C27B7447}] => (Allow) C:UsersroikiDownloadsbitdefender_windows_29287fc8-e2df-4104-98f4-8d8c942255d6.exe (Bitdefender SRL -> )
FirewallRules: [{8A795035-AD75-4044-A796-1B2046BB8B72}] => (Allow) C:UsersroikiDownloadsbitdefender_windows_29287fc8-e2df-4104-98f4-8d8c942255d6.exe (Bitdefender SRL -> )
FirewallRules: [{DEE2AC1A-38E2-474E-A53F-76A84556BAED}] => (Allow) C:UsersroikiDownloadsbitdefender_windows_29287fc8-e2df-4104-98f4-8d8c942255d6.exe (Bitdefender SRL -> )
FirewallRules: [{4FD3190C-5C2D-4CB2-AE66-B1B952AA8CDB}] => (Allow) C:Program Files (x86)AnyDeskAnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{1559C4F5-CA8E-4EE4-8D56-4519BF82911E}] => (Allow) C:Program Files (x86)AnyDeskAnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{AD515DB0-BB82-469A-B23E-8A69221A63A1}] => (Allow) C:Program Files (x86)AnyDeskAnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{E49B29CE-656E-431B-AC18-DAB55225D5DA}] => (Allow) C:Program Files (x86)AnyDeskAnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{C5DEAF49-EE28-415E-A6FC-BEEB93B5DEED}] => (Allow) C:Program Files (x86)AnyDeskAnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{24C2758E-83BD-4A79-A4B6-80D2D112BC02}] => (Allow) C:Program Files (x86)AnyDeskAnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)

==================== Restore Points =========================

08-11-2021 11:33:21 Windows Modules Installer
10-11-2021 15:36:42 Windows Modules Installer

==================== Faulty Device Manager Devices ============

Name: NordLynx Tunnel
Description: NordLynx Tunnel
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: WireGuard LLC
Service: wintun
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the “General Properties” tab of the device, click “Troubleshoot” to start the troubleshooting wizard.
Click “Uninstall”, and then click “Scan for hardware changes” to load a usable driver.

Name: Bluetooth Low Energy GATT compliant HID device
Description: Bluetooth Low Energy GATT compliant HID device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: mshidumdf
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click “Update Driver” to update the drivers for this device.
On the “General Properties” tab of the device, click “Troubleshoot” to start the troubleshooting wizard.

==================== Event log errors: ========================

Application errors:
==================
Error: (11/11/2021 11:35:09 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUPDESKTOP-7O72RF3$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{“Message”:”The authority “amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net” does not exist.”}
HTTP/1.1 404 Not Found
Date: Fri, 12 Nov 2021 04:35:08 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: db9c3ae1-8494-436d-bb85-6571afcc63bf

Method: GET(484ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (11/11/2021 10:24:57 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUPDESKTOP-7O72RF3$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{“Message”:”The authority “amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net” does not exist.”}
HTTP/1.1 404 Not Found
Date: Fri, 12 Nov 2021 03:24:56 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: d10666d2-4a93-40ac-bb65-1220efd56b12

Method: GET(516ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (11/11/2021 09:14:13 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUPDESKTOP-7O72RF3$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{“Message”:”The authority “amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net” does not exist.”}
HTTP/1.1 404 Not Found
Date: Fri, 12 Nov 2021 02:14:12 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 11dccbcc-cf8a-452b-bd44-cf62027ef0d8

Method: GET(672ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (11/11/2021 12:14:13 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUPDESKTOP-7O72RF3$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(16ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (11/11/2021 01:30:08 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_SNOOZED.

Error: (11/11/2021 01:29:00 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (11/11/2021 12:17:10 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUPDESKTOP-7O72RF3$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{“Message”:”The authority “amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net” does not exist.”}
HTTP/1.1 404 Not Found
Date: Thu, 11 Nov 2021 05:17:09 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 4ad99a61-0056-4c3d-91b1-7c15f30b0083

Method: GET(813ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (11/10/2021 11:27:09 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPSALauncher.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.SEHException
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)

System errors:
=============
Error: (11/11/2021 11:34:55 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEMCurrentControlSetServicesSNMPParametersTrapConfiguration.

Error: (11/11/2021 11:34:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBVpnService service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/11/2021 11:34:26 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 809) (User: NT AUTHORITY)
Description: Maintenance Scheduler Group Policy Settings are not properly specified for “Invalid registry keys”. Default settings are being used.

Error: (11/11/2021 11:34:26 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 809) (User: NT AUTHORITY)
Description: Maintenance Scheduler Group Policy Settings are not properly specified for “Invalid registry keys”. Default settings are being used.

Error: (11/11/2021 11:34:26 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 809) (User: NT AUTHORITY)
Description: Maintenance Scheduler Group Policy Settings are not properly specified for “Invalid registry keys”. Default settings are being used.

Error: (11/11/2021 11:34:17 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7O72RF3)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (11/11/2021 11:34:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mouse without Borders Service service failed to start due to the following error:
Access is denied.

Error: (11/11/2021 10:24:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBVpnService service failed to start due to the following error:
The system cannot find the file specified.

Windows Defender:
================
Date: 2021-11-11 13:31:24
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-10 09:27:08
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-10 09:19:39
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-07 09:49:38
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-06 13:26:58
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Esulat.A!rfn&threatid=2147745898&enterprise=0
Name: Trojan:Win32/Esulat.A!rfn
Severity: Severe
Category: Trojan
Path: containerfile:_C:UsersroikiDownloadskeygen.rar; file:_C:UsersroikiDownloadskeygen.rar->keygenKeygen.FFF.rar->Keygen.FFF.exe; webfile:_C:UsersroikiDownloadskeygen.rar|http://128.14.157.147:2018/smscasterkey/keygen.rar|pid:2072,ProcessStart:132806932186637695
Detection Origin: Internet
Detection Type: Concrete
Detection Source: Downloads and attachments
Process Name: Unknown
Security intelligence Version: AV: 1.353.539.0, AS: 1.353.539.0, NIS: 1.353.539.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4

CodeIntegrity:
===============
Date: 2021-11-11 23:46:23
Description:
Code Integrity determined that a process (DeviceHarddiskVolume3WindowsSystem32svchost.exe) attempted to load DeviceHarddiskVolume3Program FilesBitdefenderBitdefender Securitybdamsi265462863125900000antimalware_provider64.dll that did not meet the Windows signing level requirements.

Date: 2021-11-11 23:38:09
Description:
Code Integrity determined that a process (DeviceHarddiskVolume3Program FilesWindows DefenderMpCmdRun.exe) attempted to load DeviceHarddiskVolume3Program FilesBitdefenderBitdefender Securitybdamsi265462863125900000antimalware_provider64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: AMI F.41 09/17/2021
Motherboard: HP 8643
Processor: AMD Ryzen 5 3400G with Radeon Vega Graphics
Percentage of memory in use: 63%
Total physical RAM: 10149.11 MB
Available physical RAM: 3710.35 MB
Total Virtual: 20901.11 MB
Available Virtual: 11032.04 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:237.71 GB) (Free:66.72 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:810.36 GB) NTFS

\?Volume{0fe27052-de8a-4119-93e5-af7a29e1e790} (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS
\?Volume{629458e4-0000-0000-0000-010000000000} (PortableBaseLayer) (Fixed) (Total:8 GB) (Free:7.5 GB) NTFS
\?Volume{94e9f3a7-2637-4a70-a3fd-4f752841e044} (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C6A4D96B)

Partition: GPT.

==========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 65C8639A)

Partition: GPT.

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 8 GB) (Disk ID: 629458E4)
Partition 1: (Not Active) – (Size=8 GB) – (Type=07 NTFS)

==================== End of Addition.txt =======================

Source: https://www.bleepingcomputer.com/forums/t/763790/originally-from-marioxxl-under-attack-and-disabled/