Here's the Adwcleaner log:
# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2024-03-04.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-14-2024
# Duration: 00:00:01
# OS: Windows 11 (Build 22621.3593)
# Cleaned: 5
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
Deleted C:\Users\Public\Desktop\Google Chrome.lnk
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
Deleted HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\browser.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\browser.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\App Paths\browser.exe
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1872 octets] - [14/06/2024 07:05:28]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Here's Fixlog.txt:
Fix result of Farbar Recovery Scan Tool (x64) Version: 11.06.2024
Ran by DELL (14-06-2024 07:09:38) Run:1
Running from C:\Users\DELL\Desktop
Loaded Profiles: DELL
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
EmptyTemp:
Unlock: C:\Windows\UV_LastPW.ini
AVG Update Helper (HKLM-x32\...\{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}) (Version: 1.8.1693.6 - AVG Technologies) Hidden
2024-06-10 07:22 - 2024-06-10 09:40 - 000000000 ____D C:\Users\DELL\1000015002
2024-06-09 14:22 - 2024-06-09 14:22 - 000000008 ____H () C:\ProgramData\tit_66.dat
2024-06-09 14:22 - 2024-06-09 14:22 - 000000128 ____H () C:\ProgramData\tres-a.dat
2024-06-09 14:22 - 2024-06-09 14:22 - 000000128 ____H () C:\ProgramData\tres-b.dat
cmd: type C:\Users\DELL\Downloads\tinytask.ini
Task: C:\Windows\Tasks\axplong.job => C:\Users\DELL\AppData\Local\Temp\8254624243\axplong.exe <==== ATTENTION
Task: C:\Windows\Tasks\Dctooux.job => C:\Users\DELL\AppData\Local\Temp\b739b37d80\Dctooux.exe <==== ATTENTION
Task: C:\Windows\Tasks\explortu.job => C:\Users\DELL\AppData\Local\Temp\9217037dc9\explortu.exe <==== ATTENTION
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {86DE970D-0721-41E2-81E1-8C949FE44FA0} - System32\Tasks\Activation-Renewal => C:\ProgramData\Activation-Renewal\Activation_task.cmd [15319 2024-02-24] () [File not signed] -> Task <==== ATTENTION
C:\ProgramData\Activation-Renewal
StartupDir: C:\Users\DELL\AppData\Local\Temp\1000021001\ <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION
S3 BITS_bkp; C:\Windows\System32\qmgr.dll [1388544 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
U2 dosvc_bkp; C:\Windows\system32\dosvc.dll [90112 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S2 UsoSvc_bkp; C:\Windows\system32\usosvc.dll [77824 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 WaaSMedicSvc_bkp; C:\Windows\System32\WaaSMedicSvc.dll [90112 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 wuauserv_bkp; C:\Windows\system32\wuaueng.dll [138112 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
2024-06-10 07:22 - 2024-06-10 09:36 - 000000278 _____ C:\Windows\Tasks\axplong.job
2024-05-25 17:14 - 2024-04-29 13:12 - 000000570 _____ C:\Users\DELL\AppData\LocalLow\6c5f59841cd760e5c8b31e38c77d601a3e17d53e4cac46ebb9247b97e83d576c
2024-05-25 17:13 - 2024-04-29 13:12 - 000129751 _____ C:\Users\DELL\AppData\LocalLow\90105c431cf16f37f3c938b0f52bdbd245a7906c1fca67750340ebb0ae30e8e4
2024-06-01 17:26 - 2024-02-24 19:22 - 000001368 _____ C:\Users\DELL\Desktop\Roblox Studio.lnk
2024-06-06 11:00 - 2024-02-24 19:22 - 000001368 _____ C:\Users\DELL\Desktop\Roblox Player.lnk
2024-06-06 11:00 - 2024-02-24 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2024-06-10 18:12 - 2024-05-02 16:23 - 000000130 _____ C:\Users\DELL\AppData\LocalLow\d184b3a61bf4be513cbb771b07df842ddf56f91b67d9cbe187f53880ca9b5c5d
2024-06-10 17:52 - 2024-05-02 16:23 - 000032382 _____ C:\Users\DELL\AppData\LocalLow\7c20ed46f96c41e8f4707573a4b5f44f7b40b89f3834b85911e9c253e71a658b
2024-06-10 20:36 - 2024-04-29 13:19 - 000035644 _____ C:\Users\DELL\AppData\LocalLow\abdfbee3f482f410934d1e17c2f7f6fa1d3b379b2a07284ffda6ea337445c922
2024-06-10 20:18 - 2024-04-29 13:12 - 000121881 _____ C:\Users\DELL\AppData\LocalLow\6d1a0d74b8983cab26a68cd0cdace1fb63918ce4f5f6aeaeeefb13009d6d5154
2024-06-10 20:00 - 2024-04-29 16:09 - 000023525 _____ C:\Users\DELL\AppData\LocalLow\b15d3a108baf677bad705d2193ceb1d29295e9ae5672296ad2f6ec14fa4d226f
2024-06-10 20:00 - 2024-04-29 16:09 - 000000130 _____ C:\Users\DELL\AppData\LocalLow\9efc7b77bc60a484afa1dbca8105b35ad2d2bcddf61075a21cfb283050ad9d1e
2024-05-16 18:13 - 2024-05-16 18:13 - 000002264 _____ C:\Users\DELL\AppData\LocalLow\8d5ed0a1f16e2933d1fae4f035980cafee65a1b095f818326db75bdb351daf1e
2024-05-14 15:51 - 2024-05-14 15:57 - 007885466 _____ C:\Users\DELL\Downloads\robloxapp-20240514-1549584.mp4
2024-05-14 15:46 - 2024-05-14 15:46 - 005514916 _____ C:\Users\DELL\Downloads\robloxapp-20240514-1543539.mp4
2024-05-14 15:46 - 2024-05-14 15:46 - 002600525 _____ C:\Users\DELL\Downloads\robloxapp-20240514-1545020.mp4
2024-05-14 10:14 - 2024-05-14 10:14 - 000000000 _____ C:\3E2B.tmp
2024-05-18 16:28 - 2024-06-01 09:56 - 000000130 _____ C:\Users\DELL\AppData\LocalLow\491dfa6c5089e8600099e6d1172d3a6bce2aaa0bc0a8fb3c146b3df0d94a5618
2024-05-18 16:28 - 2024-06-01 09:22 - 000046739 _____ C:\Users\DELL\AppData\LocalLow\14cec8a688e7e25ec65d0024a12c37be778db19ee974553c79f1bfd71cb3ee51
2024-05-18 16:04 - 2024-06-01 17:27 - 000000255 _____ C:\Users\DELL\AppData\LocalLow\rbxcsettings.rbx
2024-05-18 16:04 - 2024-05-18 16:04 - 000000000 ____D C:\ProgramData\Roblox
2024-05-26 15:47 - 2024-05-26 15:47 - 005634409 _____ C:\Users\DELL\Downloads\robloxapp-20240526-1545380.mp4
2024-05-25 21:21 - 2024-05-25 21:21 - 000002264 _____ C:\Users\DELL\AppData\LocalLow\1601b4780ec90bb3e96b81accc7fc7435bcaa686ef0d15203be2de0db716fbe3
2024-05-25 20:24 - 2024-05-25 20:24 - 000002264 _____ C:\Users\DELL\AppData\LocalLow\d2bb5501f9a1e82f495b624129ed5f2bbfc05e5cc270a51009eecb57c7c90c7b
2024-05-25 20:22 - 2024-06-10 19:00 - 000000634 _____ C:\Users\DELL\AppData\LocalLow\910c417c7f159199dc0b826dfb0b33c2f0152266127faa5758e27a17dc6d9318
2024-05-25 20:22 - 2024-06-10 18:58 - 000150786 _____ C:\Users\DELL\AppData\LocalLow\09c012558a04e45f3dcd9e5c5790ecc00132d0a2a6c00a2fd74449796ee1d9d7
2024-06-06 12:24 - 2024-06-06 12:24 - 000109192 _____ C:\Users\DELL\AppData\LocalLow\34f6b2483462849a0a6b86842dbaed8595c9b1ea24a510ce6cabb8d612885e8b
2024-06-06 12:24 - 2024-06-06 12:24 - 000000130 _____ C:\Users\DELL\AppData\LocalLow\4fca0a34b497acffbb870a4cea576f3ac71f00928c3146fe3d0d2dac45c9d5fb
2024-06-05 12:11 - 2024-06-05 12:11 - 000256533 _____ C:\Users\DELL\Downloads\rbxfpsunlocker-x64.zip
2024-06-05 12:11 - 2024-06-05 12:11 - 000000000 ____D C:\Users\DELL\Downloads\rbxfpsunlocker-x64
2024-06-09 14:21 - 2024-06-09 14:21 - 000000000 ____D C:\ProgramData\MPGPH131
2024-06-09 14:34 - 2024-06-10 09:36 - 000000280 _____ C:\Windows\Tasks\explortu.job
2024-06-09 14:34 - 2024-06-09 14:34 - 000000000 ____D C:\ProgramData\MSIUpdaterV131_0e77e820e5c00ed5b0585a4d674a2e51
2024-06-09 14:33 - 2024-06-09 14:33 - 000000000 ____D C:\ProgramData\MSIUpdaterV131_f09ac2d587354c6431bf93812ba7548f
2024-06-09 14:33 - 2024-06-09 14:33 - 000000000 ____D C:\ProgramData\MSIUpdaterV131_30f85fd004d4df68ea1f8d35c18db496
2024-06-09 14:23 - 2024-06-09 14:23 - 000000000 ____D C:\ProgramData\oBeyQrPqBvPiiLVB
2024-06-09 14:23 - 2024-06-09 14:23 - 000000000 ____D C:\Program Files (x86)\xSxYkcSdbazbYzGpZTR
2024-06-09 14:23 - 2024-06-09 14:23 - 000000000 ____D C:\Program Files (x86)\vEcQBTYFTXUn
2024-06-09 14:23 - 2024-06-09 14:23 - 000000000 ____D C:\Program Files (x86)\RFIumDCEBXXU2
2024-06-09 14:23 - 2024-06-09 14:23 - 000000000 ____D C:\Program Files (x86)\AClHKqYMJaBBC
2024-06-09 14:22 - 2024-06-09 14:23 - 000000000 ____D C:\Program Files (x86)\ijLlchIpU
2024-06-09 14:22 - 2024-06-09 14:22 - 000000128 ____H C:\ProgramData\tres-b.dat
2024-06-09 14:22 - 2024-06-09 14:22 - 000000128 ____H C:\ProgramData\tres-a.dat
2024-06-09 14:22 - 2024-06-09 14:22 - 000000008 ____H C:\ProgramData\tit_66.dat
2024-06-09 14:21 - 2024-06-09 14:23 - 000000000 ____D C:\ProgramData\DHCGIDHDAKJE
2024-06-09 14:34 - 2024-06-10 09:36 - 000000280 _____ C:\Windows\Tasks\explortu.job
2024-06-09 14:34 - 2024-06-09 14:34 - 000000000 ____D C:\ProgramData\MSIUpdaterV131_0e77e820e5c00ed5b0585a4d674a2e51
2024-06-09 14:33 - 2024-06-09 14:33 - 000000000 ____D C:\ProgramData\MSIUpdaterV131_f09ac2d587354c6431bf93812ba7548f
2024-06-09 14:33 - 2024-06-09 14:33 - 000000000 ____D C:\ProgramData\MSIUpdaterV131_30f85fd004d4df68ea1f8d35c18db496
2024-06-09 14:23 - 2024-06-09 14:23 - 000000000 ____D C:\ProgramData\oBeyQrPqBvPiiLVB
2024-06-09 14:23 - 2024-06-09 14:23 - 000000000 ____D C:\Program Files (x86)\xSxYkcSdbazbYzGpZTR
2024-06-09 14:23 - 2024-06-09 14:23 - 000000000 ____D C:\Program Files (x86)\vEcQBTYFTXUn
2024-06-09 14:23 - 2024-06-09 14:23 - 000000000 ____D C:\Program Files (x86)\RFIumDCEBXXU2
2024-06-09 14:23 - 2024-06-09 14:23 - 000000000 ____D C:\Program Files (x86)\AClHKqYMJaBBC
2024-06-09 14:22 - 2024-06-09 14:23 - 000000000 ____D C:\Program Files (x86)\ijLlchIpU
2024-06-09 14:21 - 2024-06-09 14:23 - 000000000 ____D C:\ProgramData\DHCGIDHDAKJE
2024-06-10 07:23 - 2024-06-10 07:23 - 000000000 ___HD C:\Users\DELL\AppData\Roaming\configurationValue
2024-06-10 07:23 - 2024-06-10 07:23 - 000000000 ____D C:\Users\DELL\AppData\Local\MonsterUpdateService
2024-06-10 07:23 - 2019-11-21 04:54 - 044246016 _____ (Microsoft Corporation) C:\Windows\system32\winsvc.exe
2024-06-10 08:54 - 2024-06-10 08:55 - 186955328 _____ C:\Users\DELL\Downloads\Roblox.Arceus.X.NEO.1.3.2.bypass.apk
2024-06-10 07:36 - 2020-04-01 02:02 - 000002893 _____ C:\Windows\system32\cache.dat
2024-06-10 07:24 - 2024-06-10 07:24 - 000000000 ____D C:\ProgramData\wikombernizc
2024-06-10 07:24 - 2020-03-15 21:08 - 036144128 _____ (Microsoft Corporation) C:\Windows\system32\wincfg.exe
2024-06-10 07:24 - 2020-03-13 13:52 - 009556480 _____ (Microsoft Corporation) C:\Windows\system32\winnet.exe
2024-06-10 07:23 - 2024-06-10 09:36 - 000000278 _____ C:\Windows\Tasks\Dctooux.job
2024-06-10 07:23 - 2024-06-10 09:14 - 038851072 _____ (Microsoft Corporation) C:\Windows\system32\SetupWizard.exe
2024-06-10 12:43 - 2019-11-21 05:59 - 037807616 _____ (Microsoft Corporation) C:\Windows\system32\windefscan.exe
2024-06-10 12:23 - 2019-11-21 11:09 - 041655808 _____ (Microsoft Corporation) C:\Windows\system32\windeffw.exe
R2 winsvc; C:\Windows\system32\winsvc.exe [44246016 2019-11-21] (Microsoft Corporation) [File not signed] <==== ATTENTION
End::
*****************
Restore point was successfully created.
Processes closed successfully.
========= netsh int ip reset C:\resettcpip.txt =========
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= netsh advfirewall reset =========
Ok.
========= End of CMD: =========
"C:\Windows\UV_LastPW.ini" => was unlocked
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}\\SystemComponent" => removed successfully
"C:\Users\DELL\1000015002" Folder move:
C:\Users\DELL\1000015002 => moved successfully
C:\ProgramData\tit_66.dat => moved successfully
C:\ProgramData\tres-a.dat => moved successfully
C:\ProgramData\tres-b.dat => moved successfully
========= type C:\Users\DELL\Downloads\tinytask.ini =========
[TinyTask]
window_x=634
window_y=391
speed=8
speed_custom=8
record_key=8
play_key=0
topmost=0
hide_captions=0
toolbar_padding=5
========= End of CMD: =========
C:\Windows\Tasks\axplong.job => moved successfully
C:\Windows\Tasks\Dctooux.job => moved successfully
C:\Windows\Tasks\explortu.job => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86DE970D-0721-41E2-81E1-8C949FE44FA0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86DE970D-0721-41E2-81E1-8C949FE44FA0}" => removed successfully
C:\Windows\System32\Tasks\Activation-Renewal => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Activation-Renewal" => removed successfully
"C:\ProgramData\Activation-Renewal" Folder move:
C:\ProgramData\Activation-Renewal => moved successfully
StartupDir: C:\Users\DELL\AppData\Local\Temp\1000021001\ <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Policies\Microsoft\MRT => removed successfully
"HKLM\System\CurrentControlSet\Services\BITS_bkp" => removed successfully
BITS_bkp => service removed successfully
HKLM\System\CurrentControlSet\Services\dosvc_bkp => removed successfully
dosvc_bkp => service removed successfully
HKLM\System\CurrentControlSet\Services\UsoSvc_bkp => removed successfully
UsoSvc_bkp => service removed successfully
HKLM\System\CurrentControlSet\Services\WaaSMedicSvc_bkp => removed successfully
WaaSMedicSvc_bkp => service removed successfully
HKLM\System\CurrentControlSet\Services\wuauserv_bkp => removed successfully
wuauserv_bkp => service removed successfully
"C:\Windows\Tasks\axplong.job" => not found
C:\Users\DELL\AppData\LocalLow\6c5f59841cd760e5c8b31e38c77d601a3e17d53e4cac46ebb9247b97e83d576c => moved successfully
C:\Users\DELL\AppData\LocalLow\90105c431cf16f37f3c938b0f52bdbd245a7906c1fca67750340ebb0ae30e8e4 => moved successfully
"C:\Users\DELL\Desktop\Roblox Studio.lnk" => not found
"C:\Users\DELL\Desktop\Roblox Player.lnk" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox" Folder move:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox => moved successfully
C:\Users\DELL\AppData\LocalLow\d184b3a61bf4be513cbb771b07df842ddf56f91b67d9cbe187f53880ca9b5c5d => moved successfully
C:\Users\DELL\AppData\LocalLow\7c20ed46f96c41e8f4707573a4b5f44f7b40b89f3834b85911e9c253e71a658b => moved successfully
C:\Users\DELL\AppData\LocalLow\abdfbee3f482f410934d1e17c2f7f6fa1d3b379b2a07284ffda6ea337445c922 => moved successfully
Could not move "C:\Users\DELL\AppData\LocalLow\6d1a0d74b8983cab26a68cd0cdace1fb63918ce4f5f6aeaeeefb13009d6d5154" => Scheduled to move on reboot.
C:\Users\DELL\AppData\LocalLow\b15d3a108baf677bad705d2193ceb1d29295e9ae5672296ad2f6ec14fa4d226f => moved successfully
C:\Users\DELL\AppData\LocalLow\9efc7b77bc60a484afa1dbca8105b35ad2d2bcddf61075a21cfb283050ad9d1e => moved successfully
C:\Users\DELL\AppData\LocalLow\8d5ed0a1f16e2933d1fae4f035980cafee65a1b095f818326db75bdb351daf1e => moved successfully
C:\Users\DELL\Downloads\robloxapp-20240514-1549584.mp4 => moved successfully
C:\Users\DELL\Downloads\robloxapp-20240514-1543539.mp4 => moved successfully
C:\Users\DELL\Downloads\robloxapp-20240514-1545020.mp4 => moved successfully
C:\3E2B.tmp => moved successfully
C:\Users\DELL\AppData\LocalLow\491dfa6c5089e8600099e6d1172d3a6bce2aaa0bc0a8fb3c146b3df0d94a5618 => moved successfully
C:\Users\DELL\AppData\LocalLow\14cec8a688e7e25ec65d0024a12c37be778db19ee974553c79f1bfd71cb3ee51 => moved successfully
C:\Users\DELL\AppData\LocalLow\rbxcsettings.rbx => moved successfully
"C:\ProgramData\Roblox" Folder move:
C:\ProgramData\Roblox => moved successfully
C:\Users\DELL\Downloads\robloxapp-20240526-1545380.mp4 => moved successfully
C:\Users\DELL\AppData\LocalLow\1601b4780ec90bb3e96b81accc7fc7435bcaa686ef0d15203be2de0db716fbe3 => moved successfully
C:\Users\DELL\AppData\LocalLow\d2bb5501f9a1e82f495b624129ed5f2bbfc05e5cc270a51009eecb57c7c90c7b => moved successfully
C:\Users\DELL\AppData\LocalLow\910c417c7f159199dc0b826dfb0b33c2f0152266127faa5758e27a17dc6d9318 => moved successfully
C:\Users\DELL\AppData\LocalLow\09c012558a04e45f3dcd9e5c5790ecc00132d0a2a6c00a2fd74449796ee1d9d7 => moved successfully
C:\Users\DELL\AppData\LocalLow\34f6b2483462849a0a6b86842dbaed8595c9b1ea24a510ce6cabb8d612885e8b => moved successfully
C:\Users\DELL\AppData\LocalLow\4fca0a34b497acffbb870a4cea576f3ac71f00928c3146fe3d0d2dac45c9d5fb => moved successfully
C:\Users\DELL\Downloads\rbxfpsunlocker-x64.zip => moved successfully
"C:\Users\DELL\Downloads\rbxfpsunlocker-x64" Folder move:
C:\Users\DELL\Downloads\rbxfpsunlocker-x64 => moved successfully
"C:\ProgramData\MPGPH131" Folder move:
C:\ProgramData\MPGPH131 => moved successfully
"C:\Windows\Tasks\explortu.job" => not found
"C:\ProgramData\MSIUpdaterV131_0e77e820e5c00ed5b0585a4d674a2e51" Folder move:
C:\ProgramData\MSIUpdaterV131_0e77e820e5c00ed5b0585a4d674a2e51 => moved successfully
"C:\ProgramData\MSIUpdaterV131_f09ac2d587354c6431bf93812ba7548f" Folder move:
C:\ProgramData\MSIUpdaterV131_f09ac2d587354c6431bf93812ba7548f => moved successfully
"C:\ProgramData\MSIUpdaterV131_30f85fd004d4df68ea1f8d35c18db496" Folder move:
C:\ProgramData\MSIUpdaterV131_30f85fd004d4df68ea1f8d35c18db496 => moved successfully
"C:\ProgramData\oBeyQrPqBvPiiLVB" Folder move:
C:\ProgramData\oBeyQrPqBvPiiLVB => moved successfully
"C:\Program Files (x86)\xSxYkcSdbazbYzGpZTR" Folder move:
C:\Program Files (x86)\xSxYkcSdbazbYzGpZTR => moved successfully
"C:\Program Files (x86)\vEcQBTYFTXUn" Folder move:
C:\Program Files (x86)\vEcQBTYFTXUn => moved successfully
"C:\Program Files (x86)\RFIumDCEBXXU2" Folder move:
C:\Program Files (x86)\RFIumDCEBXXU2 => moved successfully
"C:\Program Files (x86)\AClHKqYMJaBBC" Folder move:
C:\Program Files (x86)\AClHKqYMJaBBC => moved successfully
"C:\Program Files (x86)\ijLlchIpU" Folder move:
C:\Program Files (x86)\ijLlchIpU => moved successfully
"C:\ProgramData\tres-b.dat" => not found
"C:\ProgramData\tres-a.dat" => not found
"C:\ProgramData\tit_66.dat" => not found
"C:\ProgramData\DHCGIDHDAKJE" Folder move:
C:\ProgramData\DHCGIDHDAKJE => moved successfully
"C:\Windows\Tasks\explortu.job" => not found
"C:\ProgramData\MSIUpdaterV131_0e77e820e5c00ed5b0585a4d674a2e51" => not found
"C:\ProgramData\MSIUpdaterV131_f09ac2d587354c6431bf93812ba7548f" => not found
"C:\ProgramData\MSIUpdaterV131_30f85fd004d4df68ea1f8d35c18db496" => not found
"C:\ProgramData\oBeyQrPqBvPiiLVB" => not found
"C:\Program Files (x86)\xSxYkcSdbazbYzGpZTR" => not found
"C:\Program Files (x86)\vEcQBTYFTXUn" => not found
"C:\Program Files (x86)\RFIumDCEBXXU2" => not found
"C:\Program Files (x86)\AClHKqYMJaBBC" => not found
"C:\Program Files (x86)\ijLlchIpU" => not found
"C:\ProgramData\DHCGIDHDAKJE" => not found
"C:\Users\DELL\AppData\Roaming\configurationValue" Folder move:
C:\Users\DELL\AppData\Roaming\configurationValue => moved successfully
"C:\Users\DELL\AppData\Local\MonsterUpdateService" Folder move:
C:\Users\DELL\AppData\Local\MonsterUpdateService => moved successfully
C:\Windows\system32\winsvc.exe => moved successfully
C:\Users\DELL\Downloads\Roblox.Arceus.X.NEO.1.3.2.bypass.apk => moved successfully
C:\Windows\system32\cache.dat => moved successfully
"C:\ProgramData\wikombernizc" Folder move:
C:\ProgramData\wikombernizc => moved successfully
C:\Windows\system32\wincfg.exe => moved successfully
C:\Windows\system32\winnet.exe => moved successfully
"C:\Windows\Tasks\Dctooux.job" => not found
C:\Windows\system32\SetupWizard.exe => moved successfully
C:\Windows\system32\windefscan.exe => moved successfully
C:\Windows\system32\windeffw.exe => moved successfully
HKLM\System\CurrentControlSet\Services\winsvc => removed successfully
winsvc => service removed successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17000021 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 287860994 B
Windows/system/drivers => 33074615 B
Edge => 0 B
Chrome => 69835335 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 57995 B
ProgramData => 57995 B
Public => 57995 B
systemprofile => 57995 B
systemprofile32 => 58005 B
LocalService => 743513 B
NetworkService => 847623 B
DELL => 3006305229 B
RecycleBin => 45903368 B
EmptyTemp: => 3.2 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-06-2024 07:12:19)
C:\Users\DELL\AppData\LocalLow\6d1a0d74b8983cab26a68cd0cdace1fb63918ce4f5f6aeaeeefb13009d6d5154 => Is moved successfully
==== End of Fixlog 07:12:19 ====
Here's FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.06.2024
Ran by DELL (administrator) on K3NANZ (Dell Inc. Latitude 3520) (14-06-2024 07:13:44)
Running from C:\Users\DELL\Desktop\FRST64.exe
Loaded Profiles: DELL
Platform: Microsoft Windows 11 Pro Version 22H2 22621.3593 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avp.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avpui.exe
(C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.144.0_x64__97hta09mmv6hy\Build\Lively.exe ->) (D80CB9E2-21E6-4D9B-8533-660C768F3C5B -> ) C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.144.0_x64__97hta09mmv6hy\Build\Plugins\Watchdog\Lively.Watchdog.exe
(C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.144.0_x64__97hta09mmv6hy\Build\Lively.exe ->) (D80CB9E2-21E6-4D9B-8533-660C768F3C5B -> rocksdanister) C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.144.0_x64__97hta09mmv6hy\Build\Plugins\Cef\Lively.PlayerCefSharp.exe
(C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.144.0_x64__97hta09mmv6hy\Build\Plugins\Cef\Lively.PlayerCefSharp.exe ->) (D80CB9E2-21E6-4D9B-8533-660C768F3C5B -> The CefSharp Authors) C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.144.0_x64__97hta09mmv6hy\Build\Plugins\Cef\CefSharp.BrowserSubprocess.exe <5>
(C:\Program Files\WindowsApps\MicrosoftTeams_24137.2402.2884.4157_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe <6>
(C:\Users\DELL\AppData\Local\Programs\Opera GX\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\DELL\AppData\Local\Programs\Opera GX\109.0.5097.130\opera_crashreporter.exe
(C:\Users\DELL\AppData\Local\Programs\Zalo\Zalo-24.6.2\Zalo.exe ->) (VNG CORPORATION -> ) C:\Users\DELL\AppData\Local\Programs\Zalo\Zalo-24.6.2\plugins\capture\ZaloCall.exe
(C:\Users\DELL\AppData\Local\Programs\Zalo\Zalo-24.6.2\Zalo.exe ->) (VNG CORPORATION -> ) C:\Users\DELL\AppData\Local\Programs\Zalo\Zalo-24.6.2\plugins\capture\ZaloCap.exe
(C:\Users\DELL\AppData\Local\Programs\Zalo\Zalo-24.6.2\Zalo.exe ->) (VNG CORPORATION -> ) C:\Users\DELL\AppData\Local\Programs\Zalo\Zalo-24.6.2\plugins\capture\ZaviMeet.exe
(Discord Inc. -> Discord Inc.) C:\Users\DELL\AppData\Local\Discord\app-1.0.9149\Discord.exe <6>
(DriverStore\FileRepository\cui_dch.inf_amd64_19704598c1c9840a\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_19704598c1c9840a\igfxEMN.exe
(DriverStore\FileRepository\dptf_cpu.inf_amd64_fa6b3fb2c05394c2\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_fa6b3fb2c05394c2\dptf_helper.exe
(explorer.exe ->) (BLIFE TEAM, TOV -> Blife) C:\Users\DELL\AppData\Local\Blife\CustomCursor\CustomCursor.exe
(explorer.exe ->) (Cloudflare, Inc. -> Cloudflare) C:\Program Files\Cloudflare\Cloudflare WARP\Cloudflare WARP.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(explorer.exe ->) (Opera Software AS -> Opera Software) C:\Users\DELL\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe <2>
(explorer.exe ->) (Privado Networks AG -> Privado Networks AG) C:\Program Files (x86)\PrivadoVPN\PrivadoVPN.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_f7373b847419c8d1\WavesSvc64.exe
(Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2404.10.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe <2>
(Opera Norway AS -> Opera Software) C:\Users\DELL\AppData\Local\Programs\Opera GX\opera.exe <27>
(services.exe ->) (Cloudflare, Inc. -> ) C:\Program Files\Cloudflare\Cloudflare WARP\warp-svc.exe
(services.exe ->) (DUC FABULOUS CO.,LTD -> ) C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe
(services.exe ->) (FabulaTech, LLP -> ) C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
(services.exe ->) (FabulaTech, LLP -> ) C:\Program Files\Common Files\VMware\ScannerRedirection\ftscanmgrhv.exe
(services.exe ->) (FabulaTech, LLP -> VMware) C:\Program Files\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe
(services.exe ->) (Intel Corporation -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_3de31b09a0024837\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_19704598c1c9840a\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_fa6b3fb2c05394c2\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1462ab0d367b063b\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_ab7d4ea1d12c01d4\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_9783a0a827c7c2a2\lib\TPMProvisioningService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe
(services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avp.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Privado Networks AG -> Privado Networks AG) C:\Program Files (x86)\PrivadoVPN\PrivadoVPN.Service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe <3>
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files\VMware\Endpoint Telemetry Service\vmwetlm.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_f7373b847419c8d1\WavesAudioService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_f7373b847419c8d1\WavesSysSvc64.exe
(sihost.exe ->) (D80CB9E2-21E6-4D9B-8533-660C768F3C5B -> Lively) C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.144.0_x64__97hta09mmv6hy\Build\Lively.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22621.3522_none_e93c247a42e7cbb6\TiWorker.exe
(VNG CORPORATION -> VNG Corp.) C:\Users\DELL\AppData\Local\Programs\Zalo\Zalo-24.6.2\Zalo.exe <5>
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe [1961360 2023-11-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_f7373b847419c8d1\WavesSvc64.exe [4984408 2022-10-03] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [750672 2024-03-13] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\92.0.0.0\GoogleDriveFS.exe --startup_mode (No File)
HKU\S-1-5-19\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\92.0.0.0\GoogleDriveFS.exe --startup_mode (No File)
HKU\S-1-5-20\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-21-2281438141-2336456411-1489610899-1002\...\Run: [Opera GX Stable] => C:\Users\DELL\AppData\Local\Programs\Opera GX\launcher.exe [2251680 2024-06-13] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-2281438141-2336456411-1489610899-1002\...\Run: [Zalo] => C:\Users\DELL\AppData\Local\Programs\Zalo\Zalo.exe [789328 2024-01-17] (VNG CORPORATION -> VNG Corp.)
HKU\S-1-5-21-2281438141-2336456411-1489610899-1002\...\Run: [PrivadoVPN] => C:\Program Files (x86)\PrivadoVPN\PrivadoVPN.exe [3636064 2024-06-11] (Privado Networks AG -> Privado Networks AG)
HKU\S-1-5-21-2281438141-2336456411-1489610899-1002\...\Run: [Opera GX Browser Assistant] => C:\Users\DELL\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2281438141-2336456411-1489610899-1002\...\Run: [MicrosoftEdgeAutoLaunch_6B770857D9B81538FA9524CBB2D560C5] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4136912 2024-06-06] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2281438141-2336456411-1489610899-1002\...\Run: [CustomCursor] => C:\Users\DELL\AppData\Local\Blife\CustomCursor\CustomCursor.exe [553120 2023-04-07] (BLIFE TEAM, TOV -> Blife)
HKU\S-1-5-21-2281438141-2336456411-1489610899-1002\...\Run: [Discord] => C:\Users\DELL\AppData\Local\Discord\Update.exe [1525024 2024-03-18] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2281438141-2336456411-1489610899-1002\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\92.0.0.0\GoogleDriveFS.exe --startup_mode (No File)
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\125.0.6422.142\Installer\chrmstp.exe [2024-06-05] (Google LLC -> Google LLC)
Startup: C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EVKey.lnk [2023-05-20]
ShortcutTarget: EVKey.lnk -> C:\Program Files\EVKey\EVKey.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cloudflare WARP.lnk [2024-04-06]
ShortcutTarget: Cloudflare WARP.lnk -> C:\Program Files\Cloudflare\Cloudflare WARP\Cloudflare WARP.exe (Cloudflare, Inc. -> Cloudflare)
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03C49304-7D95-46F4-A14A-85527CB8B18A} - System32\Tasks\CocCocUpdateTaskMachineUA => C:\Program Files (x86)\CocCoc\Update\CocCocUpdate.exe [117656 2023-05-20] (COC COC COMPANY LIMITED -> Coc Coc Co., Ltd.)
Task: {A253EE69-A9E7-49A7-9352-02FAA2CFCB97} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem127.0.6490.0{7A32474E-B921-446E-A6A0-C2679479AC5E} => C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
Task: {3CD3AF78-E7D1-479A-A0EB-BDD6672ACD4D} - System32\Tasks\Intel PTT EK Recertification => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_9783a0a827c7c2a2\lib\IntelPTTEKRecertification.exe [855776 2023-09-04] (Intel Corporation -> Intel® Corporation)
Task: {0BE999BD-844A-44F6-9275-05A6D719A365} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [743488 2024-06-10] (Kaspersky Lab JSC -> AO Kaspersky Lab)
Task: {A9ACBD26-47F9-440E-BDCF-28C018A7BEDA} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28498912 2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {506F0E63-11A1-4042-9FDF-A1480F84F685} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28498912 2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {850ED258-20AB-4302-A4CD-3E95EFEC6E28} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [221336 2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {2850A702-2D05-46DE-A741-DD994AA14E1D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [221336 2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {70570095-076B-4A52-93AE-4659EC465538} - System32\Tasks\Microsoft\Windows\WaaSMedic\PerformRemediation => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {32EC8E28-58FE-4FA0-8E8E-06F6D5146B42} - System32\Tasks\Opera GX scheduled Autoupdate 1708765422 => C:\Users\DELL\AppData\Local\Programs\Opera GX\launcher.exe [2251680 2024-06-13] (Opera Norway AS -> Opera Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 127.0.0.1 view-localhost # view localhost server
Tcpip\Parameters: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}: [DhcpDomain] lan
Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}\1413930393: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}\155797E68602C496E6860213: [DhcpNameServer] 192.168.2.253
Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}\84F616E6760235F6E6: [DhcpNameServer] 203.113.131.2 203.113.188.6
Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}\C496E6864647471343: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}\E4567747F6E653D24523D2537403F5537486A7: [DhcpNameServer] 192.168.44.5
Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}\E4567747F6E653D24523D2537403F5537486A7: [DhcpDomain] itotolink.net
Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}\E4567747F6E653D24523F55374F55374: [DhcpNameServer] 192.168.43.3
Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}\E4567747F6E653D24523F55374F55374: [DhcpDomain] itotolink.net
Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}\E4567747F6E6D2534523D2537403F523C2437486A7: [DhcpNameServer] 192.168.44.5
Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}\E4567747F6E6D2534523D2537403F523C2437486A7: [DhcpDomain] itotolink.net
Edge:
=======
Edge Profile: C:\Users\DELL\AppData\Local\Microsoft\Edge\User Data\Default [2024-06-14]
Edge DefaultSearchURL: Default -> hxxps://x-finder.pro/search?q={searchTerms}
Edge DefaultSearchKeyword: Default -> x-finder.pro
Edge DefaultSuggestURL: Default -> hxxps://x-finder.pro/search/suggest.php?q={searchTerms}
Edge Extension: (YoutubeDownloader) - C:\Users\DELL\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\abgdohlnibdejcajjfmngebmdanjldcc [2024-06-09] [UpdateUrl:hxxps://clients74.google.com/service/update2/crx] <==== ATTENTION
Edge Extension: (Kaspersky Protection) - C:\Users\DELL\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2024-06-10]
Edge Extension: (Rewards Search Automator) - C:\Users\DELL\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\eanofdhdfbcalhflpbdipkjjkoimeeod [2024-05-17]
Edge Extension: (Google Docs Offline) - C:\Users\DELL\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-27]
Edge Extension: (Edge relevant text changes) - C:\Users\DELL\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-02]
Edge Extension: (X-finder.pro) - C:\Users\DELL\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\oikgcnjambfooaigmdljblbaeelmekem [2024-06-09]
Edge Extension: (Free VPN for Edge - VPN Proxy VeePN) - C:\Users\DELL\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\panammoooggmlehahpcjckcncfeffcoi [2024-05-17]
Edge HKU\S-1-5-21-2281438141-2336456411-1489610899-1002\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin-x32: @java.com/DTPlugin,version=11.411.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2024-03-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.411.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\plugin2\npjp2.dll [2024-03-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-08] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default [2024-06-14]
CHR DefaultSearchURL: Default -> hxxps://x-finder.pro/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> x-finder.pro
CHR DefaultSuggestURL: Default -> hxxps://x-finder.pro/search/suggest.php?q={searchTerms}
CHR Extension: (Kaspersky Protection) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2024-06-13]
CHR Extension: (uBlock Origin) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-06-13]
CHR Extension: (YoutubeDownloader) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfcdbodapcbfckbfpmgeldfkkgjknceo [2024-06-09] [UpdateUrl:hxxps://clients27.google.com/service/update2/crx] <==== ATTENTION
CHR Extension: (Google Tài liệu ngoại tuyến) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-31]
CHR Extension: (Absolute Enable Right Click & Copy) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdocbkpgdakpekjlhemmfcncgdjeiika [2024-03-22]
CHR Extension: (Trình chạy ứng dụng dành cho Drive (của Google)) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2024-03-04]
CHR Extension: (Thanh toán trên cửa hàng Chrome trực tuyến) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-02-24]
CHR Extension: (X-finder.pro) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikgcnjambfooaigmdljblbaeelmekem [2024-06-09]
CHR Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2024-06-02]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKU\S-1-5-21-2281438141-2336456411-1489610899-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-2281438141-2336456411-1489610899-1002) Opera GXStable - "C:\Users\DELL\AppData\Local\Programs\Opera GX\Launcher.exe"
==================== Services (All) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AarSvc; C:\Windows\System32\AarSvc.dll [720896 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 AarSvc; C:\Windows\SysWOW64\AarSvc.dll [524800 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 AarSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 AarSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 AJRouter; C:\Windows\System32\AJRouter.dll [49152 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 ALG; C:\Windows\System32\alg.exe [110592 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [114688 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
R3 Appinfo; C:\Windows\System32\appinfo.dll [315392 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 AppMgmt; C:\Windows\System32\appmgmts.dll [225280 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 AppMgmt; C:\Windows\SysWOW64\appmgmts.dll [162816 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 AppReadiness; C:\Windows\system32\AppReadiness.dll [860160 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S4 AppVClient; C:\Windows\system32\AppVClient.exe [771480 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 AppXSvc; C:\Windows\system32\appxdeploymentserver.dll [6119424 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 AssignedAccessManagerSvc; C:\Windows\System32\assignedaccessmanagersvc.dll [962560 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 AudioEndpointBuilder; C:\Windows\System32\AudioEndpointBuilder.dll [561152 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [2060288 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 autotimesvc; C:\Windows\System32\autotimesvc.dll [139264 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avp.exe [184768 2022-08-02] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [167936 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 BcastDVRUserService; C:\Windows\System32\BcastDVRUserService.dll [1548288 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 BcastDVRUserService_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 BcastDVRUserService_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 BDESVC; C:\Windows\System32\bdesvc.dll [643072 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 BFE; C:\Windows\System32\bfe.dll [933888 2024-03-15] (Microsoft Windows -> Microsoft Corporation)
S3 BluetoothUserService; C:\Windows\System32\Microsoft.Bluetooth.UserService.dll [499712 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 BluetoothUserService_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 BluetoothUserService_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 BrokerInfrastructure; C:\Windows\System32\psmsrv.dll [290816 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 BTAGService; C:\Windows\System32\BTAGService.dll [1077248 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 BTAGService; C:\Windows\SysWOW64\BTAGService.dll [833024 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 BthAvctpSvc; C:\Windows\System32\BthAvctpSvc.dll [491520 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 bthserv; C:\Windows\system32\bthserv.dll [294912 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 camsvc; C:\Windows\system32\CapabilityAccessManager.dll [864256 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 CaptureService; C:\Windows\System32\CaptureService.dll [180224 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 CaptureService_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 CaptureService_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 cbdhsvc; C:\Windows\System32\cbdhsvc.dll [1056768 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 cbdhsvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 cbdhsvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 CDPSvc; C:\Windows\System32\CDPSvc.dll [704512 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [610304 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 CDPUserSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 CDPUserSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 CertPropSvc; C:\Windows\System32\certprop.dll [221184 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14012520 2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
R2 client_service; C:\Program Files\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe [631232 2024-03-22] (VMware, Inc. -> VMware, Inc.)
R3 ClipSVC; C:\Windows\System32\ClipSVC.dll [1290616 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 CloudBackupRestoreSvc; C:\Windows\System32\CloudRestoreLauncher.dll [1560576 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 CloudBackupRestoreSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 CloudBackupRestoreSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 CloudflareWARP; C:\Program Files\Cloudflare\Cloudflare WARP\warp-svc.exe [32154176 2024-03-29] (Cloudflare, Inc. -> )
S3 cloudidsvc; C:\Windows\system32\cloudidsvc.dll [131072 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S2 coccoc; C:\Program Files (x86)\CocCoc\Update\CocCocUpdate.exe [117656 2023-05-20] (COC COC COMPANY LIMITED -> Coc Coc Co., Ltd.)
S3 CocCocElevationService; C:\Program Files\CocCoc\Browser\Application\124.0.6367.172\elevation_service.exe [1740976 2024-05-07] (COC COC COMPANY LIMITED -> Coc Coc Company Limited)
S3 coccocm; C:\Program Files (x86)\CocCoc\Update\CocCocUpdate.exe [117656 2023-05-20] (COC COC COMPANY LIMITED -> Coc Coc Co., Ltd.)
S3 COMSysApp; C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [46416 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 COMSysApp; C:\Windows\SysWOW64\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [20832 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 ConsentUxUserSvc; C:\Windows\System32\ConsentUxClient.dll [204800 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 ConsentUxUserSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ConsentUxUserSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\system32\coremessaging.dll [1274184 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\SysWOW64\coremessaging.dll [834288 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 cplspcon; C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1462ab0d367b063b\IntelCpHDCPSvc.exe [367216 2024-01-29] (Intel Corporation -> Intel Corporation)
S3 CredentialEnrollmentManagerUserSvc; C:\Windows\system32\CredentialEnrollmentManager.exe [422888 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 CredentialEnrollmentManagerUserSvc_7ecd2; C:\Windows\system32\CredentialEnrollmentManager.exe [422888 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [126976 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 CscService; C:\Windows\System32\cscsvc.dll [786432 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [1433600 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 dcsvc; C:\Windows\system32\dcsvc.dll [946176 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [552960 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 DeviceAssociationBrokerSvc; C:\Windows\System32\deviceaccess.dll [265872 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 DeviceAssociationBrokerSvc; C:\Windows\SysWOW64\deviceaccess.dll [189640 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 DeviceAssociationBrokerSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 DeviceAssociationBrokerSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 DeviceAssociationService; C:\Windows\system32\das.dll [630784 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 DeviceInstall; C:\Windows\system32\umpnpmgr.dll [167936 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 DevicePickerUserSvc; C:\Windows\System32\Windows.Devices.Picker.dll [495616 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 DevicePickerUserSvc; C:\Windows\SysWOW64\Windows.Devices.Picker.dll [355840 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 DevicePickerUserSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 DevicePickerUserSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 DevicesFlowUserSvc; C:\Windows\System32\DevicesFlowBroker.dll [671744 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 DevicesFlowUserSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 DevicesFlowUserSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 DevQueryBroker; C:\Windows\system32\DevQueryBroker.dll [53248 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [427488 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
R2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [337792 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [114688 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 diagsvc; C:\Windows\system32\DiagSvc.dll [253952 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [4751360 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S4 DialogBlockingService; C:\Windows\System32\DialogBlockingService.dll [98304 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 DispBrokerDesktopSvc; C:\Windows\System32\DispBroker.Desktop.dll [491520 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 DisplayEnhancementService; C:\Windows\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll [1273856 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [1187840 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\SysWOW64\Windows.Internal.Management.dll [948224 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 dmwappushservice; C:\Windows\system32\dmwappushsvc.dll [143360 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [472480 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 dot3svc; C:\Windows\System32\dot3svc.dll [409600 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 DPS; C:\Windows\system32\dps.dll [180224 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 DsmSvc; C:\Windows\System32\DeviceSetupManager.dll [311296 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 DsSvc; C:\Windows\System32\DsSvc.dll [180224 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 DusmSvc; C:\Windows\System32\dusmsvc.dll [450560 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 EapHost; C:\Windows\System32\eapsvc.dll [122880 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S2 edgeupdate; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [215992 2022-04-12] (Microsoft Corporation -> Microsoft Corporation)
S3 edgeupdatem; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [215992 2022-04-12] (Microsoft Corporation -> Microsoft Corporation)
S3 EFS; C:\Windows\system32\efssvc.dll [118784 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 embeddedmode; C:\Windows\System32\embeddedmodesvc.dll [176128 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [647168 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 esifsvc; C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_fa6b3fb2c05394c2\esif_uf.exe [2283152 2021-09-09] (Intel Corporation -> Intel Corporation)
R2 EventLog; C:\Windows\System32\wevtsvc.dll [1331200 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 EventSystem; C:\Windows\system32\es.dll [438272 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
R2 EventSystem; C:\Windows\SysWOW64\es.dll [331264 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
R3 fdPHost; C:\Windows\system32\fdPHost.dll [40960 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R3 FDResPub; C:\Windows\system32\fdrespub.dll [57344 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 fhsvc; C:\Windows\system32\fhsvc.dll [139264 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
R2 FontCache; C:\Windows\system32\FntCache.dll [1409024 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [45992 2022-05-06] (Microsoft Corporation -> Microsoft Corporation)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [2357864 2020-08-31] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S3 FrameServer; C:\Windows\system32\FrameServer.dll [1335296 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 FrameServerMonitor; C:\Windows\system32\FrameServerMonitor.dll [348160 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [483400 2022-11-21] (FabulaTech, LLP -> )
R2 ftscanmgrhv; C:\Program Files\Common Files\VMware\ScannerRedirection\ftscanmgrhv.exe [303688 2023-10-25] (FabulaTech, LLP -> )
S3 GameInputSvc; C:\Windows\System32\GameInputSvc.exe [75272 2024-04-11] (Microsoft Corporation -> Microsoft Corporation)
S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\125.0.6422.142\elevation_service.exe [1781536 2024-05-30] (Google LLC -> Google LLC)
S2 GoogleUpdaterInternalService127.0.6490.0; C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
S2 GoogleUpdaterService127.0.6490.0; C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
R2 gpsvc; C:\Windows\System32\gpsvc.dll [1359872 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 GraphicsPerfSvc; C:\Windows\System32\GraphicsPerfSvc.dll [266240 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S4 HfcDisableService; C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ac65d2dfc98d80ce\HfcDisableService.exe [1710280 2022-11-02] (Intel Corporation -> Intel Corporation)
R3 hidserv; C:\Windows\system32\hidserv.dll [73728 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R3 hidserv; C:\Windows\SysWOW64\hidserv.dll [43008 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 HvHost; C:\Windows\System32\hvhostsvc.dll [91520 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 iaStorAfsService; C:\Windows\System32\iaStorAfsService.exe [3234504 2022-11-02] (Intel Corporation -> Intel Corporation)
S3 icssvc; C:\Windows\System32\tetheringservice.dll [278528 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 igccservice; C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_3de31b09a0024837\OneApp.IGCC.WinService.exe [59720 2024-01-29] (Intel Corporation -> )
R2 igfxCUIService2.0.0.0; C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_19704598c1c9840a\igfxCUIServiceN.exe [395888 2024-01-29] (Intel Corporation -> Intel Corporation)
R2 IKEEXT; C:\Windows\System32\ikeext.dll [1531904 2024-03-15] (Microsoft Windows -> Microsoft Corporation)
S3 InstallService; C:\Windows\system32\InstallService.dll [2945024 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 InstallService; C:\Windows\SysWOW64\InstallService.dll [2125824 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_367008a610747d24\lib\SocketHeciServer.exe [803320 2022-12-20] (Intel Corporation -> Intel® Corporation)
R2 Intel® TPM Provisioning Service; C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_9783a0a827c7c2a2\lib\TPMProvisioningService.exe [762584 2023-09-04] (Intel Corporation -> Intel® Corporation)
R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe [530520 2023-10-18] (Intel Corporation -> Intel)
S3 InventorySvc; C:\Windows\system32\inventorysvc.dll [304624 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [843776 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 IpxlatCfgSvc; C:\Windows\System32\IpxlatCfg.dll [81920 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R2 jhi_service; C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe [630280 2023-07-11] (Intel Corporation -> Intel Corporation)
R3 KeyIso; C:\Windows\system32\keyiso.dll [118784 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [70656 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S2 KSDE5.17; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.17\ksde.exe [32008 2024-04-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [397312 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [385024 2024-04-11] (Microsoft Windows -> Microsoft Corporation)
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [364544 2024-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 lfsvc; C:\Windows\System32\lfsvc.dll [86016 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 LicenseManager; C:\Windows\system32\LicenseManagerSvc.dll [143360 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [303104 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 lmhosts; C:\Windows\System32\lmhsvc.dll [59240 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R2 LSM; C:\Windows\System32\lsm.dll [897024 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 LxpSvc; C:\Windows\System32\LanguageOverlayServer.dll [618496 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S2 MapsBroker; C:\Windows\System32\moshost.dll [118784 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 McpManagementService; C:\Windows\System32\McpManagementService.dll [274432 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe [1505416 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [106496 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 MessagingService_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 MessagingService_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 MicrosoftEdgeElevationService; C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe [1905600 2024-06-06] (Microsoft Corporation -> Microsoft Corporation)
S3 MixedRealityOpenXRSvc; C:\Windows\System32\MixedRealityRuntime.dll [166808 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 MixedRealityOpenXRSvc; C:\Windows\SysWOW64\MixedRealityRuntime.dll [116832 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 mpssvc; C:\Windows\system32\mpssvc.dll [1372160 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 MSDTC; C:\Windows\System32\msdtc.exe [167936 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [180224 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
S3 msiserver; C:\Windows\system32\msiexec.exe /V [176128 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe /V [145408 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S4 MsKeyboardFilter; C:\Windows\System32\KeyboardFilterSvc.dll [193904 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 NaturalAuthentication; C:\Windows\System32\NaturalAuth.dll [434176 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 NcaSvc; C:\Windows\System32\ncasvc.dll [188416 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R3 NcbService; C:\Windows\System32\ncbservice.dll [344064 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R3 NcdAutoSetup; C:\Windows\System32\NcdAutoSetup.dll [118784 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 Netlogon; C:\Windows\system32\netlogon.dll [888832 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [730624 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 Netman; C:\Windows\System32\netman.dll [282624 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R3 netprofm; C:\Windows\System32\netprofmsvc.dll [1798144 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 NetSetupSvc; C:\Windows\System32\NetSetupSvc.dll [315392 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [132520 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
R3 NgcCtnrSvc; C:\Windows\System32\NgcCtnrSvc.dll [761856 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 NgcSvc; C:\Windows\system32\ngcsvc.dll [1134592 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 NlaSvc; C:\Windows\System32\netprofmsvc.dll [1798144 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 NPSMSvc; C:\Windows\System32\npsm.dll [225280 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 NPSMSvc; C:\Windows\SysWOW64\npsm.dll [168448 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 NPSMSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 NPSMSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 nsi; C:\Windows\system32\nsisvc.dll [57344 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2004680 2021-09-14] (Nvidia Corporation -> NVIDIA Corporation)
S2 OneSyncSvc; C:\Windows\System32\APHostService.dll [389120 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S2 OneSyncSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 OneSyncSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [376832 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 p2psvc; C:\Windows\system32\p2psvc.dll [454656 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 P9RdrService; C:\Windows\system32\p9rdrservice.dll [122880 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 P9RdrService_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 P9RdrService_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 PcaSvc; C:\Windows\System32\pcasvc.dll [1029608 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 PeerDistSvc; C:\Windows\system32\peerdistsvc.dll [1896448 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 PenService; C:\Windows\System32\PenService.dll [303104 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 PenService_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 PenService_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 perceptionsimulation; C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe [241664 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [22016 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 PhoneSvc; C:\Windows\System32\PhoneService.dll [1089536 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 PimIndexMaintenanceSvc; C:\Windows\System32\PimIndexMaintenance.dll [221184 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 PimIndexMaintenanceSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 PimIndexMaintenanceSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 pla; C:\Windows\system32\pla.dll [1552384 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 pla; C:\Windows\SysWOW64\pla.dll [1547776 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R3 PlugPlay; C:\Windows\system32\umpnpmgr.dll [167936 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [49152 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [376832 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [434176 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R2 Power; C:\Windows\system32\umpo.dll [208896 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
S3 PrintNotify; C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll [4075520 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 PrintWorkflowUserSvc; C:\Windows\System32\PrintWorkflowService.dll [442368 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 PrintWorkflowUserSvc; C:\Windows\SysWOW64\PrintWorkflowService.dll [362496 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 PrintWorkflowUserSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 PrintWorkflowUserSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 PrivadoVPN.Service; C:\Program Files (x86)\PrivadoVPN\PrivadoVPN.Service.exe [76128 2024-06-11] (Privado Networks AG -> Privado Networks AG)
R2 ProfSvc; C:\Windows\system32\profsvc.dll [626688 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 ProtonVPN Service; C:\Program Files\Proton\VPN\v3.2.11\ProtonVPNService.exe [474824 2024-03-27] (Proton AG -> ProtonVPN)
S3 ProtonVPN WireGuard; C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.WireGuardService.exe [474312 2024-03-27] (Proton AG -> ProtonVPN)
S3 PushToInstall; C:\Windows\system32\PushToInstall.dll [438272 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 QWAVE; C:\Windows\system32\qwave.dll [319488 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
S3 QWAVE; C:\Windows\SysWOW64\qwave.dll [253440 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
S3 RasAuto; C:\Windows\System32\rasauto.dll [135168 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R2 RasMan; C:\Windows\System32\rasmans.dll [1101824 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [512000 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [410112 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
S4 RemoteRegistry; C:\Windows\system32\regsvc.dll [192512 2024-03-15] (Microsoft Windows -> Microsoft Corporation)
S3 RetailDemo; C:\Windows\system32\RDXService.dll [806912 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 RmSvc; C:\Windows\System32\RMapi.dll [225280 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [139264 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 RpcLocator; C:\Windows\system32\locator.exe [28672 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R2 RpcSs; C:\Windows\system32\rpcss.dll [1433600 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S2 RstMwService; C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_74e28d819fb21cc3\RstMwService.exe [2058440 2022-12-23] (Intel Corporation -> Intel Corporation)
R2 RtkAudioUniversalService; C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe [1961360 2023-11-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SamSs; C:\Windows\system32\lsass.exe [84096 2024-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [299008 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [204800 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 Schedule; C:\Windows\system32\schedsvc.dll [811008 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [221184 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [176128 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
S3 seclogon; C:\Windows\system32\seclogon.dll [53248 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
R3 SecurityHealthService; C:\Windows\system32\SecurityHealthService.exe [146064 2024-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SEMgrSvc; C:\Windows\system32\SEMgrSvc.dll [1306624 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 SENS; C:\Windows\System32\sens.dll [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1191936 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 SensorService; C:\Windows\system32\SensorService.dll [884736 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [200704 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 SessionEnv; C:\Windows\system32\sessenv.dll [598016 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [469504 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S4 SgrmBroker; C:\Windows\system32\Sgrm\SgrmBroker.exe [414768 2024-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SharedAccess; C:\Windows\System32\ipnathlp.dll [683312 2024-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 SharedRealitySvc; C:\Windows\System32\SharedRealitySvc.dll [339968 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [270336 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [223232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [241664 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 smphost; C:\Windows\System32\smphost.dll [66928 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [46560 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
S3 SmsRouter; C:\Windows\system32\SmsRouterSvc.dll [643072 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 SNMPTrap; C:\Windows\System32\snmptrap.exe [36864 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 spectrum; C:\Windows\system32\spectrum.exe [770048 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 Spooler; C:\Windows\System32\spoolsv.exe [925696 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S2 sppsvc; C:\Windows\system32\sppsvc.exe [4769752 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [299008 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [393216 2022-05-06] (Microsoft Windows -> )
R2 SstpSvc; C:\Windows\system32\sstpsvc.dll [180224 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
R2 StateRepository; C:\Windows\system32\windows.staterepository.dll [6889576 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [5701800 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 StiSvc; C:\Windows\System32\wiaservc.dll [802816 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 StorSvc; C:\Windows\system32\storsvc.dll [888832 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 svsvc; C:\Windows\system32\svsvc.dll [36864 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R3 swprv; C:\Windows\System32\swprv.dll [475136 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R2 SysMain; C:\Windows\system32\sysmain.dll [1019904 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 SystemEventsBroker; C:\Windows\System32\SystemEventsBrokerServer.dll [245760 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [339968 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [257024 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 TbtP2pShortcutService; C:\Windows\TbtP2pShortcutService.exe [254088 2021-10-12] (Intel Corporation -> Intel Corporation)
S3 TermService; C:\Windows\System32\termsrv.dll [1314816 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 TextInputManagementService; C:\Windows\System32\TabSvc.dll [274432 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 Themes; C:\Windows\system32\themeservice.dll [114688 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [344064 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [184320 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R3 TokenBroker; C:\Windows\System32\TokenBroker.dll [1826816 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 TokenBroker; C:\Windows\SysWOW64\TokenBroker.dll [1367552 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 TrkWks; C:\Windows\System32\trkwks.dll [139264 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
S3 TroubleshootingSvc; C:\Windows\system32\MitigationClient.dll [548864 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [226688 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [208896 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S4 tzautoupdate; C:\Windows\SysWOW64\tzautoupdate.dll [159744 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 UdkUserSvc; C:\Windows\System32\windowsudkservices.shellcommon.dll [118784 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 UdkUserSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 UdkUserSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 UevAgentService; C:\Windows\system32\AgentService.exe [1175552 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S4 uhssvc; C:\Program Files\Microsoft Update Health Tools\uhssvc.exe [402904 2023-09-25] (Microsoft Windows -> Microsoft Corporation)
R2 UltraViewService; C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe [230736 2022-11-12] (DUC FABULOUS CO.,LTD -> )
S3 UmRdpService; C:\Windows\System32\umrdp.dll [446464 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 UnistoreSvc; C:\Windows\System32\unistore.dll [1146880 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 UnistoreSvc; C:\Windows\SysWOW64\unistore.dll [933376 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 UnistoreSvc_7ecd2; C:\Windows\System32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 UnistoreSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 upnphost; C:\Windows\System32\upnphost.dll [503808 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
S3 upnphost; C:\Windows\SysWOW64\upnphost.dll [334848 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
S3 UserDataSvc; C:\Windows\System32\userdataservice.dll [1605632 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 UserDataSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 UserDataSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 UserManager; C:\Windows\System32\usermgr.dll [1662976 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 VacSvc; C:\Windows\System32\vac.dll [431160 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 VaultSvc; C:\Windows\System32\vaultsvc.dll [393216 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 vds; C:\Windows\System32\vds.exe [692224 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
S3 vmicguestinterface; C:\Windows\System32\icsvc.dll [312688 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 vmicheartbeat; C:\Windows\System32\icsvc.dll [312688 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 vmickvpexchange; C:\Windows\System32\icsvc.dll [312688 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [143360 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 vmicshutdown; C:\Windows\System32\icsvc.dll [312688 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 vmictimesync; C:\Windows\System32\icsvc.dll [312688 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 vmicvmsession; C:\Windows\System32\icsvc.dll [312688 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\icsvcvss.dll [337280 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 VMUSBArbService; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [1055168 2024-01-19] (VMware, Inc. -> VMware, Inc.)
R2 vmwetlm; C:\Program Files\VMware\Endpoint Telemetry Service\vmwetlm.exe [6327256 2024-01-09] (VMware, Inc. -> VMware, Inc.)
S3 VMWOSQEXT; C:\Program Files\VMware\Endpoint Telemetry Service\vmwosqext.exe [3758512 2023-12-26] (VMware, Inc. -> VMware, Inc.)
R2 vmwsprrdpwks; C:\Program Files\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [803400 2023-04-04] (FabulaTech, LLP -> VMware)
R3 VSS; C:\Windows\system32\vssvc.exe [1449984 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 W32Time; C:\Windows\system32\w32time.dll [557056 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 WalletService; C:\Windows\system32\WalletService.dll [458752 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 WarpJITSvc; C:\Windows\System32\Windows.WARP.JITService.dll [86016 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 WavesAudioService; C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_f7373b847419c8d1\WavesAudioService.exe [160856 2022-10-03] (Waves Inc -> Waves Audio Ltd)
R2 WavesSysSvc; C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_f7373b847419c8d1\WavesSysSvc64.exe [4497496 2022-10-03] (Waves Inc -> Waves Audio Ltd.)
S3 wbengine; C:\Windows\system32\wbengine.exe [1531904 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [929792 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 Wcmsvc; C:\Windows\System32\wcmsvc.dll [1249280 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [487424 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdiServiceHost; C:\Windows\system32\wdi.dll [114688 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [80896 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdiSystemHost; C:\Windows\system32\wdi.dll [114688 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [80896 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe [3236728 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WebClient; C:\Windows\System32\webclnt.dll [249856 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [193024 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R3 webthreatdefsvc; C:\Windows\System32\webthreatdefsvc.dll [206208 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S2 webthreatdefusersvc; C:\Windows\System32\webthreatdefusersvc.dll [312688 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 webthreatdefusersvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 webthreatdefusersvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [217088 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [53248 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [102400 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
R3 WerSvc; C:\Windows\System32\WerSvc.dll [311296 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 WFDSConMgrSvc; C:\Windows\System32\wfdsconmgrsvc.dll [667648 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 WiaRpc; C:\Windows\System32\wiarpc.dll [118784 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe [133704 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [1282464 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\Windows\SysWOW64\winhttp.dll [897288 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [245760 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2850816 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [2338304 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
S3 WireGuardTunnel$PrivadoVPN; C:\Program Files (x86)\PrivadoVPN\PrivadoVPN.Wireguard.Service.exe [32608 2024-06-11] (Privado Networks AG -> Privado Networks AG)
S3 wisvc; C:\Windows\system32\flightsettings.dll [1117184 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 wisvc; C:\Windows\SysWOW64\flightsettings.dll [913800 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 WlanSvc; C:\Windows\System32\wlansvc.dll [2809856 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 wlidsvc; C:\Windows\system32\wlidsvc.dll [2064384 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 wlpasvc; C:\Windows\System32\lpasvc.dll [1224704 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 WManSvc; C:\Windows\system32\Windows.Management.Service.dll [1523712 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 WManSvc; C:\Windows\SysWOW64\Windows.Management.Service.dll [1187840 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [200704 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
R2 WMIRegistrationService; C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_ab7d4ea1d12c01d4\WMIRegistrationService.exe [144064 2023-09-20] (Intel Corporation -> Intel Corporation)
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [942080 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [2086384 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 WpcMonSvc; C:\Windows\System32\WpcDesktopMonSvc.dll [1949696 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [118784 2024-02-24] (Microsoft Windows -> Microsoft Corporation)
R2 WpnService; C:\Windows\system32\WpnService.dll [266240 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S2 WpnUserService; C:\Windows\System32\WpnUserService.dll [106496 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 WpnUserService_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WpnUserService_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 wscsvc; C:\Windows\System32\wscsvc.dll [402368 2024-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [966656 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [716288 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [1470464 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [1044480 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1040384 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 XboxGipSvc; C:\Windows\System32\XboxGipSvc.dll [131072 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
S3 XboxNetApiSvc; C:\Windows\system32\XboxNetApiSvc.dll [1392640 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [532480 2023-05-14] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [184320 2023-05-14] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [106496 2023-05-14] (Microsoft Corporation) [File not signed]
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [237288 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 googledrivefs31357; C:\Windows\System32\DriverStore\FileRepository\googledrivefs31357.inf_amd64_a8bf31a168cf7d00\googledrivefs31357.sys [384712 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R2 hcmon; C:\Windows\system32\DRIVERS\hcmon.sys [72144 2024-01-19] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2546dafe2183e972\iaLPSS2_GPIO2_TGL.sys [131224 2021-07-22] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_1308f85f1b0adf27\iaLPSS2_I2C_TGL.sys [204440 2021-07-22] (Intel Corporation -> Intel Corporation)
S0 iaStorVD; C:\Windows\System32\drivers\iaStorVD.sys [1605320 2022-12-23] (Intel Corporation -> Intel Corporation)
R3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_bc398e7169495415\IntcUSB.sys [922712 2023-10-18] (Intel Corporation -> Intel® Corporation)
R1 klbackupdisk; C:\Windows\system32\DRIVERS\klbackupdisk.sys [105280 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [206600 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [119568 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\Windows\system32\DRIVERS\klflt.sys [533040 2024-06-10] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [841528 2024-04-05] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [2089168 2024-04-05] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.3\Bases\klids.sys [245144 2024-06-10] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1051184 2024-06-10] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [90896 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [104728 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [107328 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [78088 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [88328 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 kltun; C:\Windows\system32\DRIVERS\kltun.sys [92200 2024-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [384656 2024-06-10] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [358736 2024-06-10] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [183728 2024-06-10] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [262712 2024-06-10] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [150280 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [325400 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [294680 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 ovpn-dco; C:\Windows\System32\drivers\ovpn-dco.sys [92664 2024-03-19] (WDKTestCert lev,133391533294737317 -> OpenVPN, Inc)
S3 PrivadoVPNSplitTunneling; C:\Windows\System32\drivers\PrivadoVPNSplitTunneling.sys [29928 2023-12-01] (Privado Networks LLC -> Privado Networks AG)
S3 ProtonVPNCallout; C:\Program Files\Proton\VPN\v3.2.11\Resources\ProtonVPN.CalloutDriver.sys [34176 2023-11-20] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
S3 rtcx21; C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek)
R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [39920 2023-10-02] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 vmwprotect; C:\Windows\system32\DRIVERS\vmwprotect.sys [176144 2024-03-18] (VMware, Inc. -> VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [22080 2024-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [602520 2024-06-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105880 2024-06-05] (Microsoft Windows -> Microsoft Corporation)
R3 WiManH; C:\Windows\System32\DriverStore\FileRepository\wiman.inf_amd64_f54d0a27ac206b8c\WiManH\WiManH.sys [175672 2021-07-28] (Intel Corporation -> Intel Corporation)
S3 wintun; C:\Windows\System32\drivers\wintun.sys [29592 2024-04-06] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\Windows\System32\drivers\wireguard.sys [489368 2024-05-17] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-06-14 07:15 - 2024-06-14 07:15 - 000002264 _____ C:\Users\DELL\AppData\LocalLow\d2bb5501f9a1e82f495b624129ed5f2bbfc05e5cc270a51009eecb57c7c90c7b
2024-06-14 07:14 - 2024-06-14 07:14 - 000959488 _____ (Farbar) C:\Users\DELL\Downloads\FSS.exe
2024-06-14 07:13 - 2024-06-14 07:15 - 000000466 _____ C:\Users\DELL\AppData\LocalLow\910c417c7f159199dc0b826dfb0b33c2f0152266127faa5758e27a17dc6d9318
2024-06-14 07:13 - 2024-06-14 07:14 - 000078167 _____ C:\Users\DELL\Desktop\FRST.txt
2024-06-14 07:13 - 2024-06-14 07:13 - 000106279 _____ C:\Users\DELL\AppData\LocalLow\09c012558a04e45f3dcd9e5c5790ecc00132d0a2a6c00a2fd74449796ee1d9d7
2024-06-14 07:12 - 2024-06-14 07:12 - 000023430 _____ C:\Users\DELL\AppData\LocalLow\7c20ed46f96c41e8f4707573a4b5f44f7b40b89f3834b85911e9c253e71a658b
2024-06-14 07:12 - 2024-06-14 07:12 - 000016811 _____ C:\Users\DELL\AppData\LocalLow\6d1a0d74b8983cab26a68cd0cdace1fb63918ce4f5f6aeaeeefb13009d6d5154
2024-06-14 07:12 - 2024-06-14 07:12 - 000010700 __RSH C:\ProgramData\ntuser.pol
2024-06-14 07:12 - 2024-06-14 07:12 - 000000130 _____ C:\Users\DELL\AppData\LocalLow\d184b3a61bf4be513cbb771b07df842ddf56f91b67d9cbe187f53880ca9b5c5d
2024-06-14 07:11 - 2024-06-14 07:11 - 000000000 ____D C:\Windows\system32\data
2024-06-14 07:10 - 2020-03-15 21:08 - 036144128 _____ (Microsoft Corporation) C:\Windows\system32\wincfg.exe
2024-06-14 07:10 - 2020-03-13 13:52 - 009556480 _____ (Microsoft Corporation) C:\Windows\system32\winnet.exe
2024-06-14 07:09 - 2024-06-14 07:12 - 000021185 _____ C:\Users\DELL\Desktop\Fixlog.txt
2024-06-14 07:07 - 2024-06-14 07:07 - 000000000 ____D C:\Users\DELL\Desktop\FRST-OlderVersion
2024-06-14 07:04 - 2024-06-14 07:05 - 000000000 ____D C:\AdwCleaner
2024-06-14 07:02 - 2024-06-14 07:02 - 000000000 ____D C:\Users\DELL\AppData\Roaming\Sun
2024-06-14 07:02 - 2024-06-14 07:02 - 000000000 ____D C:\Program Files (x86)\Java
2024-06-14 06:57 - 2024-06-14 06:57 - 008790880 _____ (Malwarebytes) C:\Users\DELL\Downloads\adwcleaner_8.4.2.exe
2024-06-14 06:55 - 2024-06-14 06:55 - 000001052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivadoVPN.lnk
2024-06-14 06:55 - 2024-06-14 06:55 - 000001040 _____ C:\Users\Public\Desktop\PrivadoVPN.lnk
2024-06-14 06:54 - 2024-06-14 06:54 - 002348136 _____ (Oracle Corporation) C:\Users\DELL\Downloads\JavaSetup8u411.exe
2024-06-13 17:30 - 2024-06-13 17:30 - 000004156 _____ C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1708765422
2024-06-13 09:55 - 2024-06-13 09:55 - 002147444 _____ C:\Users\DELL\Downloads\RPReplay_Final1718241500.mov
2024-06-11 09:25 - 2024-06-11 09:21 - 000002242 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN.lnk
2024-06-11 09:25 - 2024-06-11 09:21 - 000002104 _____ C:\Users\Public\Desktop\Kaspersky VPN.lnk
2024-06-11 08:19 - 2024-06-11 08:19 - 000000236 _____ C:\Users\DELL\Downloads\discord_backup_codes.txt
2024-06-11 07:24 - 2024-06-14 06:55 - 000000000 ____D C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2024-06-10 20:39 - 2024-06-14 07:14 - 000000000 ____D C:\FRST
2024-06-10 20:37 - 2024-06-14 07:07 - 002395136 _____ (Farbar) C:\Users\DELL\Desktop\FRST64.exe
2024-06-10 19:19 - 2024-06-10 19:27 - 000001323 _____ C:\Users\DELL\Desktop\ESET Online Scanner.lnk
2024-06-10 19:16 - 2024-06-10 19:37 - 000001429 _____ C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2024-06-10 19:16 - 2024-06-10 19:16 - 000000000 ____D C:\Users\DELL\AppData\Local\ESET
2024-06-10 19:15 - 2024-06-10 19:15 - 008389496 _____ (ESET) C:\Users\DELL\Downloads\esetonlinescanner.exe
2024-06-10 19:02 - 2024-06-10 19:02 - 000003612 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{85476211-1900-4E01-901C-36435D9AACDE}
2024-06-10 19:02 - 2024-06-10 19:02 - 000003488 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{296C7589-FA7B-4367-9093-A8D8DA7E1AE6}
2024-06-10 18:59 - 2024-06-10 19:03 - 000000000 ____D C:\Users\DELL\AppData\Roaming\Microsoft\MMC
2024-06-10 17:47 - 2024-06-10 17:47 - 000000000 ____D C:\Users\DELL\Desktop\rkill
2024-06-10 17:37 - 2024-06-10 17:48 - 000003010 _____ C:\Users\DELL\Desktop\Rkill.txt
2024-06-10 17:37 - 2024-06-10 17:37 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\DELL\Downloads\iExplore.exe
2024-06-10 12:56 - 2024-06-10 12:56 - 000000000 ____D C:\Users\DELL\AppData\Local\VirtualStore
2024-06-10 12:27 - 2020-11-03 09:42 - 001340728 _____ (WireGuard LLC) C:\Windows\system32\winlocal.dll
2024-06-10 09:16 - 2024-06-10 09:16 - 000003240 _____ C:\Windows\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2024-06-10 09:15 - 2024-06-10 09:16 - 000000000 ____D C:\Program Files\Common Files\AV
2024-06-10 09:15 - 2024-06-10 09:14 - 000002282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus.lnk
2024-06-10 09:15 - 2024-06-10 09:14 - 000002150 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2024-06-10 09:14 - 2024-06-13 11:16 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2024-06-10 09:14 - 2024-06-11 09:25 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2024-06-10 09:14 - 2021-02-19 21:09 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2024-06-10 09:12 - 2024-06-10 09:12 - 002752888 _____ (Kaspersky) C:\Users\DELL\Downloads\kav21.3.10.391en_26074.exe
2024-06-10 09:12 - 2024-06-10 09:12 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2024-06-09 18:09 - 2024-06-09 18:09 - 000001150 _____ C:\Users\Public\Desktop\Macro Recorder.lnk
2024-06-09 18:09 - 2024-06-09 18:09 - 000000000 ____D C:\Users\DELL\AppData\Local\Microsoft.Windows
2024-06-09 18:09 - 2024-06-09 18:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macro Recorder
2024-06-09 18:09 - 2024-06-09 18:09 - 000000000 ____D C:\Program Files (x86)\MacroRecorder
2024-06-09 18:08 - 2024-06-09 18:08 - 002724984 _____ (Jitbit Software ) C:\Users\DELL\Downloads\MacroRecorderSetup (1).exe
2024-06-09 18:06 - 2024-06-09 18:07 - 000000000 ____D C:\Users\DELL\AppData\Roaming\Macro Recorder
2024-06-09 18:06 - 2024-06-09 18:06 - 000000000 ____D C:\Users\DELL\Documents\Macro Recorder
2024-06-09 18:05 - 2024-06-09 18:05 - 000000000 ____D C:\ProgramData\MacroRecorder
2024-06-09 14:22 - 2024-06-09 14:22 - 000000000 ____D C:\Program Files\AVG
2024-06-09 14:21 - 2024-06-13 08:19 - 000000000 ____D C:\Users\DELL\AppData\Local\Virtual Sound Card
2024-06-09 14:21 - 2024-06-09 14:21 - 000000000 ____D C:\Users\DELL\AppData\Local\SystemCache
2024-06-09 14:21 - 2024-06-09 14:21 - 000000000 ____D C:\Users\DELL\AppData\Local\RageMP131
2024-06-09 14:21 - 2024-06-09 14:21 - 000000000 ____D C:\ProgramData\TIME Verifier 6.9.66
2024-06-09 14:21 - 2024-06-09 14:21 - 000000000 ____D C:\Program Files (x86)\AVG
2024-06-09 14:19 - 2024-06-10 09:40 - 000000000 ____D C:\Users\DELL\Documents\SimpleAdobe
2024-06-09 13:55 - 2024-06-09 13:55 - 000000000 ____D C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.12
2024-06-09 13:55 - 2024-06-09 13:55 - 000000000 ____D C:\Users\DELL\AppData\Local\Package Cache
2024-06-09 13:52 - 2024-06-09 13:52 - 026772456 _____ (Python Software Foundation) C:\Users\DELL\Downloads\python-3.12.4-amd64.exe
2024-06-07 21:50 - 2024-06-07 21:51 - 014610121 _____ C:\Users\DELL\Downloads\Ta ho nuoc o cac thoi diem khac nhau trong ngay (1).pptx
2024-06-07 11:57 - 2024-06-07 11:57 - 000266363 _____ C:\Users\DELL\Downloads\tả cảnh 4 mùa mới.pdf
2024-06-07 11:03 - 2024-06-07 11:03 - 030112521 _____ C:\Users\DELL\Downloads\UMS 2024-2025 SCAN.pdf
2024-06-01 09:38 - 2024-06-01 09:38 - 005619717 _____ C:\Users\DELL\Downloads\2 yr olds learning to dance while parents pretend theyre good.mp4
2024-05-31 22:19 - 2024-05-31 22:19 - 000015092 _____ C:\Users\DELL\Downloads\Template-Pants-R6.webp
2024-05-31 21:59 - 2024-05-31 21:59 - 000124778 _____ C:\Users\DELL\Downloads\Classic-Clothing-Templates (1).zip
2024-05-31 10:44 - 2024-05-31 10:57 - 000000000 ____D C:\Users\DELL\AppData\Local\UNDERTALE
2024-05-31 10:44 - 2024-05-31 10:44 - 000000000 ____D C:\Users\Public\Documents\Steam
2024-05-31 10:43 - 2024-05-31 10:43 - 000000000 ____D C:\Users\DELL\Downloads\Undertale.v1.08
2024-05-30 21:45 - 2024-05-30 21:46 - 173441528 _____ C:\Users\DELL\Downloads\Undertale.v1.08.zip
2024-05-30 19:36 - 2024-05-30 19:37 - 025532592 _____ C:\Users\DELL\Downloads\UndertaleDemo.zip
2024-05-28 21:09 - 2024-05-28 21:09 - 001307926 _____ C:\Users\DELL\Downloads\exploiter report.mp4
2024-05-25 12:50 - 2024-05-25 12:50 - 000101963 _____ C:\Users\DELL\Downloads\Tả trăng.pdf
2024-05-23 17:40 - 2024-05-23 17:40 - 000124778 _____ C:\Users\DELL\Downloads\Classic-Clothing-Templates.zip
2024-05-20 22:30 - 2024-05-20 22:30 - 000201411 _____ C:\Users\DELL\Downloads\Đề, đáp án, lí giải NTT 2023 - 2024.pdf
2024-05-18 09:41 - 2024-05-18 09:41 - 003014656 _____ C:\Users\DELL\Downloads\AutoHotkey_2.0.15_setup.exe
2024-05-18 09:41 - 2024-05-18 09:41 - 000002252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey Window Spy.lnk
2024-05-18 09:41 - 2024-05-18 09:41 - 000001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey Dash.lnk
2024-05-18 09:41 - 2024-05-18 09:41 - 000000000 ____D C:\Users\DELL\AppData\Roaming\Microsoft\HTML Help
2024-05-18 09:41 - 2024-05-18 09:41 - 000000000 ____D C:\Program Files\AutoHotkey
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-06-14 07:14 - 2024-03-24 11:08 - 000000000 ____D C:\Users\DELL\AppData\Roaming\discord
2024-06-14 07:13 - 2024-03-24 11:08 - 000000000 ____D C:\Users\DELL\AppData\Local\Discord
2024-06-14 07:12 - 2024-02-24 16:59 - 000000066 _____ C:\Users\DELL\AppData\Roaming\z_u.txt
2024-06-14 07:12 - 2024-02-24 16:59 - 000000000 ____D C:\Users\DELL\AppData\Local\ZaloPC
2024-06-14 07:12 - 2024-02-24 16:58 - 000000000 ____D C:\Users\DELL\AppData\Roaming\ZaloData
2024-06-14 07:12 - 2024-02-24 16:29 - 000000000 ____D C:\Program Files\Waves
2024-06-14 07:12 - 2024-02-24 15:39 - 000000000 ____D C:\ProgramData\NVIDIA
2024-06-14 07:12 - 2024-02-24 15:34 - 000000000 __SHD C:\Users\DELL\IntelGraphicsProfiles
2024-06-14 07:12 - 2024-02-24 15:34 - 000000000 ____D C:\Intel
2024-06-14 07:12 - 2024-02-24 08:24 - 000012288 ___SH C:\DumpStack.log.tmp
2024-06-14 07:12 - 2023-05-20 11:35 - 000000000 _____ C:\Windows\UV_LastPW.ini
2024-06-14 07:12 - 2023-05-18 12:54 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-06-14 07:12 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\SystemTemp
2024-06-14 07:12 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\ServiceState
2024-06-14 07:12 - 2022-05-07 12:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-06-14 07:11 - 2022-05-07 12:17 - 000524288 _____ C:\Windows\system32\config\BBI
2024-06-14 07:10 - 2024-02-24 21:41 - 000000000 ____D C:\Users\DELL\AppData\LocalLow\Temp
2024-06-14 07:09 - 2024-02-24 08:27 - 000000000 ____D C:\Users\DELL
2024-06-14 07:05 - 2024-02-24 15:39 - 000002212 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-06-14 06:55 - 2024-04-06 13:21 - 000000000 ____D C:\Users\DELL\AppData\Local\Cloudflare
2024-06-14 06:55 - 2024-02-25 09:35 - 000000000 ____D C:\ProgramData\Package Cache
2024-06-14 06:55 - 2022-05-07 12:22 - 000000000 ____D C:\Windows\INF
2024-06-14 06:54 - 2024-04-29 15:51 - 000000000 ____D C:\Program Files (x86)\PrivadoVPN
2024-06-13 18:42 - 2023-05-18 12:54 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-06-13 17:31 - 2024-02-24 08:27 - 000000000 ___SD C:\Users\DELL\AppData\Roaming\Microsoft\Credentials
2024-06-13 17:30 - 2024-02-24 16:03 - 000001477 _____ C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera GX Browser.lnk
2024-06-13 15:52 - 2024-04-29 13:19 - 000000130 _____ C:\Users\DELL\AppData\LocalLow\6bdad7e2b2f0e006a1b2964609240b6498c71fd5a1aeb1e97866f9a43779a743
2024-06-13 11:27 - 2023-05-18 13:04 - 000850324 _____ C:\Windows\system32\PerfStringBackup.INI
2024-06-13 11:02 - 2024-02-24 08:27 - 000000000 ____D C:\Users\DELL\AppData\Local\D3DSCache
2024-06-13 08:13 - 2024-03-24 11:08 - 000002290 _____ C:\Users\DELL\Desktop\Discord.lnk
2024-06-13 08:12 - 2024-04-06 13:21 - 000000000 ____D C:\ProgramData\Cloudflare
2024-06-12 08:02 - 2024-03-31 15:12 - 000000000 ____D C:\Users\DELL\AppData\Roaming\BetterDiscord Installer
2024-06-11 16:33 - 2024-02-25 16:21 - 000000138 _____ C:\Users\DELL\Downloads\tinytask.ini
2024-06-11 10:08 - 2024-03-03 14:20 - 000000000 ____D C:\Windows\Minidump
2024-06-11 10:08 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\LiveKernelReports
2024-06-11 08:48 - 2024-02-25 09:35 - 000000000 ____D C:\ProgramData\PrivadoVPN
2024-06-11 07:24 - 2024-03-16 13:14 - 000000000 ____D C:\Users\DELL\AppData\Local\Roblox
2024-06-10 19:38 - 2023-05-18 13:12 - 000000000 ____D C:\Extra
2024-06-10 15:42 - 2024-03-24 10:43 - 000000000 ____D C:\Users\DELL\AppData\Roaming\turbowarp-desktop
2024-06-10 09:14 - 2022-05-07 12:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-06-10 09:14 - 2022-05-07 12:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2024-06-10 07:23 - 2022-05-07 12:24 - 000000000 __RHD C:\Users\Public\Libraries
2024-06-09 17:26 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\AppReadiness
2024-06-09 14:30 - 2024-02-24 08:27 - 000000000 ____D C:\Users\DELL\AppData\Local\Packages
2024-06-09 14:30 - 2023-05-18 12:57 - 000000000 ____D C:\ProgramData\Packages
2024-06-09 14:30 - 2022-05-07 12:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-06-09 14:23 - 2024-02-24 16:02 - 000000000 ____D C:\Users\DELL\AppData\Roaming\Opera Software
2024-06-09 14:21 - 2022-05-07 12:24 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2024-06-09 09:54 - 2024-03-10 15:06 - 000000000 ____D C:\Users\DELL\AppData\Local\custom-cursor
2024-06-08 14:35 - 2023-05-18 12:55 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-06-07 22:18 - 2024-02-24 08:27 - 000000000 ____D C:\Users\DELL\AppData\Roaming\Microsoft\PowerPoint
2024-06-06 11:01 - 2023-05-20 11:24 - 000002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cốc Cốc.lnk
2024-06-06 11:01 - 2023-05-20 11:24 - 000002228 _____ C:\Users\Public\Desktop\Cốc Cốc.lnk
2024-06-05 07:45 - 2023-05-18 12:54 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-06-05 07:44 - 2024-02-24 15:39 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-06-03 21:05 - 2023-05-20 11:18 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-05-30 19:58 - 2022-05-07 12:20 - 000520192 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2024-05-30 19:58 - 2022-05-07 12:20 - 000400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2024-05-30 19:58 - 2022-05-07 12:20 - 000228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll
2024-05-30 19:58 - 2022-05-07 12:20 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2024-05-30 19:58 - 2022-05-07 12:20 - 000063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2024-05-30 19:58 - 2022-05-07 12:20 - 000049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll
2024-05-30 19:58 - 2022-05-07 12:20 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2024-05-30 19:58 - 2022-05-07 12:20 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\dpnlobby.dll
2024-05-30 19:58 - 2022-05-07 12:20 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll
2024-05-30 19:58 - 2022-05-07 12:20 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll
2024-05-30 19:58 - 2022-05-07 12:20 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll
2024-05-30 19:58 - 2022-05-07 12:20 - 000027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll
2024-05-30 19:58 - 2022-05-07 12:20 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2024-05-30 19:58 - 2022-05-07 12:20 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
2024-05-30 19:58 - 2022-05-07 12:20 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2024-05-30 19:58 - 2022-05-07 12:20 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2024-05-30 19:58 - 2022-05-07 12:20 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnlobby.dll
2024-05-30 19:58 - 2022-05-07 12:20 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2024-05-30 19:58 - 2022-05-07 12:17 - 000000000 ____D C:\Windows\CbsTemp
2024-05-29 14:43 - 2024-02-24 19:19 - 000000000 ____D C:\Users\DELL\Documents\Zalo Received Files
2024-05-25 12:49 - 2024-02-24 08:27 - 000000000 ____D C:\Users\DELL\AppData\Roaming\Microsoft\Word
2024-05-20 21:14 - 2024-02-24 15:38 - 000000000 ____D C:\Program Files (x86)\Google
2024-05-16 17:35 - 2022-05-07 12:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-05-16 17:19 - 2023-05-18 12:54 - 000566784 _____ C:\Windows\system32\FNTCACHE.DAT
2024-05-16 17:18 - 2024-02-24 16:14 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-05-16 17:18 - 2023-05-14 10:29 - 000000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2024-05-16 17:18 - 2023-05-14 10:29 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ___SD C:\Windows\SysWOW64\F12
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ___SD C:\Windows\system32\UNP
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ___SD C:\Windows\system32\F12
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ___RD C:\Windows\PrintDialog
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\UUS
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\SystemResources
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\SystemApps
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\system32\Sgrm
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\system32\oobe
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\system32\migwiz
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\system32\HealthAttestationClient
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\system32\Dism
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\system32\appraiser
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\ShellExperiences
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\ShellComponents
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\BrowserCore
2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\bcastdvr
2024-05-16 17:18 - 2022-05-07 12:17 - 000000000 ____D C:\Windows\servicing
2024-05-16 16:28 - 2024-03-03 12:49 - 000000000 ____D C:\Users\DELL\AppData\Local\GeometryDash
2024-05-16 09:48 - 2024-02-24 15:55 - 000000000 ____D C:\Windows\system32\MRT
2024-05-16 09:38 - 2023-05-18 12:59 - 003214336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-05-16 09:36 - 2024-02-24 15:59 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
==================== Files in the root of some directories ========
2024-02-24 16:58 - 2024-02-24 16:58 - 000000025 _____ () C:\Users\DELL\AppData\Roaming\zmeta.json
2024-02-24 16:59 - 2024-06-14 07:12 - 000000066 _____ () C:\Users\DELL\AppData\Roaming\z_u.txt
==================== FLock ==============================
2024-06-14 07:12 C:\Windows\UV_LastPW.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================