TedH600 0 Posted May 2, 2022 Share Posted May 2, 2022 Hello, I am running Eset Internet Security 15.1.120 on the latest version of Windows 10 Pro 64 bit. Today, Eset detected the PowerShell/Agent.AEW trojan on the startup of my computer. It said that it deleted it. I ran a full Eset scan, but no other viruses were found. I also ran Emsi Soft Emergency Virus Scan and no viruses were found. Now, every time I reboot the PC, the PowerShell/Agent.AEW trojan is detected again. I checked Task Manager startup items, Task Scheduler, and ran Autoruns. I can't find out how the trojan is being recreated on every boot. I attached the log file from Eset. Ypur help is appreciated. Thank you. virus.txt Link to comment Share on other sites More sharing options...
itman 1,659 Posted May 2, 2022 Share Posted May 2, 2022 (edited) 25 minutes ago, TedH600 said: checked Task Manager startup items, Task Scheduler, and ran Autoruns In Autoruns, open the WMI tab and see if anything is displayed there. Also, open Eset Detections log. Then copy the entry associated with the PowerShell detection and post it in your next reply. Edited May 2, 2022 by itman Link to comment Share on other sites More sharing options...
TedH600 0 Posted May 2, 2022 Author Share Posted May 2, 2022 Hello, I checked the WMI tab, but nothing is there. I attached an Autoruns scan with Virustotal data. Thank you. autoruns virus total.txt Link to comment Share on other sites More sharing options...
itman 1,659 Posted May 2, 2022 Share Posted May 2, 2022 Note that only Eset moderators can access forum posting attachments. As such, the Detections log entry will be helpful for anyone else trying to assist you. Link to comment Share on other sites More sharing options...
TedH600 0 Posted May 2, 2022 Author Share Posted May 2, 2022 Thank you. I have included the Autoruns log here: "HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" "" "12/7/2019 5:15 AM" "" + "rdpclip" "RDP Clipboard Monitor" "(Verified) " "c:\windows\system32\rdpclip.exe" "1/25/2007 10:00 PM" "0/73" "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit" "" "" "" "5/2/2022 6:09 PM" "" + "C:\Windows\system32\userinit.exe" "Userinit Logon Application" "(Verified) " "c:\windows\system32\userinit.exe" "3/2/1950 2:07 AM" "0/73" "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet" "" "" "" "5/2/2022 6:09 PM" "" + "SystemPropertiesPerformance.exe" "Change Computer Performance Settings" "(Verified) " "c:\windows\system32\systempropertiesperformance.exe" "1/2/1968 1:18 AM" "0/73" "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell" "" "" "" "4/30/2022 5:39 PM" "" + "cmd.exe" "Windows Command Processor" "(Verified) " "c:\windows\system32\cmd.exe" "12/10/1953 10:58 PM" "0/73" "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "4/30/2022 1:42 AM" "" + "Acrobat Assistant 8.0" "AcroTray" "(Verified) " "c:\program files\adobe\acrobat dc\acrobat\acrotray.exe" "4/7/2022 12:16 AM" "0/73" + "egui" "ESET command line interface" "(Verified) ESET, spol. s r.o." "c:\program files\eset\eset security\ecmds.exe" "3/15/2022 9:41 AM" "0/73" + "Reflect UI" "Macrium Reflect UI Watcher" "(Verified) PARAMOUNT SOFTWARE UK LIMITED" "c:\program files\macrium\common\reflectui.exe" "3/3/2022 2:15 PM" "0/73" + "RtkAudUService" "Realtek HD Audio Universal Service" "(Verified) Realtek Semiconductor Corp." "c:\windows\system32\driverstore\filerepository\realtekservice.inf_amd64_0df2f655a6bd4669\rtkauduservice64.exe" "3/7/2022 6:35 AM" "0/73" + "SecurityHealth" "Windows Security notification icon" "(Verified) " "c:\windows\system32\securityhealthsystray.exe" "9/13/1927 5:41 PM" "0/73" "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" "" "4/23/2022 12:03 AM" "" + "Adobe CCXProcess" "" "(Verified) Adobe Inc." "c:\program files (x86)\adobe\adobe creative cloud experience\ccxprocess.exe" "1/4/2021 5:35 PM" "0/73" + "Razer Synapse" "Razer Synapse" "(Not Verified) Razer Inc." "c:\program files (x86)\razer\synapse\rzsynapse.exe" "10/28/2021 4:16 AM" "0/73" "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "3/30/2022 10:24 PM" "" + "CCleaner Smart Cleaning" "CCleaner" "(Verified) Piriform Software Ltd" "c:\program files\ccleaner\ccleaner64.exe" "4/7/2022 7:40 AM" "0/73" + "Fences" "Fences Settings" "(Verified) STARDOCK SYSTEMS, INC." "c:\program files (x86)\stardock\fences\fences.exe" "12/7/2021 1:18 PM" "0/73" "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "6/6/2021 8:32 PM" "" + "Microsoft Edge" "Microsoft Edge Installer" "(Verified) Microsoft Corporation" "c:\program files (x86)\microsoft\edge\application\101.0.1210.32\installer\setup.exe" "4/27/2022 10:55 PM" "0/73" + "Microsoft Windows Media Player" "Microsoft Windows Media Player Setup Utility" "(Verified) " "c:\windows\system32\unregmp2.exe" "11/8/1972 11:00 AM" "0/73" + "Microsoft Windows Media Player" "Microsoft Windows Media Player Setup Utility" "(Verified) " "c:\windows\system32\unregmp2.exe" "11/8/1972 11:00 AM" "0/73" + "n/a" "Windows host process (Rundll32)" "(Verified) " "c:\windows\system32\rundll32.exe" "7/1/1967 12:25 PM" "0/73" + "Themes Setup" "Windows Theme API" "(Verified) " "c:\windows\system32\themeui.dll" "2/24/1909 5:01 AM" "0/73" + "Web Platform Customizations" "IE Per-User Initialization Utility" "(Verified) " "c:\windows\system32\ie4uinit.exe" "11/25/1911 12:52 AM" "0/73" "HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "6/6/2021 8:32 PM" "" + "Microsoft Windows Media Player" "Microsoft Windows Media Player Setup Utility" "(Verified) " "c:\windows\syswow64\unregmp2.exe" "10/3/1955 9:34 AM" "0/73" + "Microsoft Windows Media Player" "Microsoft Windows Media Player Setup Utility" "(Verified) " "c:\windows\syswow64\unregmp2.exe" "10/3/1955 9:34 AM" "0/73" + "n/a" "Windows host process (Rundll32)" "(Verified) " "c:\windows\syswow64\rundll32.exe" "8/26/2026 12:58 PM" "0/73" "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\IconServiceLib" "" "" "" "4/13/2022 8:32 PM" "" + "IconCodecService.dll" "Converts a PNG part of the icon to a legacy bmp icon" "(Verified) " "c:\windows\system32\iconcodecservice.dll" "3/14/1957 8:50 AM" "0/73" "HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" "" "6/6/2021 8:32 PM" "" + "application/octet-stream" "Microsoft .NET Runtime Execution Engine" "(Verified) " "c:\windows\system32\mscoree.dll" "6/16/2013 5:38 AM" "0/73" + "application/x-complus" "Microsoft .NET Runtime Execution Engine" "(Verified) " "c:\windows\system32\mscoree.dll" "6/16/2013 5:38 AM" "0/73" + "application/x-msdownload" "Microsoft .NET Runtime Execution Engine" "(Verified) " "c:\windows\system32\mscoree.dll" "6/16/2013 5:38 AM" "0/73" "HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" "" "12/7/2019 5:17 AM" "" + "about" "Microsoft (R) HTML Viewer" "(Verified) " "c:\windows\system32\mshtml.dll" "8/23/1961 2:35 PM" "0/73" + "cdl" "OLE32 Extensions for Win32" "(Verified) " "c:\windows\system32\urlmon.dll" "4/24/1964 7:35 AM" "1/73" + "dvd" "ActiveX control for streaming video" "(Verified) " "c:\windows\system32\msvidctl.dll" "7/24/2016 3:30 AM" "0/73" + "file" "OLE32 Extensions for Win32" "(Verified) " "c:\windows\system32\urlmon.dll" "4/24/1964 7:35 AM" "1/73" + "ftp" "OLE32 Extensions for Win32" "(Verified) " "c:\windows\system32\urlmon.dll" "4/24/1964 7:35 AM" "1/73" + "http" "OLE32 Extensions for Win32" "(Verified) " "c:\windows\system32\urlmon.dll" "4/24/1964 7:35 AM" "1/73" + "https" "OLE32 Extensions for Win32" "(Verified) " "c:\windows\system32\urlmon.dll" "4/24/1964 7:35 AM" "1/73" + "its" "Microsoft® InfoTech Storage System Library" "(Verified) " "c:\windows\system32\itss.dll" "9/11/1963 5:55 AM" "0/73" + "javascript" "Microsoft (R) HTML Viewer" "(Verified) " "c:\windows\system32\mshtml.dll" "8/23/1961 2:35 PM" "0/73" + "local" "OLE32 Extensions for Win32" "(Verified) " "c:\windows\system32\urlmon.dll" "4/24/1964 7:35 AM" "1/73" + "mailto" "Microsoft (R) HTML Viewer" "(Verified) " "c:\windows\system32\mshtml.dll" "8/23/1961 2:35 PM" "0/73" + "mhtml" "Microsoft Internet Messaging API Resources" "(Verified) " "c:\windows\system32\inetcomm.dll" "11/28/1997 5:46 PM" "0/73" + "mk" "OLE32 Extensions for Win32" "(Verified) " "c:\windows\system32\urlmon.dll" "4/24/1964 7:35 AM" "1/73" + "ms-its" "Microsoft® InfoTech Storage System Library" "(Verified) " "c:\windows\system32\itss.dll" "9/11/1963 5:55 AM" "0/73" + "res" "Microsoft (R) HTML Viewer" "(Verified) " "c:\windows\system32\mshtml.dll" "8/23/1961 2:35 PM" "0/73" + "tbauth" "TBAuth protocol handler" "(Verified) " "c:\windows\system32\tbauth.dll" "7/16/2002 3:47 PM" "0/73" + "tv" "ActiveX control for streaming video" "(Verified) " "c:\windows\system32\msvidctl.dll" "7/24/2016 3:30 AM" "0/73" + "vbscript" "Microsoft (R) HTML Viewer" "(Verified) " "c:\windows\system32\mshtml.dll" "8/23/1961 2:35 PM" "0/73" + "windows.tbauth" "TBAuth protocol handler" "(Verified) " "c:\windows\system32\tbauth.dll" "7/16/2002 3:47 PM" "0/73" "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" "" "" "" "3/28/2022 8:59 PM" "" + "FencesShellExt" "Stardock Fences Shell Extension" "(Verified) STARDOCK SYSTEMS, INC." "c:\program files (x86)\stardock\fences\fencesmenu64.dll" "12/7/2021 1:18 PM" "0/73" "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects" "" "" "" "12/7/2019 5:54 AM" "" + "Bluetooth Authentication Agent SSO" "Bluetooth Control Panel Applet" "(Verified) " "c:\windows\system32\bthprops.cpl" "12/10/1924 10:33 PM" "0/73" + "Cloud Cache Invalidator SSO" "Cloud Data Store" "(Verified) " "c:\windows\system32\windows.cloudstore.dll" "9/26/1992 9:03 PM" "0/73" + "HomeGroup SSO" "HomeGroup Control Panel" "(Verified) " "c:\windows\system32\hgcpl.dll" "2/28/1940 2:03 AM" "0/73" + "Microsoft VolumeControlService Class" "SCA Volume" "(Verified) " "c:\windows\system32\sndvolsso.dll" "9/2/2015 3:23 PM" "0/73" + "Network Tray SSO" "Network System Icon" "(Verified) " "c:\windows\system32\pnidui.dll" "2/6/1923 5:50 AM" "0/73" + "OneDrive network states cache SSO" "Windows.FileExplorer.Common" "(Verified) " "c:\windows\system32\windows.fileexplorer.common.dll" "8/20/2015 2:49 PM" "0/73" + "Security and Maintenance Shell Service Object" "Security and Maintenance" "(Verified) " "c:\windows\system32\actioncenter.dll" "7/1/1920 4:12 PM" "0/73" + "Setting Sync Monitor Shell Service Object" "Setting Synchronization Change Monitor" "(Verified) " "c:\windows\system32\settingmonitor.dll" "4/4/1973 1:14 AM" "0/73" + "Sync Center Shell Service Object (Internal)" "Microsoft Sync Center" "(Verified) " "c:\windows\system32\synccenter.dll" "7/13/1976 11:41 AM" "0/73" + "UnexpectedShutdownReason" "Systray shell service object" "(Verified) " "c:\windows\system32\stobject.dll" "2/16/1919 9:19 PM" "0/73" + "User Account Control Check Service" "Security and Maintenance Providers" "(Verified) " "c:\windows\system32\hcproviders.dll" "2/26/1903 7:31 PM" "0/73" + "WebCheck" "Shell Doc Object and Control Library" "(Verified) " "c:\windows\system32\shdocvw.dll" "4/22/2030 1:05 AM" "0/73" + "Windows Search Shell Service Object" "Indexing Options" "(Verified) " "c:\windows\system32\srchadmin.dll" "2/1/1991 12:27 AM" "0/73" + "Windows System Reset SSO" "Windows System Reset Platform SSO" "(Verified) " "c:\windows\system32\systemresetplatform\systemresetsso.dll" "8/9/1983 3:21 PM" "0/73" + "Windows To Go Shell Service Object" "Windows To Go Shell Service Object" "(Verified) " "c:\windows\system32\pwsso.dll" "11/16/1969 5:23 PM" "0/73" + "WPDShServiceObj Class" "Windows Portable Device Shell Service Object" "(Verified) " "c:\windows\system32\wpdshserviceobj.dll" "1/11/1942 2:48 PM" "0/73" + "{566296fe-e0e8-475f-ba9c-a31ad31620b1}" "Device Stage Shell Extension" "(Verified) " "c:\windows\system32\dxp.dll" "3/22/1956 4:23 AM" "0/73" + "{C51F0A6B-2A63-4cf4-8938-24404EAEF422}" "Client Side Caching UI" "(Verified) " "c:\windows\system32\cscui.dll" "6/7/1908 5:13 PM" "0/72" "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects" "" "" "" "12/7/2019 5:54 AM" "" + "Bluetooth Authentication Agent SSO" "Bluetooth Control Panel Applet" "(Verified) " "c:\windows\syswow64\bthprops.cpl" "4/12/2024 12:27 AM" "0/73" + "HomeGroup SSO" "HomeGroup Control Panel" "(Verified) " "c:\windows\syswow64\hgcpl.dll" "10/18/1969 4:36 PM" "0/73" + "Microsoft VolumeControlService Class" "SCA Volume" "(Verified) " "c:\windows\syswow64\sndvolsso.dll" "6/27/2023 12:58 PM" "0/73" + "OneDrive network states cache SSO" "Windows.FileExplorer.Common" "(Verified) " "c:\windows\syswow64\windows.fileexplorer.common.dll" "8/23/1920 9:15 AM" "0/73" + "Security and Maintenance Shell Service Object" "Security and Maintenance" "(Verified) " "c:\windows\syswow64\actioncenter.dll" "7/2/1937 11:40 PM" "0/73" + "Setting Sync Monitor Shell Service Object" "Setting Synchronization Change Monitor" "(Verified) " "c:\windows\syswow64\settingmonitor.dll" "4/12/1921 7:11 PM" "0/73" + "Sync Center Shell Service Object (Internal)" "Microsoft Sync Center" "(Verified) " "c:\windows\syswow64\synccenter.dll" "8/12/1970 1:29 PM" "0/73" + "UnexpectedShutdownReason" "Systray shell service object" "(Verified) " "c:\windows\syswow64\stobject.dll" "1/6/1909 9:39 AM" "0/73" + "User Account Control Check Service" "Security and Maintenance Providers" "(Verified) " "c:\windows\syswow64\hcproviders.dll" "11/14/1935 11:16 PM" "0/73" + "WebCheck" "Shell Doc Object and Control Library" "(Verified) " "c:\windows\syswow64\shdocvw.dll" "9/20/2000 11:33 PM" "0/72" + "Windows Search Shell Service Object" "Indexing Options" "(Verified) " "c:\windows\syswow64\srchadmin.dll" "3/14/1922 11:28 AM" "0/73" + "WPDShServiceObj Class" "Windows Portable Device Shell Service Object" "(Verified) " "c:\windows\syswow64\wpdshserviceobj.dll" "5/12/1940 12:20 AM" "0/73" "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "4/23/2022 12:01 AM" "" + "AccExt" "Core Sync" "(Verified) Adobe Inc." "c:\program files (x86)\common files\adobe\coresyncextension\coresync_x64.dll" "3/29/2022 1:06 AM" "0/73" + "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "(Verified) Adobe Inc." "c:\program files\adobe\acrobat dc\acrobat elements\contextmenushim64.dll" "12/24/2021 12:16 PM" "0/73" + "ESET Security Shell" "ESET Shell Extension" "(Verified) ESET, spol. s r.o." "c:\program files\eset\eset security\shellext.dll" "3/15/2022 9:42 AM" "1/73" + "FencesShellExt" "Stardock Fences Shell Extension" "(Verified) STARDOCK SYSTEMS, INC." "c:\program files (x86)\stardock\fences\fencesmenu64.dll" "12/7/2021 1:18 PM" "0/73" + "Media Center x64" "Shell Extensions" "(Verified) Jriver, Inc" "c:\program files\j river\media center 29\jrshellext.dll" "4/28/2022 3:57 PM" "0/73" + "ModernSharing" "Shell extensions for sharing" "(Verified) " "c:\windows\system32\ntshrui.dll" "6/3/1926 10:14 AM" "0/73" + "ReflectShellExt" "Reflect Shell Extension Context Menu" "(Verified) PARAMOUNT SOFTWARE UK LIMITED" "c:\program files\macrium\reflect\rcontextmenu.dll" "3/3/2022 2:24 PM" "0/73" + "Sharing" "Shell extensions for sharing" "(Verified) " "c:\windows\system32\ntshrui.dll" "6/3/1926 10:14 AM" "0/73" + "WinRAR" "WinRAR shell extension" "(Verified) win.rar GmbH" "c:\program files\winrar\rarext.dll" "3/3/2022 9:15 AM" "0/73" "HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "4/4/2022 5:13 PM" "" + "EnhancedStorageShell" "Windows Enhanced Storage Shell Extension DLL" "(Verified) " "c:\windows\system32\ehstorshell.dll" "9/7/2032 6:55 PM" "0/73" + "ESET Security Shell" "ESET Shell Extension" "(Verified) ESET, spol. s r.o." "c:\program files\eset\eset security\shellext.dll" "3/15/2022 9:42 AM" "1/73" + "Media Center x64" "Shell Extensions" "(Verified) Jriver, Inc" "c:\program files\j river\media center 29\jrshellext.dll" "4/28/2022 3:57 PM" "0/73" + "Portable Devices Menu" "Portable Devices Shell Extension" "(Verified) " "c:\windows\system32\wpdshext.dll" "9/15/2006 7:48 AM" "0/73" + "Previous Versions Property Page" "Previous Versions property page" "(Verified) " "c:\windows\system32\twext.dll" "7/7/1969 2:03 PM" "0/73" + "ReflectShellExt" "Reflect Shell Extension Context Menu" "(Verified) PARAMOUNT SOFTWARE UK LIMITED" "c:\program files\macrium\reflect\rcontextmenu.dll" "3/3/2022 2:24 PM" "0/73" + "Sharing" "Shell extensions for sharing" "(Verified) " "c:\windows\system32\ntshrui.dll" "6/3/1926 10:14 AM" "0/73" "HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" "" "12/7/2019 5:54 AM" "" + "CryptoSignMenu" "Crypto Shell Extensions" "(Verified) " "c:\windows\system32\cryptext.dll" "12/26/1957 7:27 AM" "0/73" + "FCI Properties" "Microsoft® File Server Resource Management Shell Extension" "(Verified) " "c:\windows\system32\srmshell.dll" "9/1/2030 8:39 PM" "0/73" + "OLE Docfile Property Page" "OLE DocFile Property Page" "(Verified) " "c:\windows\system32\docprop.dll" "8/9/1943 7:16 AM" "0/73" + "Security Shell Extension" "Security Shell Extension" "(Verified) " "c:\windows\system32\rshx32.dll" "11/27/1923 8:44 PM" "0/73" "HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "12/7/2019 5:54 AM" "" + "Client Side Caching UI" "Client Side Caching UI" "(Verified) " "c:\windows\system32\cscui.dll" "6/7/1908 5:13 PM" "0/72" + "Previous Versions Property Page" "Previous Versions property page" "(Verified) " "c:\windows\system32\twext.dll" "7/7/1969 2:03 PM" "0/73" "HKLM\Software\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers" "" "" "" "12/7/2019 5:54 AM" "" + "Client Side Caching UI" "Client Side Caching UI" "(Verified) " "c:\windows\system32\cscui.dll" "6/7/1908 5:13 PM" "0/72" + "Previous Versions Property Page" "Previous Versions property page" "(Verified) " "c:\windows\system32\twext.dll" "7/7/1969 2:03 PM" "0/73" "HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "4/4/2022 5:13 PM" "" + "FencesShellExt" "Stardock Fences Shell Extension" "(Verified) STARDOCK SYSTEMS, INC." "c:\program files (x86)\stardock\fences\fencesmenu64.dll" "12/7/2021 1:18 PM" "0/73" + "Media Center x64" "Shell Extensions" "(Verified) Jriver, Inc" "c:\program files\j river\media center 29\jrshellext.dll" "4/28/2022 3:57 PM" "0/73" + "Offline Files" "Client Side Caching UI" "(Verified) " "c:\windows\system32\cscui.dll" "6/7/1908 5:13 PM" "0/72" + "Previous Versions Property Page" "Previous Versions property page" "(Verified) " "c:\windows\system32\twext.dll" "7/7/1969 2:03 PM" "0/73" + "Sharing" "Shell extensions for sharing" "(Verified) " "c:\windows\system32\ntshrui.dll" "6/3/1926 10:14 AM" "0/73" "HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers" "" "" "" "12/7/2019 5:54 AM" "" + "DfsShell Class" "Distributed File System shell extension" "(Verified) " "c:\windows\system32\dfsshlex.dll" "4/2/1989 3:03 AM" "0/73" + "MyFolder menu and properties" "My Documents Folder UI" "(Verified) " "c:\windows\system32\mydocs.dll" "10/3/1959 5:05 PM" "0/73" + "Offline Files" "Client Side Caching UI" "(Verified) " "c:\windows\system32\cscui.dll" "6/7/1908 5:13 PM" "0/72" + "Previous Versions Property Page" "Previous Versions property page" "(Verified) " "c:\windows\system32\twext.dll" "7/7/1969 2:03 PM" "0/73" + "Security Shell Extension" "Security Shell Extension" "(Verified) " "c:\windows\system32\rshx32.dll" "11/27/1923 8:44 PM" "0/73" + "Sharing" "Shell extensions for sharing" "(Verified) " "c:\windows\system32\ntshrui.dll" "6/3/1926 10:14 AM" "0/73" "HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" "" "12/7/2019 5:17 AM" "" + "Sharing" "Shell extensions for sharing" "(Verified) " "c:\windows\system32\ntshrui.dll" "6/3/1926 10:14 AM" "0/73" "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "4/26/2022 9:17 PM" "" + "FencesShellExt" "Stardock Fences Shell Extension" "(Verified) STARDOCK SYSTEMS, INC." "c:\program files (x86)\stardock\fences\fencesmenu64.dll" "12/7/2021 1:18 PM" "0/73" + "NvCplDesktopContext" "NVIDIA Display Shell Extension" "(Verified) Nvidia Corporation" "c:\windows\system32\driverstore\filerepository\nvmdsig.inf_amd64_f4da10aa56f52761\nvshext.dll" "4/20/2022 5:11 PM" "0/73" + "Sharing" "Shell extensions for sharing" "(Verified) " "c:\windows\system32\ntshrui.dll" "6/3/1926 10:14 AM" "0/73" "HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "4/4/2022 2:41 PM" "" + "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "(Verified) The Document Foundation" "c:\program files\libreoffice\program\shlxthdl\shlxthdl.dll" "3/23/2022 2:37 PM" "0/73" "HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "4/23/2022 12:01 AM" "" + "AccExt" "Core Sync" "(Verified) Adobe Inc." "c:\program files (x86)\common files\adobe\coresyncextension\coresync_x64.dll" "3/29/2022 1:06 AM" "0/73" + "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "(Verified) Adobe Inc." "c:\program files\adobe\acrobat dc\acrobat elements\contextmenushim64.dll" "12/24/2021 12:16 PM" "0/73" + "ESET Security Shell" "ESET Shell Extension" "(Verified) ESET, spol. s r.o." "c:\program files\eset\eset security\shellext.dll" "3/15/2022 9:42 AM" "1/73" + "FencesShellExt" "Stardock Fences Shell Extension" "(Verified) STARDOCK SYSTEMS, INC." "c:\program files (x86)\stardock\fences\fencesmenu64.dll" "12/7/2021 1:18 PM" "0/73" + "Media Center x64" "Shell Extensions" "(Verified) Jriver, Inc" "c:\program files\j river\media center 29\jrshellext.dll" "4/28/2022 3:57 PM" "0/73" + "Offline Files" "Client Side Caching UI" "(Verified) " "c:\windows\system32\cscui.dll" "6/7/1908 5:13 PM" "0/72" + "WinRAR" "WinRAR shell extension" "(Verified) win.rar GmbH" "c:\program files\winrar\rarext.dll" "3/3/2022 9:15 AM" "0/73" "HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "6/8/2021 5:08 PM" "" + "Compressed (zipped) Folder Right Drag Handler" "Compressed (zipped) Folders" "(Verified) " "c:\windows\system32\zipfldr.dll" "2/14/1998 9:24 AM" "0/73" + "WinRAR" "WinRAR shell extension" "(Verified) win.rar GmbH" "c:\program files\winrar\rarext.dll" "3/3/2022 9:15 AM" "0/73" "HKLM\Software\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" "" "12/7/2019 5:54 AM" "" + "FCI Properties" "Microsoft® File Server Resource Management Shell Extension" "(Verified) " "c:\windows\system32\srmshell.dll" "9/1/2030 8:39 PM" "0/73" + "Offline Files" "Client Side Caching UI" "(Verified) " "c:\windows\system32\cscui.dll" "6/7/1908 5:13 PM" "0/72" "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "4/22/2022 10:21 PM" "" + " AccExtIco1" "Core Sync" "(Verified) Adobe Inc." "c:\program files (x86)\common files\adobe\coresyncextension\coresync_x64.dll" "3/29/2022 1:06 AM" "0/73" + " AccExtIco2" "Core Sync" "(Verified) Adobe Inc." "c:\program files (x86)\common files\adobe\coresyncextension\coresync_x64.dll" "3/29/2022 1:06 AM" "0/73" + " AccExtIco3" "Core Sync" "(Verified) Adobe Inc." "c:\program files (x86)\common files\adobe\coresyncextension\coresync_x64.dll" "3/29/2022 1:06 AM" "0/73" + "EnhancedStorageShell" "Windows Enhanced Storage Shell Extension DLL" "(Verified) " "c:\windows\system32\ehstorshell.dll" "9/7/2032 6:55 PM" "0/73" + "Offline Files" "Client Side Caching UI" "(Verified) " "c:\windows\system32\cscui.dll" "6/7/1908 5:13 PM" "0/72" "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "4/23/2022 12:01 AM" "" + "Adobe Acrobat Create PDF from Selection" "Adobe PDF Toolbar for Internet Explorer" "(Verified) Adobe Inc." "c:\program files\common files\adobe\acrobat\wcieactivex\dc\x64\acroiefavstub.dll" "12/24/2021 1:13 PM" "0/73" + "Adobe Acrobat Create PDF Helper" "Adobe PDF Toolbar for Internet Explorer" "(Verified) Adobe Inc." "c:\program files\common files\adobe\acrobat\wcieactivex\dc\x64\acroiefavstub.dll" "12/24/2021 1:13 PM" "0/73" + "IEToEdge BHO" "IEToEdge BHO" "(Verified) Microsoft Corporation" "c:\program files (x86)\microsoft\edge\application\101.0.1210.32\bho\ie_to_edge_bho_64.dll" "4/27/2022 10:55 PM" "0/73" "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "4/23/2022 12:01 AM" "" + "Adobe Acrobat Create PDF from Selection" "Adobe PDF Toolbar for Internet Explorer" "(Verified) Adobe Inc." "c:\program files\common files\adobe\acrobat\wcieactivex\dc\acroiefavstub.dll" "12/24/2021 12:39 PM" "0/73" + "Adobe Acrobat Create PDF Helper" "Adobe PDF Toolbar for Internet Explorer" "(Verified) Adobe Inc." "c:\program files\common files\adobe\acrobat\wcieactivex\dc\acroiefavstub.dll" "12/24/2021 12:39 PM" "0/73" + "IEToEdge BHO" "IEToEdge BHO" "(Verified) Microsoft Corporation" "c:\program files (x86)\microsoft\edge\application\101.0.1210.32\bho\ie_to_edge_bho.dll" "4/27/2022 10:55 PM" "0/73" "HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" "" "5/19/2021 1:19 AM" "" + "Microsoft Url Search Hook" "Internet Browser" "(Verified) " "c:\windows\system32\ieframe.dll" "1/28/1999 10:50 PM" "0/73" "HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" "" "4/23/2022 12:01 AM" "" + "Adobe Acrobat Create PDF Toolbar" "Adobe PDF Toolbar for Internet Explorer" "(Verified) Adobe Inc." "c:\program files\common files\adobe\acrobat\wcieactivex\dc\x64\acroiefavstub.dll" "12/24/2021 1:13 PM" "0/73" "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" "" "4/23/2022 12:01 AM" "" + "Adobe Acrobat Create PDF Toolbar" "Adobe PDF Toolbar for Internet Explorer" "(Verified) Adobe Inc." "c:\program files\common files\adobe\acrobat\wcieactivex\dc\acroiefavstub.dll" "12/24/2021 12:39 PM" "0/73" "Task Scheduler" "" "" "" "" "" X "\Agent Activation Runtime\S-1-5-21-1528481533-4090104331-4293489656-1003" "" "(Verified) " "c:\windows\system32\agentactivationruntimestarter.exe" "1/6/1948 12:51 PM" "0/73" + "\Aida 64" "AIDA64 Engineer" "(Verified) FinalWire Kft." "c:\program files (x86)\aida64\aida64.exe" "6/19/1992 6:22 PM" "0/73" X "\CCleaner Update" "Piriform CCleaner emergency updater" "(Verified) Piriform Software Ltd" "c:\program files\ccleaner\ccupdate.exe" "1/8/2021 5:58 AM" "0/73" + "\Goverlay" "GOverlay" "(Verified) " "c:\program files (x86)\goverlay\goverlay.exe" "5/19/2021 6:19 PM" "1/72" + "\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319" "Microsoft .NET Runtime Execution Engine" "(Verified) " "c:\windows\system32\mscoree.dll" "6/16/2013 5:38 AM" "0/73" + "\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64" "Microsoft .NET Runtime Execution Engine" "(Verified) " "c:\windows\system32\mscoree.dll" "6/16/2013 5:38 AM" "0/73" X "\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical" "Microsoft .NET Runtime Execution Engine" "(Verified) " "c:\windows\system32\mscoree.dll" "6/16/2013 5:38 AM" "0/73" X "\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical" "Microsoft .NET Runtime Execution Engine" "(Verified) " "c:\windows\system32\mscoree.dll" "6/16/2013 5:38 AM" "0/73" X "\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)" "Windows Rights Management client" "(Verified) " "c:\windows\system32\msdrm.dll" "9/12/1913 3:13 PM" "0/73" + "\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)" "Windows Rights Management client" "(Verified) " "c:\windows\system32\msdrm.dll" "9/12/1913 3:13 PM" "0/73" + "\Microsoft\Windows\AppID\EDP Policy Manager" "AppLockerCSP" "(Verified) " "c:\windows\system32\applockercsp.dll" "1/26/1959 12:51 PM" "0/73" X "\Microsoft\Windows\AppID\PolicyConverter" "AppID Policy Converter Task" "(Verified) " "c:\windows\system32\appidpolicyconverter.exe" "4/9/2000 1:00 AM" "0/73" X "\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck" "AppID Certificate Store Verification Task" "(Verified) " "c:\windows\system32\appidcertstorecheck.exe" "2/21/1944 8:44 PM" "0/73" + "\Microsoft\Windows\Application Experience\PcaPatchDbTask" "Windows host process (Rundll32)" "(Verified) " "c:\windows\system32\rundll32.exe" "7/1/1967 12:25 PM" "0/73" + "\Microsoft\Windows\Application Experience\StartupAppTask" "Windows host process (Rundll32)" "(Verified) " "c:\windows\system32\rundll32.exe" "7/1/1967 12:25 PM" "0/73" + "\Microsoft\Windows\ApplicationData\appuriverifierdaily" "App Uri Handlers Registration Verifier" "(Verified) " "c:\windows\system32\apphostregistrationverifier.exe" "1/14/1965 8:32 PM" "0/73" + "\Microsoft\Windows\ApplicationData\appuriverifierinstall" "App Uri Handlers Registration Verifier" "(Verified) " "c:\windows\system32\apphostregistrationverifier.exe" "1/14/1965 8:32 PM" "0/73" + "\Microsoft\Windows\ApplicationData\CleanupTemporaryState" "Windows host process (Rundll32)" "(Verified) " "c:\windows\system32\rundll32.exe" "7/1/1967 12:25 PM" "0/73" + "\Microsoft\Windows\ApplicationData\DsSvcCleanup" "Data Sharing Service Maintenance Driver" "(Verified) " "c:\windows\system32\dstokenclean.exe" "3/15/1982 8:43 AM" "0/73" + "\Microsoft\Windows\AppListBackup\Backup" "AppListBackupLauncher" "(Verified) " "c:\windows\system32\applistbackuplauncher.dll" "9/15/1935 7:01 PM" "0/73" X "\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup" "Windows host process (Rundll32)" "(Verified) " "c:\windows\system32\rundll32.exe" "7/1/1967 12:25 PM" "0/73" + "\Microsoft\Windows\Autochk\Proxy" "Windows host process (Rundll32)" "(Verified) " "c:\windows\system32\rundll32.exe" "7/1/1967 12:25 PM" "0/73" + "\Microsoft\Windows\BitLocker\BitLocker Encrypt All Drives" "EdpTask Task" "(Verified) " "c:\windows\system32\edptask.dll" "1/21/1925 1:26 PM" "0/73" + "\Microsoft\Windows\BitLocker\BitLocker MDM policy Refresh" "EdpTask Task" "(Verified) " "c:\windows\system32\edptask.dll" "1/21/1925 1:26 PM" "0/73" + "\Microsoft\Windows\Bluetooth\UninstallDeviceTask" "Bluetooth Uninstall Device Task" "(Verified) " "c:\windows\system32\bthudtask.exe" "10/16/1909 6:00 PM" "0/73" + "\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask" "Microsoft Passport Tasks" "(Verified) " "c:\windows\system32\ngctasks.dll" "2/23/1911 8:43 AM" "0/73" + "\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask" "Microsoft Passport Tasks" "(Verified) " "c:\windows\system32\ngctasks.dll" "2/23/1911 8:43 AM" "0/73" + "\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask" "Microsoft Passport Tasks" "(Verified) " "c:\windows\system32\ngctasks.dll" "2/23/1911 8:43 AM" "0/73" + "\Microsoft\Windows\CertificateServicesClient\SystemTask" "DIMS Job DLL" "(Verified) " "c:\windows\system32\dimsjob.dll" "5/16/2020 4:14 AM" "0/73" + "\Microsoft\Windows\CertificateServicesClient\UserTask" "DIMS Job DLL" "(Verified) " "c:\windows\system32\dimsjob.dll" "5/16/2020 4:14 AM" "0/73" + "\Microsoft\Windows\CertificateServicesClient\UserTask-Roam" "DIMS Job DLL" "(Verified) " "c:\windows\system32\dimsjob.dll" "5/16/2020 4:14 AM" "0/73" + "\Microsoft\Windows\Chkdsk\ProactiveScan" "pstask Task" "(Verified) " "c:\windows\system32\pstask.dll" "7/13/1928 3:37 AM" "0/73" + "\Microsoft\Windows\Chkdsk\SyspartRepair" "Bcdboot utility" "(Verified) " "c:\windows\system32\bcdboot.exe" "4/8/2016 8:03 PM" "0/73" + "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" "Windows SQM Consolidator" "(Verified) " "c:\windows\system32\wsqmcons.exe" "12/27/2029 11:46 PM" "0/73" + "\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" "USBCEIP Task" "(Verified) " "c:\windows\system32\usbceip.dll" "3/22/2026 9:58 AM" "0/73" + "\Microsoft\Windows\Data Integrity Scan\Data Integrity Check And Scan" "Data Integrity Scan Task" "(Verified) " "c:\windows\system32\discan.dll" "11/9/1920 8:51 PM" "0/73" + "\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan" "Data Integrity Scan Task" "(Verified) " "c:\windows\system32\discan.dll" "11/9/1920 8:51 PM" "0/73" + "\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery" "Data Integrity Scan Task" "(Verified) " "c:\windows\system32\discan.dll" "11/9/1920 8:51 PM" "0/73" X "\Microsoft\Windows\Defrag\ScheduledDefrag" "Disk Defragmenter Module" "(Verified) " "c:\windows\system32\defrag.exe" "9/24/2034 5:30 AM" "0/73" + "\Microsoft\Windows\Device Setup\Metadata Refresh" "Device Setup Manager Client API" "(Verified) " "c:\windows\system32\devicesetupmanagerapi.dll" "12/24/1947 12:34 PM" "0/73" + "\Microsoft\Windows\DeviceDirectoryClient\HandleCommand" "DeviceDirectoryClient Task" "(Verified) " "c:\windows\system32\devicedirectoryclient.dll" "5/2/1951 9:08 PM" "0/73" + "\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand" "DeviceDirectoryClient Task" "(Verified) " "c:\windows\system32\devicedirectoryclient.dll" "5/2/1951 9:08 PM" "0/73" + "\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck" "DeviceDirectoryClient Task" "(Verified) " "c:\windows\system32\devicedirectoryclient.dll" "5/2/1951 9:08 PM" "0/73" + "\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession" "DeviceDirectoryClient Task" "(Verified) " "c:\windows\system32\devicedirectoryclient.dll" "5/2/1951 9:08 PM" "0/73" + "\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange" "DeviceDirectoryClient Task" "(Verified) " "c:\windows\system32\devicedirectoryclient.dll" "5/2/1951 9:08 PM" "0/73" X "\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange" "DeviceDirectoryClient Task" "(Verified) " "c:\windows\system32\devicedirectoryclient.dll" "5/2/1951 9:08 PM" "0/73" X "\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24" "DeviceDirectoryClient Task" "(Verified) " "c:\windows\system32\devicedirectoryclient.dll" "5/2/1951 9:08 PM" "0/73" + "\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange" "DeviceDirectoryClient Task" "(Verified) " "c:\windows\system32\devicedirectoryclient.dll" "5/2/1951 9:08 PM" "0/73" + "\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged" "DeviceDirectoryClient Task" "(Verified) " "c:\windows\system32\devicedirectoryclient.dll" "5/2/1951 9:08 PM" "0/73" + "\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange" "DeviceDirectoryClient Task" "(Verified) " "c:\windows\system32\devicedirectoryclient.dll" "5/2/1951 9:08 PM" "0/73" + "\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice" "DeviceDirectoryClient Task" "(Verified) " "c:\windows\system32\devicedirectoryclient.dll" "5/2/1951 9:08 PM" "0/73" + "\Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner" "MitigationClient" "(Verified) " "c:\windows\system32\mitigationclient.dll" "10/22/1989 1:02 PM" "0/73" + "\Microsoft\Windows\Diagnosis\Scheduled" "Scripted Diagnostics Scheduled Task" "(Verified) " "c:\windows\system32\sdiagschd.dll" "11/25/1953 8:54 AM" "0/73" + "\Microsoft\Windows\DirectX\DirectXDatabaseUpdater" "DirectX Database Updater" "(Verified) " "c:\windows\system32\directxdatabaseupdater.exe" "8/26/1977 7:05 AM" "0/73" + "\Microsoft\Windows\DirectX\DXGIAdapterCache" "DXGI Adapter Cache" "(Verified) " "c:\windows\system32\dxgiadaptercache.exe" "12/11/1928 8:39 PM" "0/73" + "\Microsoft\Windows\DiskCleanup\SilentCleanup" "Disk Space Cleanup Manager for Windows" "(Verified) " "c:\windows\system32\cleanmgr.exe" "2/15/2009 10:16 AM" "0/73" X "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" "Windows host process (Rundll32)" "(Verified) " "c:\windows\system32\rundll32.exe" "7/1/1967 12:25 PM" "0/73" X "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver" "Windows Disk Diagnostic User Resolver" "(Verified) " "c:\windows\system32\dfdwiz.exe" "1/10/1921 5:08 AM" "0/73" + "\Microsoft\Windows\DiskFootprint\Diagnostics" "DiskSnapshot.exe" "(Verified) " "c:\windows\system32\disksnapshot.exe" "11/29/2020 1:53 AM" "0/73" + "\Microsoft\Windows\DiskFootprint\StorageSense" "Storage Usage" "(Verified) " "c:\windows\system32\storageusage.dll" "6/16/1940 11:33 AM" "0/73" + "\Microsoft\Windows\DUSM\dusmtask" "DUSM Task" "(Verified) " "c:\windows\system32\dusmtask.exe" "1/28/1977 1:41 AM" "0/73" + "\Microsoft\Windows\EDP\EDP App Launch Task" "EdpTask Task" "(Verified) " "c:\windows\system32\edptask.dll" "1/21/1925 1:26 PM" "0/73" + "\Microsoft\Windows\EDP\EDP Auth Task" "EdpTask Task" "(Verified) " "c:\windows\system32\edptask.dll" "1/21/1925 1:26 PM" "0/73" + "\Microsoft\Windows\EDP\EDP Inaccessible Credentials Task" "EdpTask Task" "(Verified) " "c:\windows\system32\edptask.dll" "1/21/1925 1:26 PM" "0/73" + "\Microsoft\Windows\EDP\StorageCardEncryption Task" "EdpTask Task" "(Verified) " "c:\windows\system32\edptask.dll" "1/21/1925 1:26 PM" "0/73" + "\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask" "MDMAgent" "(Verified) " "c:\windows\system32\mdmagent.exe" "6/6/1926 2:29 AM" "0/73" + "\Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" "Exploit Guard Configuration Helper" "(Verified) " "c:\windows\system32\mitigationconfiguration.dll" "7/30/1942 10:05 PM" "0/73" + "\Microsoft\Windows\Feedback\Siuf\DmClient" "Microsoft Feedback SIUF Deployment Manager Client" "(Verified) " "c:\windows\system32\dmclient.exe" "11/11/1980 7:38 AM" "0/73" + "\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload" "Microsoft Feedback SIUF Deployment Manager Client" "(Verified) " "c:\windows\system32\dmclient.exe" "11/11/1980 7:38 AM" "0/73" X "\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync" "Microsoft® File Server Resource Management Client Extensions" "(Verified) " "c:\windows\system32\srmclient.dll" "12/4/1987 6:39 AM" "0/73" + "\Microsoft\Windows\FileHistory\File History (maintenance mode)" "File History Task Handler" "(Verified) " "c:\windows\system32\fhtask.dll" "9/15/2029 1:23 PM" "0/73" + "\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures" "Feature Configuration" "(Verified) " "c:\windows\system32\fcon.dll" "9/20/1925 10:18 PM" "0/73" + "\Microsoft\Windows\Flighting\FeatureConfig\UsageDataFlushing" "Feature Configuration" "(Verified) " "c:\windows\system32\fcon.dll" "9/20/1925 10:18 PM" "0/73" + "\Microsoft\Windows\Flighting\FeatureConfig\UsageDataReporting" "Feature Configuration" "(Verified) " "c:\windows\system32\fcon.dll" "9/20/1925 10:18 PM" "0/73" + "\Microsoft\Windows\Flighting\OneSettings\RefreshCache" "Windows OneSettings Client" "(Verified) " "c:\windows\system32\wosc.dll" "12/22/2012 3:55 PM" "0/73" + "\Microsoft\Windows\HelloFace\FODCleanupTask" "" "(Verified) " "c:\windows\system32\winbioplugins\facefoduninstaller.exe" "5/29/1939 7:39 PM" "0/73" + "\Microsoft\Windows\Input\LocalUserSyncDataAvailable" "Windows Input Cloud Store Task Handlers" "(Verified) " "c:\windows\system32\inputcloudstore.dll" "11/16/2030 3:25 PM" "0/73" + "\Microsoft\Windows\Input\MouseSyncDataAvailable" "Windows Input Cloud Store Task Handlers" "(Verified) " "c:\windows\system32\inputcloudstore.dll" "11/16/2030 3:25 PM" "0/73" + "\Microsoft\Windows\Input\PenSyncDataAvailable" "Windows Input Cloud Store Task Handlers" "(Verified) " "c:\windows\system32\inputcloudstore.dll" "11/16/2030 3:25 PM" "0/73" + "\Microsoft\Windows\Input\TouchpadSyncDataAvailable" "Windows Input Cloud Store Task Handlers" "(Verified) " "c:\windows\system32\inputcloudstore.dll" "11/16/2030 3:25 PM" "0/73" + "\Microsoft\Windows\InstallService\ScanForUpdates" "InstallService Tasks" "(Verified) " "c:\windows\system32\installservicetasks.dll" "3/27/1956 8:24 AM" "0/73" + "\Microsoft\Windows\InstallService\ScanForUpdatesAsUser" "InstallService Tasks" "(Verified) " "c:\windows\system32\installservicetasks.dll" "3/27/1956 8:24 AM" "0/73" + "\Microsoft\Windows\InstallService\SmartRetry" "InstallService Tasks" "(Verified) " "c:\windows\system32\installservicetasks.dll" "3/27/1956 8:24 AM" "0/73" X "\Microsoft\Windows\InstallService\WakeUpAndContinueUpdates" "InstallService Tasks" "(Verified) " "c:\windows\system32\installservicetasks.dll" "3/27/1956 8:24 AM" "0/73" X "\Microsoft\Windows\InstallService\WakeUpAndScanForUpdates" "InstallService Tasks" "(Verified) " "c:\windows\system32\installservicetasks.dll" "3/27/1956 8:24 AM" "0/73" + "\Microsoft\Windows\LanguageComponentsInstaller\Installation" "LanguageComponentsInstaller Task" "(Verified) " "c:\windows\system32\languagecomponentsinstaller.dll" "11/30/2005 8:24 PM" "0/73" X "\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation" "LanguageComponentsInstaller Task" "(Verified) " "c:\windows\system32\languagecomponentsinstaller.dll" "11/30/2005 8:24 PM" "0/73" + "\Microsoft\Windows\License Manager\TempSignedLicenseExchange" "TempSignedLicenseExchangeTask Task" "(Verified) " "c:\windows\system32\tempsignedlicenseexchangetask.dll" "9/28/1967 10:17 PM" "0/73" + "\Microsoft\Windows\Location\Notifications" "Location Notification" "(Verified) " "c:\windows\system32\locationnotificationwindows.exe" "1/10/1981 12:25 AM" "0/73" + "\Microsoft\Windows\Location\WindowsActionDialog" "Windows Action Dialog Broker" "(Verified) " "c:\windows\system32\windowsactiondialog.exe" "12/8/1983 4:29 AM" "0/73" + "\Microsoft\Windows\Maintenance\WinSAT" "Windows System Assessment Tool API" "(Verified) " "c:\windows\system32\winsatapi.dll" "12/2/2024 7:15 AM" "0/73" + "\Microsoft\Windows\Management\Provisioning\Cellular" "Provisioning package runtime processing tool" "(Verified) " "c:\windows\system32\provtool.exe" "5/8/1974 12:32 PM" "0/73" + "\Microsoft\Windows\Management\Provisioning\Logon" "Provisioning package runtime processing tool" "(Verified) " "c:\windows\system32\provtool.exe" "5/8/1974 12:32 PM" "0/73" X "\Microsoft\Windows\Management\Provisioning\Retry" "Provisioning package runtime processing tool" "(Verified) " "c:\windows\system32\provtool.exe" "5/8/1974 12:32 PM" "0/73" X "\Microsoft\Windows\Management\Provisioning\RunOnReboot" "Provisioning package runtime processing tool" "(Verified) " "c:\windows\system32\provtool.exe" "5/8/1974 12:32 PM" "0/73" + "\Microsoft\Windows\Maps\MapsToastTask" "MapsToastTask Task" "(Verified) " "c:\windows\system32\mapstoasttask.dll" "3/2/1938 1:42 AM" "0/73" + "\Microsoft\Windows\Maps\MapsUpdateTask" "MapsUpdateTask Task" "(Verified) " "c:\windows\system32\mapsupdatetask.dll" "1/16/1930 12:58 AM" "0/73" + "\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents" "Microsoft Windows Memory Diagnostic Task Handler" "(Verified) " "c:\windows\system32\memorydiagnostic.dll" "4/20/2036 5:59 AM" "0/73" + "\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic" "Microsoft Windows Memory Diagnostic Task Handler" "(Verified) " "c:\windows\system32\memorydiagnostic.dll" "4/20/2036 5:59 AM" "0/73" + "\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" "Mobile Broadband Account Experience Parser Task" "(Verified) " "c:\windows\system32\mbaeparsertask.exe" "2/20/1966 6:24 PM" "0/73" + "\Microsoft\Windows\MUI\LPRemove" "MUI Language pack cleanup" "(Verified) " "c:\windows\system32\lpremove.exe" "1/31/1938 1:53 PM" "0/73" + "\Microsoft\Windows\Multimedia\SystemSoundsService" "PlaySound Service" "(Verified) " "c:\windows\system32\playsndsrv.dll" "8/2/1975 10:03 AM" "0/72" + "\Microsoft\Windows\NetService\Network\NetServices" "" "(Verified) " "c:\windows\system32\syncappvpublishingserver.vbs" "12/7/2019 5:10 AM" "0/73" + "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "(Verified) " "c:\windows\system32\gathernetworkinfo.vbs" "12/7/2019 5:09 AM" "0/73" X "\Microsoft\Windows\Offline Files\Background Synchronization" "Client Side Caching UI" "(Verified) " "c:\windows\system32\cscui.dll" "6/7/1908 5:13 PM" "0/72" X "\Microsoft\Windows\Offline Files\Logon Synchronization" "Client Side Caching UI" "(Verified) " "c:\windows\system32\cscui.dll" "6/7/1908 5:13 PM" "0/72" + "\Microsoft\Windows\PI\Secure-Boot-Update" "TPM Maintenance Tasks" "(Verified) " "c:\windows\system32\tpmtasks.dll" "3/20/2036 7:59 AM" "0/73" + "\Microsoft\Windows\PI\Sqm-Tasks" "TPM Maintenance Tasks" "(Verified) " "c:\windows\system32\tpmtasks.dll" "3/20/2036 7:59 AM" "0/73" + "\Microsoft\Windows\Plug and Play\Device Install Group Policy" "pnppolicy Task" "(Verified) " "c:\windows\system32\pnppolicy.dll" "4/12/1959 12:11 PM" "0/73" + "\Microsoft\Windows\Plug and Play\Device Install Reboot Required" "Plug and Play User Interface DLL" "(Verified) " "c:\windows\system32\pnpui.dll" "7/22/1984 8:05 AM" "0/73" + "\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers" "Driver Installation Module" "(Verified) " "c:\windows\system32\drvinst.exe" "5/6/2019 4:44 AM" "0/73" + "\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem" "Power Efficiency Diagnostics Task" "(Verified) " "c:\windows\system32\energytask.dll" "9/4/1969 7:33 PM" "0/73" + "\Microsoft\Windows\Printing\EduPrintProv" "Printer Provision Utility for EDU" "(Verified) " "c:\windows\system32\eduprintprov.exe" "6/19/1963 5:39 AM" "0/73" X "\Microsoft\Windows\PushToInstall\LoginCheck" "Service Control Manager Configuration Tool" "(Verified) " "c:\windows\system32\sc.exe" "12/19/1927 6:15 PM" "0/73" + "\Microsoft\Windows\PushToInstall\Registration" "Service Control Manager Configuration Tool" "(Verified) " "c:\windows\system32\sc.exe" "12/19/1927 6:15 PM" "0/73" + "\Microsoft\Windows\Ras\MobilityManager" "Provides support for the switching of mobility enabled VPN connections if their underlying interface goes down." "(Verified) " "c:\windows\system32\rasmbmgr.dll" "2/23/1962 4:09 PM" "0/73" X "\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE" "Microsoft Windows Recovery Agent Task Handler" "(Verified) " "c:\windows\system32\reagenttask.dll" "12/9/1924 7:00 PM" "0/73" + "\Microsoft\Windows\Registry\RegIdleBackup" "RegIdle Backup Task" "(Verified) " "c:\windows\system32\regidle.dll" "6/25/1961 1:21 PM" "0/72" + "\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask" "Windows Remote Assistance COM Server" "(Verified) " "c:\windows\system32\raserver.exe" "8/2/1997 10:30 PM" "0/73" + "\Microsoft\Windows\SettingSync\BackgroundUploadTask" "Setting Synchronization Core" "(Verified) " "c:\windows\system32\settingsynccore.dll" "3/31/1938 11:08 PM" "0/73" + "\Microsoft\Windows\SettingSync\NetworkStateChangeTask" "Setting Synchronization Core" "(Verified) " "c:\windows\system32\settingsynccore.dll" "3/31/1938 11:08 PM" "0/73" X "\Microsoft\Windows\SharedPC\Account Cleanup" "Windows host process (Rundll32)" "(Verified) " "c:\windows\system32\rundll32.exe" "7/1/1967 12:25 PM" "0/73" + "\Microsoft\Windows\Shell\FamilySafetyRefreshTask" "Family Safety Refresh Task" "(Verified) " "c:\windows\system32\wpcrefreshtask.dll" "2/3/1940 10:22 AM" "0/73" + "\Microsoft\Windows\Shell\IndexerAutomaticMaintenance" "Indexing Options" "(Verified) " "c:\windows\system32\srchadmin.dll" "2/1/1991 12:27 AM" "0/73" + "\Microsoft\Windows\Shell\UpdateUserPictureTask" "WINDOWS.UI.IMMERSIVE" "(Verified) " "c:\windows\system32\windows.ui.immersive.dll" "1/4/1919 12:25 PM" "0/73" + "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" "Software Protection Platform Client Extension Dll" "(Verified) " "c:\windows\system32\sppcext.dll" "11/17/2022 11:31 AM" "0/73" X "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon" "Software Protection Platform Client Extension Dll" "(Verified) " "c:\windows\system32\sppcext.dll" "11/17/2022 11:31 AM" "0/73" X "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork" "Software Protection Platform Client Extension Dll" "(Verified) " "c:\windows\system32\sppcext.dll" "11/17/2022 11:31 AM" "0/73" + "\Microsoft\Windows\SpacePort\SpaceAgentTask" "Storage Spaces Settings" "(Verified) " "c:\windows\system32\spaceagent.exe" "7/30/1965 9:25 PM" "0/73" + "\Microsoft\Windows\Speech\SpeechModelDownloadTask" "Speech Model Download Executable" "(Verified) " "c:\windows\system32\speech_onecore\common\speechmodeldownload.exe" "9/17/1932 2:27 PM" "0/73" + "\Microsoft\Windows\StateRepository\MaintenanceTasks" "Windows host process (Rundll32)" "(Verified) " "c:\windows\system32\rundll32.exe" "7/1/1967 12:25 PM" "0/73" + "\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization" "Storage Tiers Management" "(Verified) " "c:\windows\system32\tieringengineservice.exe" "8/28/1929 12:21 PM" "0/73" X "\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization" "Disk Defragmenter Module" "(Verified) " "c:\windows\system32\defrag.exe" "9/24/2034 5:30 AM" "0/73" X "\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate" "SysMain Service Host" "(Verified) " "c:\windows\system32\sysmain.dll" "1/22/1994 2:45 AM" "0/73" X "\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance" "SysMain Service Host" "(Verified) " "c:\windows\system32\sysmain.dll" "1/22/1994 2:45 AM" "0/73" + "\Microsoft\Windows\Sysmain\ResPriStaticDbSync" "SysMain Service Host" "(Verified) " "c:\windows\system32\sysmain.dll" "1/22/1994 2:45 AM" "0/73" + "\Microsoft\Windows\Sysmain\WsSwapAssessmentTask" "Windows host process (Rundll32)" "(Verified) " "c:\windows\system32\rundll32.exe" "7/1/1967 12:25 PM" "0/73" X "\Microsoft\Windows\SystemRestore\SR" "Microsoft® Windows System Protection background tasks." "(Verified) " "c:\windows\system32\srtasks.exe" "8/6/2024 4:17 AM" "0/72" + "\Microsoft\Windows\Task Manager\Interactive" "Performance Monitor" "(Verified) " "c:\windows\system32\wdc.dll" "5/25/1960 6:32 AM" "0/73" + "\Microsoft\Windows\TextServicesFramework\MsCtfMonitor" "MsCtfMonitor DLL" "(Verified) " "c:\windows\system32\msctfmonitor.dll" "12/15/2015 7:38 AM" "0/73" + "\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime" "Time Synchronization Task" "(Verified) " "c:\windows\system32\timesynctask.dll" "4/14/1965 7:53 AM" "0/73" + "\Microsoft\Windows\Time Synchronization\SynchronizeTime" "Service Control Manager Configuration Tool" "(Verified) " "c:\windows\system32\sc.exe" "12/19/1927 6:15 PM" "0/73" + "\Microsoft\Windows\Time Zone\SynchronizeTimeZone" "TimeZone Sync Task" "(Verified) " "c:\windows\system32\tzsync.exe" "10/8/1915 5:25 PM" "0/73" + "\Microsoft\Windows\TPM\Tpm-HASCertRetr" "TPM Maintenance Tasks" "(Verified) " "c:\windows\system32\tpmtasks.dll" "3/20/2036 7:59 AM" "0/73" + "\Microsoft\Windows\TPM\Tpm-Maintenance" "TPM Maintenance Tasks" "(Verified) " "c:\windows\system32\tpmtasks.dll" "3/20/2036 7:59 AM" "0/73" X "\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" "MusNotificationBroker" "(Verified) " "c:\windows\system32\musnotification.exe" "3/31/1959 10:05 AM" "0/73" X "\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" "MusNotificationBroker" "(Verified) " "c:\windows\system32\musnotification.exe" "3/31/1959 10:05 AM" "0/73" + "\Microsoft\Windows\UpdateOrchestrator\Report policies" "UsoClient" "(Verified) " "c:\windows\system32\usoclient.exe" "10/26/1913 2:23 AM" "0/73" X "\Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work" "UsoClient" "(Verified) " "c:\windows\system32\usoclient.exe" "10/26/1913 2:23 AM" "0/73" + "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" "UsoClient" "(Verified) " "c:\windows\system32\usoclient.exe" "10/26/1913 2:23 AM" "0/73" + "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan Static Task" "UsoClient" "(Verified) " "c:\windows\system32\usoclient.exe" "10/26/1913 2:23 AM" "0/73" X "\Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work" "UsoClient" "(Verified) " "c:\windows\system32\usoclient.exe" "10/26/1913 2:23 AM" "0/73" X "\Microsoft\Windows\UpdateOrchestrator\Schedule Work" "UsoClient" "(Verified) " "c:\windows\system32\usoclient.exe" "10/26/1913 2:23 AM" "0/73" + "\Microsoft\Windows\UpdateOrchestrator\UpdateModelTask" "UsoClient" "(Verified) " "c:\windows\system32\usoclient.exe" "10/26/1913 2:23 AM" "0/73" + "\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" "MusNotificationBroker" "(Verified) " "c:\windows\system32\musnotification.exe" "3/31/1959 10:05 AM" "0/73" + "\Microsoft\Windows\UPnP\UPnPHostConfig" "Service Control Manager Configuration Tool" "(Verified) " "c:\windows\system32\sc.exe" "12/19/1927 6:15 PM" "0/73" + "\Microsoft\Windows\USB\Usb-Notifications" "UsbTask" "(Verified) " "c:\windows\system32\usbtask.dll" "5/16/2032 12:50 PM" "0/73" + "\Microsoft\Windows\WDI\ResolutionHost" "Windows Diagnostic Infrastructure" "(Verified) " "c:\windows\system32\wdi.dll" "1/16/1962 6:33 PM" "0/73" + "\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange" "Windows host process (Rundll32)" "(Verified) " "c:\windows\system32\rundll32.exe" "7/1/1967 12:25 PM" "0/73" + "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "(Verified) " "c:\program files\windows media player\wmpnscfg.exe" "7/14/1911 6:17 PM" "0/73" + "\Microsoft\Windows\WindowsUpdate\Scheduled Start" "Service Control Manager Configuration Tool" "(Verified) " "c:\windows\system32\sc.exe" "12/19/1927 6:15 PM" "0/73" + "\Microsoft\Windows\Wininet\CacheTask" "Internet Extensions for Win32" "(Verified) " "c:\windows\system32\wininet.dll" "3/23/1940 6:38 PM" "0/73" + "\Microsoft\Windows\WlanSvc\CDSSync" "Windows WiFi Sync Provider DLL" "(Verified) " "c:\windows\system32\wificloudstore.dll" "5/18/1922 10:54 AM" "0/73" + "\Microsoft\Windows\WOF\WIM-Hash-Management" "WIM Boot Tasks" "(Verified) " "c:\windows\system32\woftasks.dll" "5/1/1982 9:20 AM" "0/73" X "\Microsoft\Windows\WOF\WIM-Hash-Validation" "WIM Boot Tasks" "(Verified) " "c:\windows\system32\woftasks.dll" "5/1/1982 9:20 AM" "0/73" X "\Microsoft\Windows\Workplace Join\Automatic-Device-Join" "DSREG commandline tool" "(Verified) " "c:\windows\system32\dsregcmd.exe" "11/23/1974 10:11 AM" "0/73" X "\Microsoft\Windows\Workplace Join\Device-Sync" "DSREG task handler" "(Verified) " "c:\windows\system32\dsregtask.dll" "10/21/1906 8:37 PM" "0/73" X "\Microsoft\Windows\Workplace Join\Recovery-Check" "DSREG commandline tool" "(Verified) " "c:\windows\system32\dsregcmd.exe" "11/23/1974 10:11 AM" "0/73" + "\Microsoft\Windows\WwanSvc\OobeDiscovery" "Windows MB Media Manager DLL" "(Verified) " "c:\windows\system32\mbmediamanager.dll" "1/8/1947 1:51 AM" "0/73" + "\Microsoft\XblGameSave\XblGameSaveTask" "XblGameSave Standby Task" "(Verified) " "c:\windows\system32\xblgamesavetask.exe" "10/24/2009 5:59 PM" "0/73" X "\MicrosoftEdgeShadowStackRollbackTask" "Microsoft Edge Installer" "(Verified) Microsoft Corporation" "c:\program files (x86)\microsoft\edge\application\101.0.1210.32\installer\setup.exe" "4/27/2022 10:55 PM" "0/73" X "\MicrosoftEdgeUpdateTaskMachineCore" "Microsoft Edge Update" "(Verified) Microsoft Corporation" "c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe" "1/23/2020 5:25 PM" "0/73" X "\MicrosoftEdgeUpdateTaskMachineCore1d74c70d23403a3" "Microsoft Edge Update" "(Verified) Microsoft Corporation" "c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe" "1/23/2020 5:25 PM" "0/73" X "\MicrosoftEdgeUpdateTaskMachineUA" "Microsoft Edge Update" "(Verified) Microsoft Corporation" "c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe" "1/23/2020 5:25 PM" "0/73" + "\MSI Afterburner" "MSIAfterburner" "(Verified) MICRO-STAR INTERNATIONAL CO., LTD." "c:\program files (x86)\msi afterburner\msiafterburner.exe" "12/3/2021 9:36 AM" "0/73" X "\SamsungMagician" "Samsung Magician" "(Verified) Samsung Electronics Co., Ltd." "c:\program files (x86)\samsung\samsung magician\samsungmagician.exe" "3/6/2021 3:51 AM" "0/73" + "\StardockFencesHotkeySupport" "Windows host process (Rundll32)" "(Verified) " "c:\windows\system32\rundll32.exe" "7/1/1967 12:25 PM" "0/73" + "\StardockFencesStartup" "Windows host process (Rundll32)" "(Verified) " "c:\windows\system32\rundll32.exe" "7/1/1967 12:25 PM" "0/73" + "\Topping Control Panel" "USB Audio Class Driver Control Panel" "(Verified) Thesycon Software Solutions GmbH & Co. KG" "c:\program files\topping\usb audio device driver\w10_x64\toppingusbaudiocpl.exe" "12/1/2021 9:41 AM" "0/72" + "\WiseCleaner\WRCSkipUAC" "Wise Registry Cleaner" "(Verified) Lespeed Technology Co., Ltd" "c:\program files (x86)\wise\wise registry cleaner\wiseregcleaner.exe" "3/10/2022 3:12 AM" "0/73" "HKLM\System\CurrentControlSet\Services" "" "" "" "5/2/2022 6:09 PM" "" + "AarSvc" "Agent Activation Runtime: Runtime for activating conversational agent applications" "(Verified) " "c:\windows\system32\aarsvc.dll" "2/11/1986 11:53 PM" "0/73" + "AJRouter" "AllJoyn Router Service: Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run." "(Verified) " "c:\windows\system32\ajrouter.dll" "4/26/1997 5:38 AM" "0/73" + "ALG" "Application Layer Gateway Service: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing" "(Verified) " "c:\windows\system32\alg.exe" "12/12/1964 12:00 AM" "0/73" + "AppIDSvc" "Application Identity: Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced." "(Verified) " "c:\windows\system32\appidsvc.dll" "7/26/1939 1:30 AM" "0/73" + "Appinfo" "Application Information: Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks." "(Verified) " "c:\windows\system32\appinfo.dll" "3/29/1929 2:12 PM" "0/73" + "AppMgmt" "Application Management: Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start." "(Verified) " "c:\windows\system32\appmgmts.dll" "11/29/1926 8:36 AM" "0/73" + "AppReadiness" "App Readiness: Gets apps ready for use the first time a user signs in to this PC and when adding new apps." "(Verified) " "c:\windows\system32\appreadiness.dll" "9/13/1998 1:29 AM" "0/73" + "AppXSvc" "AppX Deployment Service (AppXSVC): Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly." "(Verified) " "c:\windows\system32\appxdeploymentserver.dll" "6/12/1971 5:40 PM" "1/73" + "AssignedAccessManagerSvc" "AssignedAccessManager Service: AssignedAccessManager Service supports kiosk experience in Windows." "(Verified) " "c:\windows\system32\assignedaccessmanagersvc.dll" "5/27/1908 9:40 PM" "0/73" + "AudioEndpointBuilder" "Windows Audio Endpoint Builder: Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start" "(Verified) " "c:\windows\system32\audioendpointbuilder.dll" "6/13/1970 9:13 AM" "0/73" + "Audiosrv" "Windows Audio: Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start" "(Verified) " "c:\windows\system32\audiosrv.dll" "5/10/1962 7:33 PM" "0/73" + "autotimesvc" "Cellular Time: This service sets time based on NITZ messages from a Mobile Network" "(Verified) " "c:\windows\system32\autotimesvc.dll" "6/2/1924 9:24 PM" "0/73" + "AxInstSV" "ActiveX Installer (AxInstSV): Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings." "(Verified) " "c:\windows\system32\axinstsv.dll" "1/15/1906 2:57 PM" "0/73" + "BcastDVRUserService" "GameDVR and Broadcast User Service: This user service is used for Game Recordings and Live Broadcasts" "(Verified) " "c:\windows\system32\bcastdvruserservice.dll" "10/26/1994 9:38 AM" "1/72" + "BDESVC" "BitLocker Drive Encryption Service: BDESVC hosts the BitLocker Drive Encryption service. BitLocker Drive Encryption provides secure startup for the operating system, as well as full volume encryption for OS, fixed or removable volumes. This service allows BitLocker to prompt users for various actions related to their volumes when mounted, and unlocks volumes automatically without user interaction. Additionally, it stores recovery information to Active Directory, if available, and, if necessary, ensures the most recent recovery certificates are used. Stopping or disabling the service would prevent users from leveraging this functionality." "(Verified) " "c:\windows\system32\bdesvc.dll" "7/25/1922 3:54 AM" "0/73" + "BFE" "Base Filtering Engine: The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications." "(Verified) " "c:\windows\system32\bfe.dll" "5/18/1904 7:11 AM" "0/73" + "BITS" "Background Intelligent Transfer Service: Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information." "(Verified) " "c:\windows\system32\qmgr.dll" "6/22/1919 12:52 AM" "0/73" + "BluetoothUserService" "Bluetooth User Support Service: The Bluetooth user service supports proper functionality of Bluetooth features relevant to each user session." "(Verified) " "c:\windows\system32\microsoft.bluetooth.userservice.dll" "12/4/2030 9:15 AM" "0/73" + "BrokerInfrastructure" "Background Tasks Infrastructure Service: Windows infrastructure service that controls which background tasks can run on the system." "(Verified) " "c:\windows\system32\psmsrv.dll" "10/21/2022 8:36 PM" "0/73" + "BTAGService" "Bluetooth Audio Gateway Service: Service supporting the audio gateway role of the Bluetooth Handsfree Profile." "(Verified) " "c:\windows\system32\btagservice.dll" "4/5/1976 8:46 PM" "0/73" + "BthAvctpSvc" "AVCTP service: This is Audio Video Control Transport Protocol service" "(Verified) " "c:\windows\system32\bthavctpsvc.dll" "6/5/1954 4:17 AM" "0/73" + "bthserv" "Bluetooth Support Service: The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated." "(Verified) " "c:\windows\system32\bthserv.dll" "3/31/2006 2:16 AM" "0/73" + "camsvc" "Capability Access Manager Service: Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities" "(Verified) " "c:\windows\system32\capabilityaccessmanager.dll" "3/27/1958 4:48 AM" "0/73" + "CaptureService" "CaptureService: Enables optional screen capture functionality for applications that call the Windows.Graphics.Capture API." "(Verified) " "c:\windows\system32\captureservice.dll" "2/11/2004 11:11 AM" "0/73" + "cbdhsvc" "Clipboard User Service: This user service is used for Clipboard scenarios" "(Verified) " "c:\windows\system32\cbdhsvc.dll" "12/10/1938 10:57 PM" "0/73" + "CDPSvc" "Connected Devices Platform Service: This service is used for Connected Devices Platform scenarios" "(Verified) " "c:\windows\system32\cdpsvc.dll" "12/27/1935 1:11 AM" "0/73" + "CDPUserSvc" "Connected Devices Platform User Service: This user service is used for Connected Devices Platform scenarios" "(Verified) " "c:\windows\system32\cdpusersvc.dll" "2/6/1948 7:09 PM" "0/73" + "CdRomAccessAgentService" "Leawo CdRom Device Access Agent Service: Allows Leawo applications without Administrator privileges to use CdRom devices" "(Verified) Shenzhen Moyea Software" "c:\program files (x86)\common files\cdagtsvc\cdagtsvc_v1.0.0_x86.exe" "10/21/2019 11:13 PM" "0/73" + "CertPropSvc" "Certificate Propagation: Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver." "(Verified) " "c:\windows\system32\certprop.dll" "7/10/1976 11:14 PM" "0/73" + "cloudidsvc" "Microsoft Cloud Identity Service: Supports integrations with Microsoft cloud identity services. If disabled, tenant restrictions will not be enforced properly." "(Verified) " "c:\windows\system32\cloudidsvc.dll" "6/11/1970 10:48 AM" "0/73" + "ConsentUxUserSvc" "ConsentUX: Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices." "(Verified) " "c:\windows\system32\consentuxclient.dll" "2/9/1989 9:29 AM" "0/73" + "CryptSvc" "Cryptographic Services: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start." "(Verified) " "c:\windows\system32\cryptsvc.dll" "1/9/1915 2:59 PM" "0/73" + "CscService" "Offline Files: The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state." "(Verified) " "c:\windows\system32\cscsvc.dll" "8/7/2003 10:03 PM" "0/73" + "DcomLaunch" "DCOM Server Process Launcher: The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running." "(Verified) " "c:\windows\system32\rpcss.dll" "8/4/1971 6:12 PM" "0/73" + "defragsvc" "Optimize drives: Helps the computer run more efficiently by optimizing files on storage drives." "(Verified) " "c:\windows\system32\defragsvc.dll" "6/8/1918 12:32 PM" "0/73" + "DeviceAssociationService" "Device Association Service: Enables pairing between the system and wired or wireless devices." "(Verified) " "c:\windows\system32\das.dll" "1/29/1908 6:14 PM" "0/73" + "DeviceInstall" "Device Install Service: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability." "(Verified) " "c:\windows\system32\umpnpmgr.dll" "11/3/1966 3:40 PM" "0/73" + "DevicePickerUserSvc" "DevicePicker: This user service is used for managing the Miracast, DLNA, and DIAL UI" "(Verified) " "c:\windows\system32\windows.devices.picker.dll" "7/3/1996 5:11 PM" "0/73" + "DevicesFlowUserSvc" "DevicesFlow: Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices." "(Verified) " "c:\windows\system32\devicesflowbroker.dll" "2/6/1962 8:19 PM" "0/70" + "DevQueryBroker" "DevQuery Background Discovery Broker: Enables apps to discover devices with a backgroud task" "(Verified) " "c:\windows\system32\devquerybroker.dll" "5/9/1933 1:56 PM" "0/73" + "Dhcp" "DHCP Client: Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start." "(Verified) " "c:\windows\system32\dhcpcore.dll" "10/30/1936 2:25 AM" "0/73" + "diagnosticshub.standardcollector.service" "Microsoft (R) Diagnostics Hub Standard Collector Service: Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them." "(Verified) " "c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe" "6/3/2033 3:25 AM" "0/73" + "diagsvc" "Diagnostic Execution Service: Executes diagnostic actions for troubleshooting support" "(Verified) " "c:\windows\system32\diagsvc.dll" "6/6/1999 8:47 PM" "0/73" + "DispBrokerDesktopSvc" "Display Policy Service: Manages the connection and configuration of local and remote displays" "(Verified) " "c:\windows\system32\dispbroker.desktop.dll" "8/1/1915 10:05 PM" "0/73" + "DisplayEnhancementService" "Display Enhancement Service: A service for managing display enhancement such as brightness control." "(Verified) " "c:\windows\system32\microsoft.graphics.display.displayenhancementservice.dll" "9/8/1916 5:41 PM" "0/73" + "DmEnrollmentSvc" "Device Management Enrollment Service: Performs Device Enrollment Activities for Device Management" "(Verified) " "c:\windows\system32\windows.internal.management.dll" "6/30/1947 4:49 PM" "0/73" + "dmwappushservice" "Device Management Wireless Application Protocol (WAP) Push message Routing Service: Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions" "(Verified) " "c:\windows\system32\dmwappushsvc.dll" "2/25/2029 5:58 AM" "0/73" + "Dnscache" "DNS Client: The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start." "(Verified) " "c:\windows\system32\dnsrslvr.dll" "6/1/2012 12:17 PM" "0/72" + "DoSvc" "Delivery Optimization: Performs content delivery optimization tasks" "(Verified) " "c:\windows\system32\dosvc.dll" "6/28/1975 5:32 PM" "0/73" + "dot3svc" "Wired AutoConfig: The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service." "(Verified) " "c:\windows\system32\dot3svc.dll" "9/24/2013 4:38 AM" "0/73" + "DPS" "Diagnostic Policy Service: The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function." "(Verified) " "c:\windows\system32\dps.dll" "5/14/1961 11:03 AM" "0/73" + "DsmSvc" "Device Setup Manager: Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly." "(Verified) " "c:\windows\system32\devicesetupmanager.dll" "4/1/1922 7:38 AM" "0/73" + "DsSvc" "Data Sharing Service: Provides data brokering between applications." "(Verified) " "c:\windows\system32\dssvc.dll" "7/29/1936 11:05 AM" "0/73" + "DusmSvc" "Data Usage: Network data usage, data limit, restrict background data, metered networks." "(Verified) " "c:\windows\system32\dusmsvc.dll" "8/19/2034 12:03 PM" "0/73" + "Eaphost" "Extensible Authentication Protocol: The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication." "(Verified) " "c:\windows\system32\eapsvc.dll" "4/13/1927 6:32 PM" "0/73" + "edgeupdate" "Microsoft Edge Update Service (edgeupdate): Keeps your Microsoft software up to date. If this service is disabled or stopped, your Microsoft software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Microsoft software using it." "(Verified) Microsoft Corporation" "c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe" "1/23/2020 5:25 PM" "0/73" + "edgeupdatem" "Microsoft Edge Update Service (edgeupdatem): Keeps your Microsoft software up to date. If this service is disabled or stopped, your Microsoft software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Microsoft software using it." "(Verified) Microsoft Corporation" "c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe" "1/23/2020 5:25 PM" "0/73" + "ekrn" "ESET Service: ESET Service" "(Verified) ESET, spol. s r.o." "c:\program files\eset\eset security\ekrn.exe" "3/15/2022 9:46 AM" "0/73" + "ekrnEpfw" "ESET Firewall Helper: ESET Service" "(Verified) ESET, spol. s r.o." "c:\program files\eset\eset security\ekrn.exe" "3/15/2022 9:46 AM" "0/73" + "embeddedmode" "Embedded Mode: The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated." "(Verified) " "c:\windows\system32\embeddedmodesvc.dll" "2/12/1956 6:31 PM" "0/73" + "EntAppSvc" "Enterprise App Management Service: Enables enterprise application management." "(Verified) " "c:\windows\system32\enterpriseappmgmtsvc.dll" "5/14/1953 2:14 AM" "0/73" + "EventLog" "Windows Event Log: This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system." "(Verified) " "c:\windows\system32\wevtsvc.dll" "11/10/1935 12:59 AM" "0/73" + "EventSystem" "COM+ Event System: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start." "(Verified) " "c:\windows\system32\es.dll" "11/1/2021 2:12 PM" "0/73" + "Fax" "Fax: Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network." "(Verified) " "c:\windows\system32\fxssvc.exe" "8/29/2007 12:41 AM" "0/73" + "fdPHost" "Function Discovery Provider Host: The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services – Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources." "(Verified) " "c:\windows\system32\fdphost.dll" "1/27/1927 2:01 PM" "0/73" + "FDResPub" "Function Discovery Resource Publication: Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network." "(Verified) " "c:\windows\system32\fdrespub.dll" "8/11/1949 6:00 PM" "0/73" + "fhsvc" "File History Service: Protects user files from accidental loss by copying them to a backup location" "(Verified) " "c:\windows\system32\fhsvc.dll" "8/22/1998 5:46 PM" "0/73" + "FontCache" "Windows Font Cache Service: Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance." "(Verified) " "c:\windows\system32\fntcache.dll" "12/19/2032 4:05 PM" "0/73" + "FontCache3.0.0.0" "Windows Presentation Foundation Font Cache 3.0.0.0: Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications." "(Verified) Microsoft Corporation" "c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe" "10/25/2019 12:32 AM" "0/73" + "FrameServer" "Windows Camera Frame Server: Enables multiple clients to access video frames from camera devices." "(Verified) " "c:\windows\system32\frameserver.dll" "1/15/2022 6:28 PM" "0/73" + "gpsvc" "Group Policy Client: The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled." "(Verified) " "c:\windows\system32\gpsvc.dll" "4/26/2026 6:54 PM" "0/73" + "GraphicsPerfSvc" "GraphicsPerfSvc: Graphics performance monitor service" "(Verified) " "c:\windows\system32\graphicsperfsvc.dll" "4/17/2029 5:33 PM" "0/73" + "hidserv" "Human Interface Device Service: Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running." "(Verified) " "c:\windows\system32\hidserv.dll" "5/2/2005 2:24 AM" "0/73" + "icssvc" "Windows Mobile Hotspot Service: Provides the ability to share a cellular data connection with another device." "(Verified) " "c:\windows\system32\tetheringservice.dll" "8/25/1935 3:17 AM" "0/73" + "IKEEXT" "IKE and AuthIP IPsec Keying Modules: The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running." "(Verified) " "c:\windows\system32\ikeext.dll" "10/13/1910 4:22 AM" "0/73" + "InstallService" "Microsoft Store Install Service: Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly." "(Verified) " "c:\windows\system32\installservice.dll" "12/2/1997 4:05 PM" "0/73" + "iphlpsvc" "IP Helper: Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer." "(Verified) " "c:\windows\system32\iphlpsvc.dll" "12/4/1989 11:51 PM" "0/73" + "IpxlatCfgSvc" "IP Translation Configuration Service: Configures and enables translation from v4 to v6 and vice versa" "(Verified) " "c:\windows\system32\ipxlatcfg.dll" "9/7/1972 8:11 AM" "0/73" + "KtmRm" "KtmRm for Distributed Transaction Coordinator: Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start." "(Verified) " "c:\windows\system32\msdtckrm.dll" "2/23/1946 5:19 AM" "0/73" + "LanmanWorkstation" "Workstation: Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start." "(Verified) " "c:\windows\system32\wkssvc.dll" "10/28/1951 11:09 AM" "0/73" + "lfsvc" "Geolocation Service: This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences." "(Verified) " "c:\windows\system32\lfsvc.dll" "11/26/1917 10:19 AM" "0/73" + "LicenseManager" "Windows License Manager Service: Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly." "(Verified) " "c:\windows\system32\licensemanagersvc.dll" "4/9/2017 6:47 AM" "0/73" + "lltdsvc" "Link-Layer Topology Discovery Mapper: Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly." "(Verified) " "c:\windows\system32\lltdsvc.dll" "11/21/1970 11:07 PM" "0/73" + "LSM" "Local Session Manager: Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability." "(Verified) " "c:\windows\system32\lsm.dll" "9/15/1966 9:18 AM" "0/73" + "LxpSvc" "Language Experience Service: Provides infrastructure support for deploying and configuring localized Windows resources. This service is started on demand and, if disabled, additional Windows languages will not be deployed to the system, and Windows may not function properly." "(Verified) " "c:\windows\system32\languageoverlayserver.dll" "4/13/1997 5:34 PM" "0/73" + "MacriumService" "Macrium Service: Provides scheduling and communication services for Macrium Reflect and associated products. This is a required service that should not be disabled or turned off." "(Verified) PARAMOUNT SOFTWARE UK LIMITED" "c:\program files\macrium\common\macriumservice.exe" "3/3/2022 2:23 PM" "0/73" + "MapsBroker" "Downloaded Maps Manager: Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps." "(Verified) " "c:\windows\system32\moshost.dll" "9/25/1990 4:07 AM" "0/73" + "Media Center 29 Service" "JRiver Media Center 29 Service: Support media functionality like infrared remote controls, etc." "(Verified) Jriver, Inc" "c:\program files\j river\media center 29\jrservice.exe" "4/28/2022 3:57 PM" "0/73" + "MessagingService" "MessagingService: Service supporting text messaging and related functionality." "(Verified) " "c:\windows\system32\messagingservice.dll" "9/30/2009 2:25 PM" "0/73" + "MicrosoftEdgeElevationService" "Microsoft Edge Elevation Service (MicrosoftEdgeElevationService): Keeps Microsoft Edge up to update. If this service is disabled, the application will not be kept up to date." "(Verified) Microsoft Corporation" "c:\program files (x86)\microsoft\edge\application\101.0.1210.32\elevation_service.exe" "4/27/2022 10:55 PM" "0/73" + "mpssvc" "Windows Defender Firewall: Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network." "(Verified) " "c:\windows\system32\mpssvc.dll" "1/4/1927 5:31 PM" "0/73" + "MSDTC" "Distributed Transaction Coordinator: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start." "(Verified) " "c:\windows\system32\msdtc.exe" "7/24/2006 12:43 PM" "0/73" + "MSiSCSI" "Microsoft iSCSI Initiator Service: Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start." "(Verified) " "c:\windows\system32\iscsiexe.dll" "6/4/1969 4:08 PM" "0/73" + "msiserver" "Windows Installer: Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start." "(Verified) " "c:\windows\system32\msiexec.exe" "8/27/1906 9:48 AM" "0/73" + "NaturalAuthentication" "Natural Authentication: Signal aggregator service, that evaluates signals based on time, network, geolocation, bluetooth and cdf factors. Supported features are Device Unlock, Dynamic Lock and Dynamo MDM policies" "(Verified) " "c:\windows\system32\naturalauth.dll" "5/1/1925 12:19 AM" "0/73" + "NcaSvc" "Network Connectivity Assistant: Provides DirectAccess status notification for UI components" "(Verified) " "c:\windows\system32\ncasvc.dll" "5/22/1944 1:33 PM" "0/73" + "NcbService" "Network Connection Broker: Brokers connections that allow Windows Store Apps to receive notifications from the internet." "(Verified) " "c:\windows\system32\ncbservice.dll" "6/26/1913 3:05 AM" "0/73" + "NcdAutoSetup" "Network Connected Devices Auto-Setup: Network Connected Devices Auto-Setup service monitors and installs qualified devices that connect to a qualified network. Stopping or disabling this service will prevent Windows from discovering and installing qualified network connected devices automatically. Users can still manually add network connected devices to a PC through the user interface." "(Verified) " "c:\windows\system32\ncdautosetup.dll" "12/16/2010 8:01 PM" "0/73" + "Netman" "Network Connections: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections." "(Verified) " "c:\windows\system32\netman.dll" "3/22/1948 2:58 PM" "0/73" + "netprofm" "Network List Service: Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change." "(Verified) " "c:\windows\system32\netprofmsvc.dll" "11/26/1941 4:18 PM" "0/73" + "NetSetupSvc" "Network Setup Service: The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled." "(Verified) " "c:\windows\system32\netsetupsvc.dll" "3/2/1985 3:13 AM" "0/73" + "NgcCtnrSvc" "Microsoft Passport Container: Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service." "(Verified) " "c:\windows\system32\ngcctnrsvc.dll" "7/2/1971 8:16 AM" "0/73" + "NgcSvc" "Microsoft Passport: Provides process isolation for cryptographic keys used to authenticate to a user’s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service." "(Verified) " "c:\windows\system32\ngcsvc.dll" "8/24/1947 9:20 PM" "0/73" + "NlaSvc" "Network Location Awareness: Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start." "(Verified) " "c:\windows\system32\nlasvc.dll" "10/1/1982 9:16 AM" "0/73" + "nsi" "Network Store Interface Service: This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start." "(Verified) " "c:\windows\system32\nsisvc.dll" "6/27/1997 1:24 AM" "0/73" + "NVDisplay.ContainerLocalSystem" "NVIDIA Display Container LS: Container service for NVIDIA root features" "(Verified) Nvidia Corporation" "c:\windows\system32\driverstore\filerepository\nvmdsig.inf_amd64_f4da10aa56f52761\display.nvcontainer\nvdisplay.container.exe" "3/1/2022 2:31 AM" "0/73" + "OneSyncSvc" "Sync Host: This service synchronizes mail, contacts, calendar and various other user data. Mail and other applications dependent on this functionality will not work properly when this service is not running." "(Verified) " "c:\windows\system32\aphostservice.dll" "1/5/1975 3:56 PM" "0/73" + "p2pimsvc" "Peer Networking Identity Manager: Provides identity services for the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services. If disabled, the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services may not function, and some applications, such as HomeGroup and Remote Assistance, may not function correctly." "(Verified) " "c:\windows\system32\pnrpsvc.dll" "11/8/1938 6:37 AM" "0/73" + "p2psvc" "Peer Networking Grouping: Enables multi-party communication using Peer-to-Peer Grouping. If disabled, some applications, such as HomeGroup, may not function." "(Verified) " "c:\windows\system32\p2psvc.dll" "8/16/1906 12:07 AM" "0/73" + "PeerDistSvc" "BranchCache: This service caches network content from peers on the local subnet." "(Verified) " "c:\windows\system32\peerdistsvc.dll" "10/1/1921 5:41 PM" "0/73" + "perceptionsimulation" "Windows Perception Simulation Service: Enables spatial perception simulation, virtual camera management and spatial input simulation." "(Verified) " "c:\windows\system32\perceptionsimulation\perceptionsimulationservice.exe" "2/26/1941 3:34 PM" "0/73" + "PerfHost" "Performance Counter DLL Host: Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs." "(Verified) " "c:\windows\syswow64\perfhost.exe" "12/20/1915 4:54 AM" "0/73" + "PhoneSvc" "Phone Service: Manages the telephony state on the device" "(Verified) " "c:\windows\system32\phoneservice.dll" "4/10/1985 12:42 AM" "1/73" + "PIEServiceNew" "Intel® PROSet/Wireless Service: This service is part of the Intel® PROSet/Wireless WiFi Software" "(Verified) Intel(R) Wireless Connectivity Solutions" "c:\windows\system32\driverstore\filerepository\piecomponent.inf_amd64_16c0b30f7916739a\intel_pie_service.exe" "1/29/2020 1:34 PM" "0/71" + "PimIndexMaintenanceSvc" "Contact Data: Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results." "(Verified) " "c:\windows\system32\pimindexmaintenance.dll" "1/14/1998 11:53 AM" "0/73" + "pla" "Performance Logs & Alerts: Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start." "(Verified) " "c:\windows\system32\pla.dll" "10/7/1927 6:46 PM" "0/70" + "PlugPlay" "Plug and Play: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability." "(Verified) " "c:\windows\system32\umpnpmgr.dll" "11/3/1966 3:40 PM" "0/73" + "PNRPAutoReg" "PNRP Machine Name Publication Service: This service publishes a machine name using the Peer Name Resolution Protocol. Configuration is managed via the netsh context 'p2p pnrp peer' " "(Verified) " "c:\windows\system32\pnrpauto.dll" "10/30/1904 5:27 PM" "0/73" + "PNRPsvc" "Peer Name Resolution Protocol: Enables serverless peer name resolution over the Internet using the Peer Name Resolution Protocol (PNRP). If disabled, some peer-to-peer and collaborative applications, such as Remote Assistance, may not function." "(Verified) " "c:\windows\system32\pnrpsvc.dll" "11/8/1938 6:37 AM" "0/73" + "Power" "Power: Manages power policy and power policy notification delivery." "(Verified) " "c:\windows\system32\umpo.dll" "2/3/1910 8:38 PM" "0/73" + "PrintNotify" "Printer Extensions and Notifications: This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won’t be able to see printer extensions or notifications." "(Verified) " "c:\windows\system32\spool\drivers\x64\3\printconfig.dll" "9/8/1948 1:48 PM" "0/73" + "PrintWorkflowUserSvc" "PrintWorkflow: Provides support for Print Workflow applications. If you turn off this service, you may not be able to print successfully." "(Verified) " "c:\windows\system32\printworkflowservice.dll" "10/8/2016 2:00 PM" "0/73" + "ProfSvc" "User Profile Service: This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them." "(Verified) " "c:\windows\system32\profsvc.dll" "1/31/1904 9:06 PM" "0/73" + "PushToInstall" "Windows PushToInstall Service: Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly." "(Verified) " "c:\windows\system32\pushtoinstall.dll" "1/1/2024 8:55 AM" "1/73" + "QWAVE" "Quality Windows Audio Video Experience: Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization." "(Verified) " "c:\windows\system32\qwave.dll" "4/26/1982 8:46 AM" "0/73" + "RasAuto" "Remote Access Auto Connection Manager: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address." "(Verified) " "c:\windows\system32\rasauto.dll" "1/27/1974 9:37 PM" "0/73" + "RasMan" "Remote Access Connection Manager: Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start." "(Verified) " "c:\windows\system32\rasmans.dll" "2/8/1942 4:53 PM" "1/73" + "Razer Chroma SDK Server" "Razer Chroma SDK Server: Razer Chroma SDK web interface" "(Verified) Razer USA Ltd." "c:\program files (x86)\razer chroma sdk\bin\rzsdkserver.exe" "7/15/2019 4:53 AM" "0/73" + "Razer Chroma SDK Service" "Razer Chroma SDK Service: Provides access to Razer hardware for applications using Razer SDK" "(Verified) Razer USA Ltd." "c:\program files (x86)\razer chroma sdk\bin\rzsdkservice.exe" "3/7/2018 10:16 PM" "1/73" + "RetailDemo" "Retail Demo Service: The Retail Demo service controls device activity while the device is in retail demo mode." "(Verified) " "c:\windows\system32\rdxservice.dll" "6/7/1994 9:30 PM" "0/73" + "RmSvc" "Radio Management Service: Radio Management and Airplane Mode Service" "(Verified) " "c:\windows\system32\rmapi.dll" "9/24/1948 6:04 PM" "0/73" + "RpcEptMapper" "RPC Endpoint Mapper: Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly." "(Verified) " "c:\windows\system32\rpcepmap.dll" "4/29/1907 4:58 PM" "0/73" + "RpcLocator" "Remote Procedure Call (RPC) Locator: In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility." "(Verified) " "c:\windows\system32\locator.exe" "3/14/1948 12:36 AM" "0/73" + "RpcSs" "Remote Procedure Call (RPC): The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running." "(Verified) " "c:\windows\system32\rpcss.dll" "8/4/1971 6:12 PM" "0/73" + "RtkAudioUniversalService" "Realtek Audio Universal Service: Realtek Audio Universal Service" "(Verified) Realtek Semiconductor Corp." "c:\windows\system32\driverstore\filerepository\realtekservice.inf_amd64_0df2f655a6bd4669\rtkauduservice64.exe" "3/7/2022 6:35 AM" "0/73" + "SCardSvr" "Smart Card: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start." "(Verified) " "c:\windows\system32\scardsvr.dll" "1/13/1946 10:10 AM" "0/73" + "ScDeviceEnum" "Smart Card Device Enumeration Service: Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers." "(Verified) " "c:\windows\system32\scdeviceenum.dll" "4/28/1979 12:04 AM" "0/73" + "Schedule" "Task Scheduler: Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start." "(Verified) " "c:\windows\system32\schedsvc.dll" "2/10/1918 10:32 PM" "1/73" + "SCPolicySvc" "Smart Card Removal Policy: Allows the system to be configured to lock the user desktop upon smart card removal." "(Verified) " "c:\windows\system32\certprop.dll" "7/10/1976 11:14 PM" "0/73" + "SDRSVC" "Windows Backup: Provides Windows Backup and Restore capabilities." "(Verified) " "c:\windows\system32\sdrsvc.dll" "5/5/2035 7:24 AM" "0/73" + "seclogon" "Secondary Logon: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start." "(Verified) " "c:\windows\system32\seclogon.dll" "9/26/2012 4:59 AM" "0/73" + "SEMgrSvc" "Payments and NFC/SE Manager: Manages payments and Near Field Communication (NFC) based secure elements." "(Verified) " "c:\windows\system32\semgrsvc.dll" "1/7/1965 3:20 PM" "0/73" + "SENS" "System Event Notification Service: Monitors system events and notifies subscribers to COM+ Event System of these events." "(Verified) " "c:\windows\system32\sens.dll" "9/2/1923 11:22 AM" "0/73" + "SensorDataService" "Sensor Data Service: Delivers data from a variety of sensors" "(Verified) " "c:\windows\system32\sensordataservice.exe" "8/14/1912 4:25 PM" "0/73" + "SensorService" "Sensor Service: A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped." "(Verified) " "c:\windows\system32\sensorservice.dll" "4/22/2029 7:17 PM" "0/73" + "SensrSvc" "Sensor Monitoring Service: Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well." "(Verified) " "c:\windows\system32\sensrsvc.dll" "8/15/2000 6:39 PM" "0/73" + "SessionEnv" "Remote Desktop Configuration: Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates." "(Verified) " "c:\windows\system32\sessenv.dll" "5/12/1946 7:02 PM" "0/73" + "SharedAccess" "Internet Connection Sharing (ICS): Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network." "(Verified) " "c:\windows\system32\ipnathlp.dll" "8/12/1903 2:17 PM" "0/73" + "SharedRealitySvc" "Spatial Data Service: This service is used for Spatial Perception scenarios" "(Verified) " "c:\windows\system32\sharedrealitysvc.dll" "4/5/1988 8:12 AM" "0/73" + "ShellHWDetection" "Shell Hardware Detection: Provides notifications for AutoPlay hardware events." "(Verified) " "c:\windows\system32\shsvcs.dll" "7/26/1993 1:59 AM" "0/73" + "SmsRouter" "Microsoft Windows SMS Router Service.: Routes messages based on rules to appropriate clients." "(Verified) " "c:\windows\system32\smsroutersvc.dll" "4/7/1956 7:28 PM" "0/73" + "SNMPTRAP" "SNMP Trap: Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start." "(Verified) " "c:\windows\system32\snmptrap.exe" "1/25/1984 12:21 PM" "0/73" + "spectrum" "Windows Perception Service: Enables spatial perception, spatial input, and holographic rendering." "(Verified) " "c:\windows\system32\spectrum.exe" "9/26/1970 4:43 PM" "0/73" + "Spooler" "Print Spooler: This service spools print jobs and handles interaction with the printer. If you turn off this service, you won’t be able to print or see your printers." "(Verified) " "c:\windows\system32\spoolsv.exe" "1/13/1974 6:10 PM" "0/73" + "SstpSvc" "Secure Socket Tunneling Protocol Service: Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers." "(Verified) " "c:\windows\system32\sstpsvc.dll" "12/10/2024 10:08 AM" "0/73" + "stisvc" "Windows Image Acquisition (WIA): Provides image acquisition services for scanners and cameras" "(Verified) " "c:\windows\system32\wiaservc.dll" "8/17/1937 11:37 PM" "0/73" + "StorSvc" "Storage Service: Provides enabling services for storage settings and external storage expansion" "(Verified) " "c:\windows\system32\storsvc.dll" "7/31/1987 1:38 PM" "0/73" + "svsvc" "Spot Verifier: Verifies potential file system corruptions." "(Verified) " "c:\windows\system32\svsvc.dll" "3/22/1941 9:14 AM" "0/73" + "swprv" "Microsoft Software Shadow Copy Provider: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start." "(Verified) " "c:\windows\system32\swprv.dll" "7/9/1919 12:48 PM" "0/73" + "SystemEventsBroker" "System Events Broker: Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered." "(Verified) " "c:\windows\system32\systemeventsbrokerserver.dll" "10/11/1994 5:02 AM" "0/73" + "TapiSrv" "Telephony: Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service." "(Verified) " "c:\windows\system32\tapisrv.dll" "7/10/1980 4:57 PM" "0/73" + "TermService" "Remote Desktop Services: Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item." "(Verified) " "c:\windows\system32\termsrv.dll" "2/4/1996 10:01 PM" "0/73" + "Themes" "Themes: Provides user experience theme management." "(Verified) " "c:\windows\system32\themeservice.dll" "6/13/1976 7:33 AM" "0/73" + "TieringEngineService" "Storage Tiers Management: Optimizes the placement of data in storage tiers on all tiered storage spaces in the system." "(Verified) " "c:\windows\system32\tieringengineservice.exe" "8/28/1929 12:21 PM" "0/73" + "TimeBrokerSvc" "Time Broker: Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered." "(Verified) " "c:\windows\system32\timebrokerserver.dll" "11/25/1989 8:47 AM" "0/73" + "TokenBroker" "Web Account Manager: This service is used by Web Account Manager to provide single-sign-on to apps and services." "(Verified) " "c:\windows\system32\tokenbroker.dll" "7/11/2015 10:22 PM" "0/73" + "TroubleshootingSvc" "Recommended Troubleshooting Service: Enables automatic mitigation for known problems by applying recommended troubleshooting. If stopped, your device will not get recommended troubleshooting for problems on your device." "(Verified) " "c:\windows\system32\mitigationclient.dll" "10/22/1989 1:02 PM" "0/73" + "tzautoupdate" "Auto Time Zone Updater: Automatically sets the system time zone." "(Verified) " "c:\windows\system32\tzautoupdate.dll" "4/1/1986 9:40 PM" "0/73" + "UdkUserSvc" "Udk User Service: Shell components service" "(Verified) " "c:\windows\system32\windowsudk.shellcommon.dll" "12/9/1987 4:41 PM" "0/73" + "UmRdpService" "Remote Desktop Services UserMode Port Redirector: Allows the redirection of Printers/Drives/Ports for RDP connections" "(Verified) " "c:\windows\system32\umrdp.dll" "12/29/2006 4:09 PM" "0/73" + "UnistoreSvc" "User Data Storage: Handles storage of structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly." "(Verified) " "c:\windows\system32\unistore.dll" "12/18/2004 9:21 AM" "0/73" + "upnphost" "UPnP Device Host: Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start." "(Verified) " "c:\windows\system32\upnphost.dll" "4/19/1923 1:36 PM" "0/73" + "UserDataSvc" "User Data Access: Provides apps access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly." "(Verified) " "c:\windows\system32\userdataservice.dll" "6/1/1962 4:59 AM" "0/73" + "UserManager" "User Manager: User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly." "(Verified) " "c:\windows\system32\usermgr.dll" "3/11/1939 3:36 AM" "0/73" + "UsoSvc" "Update Orchestrator Service: Manages Windows Updates. If stopped, your devices will not be able to download and install the latest updates." "(Verified) " "c:\windows\system32\usosvc.dll" "9/10/2004 11:21 PM" "0/68" + "vds" "Virtual Disk: Provides management services for disks, volumes, file systems, and storage arrays." "(Verified) " "c:\windows\system32\vds.exe" "10/27/1927 7:42 AM" "0/73" + "vmicrdv" "Hyper-V Remote Desktop Virtualization Service: Provides a platform for communication between the virtual machine and the operating system running on the physical computer." "(Verified) " "c:\windows\system32\icsvcext.dll" "5/26/2030 8:37 AM" "0/73" + "vmicvss" "Hyper-V Volume Shadow Copy Requestor: Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer." "(Verified) " "c:\windows\system32\icsvcext.dll" "5/26/2030 8:37 AM" "0/73" + "VSS" "Volume Shadow Copy: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start." "(Verified) " "c:\windows\system32\vssvc.exe" "2/17/1994 10:34 AM" "0/70" + "W32Time" "Windows Time: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start." "(Verified) " "c:\windows\system32\w32time.dll" "10/30/1954 5:41 AM" "0/73" + "WaaSMedicSvc" "Windows Update Medic Service: Enables remediation and protection of Windows Update components." "(Verified) " "c:\windows\system32\waasmedicsvc.dll" "11/19/1997 8:25 PM" "0/73" + "WalletService" "WalletService: Hosts objects used by clients of the wallet" "(Verified) " "c:\windows\system32\walletservice.dll" "9/13/1925 12:37 AM" "0/73" + "WarpJITSvc" "WarpJITSvc: Provides a JIT out of process service for WARP when running with ACG enabled." "(Verified) " "c:\windows\system32\windows.warp.jitservice.dll" "9/8/1906 5:01 AM" "0/73" + "wbengine" "Block Level Backup Engine Service: The WBENGINE service is used by Windows Backup to perform backup and recovery operations. If this service is stopped by a user, it may cause the currently running backup or recovery operation to fail. Disabling this service may disable backup and recovery operations using Windows Backup on this computer." "(Verified) " "c:\windows\system32\wbengine.exe" "6/8/1982 11:31 AM" "0/73" + "WbioSrvc" "Windows Biometric Service: The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process." "(Verified) " "c:\windows\system32\wbiosrvc.dll" "10/11/1965 11:52 PM" "0/73" + "Wcmsvc" "Windows Connection Manager: Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings." "(Verified) " "c:\windows\system32\wcmsvc.dll" "9/24/1937 8:27 AM" "0/73" + "wcncsvc" "Windows Connect Now - Config Registrar: WCNCSVC hosts the Windows Connect Now Configuration which is Microsoft's Implementation of Wireless Protected Setup (WPS) protocol. This is used to configure Wireless LAN settings for an Access Point (AP) or a Wireless Device. The service is started programmatically as needed." "(Verified) " "c:\windows\system32\wcncsvc.dll" "6/26/1987 6:41 AM" "0/73" + "WdiServiceHost" "Diagnostic Service Host: The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function." "(Verified) " "c:\windows\system32\wdi.dll" "1/16/1962 6:33 PM" "0/73" + "WdiSystemHost" "Diagnostic System Host: The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function." "(Verified) " "c:\windows\system32\wdi.dll" "1/16/1962 6:33 PM" "0/73" + "WebClient" "WebClient: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start." "(Verified) " "c:\windows\system32\webclnt.dll" "10/6/1977 6:34 AM" "0/73" + "Wecsvc" "Windows Event Collector: This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted." "(Verified) " "c:\windows\system32\wecsvc.dll" "7/7/1983 5:29 PM" "0/73" + "WEPHOSTSVC" "Windows Encryption Provider Host Service: Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts" "(Verified) " "c:\windows\system32\wephostsvc.dll" "11/11/1932 2:22 AM" "0/73" + "wercplsupport" "Problem Reports Control Panel Support: This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports control panel." "(Verified) " "c:\windows\system32\wercplsupport.dll" "9/8/1939 3:54 AM" "0/73" + "WerSvc" "Windows Error Reporting Service: Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed." "(Verified) " "c:\windows\system32\wersvc.dll" "7/4/1976 10:58 AM" "0/73" + "WFDSConMgrSvc" "Wi-Fi Direct Services Connection Manager Service: Manages connections to wireless services, including wireless display and docking." "(Verified) " "c:\windows\system32\wfdsconmgrsvc.dll" "6/17/1983 4:04 AM" "0/72" + "WiaRpc" "Still Image Acquisition Events: Launches applications associated with still image acquisition events." "(Verified) " "c:\windows\system32\wiarpc.dll" "12/11/2011 11:01 AM" "0/73" + "Winmgmt" "Windows Management Instrumentation: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start." "(Verified) " "c:\windows\system32\wbem\wmisvc.dll" "1/21/1983 10:12 PM" "0/73" + "WinRM" "Windows Remote Management (WS-Management): Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix." "(Verified) " "c:\windows\system32\wsmsvc.dll" "1/22/1999 4:42 PM" "0/73" + "WlanSvc" "WLAN AutoConfig: The WLANSVC service provides the logic required to configure, discover, connect to, and disconnect from a wireless local area network (WLAN) as defined by IEEE 802.11 standards. It also contains the logic to turn your computer into a software access point so that other devices or computers can connect to your computer wirelessly using a WLAN adapter that can support this. Stopping or disabling the WLANSVC service will make all WLAN adapters on your computer inaccessible from the Windows networking UI. It is strongly recommended that you have the WLANSVC service running if your computer has a WLAN adapter." "(Verified) " "c:\windows\system32\wlansvc.dll" "12/6/2014 9:30 PM" "0/73" + "wlidsvc" "Microsoft Account Sign-in Assistant: Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account." "(Verified) " "c:\windows\system32\wlidsvc.dll" "12/4/1953 1:45 AM" "0/73" + "wlpasvc" "Local Profile Assistant Service: This service provides profile management for subscriber identity modules" "(Verified) " "c:\windows\system32\lpasvc.dll" "9/11/2007 2:23 PM" "0/72" + "WManSvc" "Windows Management Service: Performs management including Provisioning and Enrollment activities" "(Verified) " "c:\windows\system32\windows.management.service.dll" "8/4/1997 6:52 PM" "1/73" + "wmiApSrv" "WMI Performance Adapter: Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated." "(Verified) " "c:\windows\system32\wbem\wmiapsrv.exe" "9/1/1994 5:27 PM" "0/73" + "WpcMonSvc" "Parental Controls: Enforces parental controls for child accounts in Windows. If this service is stopped or disabled, parental controls may not be enforced." "(Verified) " "c:\windows\system32\wpcdesktopmonsvc.dll" "1/15/2033 6:27 AM" "0/73" + "WPDBusEnum" "Portable Device Enumerator Service: Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices." "(Verified) " "c:\windows\system32\wpdbusenum.dll" "7/30/2026 2:28 PM" "0/73" + "WpnService" "Windows Push Notifications System Service: This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server." "(Verified) " "c:\windows\system32\wpnservice.dll" "6/4/2026 5:19 AM" "0/73" + "WpnUserService" "Windows Push Notifications User Service: This service hosts Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw." "(Verified) " "c:\windows\system32\wpnuserservice.dll" "2/5/1925 11:02 AM" "0/73" + "wuauserv" "Windows Update: Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API." "(Verified) " "c:\windows\system32\wuaueng.dll" "8/27/1959 7:32 AM" "0/73" + "WwanSvc" "WWAN AutoConfig: This service manages mobile broadband (GSM & CDMA) data card/embedded module adapters and connections by auto-configuring the networks. It is strongly recommended that this service be kept running for best user experience of mobile broadband devices." "(Verified) " "c:\windows\system32\wwansvc.dll" "1/10/1948 7:00 AM" "0/73" + "XblAuthManager" "Xbox Live Auth Manager: Provides authentication and authorization services for interacting with Xbox Live. If this service is stopped, some applications may not operate correctly." "(Verified) " "c:\windows\system32\xblauthmanager.dll" "4/18/1936 8:27 AM" "0/73" + "XblGameSave" "Xbox Live Game Save: This service syncs save data for Xbox Live save enabled games. If this service is stopped, game save data will not upload to or download from Xbox Live." "(Verified) " "c:\windows\system32\xblgamesave.dll" "10/12/1976 9:14 AM" "0/73" + "XboxGipSvc" "Xbox Accessory Management Service: This service manages connected Xbox Accessories." "(Verified) " "c:\windows\system32\xboxgipsvc.dll" "4/18/1912 4:07 PM" "0/73" + "XboxNetApiSvc" "Xbox Live Networking Service: This service supports the Windows.Networking.XboxLive application programming interface." "(Verified) " "c:\windows\system32\xboxnetapisvc.dll" "6/22/2019 12:24 PM" "0/73" "HKLM\System\CurrentControlSet\Services" "" "" "" "5/2/2022 6:09 PM" "" + "1394ohci" "1394 OHCI Compliant Host Controller: 1394 OpenHCI Driver" "(Verified) " "c:\windows\system32\drivers\1394ohci.sys" "10/2/1935 6:55 PM" "0/73" + "AcpiDev" "ACPI Devices driver: ACPI Devices Driver" "(Verified) " "c:\windows\system32\drivers\acpidev.sys" "12/31/1937 4:04 PM" "0/73" + "acpipagr" "ACPI Processor Aggregator Driver: ACPI Processor Aggregator Device Driver" "(Verified) " "c:\windows\system32\drivers\acpipagr.sys" "11/17/1974 3:13 PM" "0/73" + "AcpiPmi" "ACPI Power Meter Driver: ACPI Power Metering Driver" "(Verified) " "c:\windows\system32\drivers\acpipmi.sys" "11/21/1937 8:26 AM" "0/73" + "acpitime" "ACPI Wake Alarm Driver: ACPI Wake Alarm" "(Verified) " "c:\windows\system32\drivers\acpitime.sys" "7/8/1933 11:36 AM" "0/73" + "Acx01000" "Acx01000: Audio KMDF Class Extension" "(Verified) " "c:\windows\system32\drivers\acx01000.sys" "1/21/1990 6:47 AM" "0/73" + "afunix" "afunix: AF_UNIX socket provider" "(Verified) " "c:\windows\system32\drivers\afunix.sys" "6/16/1979 3:13 AM" "0/73" + "ahcache" "Application Compatibility Cache: Cache Compatibility Data and Attributes for Individual PE File" "(Verified) " "c:\windows\system32\drivers\ahcache.sys" "2/14/1987 8:13 AM" "0/73" + "AIDA64Driver" "FinalWire AIDA64 Kernel Driver: " "(Verified) FinalWire Kft." "c:\program files (x86)\aida64\kerneld.x64" "3/25/2021 4:30 PM" "0/73" + "amdgpio2" "AMD GPIO Client Driver: AMD GPIO Controller Driver" "(Verified) Advanced Micro Devices INC." "c:\windows\system32\drivers\amdgpio2.sys" "3/11/2020 7:15 AM" "0/73" + "amdi2c" "AMD I2C Controller Service: AMD I2C Controller Driver" "(Verified) " "c:\windows\system32\drivers\amdi2c.sys" "3/20/2019 12:57 AM" "0/73" + "amdkmpfd" "AMD PCI Root Bus Lower Filter: AMD PCI Root Bus Lower Filter" "(Verified) Advanced Micro Devices, Inc." "c:\windows\system32\drivers\amdkmpfd.sys" "11/6/2020 4:02 PM" "0/74" + "AMDPCIDev" "AMD PCI: AMD PCI Device driver" "(Verified) Advanced Micro Devices Inc." "c:\windows\system32\drivers\amdpcidev.sys" "2/16/2022 2:06 AM" "0/73" + "amdpsp" "AMD PSP Service: amdpsp sys" "(Verified) Advanced Micro Devices Inc." "c:\windows\system32\drivers\amdpsp.sys" "1/26/2022 6:34 PM" "0/73" + "applockerfltr" "Smartlocker Filter Driver: Identifies files created by authorized installers." "(Verified) " "c:\windows\system32\drivers\applockerfltr.sys" "1/7/1969 10:48 PM" "0/73" + "AsyncMac" "RAS Asynchronous Media Driver: RAS Asynchronous Media Driver" "(Verified) " "c:\windows\system32\drivers\asyncmac.sys" "2/6/1931 6:33 PM" "0/73" + "BasicDisplay" "BasicDisplay: Microsoft Basic Display Driver" "(Verified) " "c:\windows\system32\driverstore\filerepository\basicdisplay.inf_amd64_65ab9a260dbf7467\basicdisplay.sys" "4/7/1923 5:25 AM" "0/73" + "BasicRender" "BasicRender: Microsoft Basic Render Driver" "(Verified) " "c:\windows\system32\driverstore\filerepository\basicrender.inf_amd64_df49c4daa6251397\basicrender.sys" "7/7/2009 12:06 AM" "0/73" + "bcmfn2" "bcmfn2 Service: BCM Function 2 Device Driver" "(Verified) " "c:\windows\system32\drivers\bcmfn2.sys" "10/31/2016 10:09 PM" "0/73" + "Beep" "Beep: BEEP Driver" "(Verified) " "c:\windows\system32\drivers\beep.sys" "6/22/1955 2:58 PM" "0/72" + "bowser" "Browser: NT Lan Manager Datagram Receiver Driver" "(Verified) " "c:\windows\system32\drivers\bowser.sys" "10/1/1922 3:39 PM" "0/73" + "BthA2dp" "Microsoft Bluetooth A2dp driver: Bluetooth A2DP Driver" "(Verified) " "c:\windows\system32\drivers\btha2dp.sys" "11/8/1978 7:32 PM" "0/73" + "BthEnum" "Bluetooth Enumerator Service: Bluetooth Bus Extender" "(Verified) " "c:\windows\system32\drivers\bthenum.sys" "6/22/1965 1:22 PM" "0/73" + "BthHFAud" "Microsoft Bluetooth Hands-Free Audio driver: Bluetooth Hands-free Audio Device Driver" "(Verified) " "c:\windows\system32\drivers\bthhfaud.sys" "5/2/2022 12:07 PM" "0/73" + "BthHFEnum" "Microsoft Bluetooth Hands-Free Profile driver: Bluetooth Hands-Free Audio and Call Control HID Enumerator" "(Verified) " "c:\windows\system32\drivers\bthhfenum.sys" "11/11/1967 7:09 PM" "0/73" + "BthLEEnum" "Bluetooth Low Energy Driver: Legacy Bluetooth LE Bus Enumerator" "(Verified) " "c:\windows\system32\drivers\microsoft.bluetooth.legacy.leenumerator.sys" "5/16/1960 2:57 PM" "0/73" + "BthMini" "Bluetooth Radio Driver: Bluetooth Transport Extensibility Miniport Driver" "(Verified) " "c:\windows\system32\drivers\bthmini.sys" "9/11/2031 5:30 AM" "0/73" + "BTHMODEM" "Bluetooth Modem Communications Driver: Bluetooth Communications Driver" "(Verified) " "c:\windows\system32\drivers\bthmodem.sys" "8/20/1996 9:33 AM" "0/73" + "BthPan" "Bluetooth Device (Personal Area Network): Bluetooth Device (Personal Area Network)" "(Verified) " "c:\windows\system32\drivers\bthpan.sys" "2/13/1951 8:46 AM" "0/73" + "BTHPORT" "Bluetooth Port Driver: Bluetooth Bus Driver" "(Verified) " "c:\windows\system32\drivers\bthport.sys" "2/2/2031 10:26 PM" "0/73" + "BTHUSB" "Bluetooth Radio USB Driver: Bluetooth Miniport Driver" "(Verified) " "c:\windows\system32\drivers\bthusb.sys" "5/3/2002 3:44 PM" "0/73" + "buttonconverter" "Service for Portable Device Control devices: Button Converter Driver" "(Verified) " "c:\windows\system32\drivers\buttonconverter.sys" "10/2/2035 7:06 PM" "0/73" + "cdrom" "CD-ROM Driver: SCSI CD-ROM Driver" "(Verified) " "c:\windows\system32\drivers\cdrom.sys" "6/3/2017 1:32 PM" "0/72" + "CimFS" "CimFS: " "(Verified) " "c:\windows\system32\drivers\cimfs.sys" "10/3/2015 2:48 AM" "0/73" + "circlass" "Consumer IR Devices: Consumer IR Class Driver for eHome" "(Verified) " "c:\windows\system32\drivers\circlass.sys" "5/16/1904 5:46 PM" "0/73" + "CldFlt" "Windows Cloud Files Filter Driver: Cloud Files Mini Filter Driver" "(Verified) " "c:\windows\system32\drivers\cldflt.sys" "1/4/2032 4:15 AM" "0/73" + "CmBatt" "Microsoft ACPI Control Method Battery Driver: Control Method Battery Driver" "(Verified) " "c:\windows\system32\drivers\cmbatt.sys" "4/14/2033 1:41 PM" "0/73" + "CompositeBus" "Composite Bus Enumerator Driver: Multi-Transport Composite Bus Enumerator" "(Verified) " "c:\windows\system32\driverstore\filerepository\compositebus.inf_amd64_7500cffa210c6946\compositebus.sys" "10/28/2026 4:32 AM" "0/74" + "CSC" "Offline Files Driver: Allows network files to be used while the local computer is offline." "(Verified) " "c:\windows\system32\drivers\csc.sys" "4/27/1943 10:34 PM" "0/73" + "Dfsc" "DFS Namespace Client Driver: Client driver for access to DFS Namespaces" "(Verified) " "c:\windows\system32\drivers\dfsc.sys" "6/8/2020 9:33 AM" "0/73" + "e1rexpress" "Intel(R) PCI Express Network Connection Driver R: Intel(R) Gigabit Adapter NDIS 6.x driver" "(Verified) INTELEPGSW2022" "c:\windows\system32\drivers\e1r68x64.sys" "2/23/2021 9:42 AM" "0/72" + "eamonm" "eamonm: Eset file on-access scanner" "(Verified) ESET, spol. s r.o." "c:\windows\system32\drivers\eamonm.sys" "2/17/2022 6:12 AM" "0/73" + "edevmon" "edevmon: Eset device blocker" "(Verified) ESET, spol. s r.o." "c:\windows\system32\drivers\edevmon.sys" "2/17/2022 6:12 AM" "0/73" + "ehdrv" "ehdrv: Eset Helper driver" "(Verified) ESET, spol. s r.o." "c:\windows\system32\drivers\ehdrv.sys" "2/17/2022 6:12 AM" "0/73" + "epfw" "epfw: EPFW Filter Driver" "(Verified) ESET, spol. s r.o." "c:\windows\system32\drivers\epfw.sys" "2/17/2022 6:12 AM" "0/73" + "epfwwfp" "epfwwfp: EPFW Filter Driver" "(Verified) ESET, spol. s r.o." "c:\windows\system32\drivers\epfwwfp.sys" "2/17/2022 6:12 AM" "0/73" + "ErrDev" "Microsoft Hardware Error Device Driver: Error Device Driver" "(Verified) " "c:\windows\system32\drivers\errdev.sys" "9/25/2023 5:48 PM" "0/73" + "fdc" "Floppy Disk Controller Driver: Floppy Disk Controller Driver" "(Verified) " "c:\windows\system32\drivers\fdc.sys" "11/23/1930 11:36 AM" "0/73" + "FileCrypt" "FileCrypt: Windows sandboxing and encryption filter." "(Verified) " "c:\windows\system32\drivers\filecrypt.sys" "3/1/2002 7:12 AM" "0/73" + "Filetrace" "Filetrace: ETW File Trace Filter" "(Verified) " "c:\windows\system32\drivers\filetrace.sys" "1/4/2025 4:02 PM" "0/73" + "flpydisk" "Floppy Disk Driver: Floppy Driver" "(Verified) " "c:\windows\system32\drivers\flpydisk.sys" "3/5/1951 1:30 AM" "0/73" + "gdrv2" "gdrv2: GIGA-BYTE NonPnP Driver" "(Verified) GIGA-BYTE Technology Co., Ltd." "c:\windows\gdrv2.sys" "4/15/2019 3:45 AM" "0/73" + "genericusbfn" "Generic USB Function Class: Generic USB Function Class Driver" "(Verified) " "c:\windows\system32\driverstore\filerepository\genericusbfn.inf_amd64_53931f0ae21d6d2c\genericusbfn.sys" "7/15/1976 6:12 AM" "0/73" + "GpuEnergyDrv" "GPU Energy Driver: Computes energy consumed by GPU" "(Verified) " "c:\windows\system32\drivers\gpuenergydrv.sys" "1/19/1962 5:39 AM" "0/73" + "HdAudAddService" "Microsoft 1.1 UAA Function Driver for High Definition Audio Service: High Definition Audio Function Driver" "(Verified) " "c:\windows\system32\drivers\hdaudio.sys" "9/14/2022 12:09 PM" "0/73" + "HDAudBus" "Microsoft UAA Bus Driver for High Definition Audio: High Definition Audio Bus Driver" "(Verified) " "c:\windows\system32\drivers\hdaudbus.sys" "8/12/1920 12:40 PM" "0/73" + "HidBth" "Microsoft Bluetooth HID Miniport: Bluetooth Miniport Driver for HID Devices" "(Verified) " "c:\windows\system32\drivers\hidbth.sys" "12/20/1918 5:06 AM" "0/70" + "hidi2c" "Microsoft I2C HID Miniport Driver: I2C HID Miniport Driver" "(Verified) " "c:\windows\system32\drivers\hidi2c.sys" "12/27/2033 1:03 PM" "0/73" + "HidIr" "Microsoft Infrared HID Driver: Infrared Miniport Driver for Input Devices" "(Verified) " "c:\windows\system32\drivers\hidir.sys" "3/6/1989 1:42 AM" "0/73" + "hidspi" "Microsoft SPI HID Miniport Driver: SPI HID Miniport Driver" "(Verified) " "c:\windows\system32\drivers\hidspi.sys" "7/16/1938 1:18 AM" "0/73" + "HidUsb" "Microsoft HID Class Driver: USB Miniport Driver for Input Devices" "(Verified) " "c:\windows\system32\drivers\hidusb.sys" "5/20/1984 3:02 PM" "0/73" + "HwNClx0101" "Microsoft Hardware Notifications Class Extension Driver: Hardware Notification Class Extension Driver" "(Verified) " "c:\windows\system32\drivers\mshwnclx.sys" "7/26/1939 10:07 AM" "0/73" + "i8042prt" "i8042 Keyboard and PS/2 Mouse Port Driver: i8042 Port Driver" "(Verified) " "c:\windows\system32\drivers\i8042prt.sys" "4/4/2013 3:16 AM" "0/72" + "iagpio" "Intel Serial IO GPIO Controller Driver: Intel(R) Serial IO GPIO Controller Driver" "(Verified) " "c:\windows\system32\drivers\iagpio.sys" "7/23/2018 5:04 AM" "0/73" + "iai2c" "Intel(R) Serial IO I2C Host Controller: Intel(R) Serial IO I2C Driver" "(Verified) " "c:\windows\system32\drivers\iai2c.sys" "7/23/2018 5:04 AM" "0/74" + "iaLPSS2i_GPIO2" "Intel(R) Serial IO GPIO Driver v2: Intel(R) Serial IO GPIO Driver v2" "(Verified) " "c:\windows\system32\drivers\ialpss2i_gpio2.sys" "4/19/2018 3:53 AM" "0/73" + "iaLPSS2i_GPIO2_BXT_P" "Intel(R) Serial IO GPIO Driver v2: Intel(R) Serial IO GPIO Driver v2" "(Verified) " "c:\windows\system32\drivers\ialpss2i_gpio2_bxt_p.sys" "4/17/2018 5:25 AM" "0/72" + "iaLPSS2i_GPIO2_CNL" "Intel(R) Serial IO GPIO Driver v2: Intel(R) Serial IO GPIO Driver v2" "(Verified) " "c:\windows\system32\drivers\ialpss2i_gpio2_cnl.sys" "4/17/2018 3:07 AM" "0/73" + "iaLPSS2i_GPIO2_GLK" "Intel(R) Serial IO GPIO Driver v2: Intel(R) Serial IO GPIO Driver v2" "(Verified) " "c:\windows\system32\drivers\ialpss2i_gpio2_glk.sys" "5/16/2018 1:46 AM" "0/73" + "iaLPSS2i_I2C" "Intel(R) Serial IO I2C Driver v2: Intel(R) Serial IO I2C Driver v2" "(Verified) " "c:\windows\system32\drivers\ialpss2i_i2c.sys" "4/19/2018 3:52 AM" "0/73" + "iaLPSS2i_I2C_BXT_P" "Intel(R) Serial IO I2C Driver v2: Intel(R) Serial IO I2C Driver v2" "(Verified) " "c:\windows\system32\drivers\ialpss2i_i2c_bxt_p.sys" "4/17/2018 5:24 AM" "0/72" + "iaLPSS2i_I2C_CNL" "Intel(R) Serial IO I2C Driver v2: Intel(R) Serial IO I2C Driver v2" "(Verified) " "c:\windows\system32\drivers\ialpss2i_i2c_cnl.sys" "7/15/2019 1:12 AM" "0/73" + "iaLPSS2i_I2C_GLK" "Intel(R) Serial IO I2C Driver v2: Intel(R) Serial IO I2C Driver v2" "(Verified) " "c:\windows\system32\drivers\ialpss2i_i2c_glk.sys" "5/16/2018 1:46 AM" "0/73" + "iaLPSSi_GPIO" "Intel(R) Serial IO GPIO Controller Driver: Intel(R) Serial IO GPIO Controller Driver" "(Verified) Intel Corporation - Client Components Group" "c:\windows\system32\drivers\ialpssi_gpio.sys" "2/2/2015 5:00 AM" "0/73" + "iaLPSSi_I2C" "Intel(R) Serial IO I2C Controller Driver: Intel(R) Serial IO I2C Controller Driver" "(Verified) " "c:\windows\system32\drivers\ialpssi_i2c.sys" "2/24/2015 11:52 AM" "0/73" + "ibtusb" "Intel(R) Wireless Bluetooth(R): Intel(R) Wireless Bluetooth(R) Filter Driver" "(Verified) Intel Corporation" "c:\windows\system32\driverstore\filerepository\ibtusb.inf_amd64_964b4156029b0d54\ibtusb.sys" "2/24/2022 3:38 AM" "0/73" + "IndirectKmd" "Indirect Displays Kernel-Mode Driver: Kernel mode driver that implements the Indirect Displays framework." "(Verified) " "c:\windows\system32\drivers\indirectkmd.sys" "12/1/1947 8:15 AM" "0/73" + "IntcAzAudAddService" "Service for Realtek HD Audio (WDM): Realtek(r) High Definition Audio Function Driver" "(Verified) Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys" "3/15/2022 6:16 AM" "0/73" + "intelpmax" "Intel(R) Dynamic Device Peak Power Manager Driver: Intel Power Limit Driver" "(Verified) " "c:\windows\system32\drivers\intelpmax.sys" "10/13/1954 7:54 PM" "0/73" + "IpFilterDriver" "IP Traffic Filter Driver: IP Traffic Filter Driver" "(Verified) " "c:\windows\system32\drivers\ipfltdrv.sys" "9/3/1962 2:06 PM" "0/73" + "IPNAT" "IP Network Address Translator: IP Network Address Translator" "(Verified) " "c:\windows\system32\drivers\ipnat.sys" "10/11/1940 9:12 AM" "0/73" + "kbdhid" "Keyboard HID Driver: HID Keyboard Filter Driver" "(Verified) " "c:\windows\system32\drivers\kbdhid.sys" "7/14/1952 4:09 AM" "0/73" + "ksthunk" "Kernel Streaming Thunks: Kernel Streaming WOW Thunk Service" "(Verified) " "c:\windows\system32\drivers\ksthunk.sys" "4/25/1991 10:23 AM" "0/73" + "libusb0" "libusb-win32 - Kernel Driver 07/13/2017 1.0.0.0: LibUSB-Win32 - Kernel Driver" "(Verified) Akeo Consulting" "c:\windows\system32\drivers\libusb0.sys" "10/2/2010 12:08 PM" "0/73" + "lltdio" "Link-Layer Topology Discovery Mapper I/O Driver: Link-Layer Topology Discovery Mapper I/O Driver" "(Verified) " "c:\windows\system32\drivers\lltdio.sys" "1/22/1947 1:26 PM" "0/73" + "luafv" "UAC File Virtualization: Virtualizes file write failures to per-user locations." "(Verified) " "c:\windows\system32\drivers\luafv.sys" "8/13/1905 6:45 PM" "0/73" + "MbbCx" "MBB Network Adapter Class Extension: Windows Mobile Broadband Class Extension" "(Verified) " "c:\windows\system32\drivers\mbbcx.sys" "10/16/1989 5:10 AM" "0/73" + "Microsoft_Bluetooth_AvrcpTransport" "Microsoft Bluetooth Avrcp Transport Driver: Microsoft Bluetooth Avrcp Transport Driver" "(Verified) " "c:\windows\system32\drivers\microsoft.bluetooth.avrcptransport.sys" "9/30/2013 12:23 PM" "0/73" + "MMCSS" "Multimedia Class Scheduler: Enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications. If this service is stopped, individual tasks resort to their default priority." "(Verified) " "c:\windows\system32\drivers\mmcss.sys" "10/4/1973 8:32 AM" "0/73" + "Modem" "Modem: Modem Device Driver" "(Verified) " "c:\windows\system32\drivers\modem.sys" "2/24/1962 8:05 PM" "0/70" + "monitor" "Microsoft Monitor Class Function Driver Service: Monitor Driver" "(Verified) " "c:\windows\system32\drivers\monitor.sys" "11/25/2014 9:21 PM" "0/73" + "mouhid" "Mouse HID Driver: HID Mouse Filter Driver" "(Verified) " "c:\windows\system32\drivers\mouhid.sys" "8/27/1955 5:11 AM" "0/73" + "mpsdrv" "Windows Defender Firewall Authorization Driver: Windows Defender Firewall Authorization Driver is a kernel mode driver that provides deep inspection services on inbound and outbound network traffic." "(Verified) " "c:\windows\system32\drivers\mpsdrv.sys" "11/3/1977 10:07 AM" "0/73" + "MRxDAV" "WebDav Client Redirector Driver: Network Redirector that provides WebDAV file access for the WebClient service" "(Verified) " "c:\windows\system32\drivers\mrxdav.sys" "12/2/1944 6:56 PM" "0/73" + "MsBridge" "Microsoft MAC Bridge: Microsoft MAC Bridge" "(Verified) " "c:\windows\system32\drivers\bridge.sys" "3/2/2001 10:46 AM" "0/73" + "mshidkmdf" "Pass-through HID to KMDF Filter Driver: Device Filter to provide pass-through interface between HIDCLASS and KMDF" "(Verified) " "c:\windows\system32\drivers\mshidkmdf.sys" "7/22/1948 2:16 PM" "0/73" + "mshidumdf" "Pass-through HID to UMDF Driver: Device Driver to provide pass-through interface between HIDCLASS and UMDF" "(Verified) " "c:\windows\system32\drivers\mshidumdf.sys" "3/5/2032 10:58 AM" "0/73" + "MSKSSRV" "Microsoft Streaming Service Proxy: MS KS Server" "(Verified) " "c:\windows\system32\drivers\mskssrv.sys" "9/12/1973 10:08 AM" "0/73" + "MsLldp" "Microsoft Link-Layer Discovery Protocol: Microsoft Link-Layer Discovery Protocol Driver" "(Verified) " "c:\windows\system32\drivers\mslldp.sys" "8/7/2030 11:50 PM" "0/73" + "MSPCLOCK" "Microsoft Streaming Clock Proxy: MS Proxy Clock" "(Verified) " "c:\windows\system32\drivers\mspclock.sys" "7/1/1990 11:47 AM" "0/73" + "MSPQM" "Microsoft Streaming Quality Manager Proxy: MS Proxy Quality Manager" "(Verified) " "c:\windows\system32\drivers\mspqm.sys" "12/19/1934 12:12 AM" "0/73" + "MSTEE" "Microsoft Streaming Tee/Sink-to-Sink Converter: WDM Tee/Communication Transform Filter " "(Verified) " "c:\windows\system32\drivers\mstee.sys" "8/10/1947 4:46 AM" "0/73" + "MTConfig" "Microsoft Input Configuration Driver: Microsoft Multi-Touch HID Driver" "(Verified) " "c:\windows\system32\drivers\mtconfig.sys" "11/28/1945 12:35 AM" "0/73" + "NativeWifiP" "NativeWiFi Filter: NativeWiFi Miniport Driver" "(Verified) " "c:\windows\system32\drivers\nwifi.sys" "9/5/1909 9:53 AM" "0/72" + "NdisCap" "Microsoft NDIS Capture: Microsoft NDIS Capture" "(Verified) " "c:\windows\system32\drivers\ndiscap.sys" "5/11/1951 10:39 AM" "0/73" + "NdisImPlatform" "Microsoft Network Adapter Multiplexor Protocol: Microsoft Network Adapter Multiplexor Protocol" "(Verified) " "c:\windows\system32\drivers\ndisimplatform.sys" "7/19/1986 10:53 AM" "0/73" + "NdisTapi" "Remote Access NDIS TAPI Driver: Remote Access NDIS TAPI Driver" "(Verified) " "c:\windows\system32\drivers\ndistapi.sys" "1/21/1954 6:29 AM" "0/73" + "Ndisuio" "NDIS Usermode I/O Protocol: NDIS User mode I/O driver" "(Verified) " "c:\windows\system32\drivers\ndisuio.sys" "11/13/2007 4:59 AM" "0/73" + "NdisVirtualBus" "Microsoft Virtual Network Adapter Enumerator: Microsoft Virtual Network Adapter Enumerator" "(Verified) " "c:\windows\system32\drivers\ndisvirtualbus.sys" "1/18/1923 4:01 AM" "0/73" + "NdisWan" "Remote Access NDIS WAN Driver: Remote Access NDIS WAN Driver" "(Verified) " "c:\windows\system32\drivers\ndiswan.sys" "11/28/2005 9:30 AM" "0/73" + "ndiswanlegacy" "Remote Access LEGACY NDIS WAN Driver: Remote Access LEGACY NDIS WAN Driver" "(Verified) " "c:\windows\system32\drivers\ndiswan.sys" "11/28/2005 9:30 AM" "0/73" + "ndproxy" "NDIS Proxy Driver: NDIS Proxy Driver" "(Verified) " "c:\windows\system32\drivers\ndproxy.sys" "10/17/2033 1:22 AM" "0/73" + "Ndu" "Windows Network Data Usage Monitoring Driver: This service provides network data usage monitoring functionality" "(Verified) " "c:\windows\system32\drivers\ndu.sys" "3/23/1925 6:01 AM" "0/73" + "NetAdapterCx" "Network Adapter Wdf Class Extension Library: Network Adapter Class Extension for WDF" "(Verified) " "c:\windows\system32\drivers\netadaptercx.sys" "12/8/1970 1:30 AM" "0/73" + "NetBT" "NetBT: This service implements NetBios over TCP/IP." "(Verified) " "c:\windows\system32\drivers\netbt.sys" "2/11/2007 4:05 PM" "0/73" + "Netwtw10" "___ Intel(R) Wireless Adapter Driver for Windows 10 - 64 Bit: R Intel Wireless WiFi Link Driver" "(Verified) Intel Corporation" "c:\windows\system32\drivers\netwtw10.sys" "4/18/2022 2:55 AM" "0/73" + "npsvctrig" "Named pipe service trigger provider: Named pipe service triggers" "(Verified) " "c:\windows\system32\drivers\npsvctrig.sys" "1/5/2025 10:41 PM" "0/73" + "nsiproxy" "NSI Proxy Service Driver: NSI Proxy Service" "(Verified) " "c:\windows\system32\drivers\nsiproxy.sys" "2/26/1965 6:42 AM" "0/73" + "Null" "Null: NULL Driver" "(Verified) " "c:\windows\system32\drivers\null.sys" "1/22/1971 11:20 PM" "0/73" + "NVHDA" "Service for NVIDIA High Definition Audio Driver: NVIDIA HDMI Audio Driver" "(Verified) Nvidia Corporation" "c:\windows\system32\drivers\nvhda64v.sys" "1/3/2022 6:46 AM" "0/73" + "nvlddmkm" "nvlddmkm: NVIDIA Windows Kernel Mode Driver, Version 512.59 " "(Verified) Nvidia Corporation" "c:\windows\system32\driverstore\filerepository\nvmdsig.inf_amd64_f4da10aa56f52761\nvlddmkm.sys" "4/20/2022 5:28 PM" "0/73" + "Parport" "Parallel port driver: Parallel Port Driver" "(Verified) " "c:\windows\system32\drivers\parport.sys" "11/21/1942 6:23 AM" "0/73" + "PEAUTH" "PEAUTH: Protected Environment Authentication and Authorization Export Driver" "(Verified) " "c:\windows\system32\drivers\peauth.sys" "3/12/1961 6:53 PM" "0/73" + "PNPMEM" "Microsoft Memory Module Driver: Plug and Play Memory Driver" "(Verified) " "c:\windows\system32\drivers\pnpmem.sys" "7/13/1932 1:03 PM" "0/73" + "portcfg" "portcfg: Port Device Class Configuration Filter Driver" "(Verified) " "c:\windows\system32\drivers\portcfg.sys" "6/16/1961 11:33 AM" "0/73" + "PptpMiniport" "WAN Miniport (PPTP): WAN Miniport (PPTP)" "(Verified) " "c:\windows\system32\drivers\raspptp.sys" "4/27/1918 7:30 PM" "0/73" + "QWAVEdrv" "QWAVE driver: Quality Windows Audio/Video Experience component driver" "(Verified) " "c:\windows\system32\drivers\qwavedrv.sys" "5/22/1958 9:51 PM" "0/73" + "RasAcd" "Remote Access Auto Connection Driver: Remote Access Auto Connection Driver" "(Verified) " "c:\windows\system32\drivers\rasacd.sys" "12/30/1970 4:52 PM" "0/73" + "RasAgileVpn" "WAN Miniport (IKEv2): WAN Miniport (IKEv2)" "(Verified) " "c:\windows\system32\drivers\agilevpn.sys" "4/1/2024 4:10 PM" "0/73" + "Rasl2tp" "WAN Miniport (L2TP): WAN Miniport (L2TP)" "(Verified) " "c:\windows\system32\drivers\rasl2tp.sys" "12/28/1978 10:01 PM" "0/73" + "RasPppoe" "Remote Access PPPOE Driver: Remote Access PPPOE Driver" "(Verified) " "c:\windows\system32\drivers\raspppoe.sys" "4/29/1988 10:29 PM" "0/73" + "RasSstp" "WAN Miniport (SSTP): WAN Miniport (SSTP)" "(Verified) " "c:\windows\system32\drivers\rassstp.sys" "2/2/2002 1:39 AM" "0/73" + "rdpbus" "Remote Desktop Device Redirector Bus Driver: Microsoft RDP Bus Device driver" "(Verified) " "c:\windows\system32\drivers\rdpbus.sys" "7/17/1904 4:51 AM" "0/73" + "RDPDR" "Remote Desktop Device Redirector Driver: Remote Desktop Device Redirector Driver" "(Verified) " "c:\windows\system32\drivers\rdpdr.sys" "9/9/1996 6:04 AM" "0/73" + "RFCOMM" "Bluetooth Device (RFCOMM Protocol TDI): Bluetooth Device (RFCOMM Protocol TDI)" "(Verified) " "c:\windows\system32\drivers\rfcomm.sys" "4/17/1963 9:23 AM" "0/73" + "rhproxy" "Resource Hub proxy driver: ResourceHub Proxy Driver" "(Verified) " "c:\windows\system32\drivers\rhproxy.sys" "2/27/2037 1:19 PM" "0/73" + "rspndr" "Link-Layer Topology Discovery Responder: Link-Layer Topology Discovery Responder" "(Verified) " "c:\windows\system32\drivers\rspndr.sys" "1/15/1918 12:01 PM" "0/73" + "RTCore64" "RTCore64: " "(Verified) MICRO-STAR INTERNATIONAL CO., LTD." "c:\program files (x86)\msi afterburner\rtcore64.sys" "6/18/2020 7:55 AM" "0/73" + "rzendpt" "rzendpt: Razer RzEndPt" "(Verified) Razer USA Ltd." "c:\windows\system32\drivers\rzendpt.sys" "3/6/2017 2:41 AM" "0/76" + "rzudd" "Razer Mouse Driver: Razer Rzudd Engine" "(Verified) Razer USA Ltd." "c:\windows\system32\drivers\rzudd.sys" "3/6/2017 2:42 AM" "0/76" + "scfilter" "Smart card PnP Class Filter Driver: Smart card reader filter driver enabling smart card PnP." "(Verified) " "c:\windows\system32\drivers\scfilter.sys" "4/16/1965 7:20 AM" "0/73" + "Serenum" "Serenum Filter Driver: Serial Port Enumerator" "(Verified) " "c:\windows\system32\drivers\serenum.sys" "9/2/1921 6:00 AM" "0/73" + "Serial" "Serial port driver: Serial Device Driver" "(Verified) " "c:\windows\system32\drivers\serial.sys" "4/19/2017 6:23 AM" "0/73" + "sermouse" "Serial Mouse Driver: Serial Mouse Filter Driver" "(Verified) " "c:\windows\system32\drivers\sermouse.sys" "12/5/1953 9:32 PM" "0/73" + "sfloppy" "High-Capacity Floppy Disk Drive: SCSI Floppy Driver" "(Verified) " "c:\windows\system32\drivers\sfloppy.sys" "1/17/1964 10:39 PM" "0/73" + "smbdirect" "smbdirect: SMB Network Direct Driver" "(Verified) " "c:\windows\system32\drivers\smbdirect.sys" "10/7/1973 5:39 AM" "0/74" + "spaceparser" "Space Parser: Provides parsing for spaces devices." "(Verified) " "c:\windows\system32\drivers\spaceparser.sys" "2/12/1963 9:04 AM" "0/73" + "srv2" "Server SMB 2.xxx Driver: Enables connectivity from Windows Vista and later clients" "(Verified) " "c:\windows\system32\drivers\srv2.sys" "5/30/2034 9:10 AM" "0/73" + "srvnet" "srvnet: Server Network driver" "(Verified) " "c:\windows\system32\drivers\srvnet.sys" "3/5/1993 2:11 AM" "0/73" + "Synth3dVsc" "Synth3dVsc: Microsoft RemoteFX Synth3D Video VSC" "(Verified) " "c:\windows\system32\drivers\synth3dvsc.sys" "12/23/1947 5:55 PM" "0/73" + "tcpipreg" "TCP/IP Registry Compatibility: Provides compatibility for legacy applications which interact with TCP/IP through the registry. If this service is stopped, certain applications may have impaired functionality." "(Verified) " "c:\windows\system32\drivers\tcpipreg.sys" "5/12/1973 12:43 AM" "0/73" + "TsUsbFlt" "Remote Desktop USB Hub Class Filter Driver: Remote Desktop USB Hub Class Filter Driver" "(Verified) " "c:\windows\system32\drivers\tsusbflt.sys" "9/10/1968 6:51 PM" "0/73" + "TsUsbGD" "Remote Desktop Generic USB Device: Remote Desktop Generic USB Driver" "(Verified) " "c:\windows\system32\drivers\tsusbgd.sys" "9/19/1993 1:39 PM" "0/73" + "tsusbhub" "Remote Desktop USB Hub: Remote Desktop USB Hub" "(Verified) " "c:\windows\system32\drivers\tsusbhub.sys" "11/14/1973 1:02 AM" "0/73" + "tunnel" "Microsoft Tunnel Miniport Adapter Driver: Microsoft Tunnel Interface Driver" "(Verified) " "c:\windows\system32\drivers\tunnel.sys" "9/22/2018 9:54 AM" "0/73" + "UcmCx0101" "USB Connector Manager KMDF Class Extension: USB Connector Manager KMDF Class Extension" "(Verified) " "c:\windows\system32\drivers\ucmcx.sys" "8/27/1949 3:29 PM" "0/73" + "UcmTcpciCx0101" "UCM-TCPCI KMDF Class Extension: UCM-TCPCI KMDF Class Extension" "(Verified) " "c:\windows\system32\drivers\ucmtcpcicx.sys" "3/6/1941 5:38 AM" "0/73" + "UcmUcsiAcpiClient" "UCM-UCSI ACPI Client: UCM-UCSI ACPI Client Driver" "(Verified) " "c:\windows\system32\drivers\ucmucsiacpiclient.sys" "2/17/1936 8:29 AM" "0/73" + "UcmUcsiCx0101" "UCM-UCSI KMDF Class Extension: UCM-UCSI KMDF Class Extension" "(Verified) " "c:\windows\system32\drivers\ucmucsicx.sys" "6/23/2023 10:31 PM" "0/73" + "UdeCx" "USB Device Emulation Support Library: "udecx.DRIVER"" "(Verified) " "c:\windows\system32\drivers\udecx.sys" "4/29/1959 3:38 PM" "0/73" + "umbus" "UMBus Enumerator Driver: User-Mode Bus Enumerator" "(Verified) " "c:\windows\system32\driverstore\filerepository\umbus.inf_amd64_b78a9c5b6fd62c27\umbus.sys" "1/31/1957 5:46 AM" "0/73" + "UmPass" "Microsoft UMPass Driver: Generic pass-through driver" "(Verified) " "c:\windows\system32\drivers\umpass.sys" "10/28/1954 9:57 AM" "0/73" + "usbaudio" "USB Audio Driver (WDM): USB Audio Class Driver" "(Verified) " "c:\windows\system32\drivers\usbaudio.sys" "12/4/2028 12:40 PM" "0/73" + "usbaudio2" "USB Audio 2.0 Service: Microsoft USB Audio Class 2.0 Driver" "(Verified) " "c:\windows\system32\drivers\usbaudio2.sys" "3/5/1974 2:46 PM" "0/73" + "usbcir" "eHome Infrared Receiver (USBCIR): USB Consumer IR Driver for eHome" "(Verified) " "c:\windows\system32\drivers\usbcir.sys" "4/18/2031 8:50 AM" "0/70" + "usbohci" "Microsoft USB Open Host Controller Miniport Driver: OHCI USB Miniport Driver" "(Verified) " "c:\windows\system32\drivers\usbohci.sys" "6/3/1946 6:38 PM" "0/73" + "usbprint" "Microsoft USB PRINTER Class: USB Printer driver" "(Verified) " "c:\windows\system32\drivers\usbprint.sys" "5/4/2029 10:25 PM" "0/73" + "usbscan" "USB Scanner Driver: USB Scanner Driver" "(Verified) " "c:\windows\system32\drivers\usbscan.sys" "5/30/1974 8:09 AM" "0/73" + "usbser" "Microsoft USB Serial Driver: USB Serial Driver" "(Verified) " "c:\windows\system32\drivers\usbser.sys" "5/30/2000 4:08 PM" "0/73" + "usbuhci" "Microsoft USB Universal Host Controller Miniport Driver: UHCI USB Miniport Driver" "(Verified) " "c:\windows\system32\drivers\usbuhci.sys" "6/30/1985 3:32 PM" "0/73" + "vhf" "Virtual HID Framework (VHF) Driver: Kernel mode driver that implements the Virtual HID Framework (VHF)" "(Verified) " "c:\windows\system32\drivers\vhf.sys" "9/18/1920 8:47 PM" "0/73" + "VirtualRender" "VirtualRender: Microsoft Virtual Render Driver" "(Verified) " "c:\windows\system32\driverstore\filerepository\vrd.inf_amd64_81fbd405ff2470fc\vrd.sys" "3/9/1951 12:14 PM" "0/73" + "vwifibus" "Virtual Wireless Bus Driver: Implements bus functionality for Virtual Wireless" "(Verified) " "c:\windows\system32\drivers\vwifibus.sys" "10/11/1907 12:03 AM" "0/73" + "vwififlt" "Virtual WiFi Filter Driver: Virtual WiFi Filter Driver" "(Verified) " "c:\windows\system32\drivers\vwififlt.sys" "9/30/1971 10:21 AM" "0/73" + "vwifimp" "Virtual WiFi Miniport Service: Virtual WiFi Miniport Driver" "(Verified) " "c:\windows\system32\drivers\vwifimp.sys" "7/16/1932 4:43 PM" "0/73" + "WacomPen" "Wacom Serial Pen HID Driver: Wacom Serial Pen Tablet HID Driver" "(Verified) " "c:\windows\system32\drivers\wacompen.sys" "1/15/2013 6:44 PM" "0/73" + "wanarp" "Remote Access IP ARP Driver: Remote Access IP ARP Driver" "(Verified) " "c:\windows\system32\drivers\wanarp.sys" "7/1/1992 5:10 AM" "0/73" + "wanarpv6" "Remote Access IPv6 ARP Driver: Remote Access IPv6 ARP Driver" "(Verified) " "c:\windows\system32\drivers\wanarp.sys" "7/1/1992 5:10 AM" "0/73" + "wcnfs" "Windows Container Name Virtualization: Virtualizes file system names for processes running within Windows Containers" "(Verified) " "c:\windows\system32\drivers\wcnfs.sys" "7/3/2022 8:20 PM" "0/70" + "wdiwifi" "WDI Driver Framework: WDI Driver Framework Driver" "(Verified) " "c:\windows\system32\drivers\wdiwifi.sys" "3/16/1908 12:41 PM" "0/73" + "WinNat" "Windows NAT Driver: This service provides network address translation functionality" "(Verified) " "c:\windows\system32\drivers\winnat.sys" "9/7/1949 7:07 PM" "0/73" + "WinRing0_1_2_0" "WinRing0_1_2_0: WinRing0" "(Verified) Noriyuki MIYAZAKI" "c:\program files (x86)\goverlay\librehardwaremonitorlib.sys" "7/26/2008 9:29 AM" "1/72" + "WINUSB" "Razer WinUSB: Generic driver for USB devices" "(Verified) " "c:\windows\system32\drivers\winusb.sys" "10/18/1906 6:00 PM" "0/73" + "WmiAcpi" "Microsoft Windows Management Interface for ACPI: Windows Management Interface for ACPI" "(Verified) " "c:\windows\system32\drivers\wmiacpi.sys" "8/19/2009 9:20 AM" "0/73" + "WudfPf" "User Mode Driver Frameworks Platform Driver: A kernel mode driver that uses message-based interprocess communication mechanism to communicate with the driver manager and secure host process to facilitate secure companions" "(Verified) " "c:\windows\system32\drivers\wudfpf.sys" "1/17/2001 8:41 AM" "0/73" + "WUDFRd" "Windows Driver Foundation - User-mode Driver Framework Reflector: A kernel mode driver that uses message-based interprocess communication mechanism to communicate with the driver manager and host process to facilitate UMDF drivers" "(Verified) " "c:\windows\system32\drivers\wudfrd.sys" "4/10/2022 10:08 AM" "0/73" + "WUDFWpdFs" "WPD File System driver: User mode driver that enables communication with removable storage devices via the WPD interface" "(Verified) " "c:\windows\system32\drivers\wudfrd.sys" "4/10/2022 10:08 AM" "0/73" + "xboxgip" "Xbox Game Input Protocol Driver: Xbox Game Input Protocol Driver" "(Verified) " "c:\windows\system32\drivers\xboxgip.sys" "9/5/1977 2:28 AM" "0/72" + "xinputhid" "XINPUT HID Filter Driver: XINPUT filter driver for HID" "(Verified) " "c:\windows\system32\drivers\xinputhid.sys" "10/3/1971 1:11 AM" "0/73" "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers" "" "" "" "12/7/2019 5:17 AM" "" + "Adobe Type Manager" "" "(Verified) " "File not found: atmfd.dll" "" "" "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "4/30/2022 1:41 AM" "" + "aux" "Winmm audio system driver" "(Verified) " "c:\windows\system32\wdmaud.drv" "9/18/1976 4:49 AM" "0/73" + "aux1" "Winmm audio system driver" "(Verified) " "c:\windows\system32\wdmaud.drv" "9/18/1976 4:49 AM" "0/73" + "aux3" "Winmm audio system driver" "(Verified) " "c:\windows\system32\wdmaud.drv" "9/18/1976 4:49 AM" "0/73" + "midi" "Winmm audio system driver" "(Verified) " "c:\windows\system32\wdmaud.drv" "9/18/1976 4:49 AM" "0/73" + "midi1" "Winmm audio system driver" "(Verified) " "c:\windows\system32\wdmaud.drv" "9/18/1976 4:49 AM" "0/73" + "midi2" "Winmm audio system driver" "(Verified) " "c:\windows\system32\wdmaud.drv" "9/18/1976 4:49 AM" "0/73" + "midi4" "Winmm audio system driver" "(Verified) " "c:\windows\system32\wdmaud.drv" "9/18/1976 4:49 AM" "0/73" + "midimapper" "Microsoft MIDI Mapper" "(Verified) " "c:\windows\system32\midimap.dll" "1/13/1948 1:03 AM" "0/73" + "mixer" "Winmm audio system driver" "(Verified) " "c:\windows\system32\wdmaud.drv" "9/18/1976 4:49 AM" "0/73" + "mixer1" "Winmm audio system driver" "(Verified) " "c:\windows\system32\wdmaud.drv" "9/18/1976 4:49 AM" "0/73" + "mixer2" "Winmm audio system driver" "(Verified) " "c:\windows\system32\wdmaud.drv" "9/18/1976 4:49 AM" "0/73" + "mixer4" "Winmm audio system driver" "(Verified) " "c:\windows\system32\wdmaud.drv" "9/18/1976 4:49 AM" "0/73" + "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "(Verified) " "c:\windows\system32\l3codeca.acm" "4/20/1905 6:24 AM" "0/73" + "vidc.i420" "Intel Indeo(R) Video YUV Codec" "(Verified) " "c:\windows\system32\iyuv_32.dll" "11/15/2027 2:26 PM" "0/73" + "vidc.iyuv" "Intel Indeo(R) Video YUV Codec" "(Verified) " "c:\windows\system32\iyuv_32.dll" "11/15/2027 2:26 PM" "0/73" + "vidc.mrle" "Microsoft RLE Compressor" "(Verified) " "c:\windows\system32\msrle32.dll" "11/17/1983 11:14 PM" "0/73" + "vidc.msvc" "Microsoft Video 1 Compressor" "(Verified) " "c:\windows\system32\msvidc32.dll" "7/22/1933 8:33 PM" "0/73" + "vidc.uyvy" "Microsoft UYVY Video Decompressor" "(Verified) " "c:\windows\system32\msyuv.dll" "12/18/1920 5:22 AM" "0/73" + "vidc.yuy2" "Microsoft UYVY Video Decompressor" "(Verified) " "c:\windows\system32\msyuv.dll" "12/18/1920 5:22 AM" "0/73" + "vidc.yvu9" "Toshiba Video Codec" "(Verified) " "c:\windows\system32\tsbyuv.dll" "11/30/1972 10:18 AM" "0/73" + "vidc.yvyu" "Microsoft UYVY Video Decompressor" "(Verified) " "c:\windows\system32\msyuv.dll" "12/18/1920 5:22 AM" "0/73" + "wave" "Winmm audio system driver" "(Verified) " "c:\windows\system32\wdmaud.drv" "9/18/1976 4:49 AM" "0/73" + "wave1" "Winmm audio system driver" "(Verified) " "c:\windows\system32\wdmaud.drv" "9/18/1976 4:49 AM" "0/73" + "wave2" "Winmm audio system driver" "(Verified) " "c:\windows\system32\wdmaud.drv" "9/18/1976 4:49 AM" "0/73" + "wave4" "Winmm audio system driver" "(Verified) " "c:\windows\system32\wdmaud.drv" "9/18/1976 4:49 AM" "0/73" + "wavemapper" "Microsoft Sound Mapper" "(Verified) " "c:\windows\system32\msacm32.drv" "3/14/1925 9:56 AM" "0/73" "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "4/30/2022 1:41 AM" "" + "aux" "Winmm audio system driver" "(Verified) " "c:\windows\syswow64\wdmaud.drv" "8/6/2033 8:06 AM" "0/73" + "aux1" "Winmm audio system driver" "(Verified) " "c:\windows\syswow64\wdmaud.drv" "8/6/2033 8:06 AM" "0/73" + "aux3" "Winmm audio system driver" "(Verified) " "c:\windows\syswow64\wdmaud.drv" "8/6/2033 8:06 AM" "0/73" + "midi" "Winmm audio system driver" "(Verified) " "c:\windows\syswow64\wdmaud.drv" "8/6/2033 8:06 AM" "0/73" + "midi1" "Winmm audio system driver" "(Verified) " "c:\windows\syswow64\wdmaud.drv" "8/6/2033 8:06 AM" "0/73" + "midi2" "Winmm audio system driver" "(Verified) " "c:\windows\syswow64\wdmaud.drv" "8/6/2033 8:06 AM" "0/73" + "midi4" "Winmm audio system driver" "(Verified) " "c:\windows\syswow64\wdmaud.drv" "8/6/2033 8:06 AM" "0/73" + "midimapper" "Microsoft MIDI Mapper" "(Verified) " "c:\windows\syswow64\midimap.dll" "4/19/2037 6:29 AM" "0/73" + "mixer" "Winmm audio system driver" "(Verified) " "c:\windows\syswow64\wdmaud.drv" "8/6/2033 8:06 AM" "0/73" + "mixer1" "Winmm audio system driver" "(Verified) " "c:\windows\syswow64\wdmaud.drv" "8/6/2033 8:06 AM" "0/73" + "mixer2" "Winmm audio system driver" "(Verified) " "c:\windows\syswow64\wdmaud.drv" "8/6/2033 8:06 AM" "0/73" + "mixer4" "Winmm audio system driver" "(Verified) " "c:\windows\syswow64\wdmaud.drv" "8/6/2033 8:06 AM" "0/73" + "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "(Verified) " "c:\windows\syswow64\l3codeca.acm" "2/18/1991 8:00 AM" "0/73" + "vidc.cvid" "Cinepak® Codec" "(Verified) " "c:\windows\syswow64\iccvid.dll" "7/4/1972 3:53 AM" "0/74" + "vidc.i420" "Intel Indeo(R) Video YUV Codec" "(Verified) " "c:\windows\syswow64\iyuv_32.dll" "7/29/1984 2:11 PM" "0/73" + "vidc.iyuv" "Intel Indeo(R) Video YUV Codec" "(Verified) " "c:\windows\syswow64\iyuv_32.dll" "7/29/1984 2:11 PM" "0/73" + "vidc.mrle" "Microsoft RLE Compressor" "(Verified) " "c:\windows\syswow64\msrle32.dll" "4/7/1910 1:00 AM" "0/73" + "vidc.msvc" "Microsoft Video 1 Compressor" "(Verified) " "c:\windows\syswow64\msvidc32.dll" "9/30/1999 11:03 PM" "0/73" + "vidc.uyvy" "Microsoft UYVY Video Decompressor" "(Verified) " "c:\windows\syswow64\msyuv.dll" "5/1/1941 5:54 AM" "0/71" + "vidc.yuy2" "Microsoft UYVY Video Decompressor" "(Verified) " "c:\windows\syswow64\msyuv.dll" "5/1/1941 5:54 AM" "0/71" + "vidc.yvu9" "Toshiba Video Codec" "(Verified) " "c:\windows\syswow64\tsbyuv.dll" "4/22/2005 11:20 AM" "0/73" + "vidc.yvyu" "Microsoft UYVY Video Decompressor" "(Verified) " "c:\windows\syswow64\msyuv.dll" "5/1/1941 5:54 AM" "0/71" + "wave" "Winmm audio system driver" "(Verified) " "c:\windows\syswow64\wdmaud.drv" "8/6/2033 8:06 AM" "0/73" + "wave1" "Winmm audio system driver" "(Verified) " "c:\windows\syswow64\wdmaud.drv" "8/6/2033 8:06 AM" "0/73" + "wave2" "Winmm audio system driver" "(Verified) " "c:\windows\syswow64\wdmaud.drv" "8/6/2033 8:06 AM" "0/73" + "wave4" "Winmm audio system driver" "(Verified) " "c:\windows\syswow64\wdmaud.drv" "8/6/2033 8:06 AM" "0/73" + "wavemapper" "Microsoft Sound Mapper" "(Verified) " "c:\windows\syswow64\msacm32.drv" "5/13/1932 5:11 PM" "0/73" "HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "4/30/2022 5:39 PM" "" + "AC3 Parser Filter" "DirectShow MPEG-2 Splitter." "(Verified) " "c:\windows\system32\mpg2splt.ax" "3/23/1956 8:07 AM" "0/73" + "ACM Wrapper" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "Adobe PSI Parser" "Adobe DVA 2022" "(Verified) Adobe Inc." "c:\program files\adobe\adobe premiere pro 2022\plug-ins\common\psiparser.dll" "4/1/2022 3:41 PM" "0/73" + "AVI Decompressor" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "AVI Draw Filter" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "AVI mux" "DirectShow Runtime." "(Verified) " "c:\windows\system32\qcap.dll" "12/17/2030 3:23 AM" "0/72" + "AVI Splitter" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "AVI/WAV File Source" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "BDA MPEG2 Transport Information Filter" "Microsoft Transport Information Filter for MPEG2 based networks." "(Verified) " "c:\windows\system32\psisrndr.ax" "2/20/1962 2:36 PM" "0/73" + "Closed Captions Analysis Filter" "CCA DirectShow Filter." "(Verified) " "c:\windows\system32\cca.dll" "6/26/2028 7:41 PM" "0/73" + "Color Space Converter" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "Default Video Renderer" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "Dump" "Adobe DVA 2022" "(Verified) Adobe Inc." "c:\program files\adobe\adobe premiere pro 2022\plug-ins\common\dvfilewriter.prm" "4/1/2022 4:00 PM" "0/73" + "DV Muxer" "DirectShow Runtime." "(Verified) " "c:\windows\system32\qdv.dll" "7/13/2026 6:30 PM" "0/73" + "DV Splitter" "DirectShow Runtime." "(Verified) " "c:\windows\system32\qdv.dll" "7/13/2026 6:30 PM" "0/73" + "DV Video Decoder" "DirectShow Runtime." "(Verified) " "c:\windows\system32\qdv.dll" "7/13/2026 6:30 PM" "0/73" + "DVD Navigator" "DirectShow DVD PlayBack Runtime." "(Verified) " "c:\windows\system32\qdvd.dll" "6/3/2005 9:35 AM" "0/73" + "DvPlayTee" "" "(Verified) Adobe Inc." "c:\program files\adobe\adobe premiere pro 2022\plug-ins\common\dxdvsupport.dll" "4/1/2022 3:41 PM" "0/73" + "File Source (Async.)" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "File Source (URL)" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "File stream renderer" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "File Writer" "DirectShow Runtime." "(Verified) " "c:\windows\system32\qcap.dll" "12/17/2030 3:23 AM" "0/72" + "Infinite Pin Tee Filter" "DirectShow Runtime." "(Verified) " "c:\windows\system32\qcap.dll" "12/17/2030 3:23 AM" "0/72" + "Internal Text Renderer" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "JRiver Time-Shifting Reader Filter" "Television Timeshifting Reader" "(Verified) " "c:\program files\j river\media center 29\tv\mjtsfilereader.ax" "4/28/2022 3:58 PM" "0/73" + "JRiver Time-Shifting Writer Filter" "Television Timeshifting Writer" "(Verified) " "c:\program files\j river\media center 29\tv\mjtsfilewriter.ax" "4/28/2022 3:58 PM" "0/73" + "Line 21 Decoder 2" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "Microsoft AC3 Encoder" "Microsoft AC-3 Encoder" "(Verified) " "c:\windows\system32\msac3enc.dll" "1/3/2008 6:00 AM" "0/73" + "Microsoft MPEG-2 Audio Encoder" "Microsoft MPEG-2 Encoder" "(Verified) " "c:\windows\system32\msmpeg2enc.dll" "4/15/1994 4:28 AM" "0/73" + "Microsoft MPEG-2 Encoder" "Microsoft MPEG-2 Encoder" "(Verified) " "c:\windows\system32\msmpeg2enc.dll" "4/15/1994 4:28 AM" "0/73" + "Microsoft MPEG-2 Video Encoder" "Microsoft MPEG-2 Encoder" "(Verified) " "c:\windows\system32\msmpeg2enc.dll" "4/15/1994 4:28 AM" "0/73" + "MIDI Parser" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "MJPEG Decompressor" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "MPEG Audio Codec" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "MPEG Video Codec" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "MPEG-2 Demultiplexer" "DirectShow MPEG-2 Splitter." "(Verified) " "c:\windows\system32\mpg2splt.ax" "3/23/1956 8:07 AM" "0/73" + "MPEG-2 Sections and Tables" "Microsoft MPEG-2 Section and Table Acquisition Module" "(Verified) " "c:\windows\system32\mpeg2data.ax" "9/11/1968 12:02 AM" "0/73" + "MPEG-2 Splitter" "DirectShow MPEG-2 Splitter." "(Verified) " "c:\windows\system32\mpg2splt.ax" "3/23/1956 8:07 AM" "0/73" + "Mpeg-2 Video Stream Analysis" "DirectShow Stream Buffer Filter." "(Verified) " "c:\windows\system32\sbe.dll" "9/23/1964 12:02 PM" "0/74" + "MPEG-I Stream Splitter" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "Multi-file Parser" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "Null Renderer" "DirectShow Editing." "(Verified) " "c:\windows\system32\qedit.dll" "2/16/1918 9:07 PM" "0/73" + "SAMI (CC) Reader" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "Sample Grabber" "DirectShow Editing." "(Verified) " "c:\windows\system32\qedit.dll" "2/16/1918 9:07 PM" "0/73" + "SBE2 Sink" "DirectShow Stream Buffer Filter." "(Verified) " "c:\windows\system32\sbe.dll" "9/23/1964 12:02 PM" "0/74" + "SBE2FileScan" "DirectShow Stream Buffer Filter." "(Verified) " "c:\windows\system32\sbe.dll" "9/23/1964 12:02 PM" "0/74" + "SBE2MediaTypeProfile" "DirectShow Stream Buffer Filter." "(Verified) " "c:\windows\system32\sbe.dll" "9/23/1964 12:02 PM" "0/74" + "Smart Tee Filter" "DirectShow Runtime." "(Verified) " "c:\windows\system32\qcap.dll" "12/17/2030 3:23 AM" "0/72" + "StreamBufferSink" "DirectShow Stream Buffer Filter." "(Verified) " "c:\windows\system32\sbe.dll" "9/23/1964 12:02 PM" "0/74" + "StreamBufferSource" "DirectShow Stream Buffer Filter." "(Verified) " "c:\windows\system32\sbe.dll" "9/23/1964 12:02 PM" "0/74" + "TSSourcePush" "Adobe DVA 2022" "(Verified) Adobe Inc." "c:\program files\adobe\adobe premiere pro 2022\plug-ins\common\tssourcepush.dll" "4/1/2022 3:41 PM" "0/73" + "VBI Codec" "Microsoft VBI Codec" "(Verified) " "c:\windows\system32\vbicodec.ax" "4/20/1998 1:46 AM" "0/73" + "VBI Surface Allocator" "VBI Surface Allocator Filter" "(Verified) " "c:\windows\system32\vbisurf.ax" "5/16/1939 1:27 PM" "0/73" + "VGA 16 color ditherer" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "Video Mixing Renderer 9" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "Video Port Manager" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "Video Renderer" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "VPS Decoder" "Microsoft Teletext Server" "(Verified) " "c:\windows\system32\wstpager.ax" "8/12/2025 7:35 AM" "0/73" + "Wave Parser" "DirectShow Runtime." "(Verified) " "c:\windows\system32\quartz.dll" "3/7/1990 7:45 AM" "0/73" + "WM ASF Reader" "DirectShow ASF Support" "(Verified) " "c:\windows\system32\qasf.dll" "3/29/2011 12:41 AM" "0/73" + "WM ASF Writer" "DirectShow ASF Support" "(Verified) " "c:\windows\system32\qasf.dll" "3/29/2011 12:41 AM" "0/73" + "WST Pager" "Microsoft Teletext Server" "(Verified) " "c:\windows\system32\wstpager.ax" "8/12/2025 7:35 AM" "0/73" "HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "12/7/2019 5:54 AM" "" + "AC3 Parser Filter" "DirectShow MPEG-2 Splitter." "(Verified) " "c:\windows\syswow64\mpg2splt.ax" "2/28/1967 4:38 AM" "0/73" + "ACM Wrapper" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "AVI Decompressor" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "AVI Draw Filter" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "AVI mux" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\qcap.dll" "4/25/1940 7:27 PM" "0/73" + "AVI Splitter" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "AVI/WAV File Source" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "BDA MPEG2 Transport Information Filter" "Microsoft Transport Information Filter for MPEG2 based networks." "(Verified) " "c:\windows\syswow64\psisrndr.ax" "2/1/1976 8:56 PM" "0/72" + "Closed Captions Analysis Filter" "CCA DirectShow Filter." "(Verified) " "c:\windows\syswow64\cca.dll" "7/18/1946 6:22 AM" "0/73" + "Color Space Converter" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "Default Video Renderer" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "DV Muxer" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\qdv.dll" "8/1/1969 6:10 AM" "0/73" + "DV Splitter" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\qdv.dll" "8/1/1969 6:10 AM" "0/73" + "DV Video Decoder" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\qdv.dll" "8/1/1969 6:10 AM" "0/73" + "DVD Navigator" "DirectShow DVD PlayBack Runtime." "(Verified) " "c:\windows\syswow64\qdvd.dll" "11/15/1945 9:06 AM" "0/73" + "File Source (Async.)" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "File Source (URL)" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "File stream renderer" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "File Writer" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\qcap.dll" "4/25/1940 7:27 PM" "0/73" + "Infinite Pin Tee Filter" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\qcap.dll" "4/25/1940 7:27 PM" "0/73" + "Internal Text Renderer" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "Line 21 Decoder 2" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "Microsoft AC3 Encoder" "Microsoft AC-3 Encoder" "(Verified) " "c:\windows\syswow64\msac3enc.dll" "7/21/1970 4:42 AM" "0/72" + "Microsoft MPEG-2 Audio Encoder" "Microsoft MPEG-2 Encoder" "(Verified) " "c:\windows\syswow64\msmpeg2enc.dll" "3/31/1958 4:07 AM" "0/73" + "Microsoft MPEG-2 Encoder" "Microsoft MPEG-2 Encoder" "(Verified) " "c:\windows\syswow64\msmpeg2enc.dll" "3/31/1958 4:07 AM" "0/73" + "Microsoft MPEG-2 Video Encoder" "Microsoft MPEG-2 Encoder" "(Verified) " "c:\windows\syswow64\msmpeg2enc.dll" "3/31/1958 4:07 AM" "0/73" + "MIDI Parser" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "MJPEG Decompressor" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "MPEG Audio Codec" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "MPEG Video Codec" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "MPEG-2 Demultiplexer" "DirectShow MPEG-2 Splitter." "(Verified) " "c:\windows\syswow64\mpg2splt.ax" "2/28/1967 4:38 AM" "0/73" + "MPEG-2 Sections and Tables" "Microsoft MPEG-2 Section and Table Acquisition Module" "(Verified) " "c:\windows\syswow64\mpeg2data.ax" "12/10/1904 12:11 AM" "0/73" + "MPEG-2 Splitter" "DirectShow MPEG-2 Splitter." "(Verified) " "c:\windows\syswow64\mpg2splt.ax" "2/28/1967 4:38 AM" "0/73" + "Mpeg-2 Video Stream Analysis" "DirectShow Stream Buffer Filter." "(Verified) " "c:\windows\syswow64\sbe.dll" "12/28/2035 7:44 PM" "0/73" + "MPEG-I Stream Splitter" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "Multi-file Parser" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "Null Renderer" "DirectShow Editing." "(Verified) " "c:\windows\syswow64\qedit.dll" "9/2/2003 1:57 AM" "0/73" + "SAMI (CC) Reader" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "Sample Grabber" "DirectShow Editing." "(Verified) " "c:\windows\syswow64\qedit.dll" "9/2/2003 1:57 AM" "0/73" + "SBE2 Sink" "DirectShow Stream Buffer Filter." "(Verified) " "c:\windows\syswow64\sbe.dll" "12/28/2035 7:44 PM" "0/73" + "SBE2FileScan" "DirectShow Stream Buffer Filter." "(Verified) " "c:\windows\syswow64\sbe.dll" "12/28/2035 7:44 PM" "0/73" + "SBE2MediaTypeProfile" "DirectShow Stream Buffer Filter." "(Verified) " "c:\windows\syswow64\sbe.dll" "12/28/2035 7:44 PM" "0/73" + "Smart Tee Filter" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\qcap.dll" "4/25/1940 7:27 PM" "0/73" + "StreamBufferSink" "DirectShow Stream Buffer Filter." "(Verified) " "c:\windows\syswow64\sbe.dll" "12/28/2035 7:44 PM" "0/73" + "StreamBufferSource" "DirectShow Stream Buffer Filter." "(Verified) " "c:\windows\syswow64\sbe.dll" "12/28/2035 7:44 PM" "0/73" + "VBI Codec" "Microsoft VBI Codec" "(Verified) " "c:\windows\syswow64\vbicodec.ax" "9/18/2008 3:08 AM" "0/73" + "VBI Surface Allocator" "VBI Surface Allocator Filter" "(Verified) " "c:\windows\syswow64\vbisurf.ax" "10/16/2032 1:56 PM" "0/73" + "VGA 16 color ditherer" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "Video Mixing Renderer 9" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "Video Port Manager" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "Video Renderer" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "VPS Decoder" "Microsoft Teletext Server" "(Verified) " "c:\windows\syswow64\wstpager.ax" "8/14/2020 3:55 PM" "0/73" + "Wave Parser" "DirectShow Runtime." "(Verified) " "c:\windows\syswow64\quartz.dll" "2/5/2027 7:54 AM" "0/73" + "WM ASF Reader" "DirectShow ASF Support" "(Verified) " "c:\windows\syswow64\qasf.dll" "12/6/1990 9:06 AM" "0/73" + "WM ASF Writer" "DirectShow ASF Support" "(Verified) " "c:\windows\syswow64\qasf.dll" "12/6/1990 9:06 AM" "0/73" + "WST Pager" "Microsoft Teletext Server" "(Verified) " "c:\windows\syswow64\wstpager.ax" "8/14/2020 3:55 PM" "0/73" + "{6E8D4A20-310C-11D0-B79A-00AA003767A7}" "DirectShow DVD PlayBack Runtime." "(Verified) " "c:\windows\syswow64\qdvd.dll" "11/15/1945 9:06 AM" "0/73" + "{A0025E90-E45B-11D1-ABE9-00A0C905F375}" "DirectShow DVD PlayBack Runtime." "(Verified) " "c:\windows\syswow64\qdvd.dll" "11/15/1945 9:06 AM" "0/73" + "{CD8743A1-3736-11D0-9E69-00C04FD7C15B}" "DirectShow DVD PlayBack Runtime." "(Verified) " "c:\windows\syswow64\qdvd.dll" "11/15/1945 9:06 AM" "0/73" "HKLM\Software\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" "" "12/7/2019 5:54 AM" "" + "{41945702-8302-44A6-9445-AC98E8AFA086}" "MS RAW Image Decoder DLL" "(Verified) " "c:\windows\system32\msrawimage.dll" "12/18/1990 5:59 AM" "0/73" "HKLM\Software\Wow6432Node\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" "" "12/7/2019 5:54 AM" "" + "{41945702-8302-44A6-9445-AC98E8AFA086}" "MS RAW Image Decoder DLL" "(Verified) " "c:\windows\syswow64\msrawimage.dll" "11/30/2008 9:07 PM" "0/73" "HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" "" "5/2/2022 6:04 PM" "" + "autocheck autochk *" "Auto Check Utility" "(Verified) " "c:\windows\system32\autochk.exe" "11/25/1989 10:07 AM" "0/73" "HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command\(Default)" "" "" "" "5/19/2021 5:04 PM" "" + "C:\Program Files\Internet Explorer\IEXPLORE.EXE" "Internet Explorer" "(Verified) Microsoft Corporation" "c:\program files\internet explorer\iexplore.exe" "6/30/1904 3:17 AM" "0/74" "HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls" "" "" "" "12/7/2019 5:15 AM" "" + "_wow64cpu" "" "(Verified) " "c:\windows\syswow64\wow64cpu.dll" "" "The system cannot find the file specified." + "_wowarmhw" "" "(Verified) " "c:\windows\system32\wowarmhw.dll" "" "The system cannot find the file specified." + "_wowarmhw" "" "(Verified) " "c:\windows\syswow64\wowarmhw.dll" "" "The system cannot find the file specified." + "_xtajit" "" "(Verified) " "c:\windows\system32\xtajit.dll" "" "The system cannot find the file specified." + "_xtajit" "" "(Verified) " "c:\windows\syswow64\xtajit.dll" "" "The system cannot find the file specified." + "COMDLG32" "Common Dialogs DLL" "(Verified) " "c:\windows\system32\comdlg32.dll" "3/13/1967 3:59 PM" "0/73" + "COMDLG32" "Common Dialogs DLL" "(Verified) " "c:\windows\syswow64\comdlg32.dll" "12/24/1951 7:59 PM" "0/73" + "DifxApi" "Driver Install Frameworks for API library module" "(Verified) " "c:\windows\system32\difxapi.dll" "8/17/1926 4:08 AM" "0/73" + "DifxApi" "Driver Install Frameworks for API library module" "(Verified) " "c:\windows\syswow64\difxapi.dll" "7/26/2010 4:00 PM" "0/73" + "gdiplus" "Microsoft GDI+" "(Verified) " "c:\windows\system32\gdiplus.dll" "9/11/1952 3:13 AM" "0/73" + "gdiplus" "Microsoft GDI+" "(Verified) " "c:\windows\syswow64\gdiplus.dll" "1/5/1971 6:51 AM" "0/73" + "NORMALIZ" "Unicode Normalization DLL" "(Verified) " "c:\windows\system32\normaliz.dll" "5/31/1908 4:55 AM" "0/73" + "NORMALIZ" "Unicode Normalization DLL" "(Verified) " "c:\windows\syswow64\normaliz.dll" "9/18/1978 3:57 AM" "0/73" + "WLDAP32" "Win32 LDAP API DLL" "(Verified) " "c:\windows\system32\wldap32.dll" "12/29/1972 11:10 AM" "0/73" + "WLDAP32" "Win32 LDAP API DLL" "(Verified) " "c:\windows\syswow64\wldap32.dll" "1/4/2018 5:02 AM" "0/73" + "wow64" "" "(Verified) " "c:\windows\syswow64\wow64.dll" "" "The system cannot find the file specified." + "wow64win" "" "(Verified) " "c:\windows\syswow64\wow64win.dll" "" "The system cannot find the file specified." "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" "" "12/7/2019 5:17 AM" "" + "Automatic Redeployment Credential Provider" "Autopilot Reset Credential Provider" "(Verified) " "c:\windows\system32\mgmtrefreshcredprov.dll" "3/7/2030 4:19 PM" "0/73" + "CCertProvider" "Cert Credential Provider" "(Verified) " "c:\windows\system32\certcredprovider.dll" "10/10/1960 9:51 AM" "0/73" + "Cloud Experience Credential Provider" "Cloud Experience Credential Provider" "(Verified) " "c:\windows\system32\cxcredprov.dll" "4/1/1951 7:47 PM" "0/73" + "CngCredUICredentialProvider" "Microsoft CNG CredUI Provider" "(Verified) " "c:\windows\system32\cngcredui.dll" "12/3/1923 8:16 PM" "0/73" + "FaceCredentialProvider" "Face Credential Provider" "(Verified) " "c:\windows\system32\facecredentialprovider.dll" "7/21/1981 11:23 PM" "0/73" + "FIDO Credential Provider" "FIDO Credential Provider" "(Verified) " "c:\windows\system32\fidocredprov.dll" "8/28/2034 10:35 PM" "0/73" + "GenericProvider" "Credential Providers" "(Verified) " "c:\windows\system32\credprovs.dll" "12/4/2034 7:15 PM" "0/73" + "IrisCredentialProvider" "Face Credential Provider" "(Verified) " "c:\windows\system32\facecredentialprovider.dll" "7/21/1981 11:23 PM" "0/73" + "NGC Credential Provider" "Microsoft Passport Credential Provider" "(Verified) " "c:\windows\system32\ngccredprov.dll" "8/14/2034 1:15 AM" "1/73" + "NPProvider" "Credential Providers" "(Verified) " "c:\windows\system32\credprovs.dll" "12/4/2034 7:15 PM" "0/73" + "PasswordProvider" "Credential Providers" "(Verified) " "c:\windows\system32\credprovs.dll" "12/4/2034 7:15 PM" "0/73" + "PicturePasswordLogonProvider" "Credential Providers Legacy" "(Verified) " "c:\windows\system32\credprovslegacy.dll" "4/7/1942 8:29 AM" "0/73" + "PINLogonProvider" "Credential Providers Legacy" "(Verified) " "c:\windows\system32\credprovslegacy.dll" "4/7/1942 8:29 AM" "0/73" + "Second Authentication Factor Credential Provider" "Microsoft Companion Authenticator Credential Provider" "(Verified) " "c:\windows\system32\devicengccredprov.dll" "4/27/1909 3:14 AM" "0/73" + "Smartcard Credential Provider" "Windows Smartcard Credential Provider" "(Verified) " "c:\windows\system32\smartcardcredentialprovider.dll" "3/20/2008 6:52 PM" "0/73" + "Smartcard Pin Provider" "Windows Smartcard Credential Provider" "(Verified) " "c:\windows\system32\smartcardcredentialprovider.dll" "3/20/2008 6:52 PM" "0/73" + "Smartcard Reader Selection Provider" "Windows Smartcard Credential Provider" "(Verified) " "c:\windows\system32\smartcardcredentialprovider.dll" "3/20/2008 6:52 PM" "0/73" + "Smartcard WinRT Provider" "Windows Smartcard Credential Provider" "(Verified) " "c:\windows\system32\smartcardcredentialprovider.dll" "3/20/2008 6:52 PM" "0/73" + "TrustedSignal Credential Provider" "TrustedSignal Credential Provider" "(Verified) " "c:\windows\system32\trustedsignalcredprov.dll" "4/4/1993 5:21 AM" "0/73" + "WinBio Credential Provider" "WinBio Credential Provider" "(Verified) " "c:\windows\system32\biocredprov.dll" "8/10/2009 6:37 AM" "0/73" + "WLIDCredentialProvider" "Microsoft® Account Credential Provider" "(Verified) " "c:\windows\system32\wlidcredprov.dll" "3/24/1956 3:20 AM" "0/73" "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters" "" "" "" "12/7/2019 5:17 AM" "" + "GenericFilter" "Credential Providers" "(Verified) " "c:\windows\system32\credprovs.dll" "12/4/2034 7:15 PM" "0/73" "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers" "" "" "" "12/7/2019 5:17 AM" "" + "CRasProvider" "RAS PLAP Credential Provider" "(Verified) " "c:\windows\system32\rasplap.dll" "8/27/2035 6:07 AM" "0/72" "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions" "" "" "" "6/22/2021 6:21 PM" "" + "{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}" "802.11 Group Policy Client" "(Verified) " "c:\windows\system32\wlgpclnt.dll" "1/20/2027 12:19 AM" "0/73" + "{0E28E245-9368-4853-AD84-6DA3BA35BB75}" "Group Policy Preference Client" "(Verified) " "c:\windows\system32\gpprefcl.dll" "5/3/1985 4:54 AM" "0/73" + "{169EBF44-942F-4C43-87CE-13C93996EBBE}" "Application Management Configuration" "(Verified) " "c:\windows\system32\appmanagementconfiguration.dll" "1/10/1910 12:31 PM" "0/73" + "{16be69fa-4209-4250-88cb-716cf41954e0}" "Windows Audit Settings CSE" "(Verified) " "c:\windows\system32\auditcse.dll" "5/7/1970 9:28 AM" "0/73" + "{17D89FEC-5C44-4972-B12D-241CAEF74509}" "Group Policy Preference Client" "(Verified) " "c:\windows\system32\gpprefcl.dll" "5/3/1985 4:54 AM" "0/73" + "{1A6364EB-776B-4120-ADE1-B63A406A76B5}" "Group Policy Preference Client" "(Verified) " "c:\windows\system32\gpprefcl.dll" "5/3/1985 4:54 AM" "0/73" + "{25537BA6-77A8-11D2-9B6C-0000F8080861}" "Folder Redirection Group Policy Extension" "(Verified) " "c:\windows\system32\fdeploy.dll" "10/3/1987 11:31 AM" "0/73" + "{2A8FDC61-2347-4C87-92F6-B05EB91A201A}" "Group Policy Preference Client" "(Verified) " "c:\windows\system32\gpprefcl.dll" "5/3/1985 4:54 AM" "0/73" + "{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}" "Application Management Configuration" "(Verified) " "c:\windows\system32\appmanagementconfiguration.dll" "1/10/1910 12:31 PM" "0/73" + "{3610eda5-77ef-11d2-8dc5-00c04fa31a66}" "Windows Shell Disk Quota Support DLL" "(Verified) " "c:\windows\system32\dskquota.dll" "8/29/1929 6:25 AM" "0/73" + "{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}" "Group Policy Preference Client" "(Verified) " "c:\windows\system32\gpprefcl.dll" "5/3/1985 4:54 AM" "0/73" + "{426031c0-0b47-4852-b0ca-ac3d37bfcb39}" "GPTExt" "(Verified) " "c:\windows\system32\gptext.dll" "12/7/1907 9:37 AM" "0/73" + "{42B5FAAE-6536-11d2-AE5A-0000F87571E3}" "Script Client Side Extension" "(Verified) " "c:\windows\system32\gpscript.dll" "10/1/2014 10:04 PM" "0/73" + "{4B7C3B0F-E993-4E06-A241-3FBE06943684}" "Group Policy Preference Client" "(Verified) " "c:\windows\system32\gpprefcl.dll" "5/3/1985 4:54 AM" "0/73" + "{4bcd6cde-777b-48b6-9804-43568e23545d}" "Remote Desktop USB Redirection GP Extension" "(Verified) " "c:\windows\system32\tsusbredirectiongrouppolicyextension.dll" "5/15/1929 4:23 AM" "0/73" + "{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}" "IEAK branding" "(Verified) " "c:\windows\system32\iedkcs32.dll" "8/10/1956 7:36 AM" "0/73" + "{4D2F9B6F-1E52-4711-A382-6A8B1A003DE6}" "RemoteApp and Desktop Connection Component" "(Verified) " "c:\windows\system32\tsworkspace.dll" "10/16/2032 9:53 PM" "0/73" + "{5794DAFD-BE60-433f-88A2-1A31939AC01F}" "Group Policy Preference Client" "(Verified) " "c:\windows\system32\gpprefcl.dll" "5/3/1985 4:54 AM" "0/73" + "{6232C319-91AC-4931-9385-E70C2B099F0E}" "Group Policy Preference Client" "(Verified) " "c:\windows\system32\gpprefcl.dll" "5/3/1985 4:54 AM" "0/73" + "{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}" "Group Policy Preference Client" "(Verified) " "c:\windows\system32\gpprefcl.dll" "5/3/1985 4:54 AM" "0/73" + "{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}" "Group Policy Preference Client" "(Verified) " "c:\windows\system32\gpprefcl.dll" "5/3/1985 4:54 AM" "0/73" + "{728EE579-943C-4519-9EF7-AB56765798ED}" "Group Policy Preference Client" "(Verified) " "c:\windows\system32\gpprefcl.dll" "5/3/1985 4:54 AM" "0/73" + "{74EE6C03-5363-4554-B161-627540339CAB}" "Group Policy Preference Client" "(Verified) " "c:\windows\system32\gpprefcl.dll" "5/3/1985 4:54 AM" "0/73" + "{7909AD9E-09EE-4247-BAB9-7029D5F0A278}" "Enroll Engine DLL" "(Verified) " "c:\windows\system32\dmenrollengine.dll" "5/8/1930 12:11 AM" "0/73" + "{7933F41E-56F8-41d6-A31C-4148A711EE93}" "Indexing Options" "(Verified) " "c:\windows\system32\srchadmin.dll" "2/1/1991 12:27 AM" "0/73" + "{7B849a69-220F-451E-B3FE-2CB811AF94AE}" "IEAK branding" "(Verified) " "c:\windows\system32\iedkcs32.dll" "8/10/1956 7:36 AM" "0/73" + "{827D319E-6EAC-11D2-A4EA-00C04F79F83A}" "Windows Security Configuration Editor Client Engine" "(Verified) " "c:\windows\system32\scecli.dll" "12/22/1915 1:26 PM" "0/73" + "{8A28E2C5-8D06-49A4-A08C-632DAA493E17}" "Group Policy Printer Extension" "(Verified) " "c:\windows\system32\gpprnext.dll" "7/9/1949 1:06 PM" "0/73" + "{91FBB303-0CD5-4055-BF42-E512A681B325}" "Group Policy Preference Client" "(Verified) " "c:\windows\system32\gpprefcl.dll" "5/3/1985 4:54 AM" "0/73" + "{A3F3E39B-5D83-4940-B954-28315B82F0A8}" "Group Policy Preference Client" "(Verified) " "c:\windows\system32\gpprefcl.dll" "5/3/1985 4:54 AM" "0/73" + "{AADCED64-746C-4633-A97C-D61349046527}" "Group Policy Preference Client" "(Verified) " "c:\windows\system32\gpprefcl.dll" "5/3/1985 4:54 AM" "0/73" + "{B087BE9D-ED37-454f-AF9C-04291E351182}" "Group Policy Preference Client" "(Verified) " "c:\windows\system32\gpprefcl.dll" "5/3/1985 4:54 AM" "0/73" + "{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}" "802.3 Group Policy Client" "(Verified) " "c:\windows\system32\dot3gpclnt.dll" "4/24/1914 11:22 PM" "0/73" + "{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}" "Windows To Go Launcher" "(Verified) " "c:\windows\system32\pwlauncher.dll" "5/26/1904 6:35 PM" "0/73" + "{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}" "Group Policy Preference Client" "(Verified) " "c:\windows\system32\gpprefcl.dll" "5/3/1985 4:54 AM" "0/73" + "{C34B2751-1CF4-44F5-9262-C3FC39666591}" "Windows To Go Launcher" "(Verified) " "c:\windows\system32\pwlauncher.dll" "5/26/1904 6:35 PM" "0/73" + "{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}" "Group Policy Preference Client" "(Verified) " "c:\windows\system32\gpprefcl.dll" "5/3/1985 4:54 AM" "0/73" + "{C631DF4C-088F-4156-B058-4375F0853CD8}" "In-proc COM object used by clients of CSC API" "(Verified) " "c:\windows\system32\cscobj.dll" "11/5/1991 3:22 PM" "0/73" + "{c6dc5466-785a-11d2-84d0-00c04fb169f7}" "Software installation Service" "(Verified) " "c:\windows\system32\appmgmts.dll" "11/29/1926 8:36 AM" "0/73" + "{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}" "GPTExt" "(Verified) " "c:\windows\system32\gptext.dll" "12/7/1907 9:37 AM" "0/73" + "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}" "IEAK branding" "(Verified) " "c:\windows\system32\iedkcs32.dll" "8/10/1956 7:36 AM" "0/73" + "{CFF649BD-601D-4361-AD3D-0FC365DB4DB7}" "Delivery Optimization Management" "(Verified) " "c:\windows\system32\domgmt.dll" "6/11/1925 10:44 PM" "0/73" + "{e437bc1c-aa7d-11d2-a382-00c04f991e27}" "Policy Storage dll" "(Verified) " "c:\windows\system32\polstore.dll" "12/6/1950 11:52 AM" "0/73" + "{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}" "Group Policy Preference Client" "(Verified) " "c:\windows\system32\gpprefcl.dll" "5/3/1985 4:54 AM" "0/73" + "{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}" "Group Policy Preference Client" "(Verified) " "c:\windows\system32\gpprefcl.dll" "5/3/1985 4:54 AM" "0/73" + "{E5094040-C46C-4115-B030-04FB2E545B00}" "Group Policy Preference Client" "(Verified) " "c:\windows\system32\gpprefcl.dll" "5/3/1985 4:54 AM" "0/73" + "{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}" "Group Policy Preference Client" "(Verified) " "c:\windows\system32\gpprefcl.dll" "5/3/1985 4:54 AM" "0/73" + "{F312195E-3D9D-447A-A3F5-08DFFA24735E}" "Device Guard Group Policy CSE" "(Verified) " "c:\windows\system32\dggpext.dll" "3/29/2020 3:23 PM" "0/73" + "{f3ccc681-b74c-4060-9f26-cd84525dca2a}" "Windows Audit Settings CSE" "(Verified) " "c:\windows\system32\auditcse.dll" "5/7/1970 9:28 AM" "0/73" + "{F9C77450-3A41-477E-9310-9ACD617BD9E3}" "Group Policy Preference Client" "(Verified) " "c:\windows\system32\gpprefcl.dll" "5/3/1985 4:54 AM" "0/73" + "{FB2CA36D-0B40-4307-821B-A13B252DE56C}" "GPTExt" "(Verified) " "c:\windows\system32\gptext.dll" "12/7/1907 9:37 AM" "0/73" + "{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}" "GPTExt" "(Verified) " "c:\windows\system32\gptext.dll" "12/7/1907 9:37 AM" "0/73" + "{FC491EF1-C4AA-4CE1-B329-414B101DB823}" "Device Guard Group Policy CSE" "(Verified) " "c:\windows\system32\dggpext.dll" "3/29/2020 3:23 PM" "0/73" "HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" "" "12/7/2019 5:18 AM" "" + "Bluetooth Namespace" "Windows Sockets Helper DLL" "(Verified) " "c:\windows\system32\wshbth.dll" "11/30/1960 9:56 PM" "0/73" + "E-mail Naming Shim Provider" "E-mail Naming Shim Provider" "(Verified) " "c:\windows\system32\napinsp.dll" "10/12/1902 10:10 AM" "0/73" + "Network Location Awareness Legacy (NLAv1) Namespace" "Network Location Awareness 2" "(Verified) " "c:\windows\system32\nlaapi.dll" "1/22/1986 10:21 PM" "0/73" + "NTDS" "LDAP RnR Provider DLL" "(Verified) " "c:\windows\system32\winrnr.dll" "6/3/2019 7:01 PM" "0/73" + "PNRP Cloud Namespace Provider" "PNRP Name Space Provider" "(Verified) " "c:\windows\system32\pnrpnsp.dll" "11/7/1945 7:09 AM" "0/73" + "PNRP Name Namespace Provider" "PNRP Name Space Provider" "(Verified) " "c:\windows\system32\pnrpnsp.dll" "11/7/1945 7:09 AM" "0/73" "HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" "" "12/7/2019 5:18 AM" "" + "Bluetooth Namespace" "Windows Sockets Helper DLL" "(Verified) " "c:\windows\system32\wshbth.dll" "11/30/1960 9:56 PM" "0/73" + "E-mail Naming Shim Provider" "E-mail Naming Shim Provider" "(Verified) " "c:\windows\system32\napinsp.dll" "10/12/1902 10:10 AM" "0/73" + "Network Location Awareness Legacy (NLAv1) Namespace" "Network Location Awareness 2" "(Verified) " "c:\windows\system32\nlaapi.dll" "1/22/1986 10:21 PM" "0/73" + "NTDS" "LDAP RnR Provider DLL" "(Verified) " "c:\windows\system32\winrnr.dll" "6/3/2019 7:01 PM" "0/73" + "PNRP Cloud Namespace Provider" "PNRP Name Space Provider" "(Verified) " "c:\windows\system32\pnrpnsp.dll" "11/7/1945 7:09 AM" "0/73" + "PNRP Name Namespace Provider" "PNRP Name Space Provider" "(Verified) " "c:\windows\system32\pnrpnsp.dll" "11/7/1945 7:09 AM" "0/73" "HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" "" "4/23/2022 12:01 AM" "" + "Adobe PDF Port Monitor" "Adobe PDF Port Monitor DLL" "(Verified) Adobe Inc." "c:\windows\system32\adobepdf.dll" "10/27/2021 12:32 AM" "0/73" + "Appmon" "App Printer" "(Verified) " "c:\windows\system32\appmon.dll" "6/25/1985 4:46 PM" "0/73" + "Canon Language Monitor MG7700 series" "IJ Language Monitor" "(Verified) " "c:\windows\system32\cnmlmcp.dll" "3/16/2015 4:19 PM" "0/73" + "Local Port" "Local Spooler DLL" "(Verified) " "c:\windows\system32\localspl.dll" "8/5/1903 2:41 AM" "0/73" + "Microsoft Shared Fax Monitor" "Microsoft Fax Print Monitor" "(Verified) " "c:\windows\system32\fxsmon.dll" "11/30/1965 12:03 AM" "0/73" + "Standard TCP/IP Port" "Standard TCP/IP Port Monitor DLL" "(Verified) " "c:\windows\system32\tcpmon.dll" "11/11/1976 1:19 PM" "0/73" + "USB Monitor" "Standard Dynamic Printing Port Monitor DLL" "(Verified) " "c:\windows\system32\usbmon.dll" "3/5/1982 9:20 AM" "0/73" + "WSD Port" "Adaptive Port Monitor" "(Verified) " "c:\windows\system32\apmon.dll" "4/19/1978 11:39 AM" "0/73" "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers" "" "" "" "12/7/2019 5:15 AM" "" + "Internet Print Provider" "Internet Print Provider DLL" "(Verified) " "c:\windows\system32\inetpp.dll" "7/14/2037 1:17 AM" "0/73" + "LanMan Print Services" "Client Side Rendering Print Provider" "(Verified) " "c:\windows\system32\win32spl.dll" "9/17/1936 10:52 AM" "0/73" "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders" "" "" "" "12/7/2019 5:16 AM" "" + "credssp.dll" "Credential Delegation Security Package" "(Verified) " "c:\windows\system32\credssp.dll" "3/18/1980 5:45 AM" "0/73" "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages" "" "" "" "5/2/2022 6:09 PM" "" + "scecli" "Windows Security Configuration Editor Client Engine" "(Verified) " "c:\windows\system32\scecli.dll" "12/22/1915 1:26 PM" "0/73" "HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" "" "12/7/2019 5:16 AM" "" + "LanmanWorkstation" "Microsoft Windows Network" "(Verified) " "c:\windows\system32\ntlanman.dll" "3/21/2022 3:53 PM" "0/73" + "RDPNP" "Microsoft Terminal Services" "(Verified) " "c:\windows\system32\drprov.dll" "1/7/1913 3:05 PM" "0/73" + "webclient" "Web Client Network" "(Verified) " "c:\windows\system32\davclnt.dll" "11/4/2034 6:08 PM" "0/73" "HKLM\Software\Microsoft\Office\Outlook\Addins" "" "" "" "4/23/2022 12:01 AM" "" + "Acrobat PDFMaker Office COM Addin" "PDFMOutlook Addin Module" "(Verified) Adobe Inc." "c:\program files\adobe\acrobat dc\pdfmaker\mail\outlook\x64\pdfmoutlookaddin.dll" "4/7/2022 12:14 AM" "0/73" + "Adobe Send for Microsoft Outlook" "Adobe Document Cloud for Microsoft Outlook Addin Module" "(Verified) Adobe Inc." "c:\program files\adobe\acrobat dc\pdfmaker\mail\outlook\x64\sendaslinkaddin.dll" "4/7/2022 12:17 AM" "0/73" + "{F43F5136-AA90-4005-9368-F91F5C120D69}" "ESET Plugin for Microsoft Outlook" "(Verified) ESET, spol. s r.o." "c:\program files\eset\eset security\eplgoutlook.dll" "3/15/2022 9:40 AM" "1/73" "HKLM\Software\Wow6432Node\Microsoft\Office\Outlook\Addins" "" "" "" "4/23/2022 12:01 AM" "" + "Acrobat PDFMaker Office COM Addin" "PDFMOutlook Addin Module" "(Verified) Adobe Inc." "c:\program files\adobe\acrobat dc\pdfmaker\mail\outlook\pdfmoutlookaddin.dll" "4/7/2022 12:14 AM" "0/73" + "Adobe Send for Microsoft Outlook" "Adobe Document Cloud for Microsoft Outlook Addin Module" "(Verified) Adobe Inc." "c:\program files\adobe\acrobat dc\pdfmaker\mail\outlook\sendaslinkaddin.dll" "4/7/2022 12:17 AM" "0/69" + "{F43F5136-AA90-4005-9368-F91F5C120D69}" "ESET Plugin for Microsoft Outlook" "(Verified) ESET, spol. s r.o." "c:\program files\eset\eset security\x86\eplgoutlook.dll" "3/15/2022 9:37 AM" "0/73" "HKLM\Software\Microsoft\Office\Excel\Addins" "" "" "" "4/23/2022 12:01 AM" "" + "Acrobat PDFMaker Office COM Addin" "PDFMOfficeAddin Module" "(Verified) Adobe Inc." "c:\program files\adobe\acrobat dc\pdfmaker\office\x64\pdfmofficeaddin.dll" "3/2/2022 1:56 PM" "0/73" "HKLM\Software\Wow6432Node\Microsoft\Office\Excel\Addins" "" "" "" "4/23/2022 12:01 AM" "" + "Acrobat PDFMaker Office COM Addin" "PDFMOfficeAddin Module" "(Verified) Adobe Inc." "c:\program files\adobe\acrobat dc\pdfmaker\office\pdfmofficeaddin.dll" "3/2/2022 1:56 PM" "0/73" "HKLM\Software\Microsoft\Office\PowerPoint\Addins" "" "" "" "4/23/2022 12:01 AM" "" + "Acrobat PDFMaker Office COM Addin" "PDFMOfficeAddin Module" "(Verified) Adobe Inc." "c:\program files\adobe\acrobat dc\pdfmaker\office\x64\pdfmofficeaddin.dll" "3/2/2022 1:56 PM" "0/73" "HKLM\Software\Wow6432Node\Microsoft\Office\PowerPoint\Addins" "" "" "" "4/23/2022 12:01 AM" "" + "Acrobat PDFMaker Office COM Addin" "PDFMOfficeAddin Module" "(Verified) Adobe Inc." "c:\program files\adobe\acrobat dc\pdfmaker\office\pdfmofficeaddin.dll" "3/2/2022 1:56 PM" "0/73" "HKLM\Software\Microsoft\Office\Word\Addins" "" "" "" "4/23/2022 12:01 AM" "" + "Acrobat PDFMaker Office COM Addin" "PDFMOfficeAddin Module" "(Verified) Adobe Inc." "c:\program files\adobe\acrobat dc\pdfmaker\office\x64\pdfmofficeaddin.dll" "3/2/2022 1:56 PM" "0/73" "HKLM\Software\Wow6432Node\Microsoft\Office\Word\Addins" "" "" "" "4/23/2022 12:01 AM" "" + "Acrobat PDFMaker Office COM Addin" "PDFMOfficeAddin Module" "(Verified) Adobe Inc." "c:\program files\adobe\acrobat dc\pdfmaker\office\pdfmofficeaddin.dll" "3/2/2022 1:56 PM" "0/73" Link to comment Share on other sites More sharing options...
TedH600 0 Posted May 2, 2022 Author Share Posted May 2, 2022 Hello, I have included a copy of the original Eset virus detection log: Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 5/2/2022 6:10:03 PM;Command line scanner;file;C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe;PowerShell/Agent.AEW trojan;cleaned by deleting;LINDA-2\Administrator;Event occurred while attempting to run the following command: C:\WINDOWS\System32\WScript.exe "C:\Windows\System32\SyncAppvPublishingServer.vbs" "n; $a=Get-Content "C:\Windows\logs\system-logs.txt" | Select -Index 17033;$script_decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($a)); $script_block = [Scriptblock]::Create($script_decoded);Invoke-Command $script_block;7FB1A3A2C0F5008E82EAA0E7266A5FDAAEDFF7D2; Thank you. Link to comment Share on other sites More sharing options...
itman 1,659 Posted May 2, 2022 Share Posted May 2, 2022 (edited) We've seen this script before: https://forum.eset.com/topic/32186-two-strange-powershell-processes-maybe-coinminers/#elControls_149965_menu . Based on your posted Eset Detections log entry, we now know it is being started by wscript.exe also. This points to it running via WMI although no entries show in Autoruns. I'll leave it up to the Eset Moderator @Marcos to review your posted Autoruns log and see if he can find in it, the source of this PowerShell script. Edited May 2, 2022 by itman Link to comment Share on other sites More sharing options...
TedH600 0 Posted May 3, 2022 Author Share Posted May 3, 2022 Hello, Thank you for your help. I have attached the autoruns.arn file if that makes it easier to read for the moderators. I had to rename it to autoruns.arn.txt to upload it. autoruns.arn.txt Link to comment Share on other sites More sharing options...
TedH600 0 Posted May 3, 2022 Author Share Posted May 3, 2022 Hello, What is PowerShell/Agent.AEW trojan? I can find no information on it. When Eset states that it deleted the threat, what file is it deleting? I renamed the C:\Windows\logs\system-logs.txt file referenced in the virus detection. It doesn't appear to have been recreated. Thank you. Link to comment Share on other sites More sharing options...
TedH600 0 Posted May 3, 2022 Author Share Posted May 3, 2022 Hello, I have attached the Eset log collector data. Thank you. eis_logs.zip Link to comment Share on other sites More sharing options...
TedH600 0 Posted May 3, 2022 Author Share Posted May 3, 2022 Hello, I have attached the C:\Windows\logs\system-logs.txt file. Eset found no viruses in it. Thank you. system-logs.txt Link to comment Share on other sites More sharing options...
TedH600 0 Posted May 3, 2022 Author Share Posted May 3, 2022 Hello, I installed sysmon. There might be something hiding in Windows WMI. The following is a sysmon event I logged at Windows startup. - <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event"> - <System> <Provider Name="Microsoft-Windows-Sysmon" Guid="{5770385f-c22a-43e0-bf4c-06f5698ffbd9}" /> <EventID>1</EventID> <Version>5</Version> <Level>4</Level> <Task>1</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2022-05-03T01:50:03.1731667Z" /> <EventRecordID>296</EventRecordID> <Correlation /> <Execution ProcessID="4876" ThreadID="5456" /> <Channel>Microsoft-Windows-Sysmon/Operational</Channel> <Computer>Linda-2</Computer> <Security UserID="S-1-5-18" /> </System> - <EventData> <Data Name="RuleName">-</Data> <Data Name="UtcTime">2022-05-03 01:50:03.166</Data> <Data Name="ProcessGuid">{d1df58dd-8a4b-6270-a800-00000000e205}</Data> <Data Name="ProcessId">10736</Data> <Data Name="Image">C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe</Data> <Data Name="FileVersion">10.0.19041.546 (WinBuild.160101.0800)</Data> <Data Name="Description">Windows PowerShell</Data> <Data Name="Product">Microsoft® Windows® Operating System</Data> <Data Name="Company">Microsoft Corporation</Data> <Data Name="OriginalFileName">PowerShell.EXE</Data> <Data Name="CommandLine">"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -WindowStyle Hidden -ExecutionPolicy RemoteSigned -Command &{$env:psmodulepath = [IO.Directory]::GetCurrentDirectory(); import-module AppvClient; Sync-AppvPublishingServer n; $a=Get-Content C:\Windows\logs\system-logs.txt | Select -Index 17033;$script_decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($a)); $script_block = [Scriptblock]::Create($script_decoded);Invoke-Command $script_block}</Data> <Data Name="CurrentDirectory">C:\WINDOWS\system32\</Data> <Data Name="User">LINDA-2\Administrator</Data> <Data Name="LogonGuid">{d1df58dd-8a0f-6270-c39f-040000000000}</Data> <Data Name="LogonId">0x49fc3</Data> <Data Name="TerminalSessionId">1</Data> <Data Name="IntegrityLevel">High</Data> <Data Name="Hashes">SHA256=9F914D42706FE215501044ACD85A32D58AAEF1419D404FDDFA5D3B48F66CCD9F</Data> <Data Name="ParentProcessGuid">{d1df58dd-8a4b-6270-a700-00000000e205}</Data> <Data Name="ParentProcessId">10504</Data> <Data Name="ParentImage">C:\Windows\System32\wscript.exe</Data> <Data Name="ParentCommandLine">C:\WINDOWS\System32\WScript.exe "C:\Windows\System32\SyncAppvPublishingServer.vbs" "n; $a=Get-Content "C:\Windows\logs\system-logs.txt" | Select -Index 17033;$script_decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($a)); $script_block = [Scriptblock]::Create($script_decoded);Invoke-Command $script_block</Data> <Data Name="ParentUser">LINDA-2\Administrator</Data> </EventData> </Event> Thank you. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted May 3, 2022 Administrators Share Posted May 3, 2022 3 hours ago, TedH600 said: What is PowerShell/Agent.AEW trojan? I renamed the C:\Windows\logs\system-logs.txt file referenced in the virus detection. It doesn't appear to have been recreated. It's the detection of the PowerShell malware hiding in C:\Windows\logs\system-logs.txt which is triggered upon execution. If you rename the file back so that the system attempts to load the malware after a reboot, it should be detected and cleaned. Link to comment Share on other sites More sharing options...
TedH600 0 Posted May 3, 2022 Author Share Posted May 3, 2022 Hello, I deleted the C:\Windows\logs\system-logs.txt file. It no longer exists, but the virus keeps coming back upon reboot. The Eset virus detection keeps referencing the C:\Windows\logs\system-logs.txt file even though it does not exist. As I said earlier, the sysmon event log that I posted above shows that this might be a Windows WMI virus. Thank you. Link to comment Share on other sites More sharing options...
TedH600 0 Posted May 3, 2022 Author Share Posted May 3, 2022 Hello, I attached the log files from Eset and Autoruns above. I have noticed that the Windows tray icon that shows that my location is in use stays on until the Eset threat detection message displays. The Eset threat detection message shows up about 60 seconds after the desktop is displayed. Right after that, the location icon disappears. I don't know if the virus is accessing my location. As I said earlier, the sysmon event log that I posted above shows that this might be a Windows WMI virus. Thank you. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted May 3, 2022 Administrators Share Posted May 3, 2022 Please run Task scheduler and delete the task Microsoft\Windows\NetService\Network\NetServices It's possible that deleting C:\Windows\Scheduled Tasks\Microsoft\Windows\NetService\Network\NetServices would suffice since I didn't find the task registered in the registry. Link to comment Share on other sites More sharing options...
TedH600 0 Posted May 3, 2022 Author Share Posted May 3, 2022 Hello, Deleting the task seems to have stopped the problem. Is there a way that I can quickly check for bogus tasks in case something like this happens again? By the way, my tasks files were stored in C:\Windows\System32\Tasks. I didn't have a "Scheduled Tasks" folder. What was the PowerShell/Agent.AEW trojan trying to do? If a new scan shows that my PC is clean, is the PC safe to use? Thank you very much. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted May 3, 2022 Administrators Share Posted May 3, 2022 The malicious task can be easily seen in a SysInspector log for instance: PowerShell/Agent.AEW loads and executes PowerShell/Agent.GZ trojan. The latter was not analyzed so I can't tell you what exactly it does. Link to comment Share on other sites More sharing options...
TedH600 0 Posted May 3, 2022 Author Share Posted May 3, 2022 Hello, The Netservices task seems to be a known virus as shown here https://forums.malwarebytes.com/topic/286247-netservices/. In the future, can Eset detect these task scheduler viruses before they are installed on the PC? Can I configure Eset to notify me of changes to the Task Scheduler? I saw this post https://forum.eset.com/topic/4602-windows-task-scheduler-protection/, but it is from 2015. Thank you again. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted May 3, 2022 Administrators Share Posted May 3, 2022 1 minute ago, TedH600 said: In the future, can Eset detect these task scheduler viruses before they are installed on the PC? Only malware and threats can be detected. That said, as long as a scheduler task is recognized as malicious, it should be detected and cleaned. 1 minute ago, TedH600 said: Can I configure Eset to notify me of changes to the Task Scheduler? No, there is no real-time monitoring of Task Scheduler. Link to comment Share on other sites More sharing options...
itman 1,659 Posted May 3, 2022 Share Posted May 3, 2022 Based on your Eset Detections log entry, it appears that you are running under the full Win administrator account. This greatly increases attackers having ability to install malware and modify system settings. It is strongly advised that at a minimum, only a limited admin account be used for normal Win usage. Additionally, UAC should be set to its maximum level. The increase in elevation prompts being a minor annoyance given the increased security benefits. Additionally recommended is that the full administrator account be disabled; it doesn't have to be removed, lest an attacker can gain access to it. Link to comment Share on other sites More sharing options...
itman 1,659 Posted May 3, 2022 Share Posted May 3, 2022 (edited) As far as monitoring of suspicious scheduled task creation, below is an example of YARA behavioral rules to do so. Unfortunately, the Eset HIPS "doesn't come close" to having this capability: Quote Processes behaving improperly We routinely detect adversaries abusing the Windows Task Scheduler’s /create command to execute other processes and gain persistence or delay the execution of a payload. Some of the usual suspects include cmd.exe, powershell.exe, regsvr32.exe, rundll32.exe, and mshta.exe. Given this, and depending on the nature of your environment, developing detection logic that looks for scheduled tasks running with the /create flag and a reference to the above processes in the command line might help uncover malicious or suspicious activity. Word of caution: this will almost certainly require tuning and exclusions for legitimate software. process == schtasks.exe && command_line_includes ('/create') && ( 'cmd.exe' || 'powershell.exe' || 'regsvr32.exe' || 'rundll32.exe' || 'mshta.exe') Scheduled tasks with suspicious network connections Adversaries occasionally leverage scheduled tasks to reach out to external domains and download arbitrary binaries on a set or recurring schedule. Like most of the adversary actions described in this section, this is a way of establishing persistence. Keep an eye out for scheduled tasks running with the /create command and a reference to a URL in the command line. process == schtasks.exe && command_line_includes ('create') && ('https://' || 'http://' https://redcanary.com/threat-detection-report/techniques/scheduled-task/ Edited May 3, 2022 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted May 3, 2022 Administrators Share Posted May 3, 2022 Can you confirm that ESET has cleaned the threat and it's no longer detected after a reboot? Link to comment Share on other sites More sharing options...
itman 1,659 Posted May 3, 2022 Share Posted May 3, 2022 (edited) 2 hours ago, Marcos said: Can you confirm that ESET has cleaned the threat and it's no longer detected after a reboot? Review this MalwareBytes posting: https://forums.malwarebytes.com/topic/286247-netservices/ . Of note is: Quote Registry Key: 3 Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\NetService\Network\NetServices, Quarantined, 490, 1050593, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3B0188C0-4531-4C39-A816-2DF682E76AE7}, Quarantined, 490, 1050593, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\BOOT\{3B0188C0-4531-4C39-A816-2DF682E76AE7}, Quarantined, 490, 1050593, , , , , , Appears this bugger is using registry for persistence. Also this attack has a lot of similarities to Tarrask malware employed by HAFNIUM group: https://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/ Edited May 3, 2022 by itman Link to comment Share on other sites More sharing options...
Shogun1 0 Posted May 4, 2022 Share Posted May 4, 2022 On 5/3/2022 at 3:09 PM, TedH600 said: Hello, Deleting the task seems to have stopped the problem. Is there a way that I can quickly check for bogus tasks in case something like this happens again? By the way, my tasks files were stored in C:\Windows\System32\Tasks. I didn't have a "Scheduled Tasks" folder. What was the PowerShell/Agent.AEW trojan trying to do? If a new scan shows that my PC is clean, is the PC safe to use? Thank you very much. Hey Ted, I have the folder C:\Windows\System32\Tasks in my windows 11 and tried to erase. I guess, you were saying but couldn't erase it...! My question is; did you mean that folder all of it or I misread that?? Link to comment Share on other sites More sharing options...
Recommended Posts