1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Multiple application processes for every app using Wi-fi

Discussion in 'Malware and Virus Removal' started by BlueDolphin873, 2022/11/06.

Thread Status:
Not open for further replies.
  1. 2022/11/06
    BlueDolphin873

    BlueDolphin873 New Member Thread Starter

    Joined:
    2022/11/06
    Messages:
    1
    Likes Received:
    0
    Hi guys,

    Whenever I open an application that uses Wi-fi, for example a web browser like Firefox, Chrome, or as I tried to reinstall the OS, currently Microsoft Edge, and inspect the system activity in Process Explorer or Task Manager there are multiple processes running.
    Earlier I witnessed a "record" of 13 processes of Microsoft Edge with only one tab open!
    All of that can clog up memory, and sometimes, especially when *running games, the CPU.
    Thinking there may be a problem with my browser I messed with the settings, making sure to deactivate any background or startup browser shenanigans... But with no success, I suspected that I could have picked up malware, maybe adware, at worst Trojan with botnet, crypto miners.

    Img1 - results of running Microsoft Edge in Process Explorer and Task Manager:
    [​IMG]

    *Which is the next thing I tried, while searching for a smaller online game I installed League of legends. And while running the game's client (Riot Client) observed my CPU usage oscillating around form 45-55%, there are multiple processes of that client, less that opening a browser, but more that there should be according to the internet, I ran the game, and my CPU usage went to a 100%!

    Img2 - results of running League of legends in Process Explorer and Task Manager:
    [​IMG]

    Next, I tried installing, and running a bunch of antivirus applications (like Malwarebytes and Tron), done some research in system explorer, formatted some drives, reinstalled the OS, messed with the registry editor... Nothing worked, here I noticed that there are a lot of these svchost.exe processes, each having one virus total.

    Img3 - result of inspecting the virus total:
    [​IMG]
    This is the closes info. about a Trojan with botnet and adware payload I got.

    Img4 - result of running SpyHunter:
    [​IMG]

    I also did a DDS scan:
    1.) "dds":
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.19041.1566
    Run by damie at 20:39:41 on 2022-11-06
    Microsoft Windows 10 Pro 10.0.19045.0.1252.1.1033.18.8066.4845 [GMT 1:00]
    .
    AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\svchost.exe -k DcomLaunch -p
    C:\Windows\system32\fontdrvhost.exe
    C:\Windows\system32\fontdrvhost.exe
    C:\Windows\system32\svchost.exe -k RPCSS -p
    C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
    C:\Windows\system32\dwm.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
    C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
    C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
    C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
    C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
    C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
    C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s SysMain
    C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
    C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
    C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
    C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
    C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
    C:\Windows\system32\igfxCUIService.exe
    C:\Windows\system32\svchost.exe -k LocalService -p -s FontCache
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
    C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
    C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
    C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
    C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
    C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
    C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
    C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
    C:\Program Files\Elantech\ETDService.exe
    C:\Windows\System32\svchost.exe -k NetSvcs -p -s iphlpsvc
    C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    C:\Windows\system32\svchost.exe -k LocalService -p -s SstpSvc
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
    C:\Windows\system32\svchost.exe -k LocalService -s W32Time
    C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
    C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
    C:\Windows\system32\dashost.exe
    C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
    C:\Windows\System32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
    C:\Windows\system32\sihost.exe
    C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
    C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s WpnUserService
    C:\Windows\system32\taskhostw.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TabletInputService
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
    C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
    C:\Windows\Explorer.EXE
    C:\Windows\system32\igfxEM.exe
    C:\Windows\system32\igfxHK.exe
    C:\Windows\system32\igfxTray.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s NcdAutoSetup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s FDResPub
    C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
    C:\Windows\System32\RuntimeBroker.exe
    C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    C:\Windows\System32\RuntimeBroker.exe
    svchost.exe
    C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\System32\SecurityHealthSystray.exe
    C:\Windows\system32\ApplicationFrameHost.exe
    C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
    C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Calculator.exe
    svchost.exe
    C:\Windows\system32\svchost.exe -k UnistackSvcGroup
    C:\Windows\system32\svchost.exe -k netsvcs -p -s lfsvc
    C:\Windows\system32\svchost.exe -k UdkSvcGroup -s UdkUserSvc
    C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Windows\System32\SystemSettingsBroker.exe
    C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
    C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Windows\system32\svchost.exe -k LocalService -p -s BthAvctpSvc
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
    C:\Windows\system32\taskhostw.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Windows\System32\svchost.exe -k netsvcs -p
    D:\Downloads\Applications\ProcessExplorer\procexp64.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
    C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\GameBar.exe
    C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    C:\Windows\System32\oobe\UserOOBEBroker.exe
    C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    C:\Windows\System32\smartscreen.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uLocal Page = %11%\blank.htm
    uRun: [OneDrive] "C:\Users\damie\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
    uPolicies-Explorer: HideSCAMeetNow = dword:1
    mPolicies-Explorer: HideSCAMeetNow = dword:1
    mPolicies-System: DSCAutomationHostEnabled = dword:2
    mPolicies-System: EnableFullTrustStartupTasks = dword:2
    mPolicies-System: EnableUwpStartupTasks = dword:2
    mPolicies-System: SupportFullTrustStartupTasks = dword:1
    mPolicies-System: SupportUwpStartupTasks = dword:1
    mPolicies-Windows\System: EnableActivityFeed = dword:0
    mPolicies-Windows\System: PublishUserActivities = dword:0
    mPolicies-Windows\System: UploadUserActivities = dword:0
    mPolicies-Windows\System: AllowClipboardHistory = dword:0
    mPolicies-Windows\System: AllowCrossDeviceClipboard = dword:0
    TCP: NameServer = 83.139.103.3 83.139.121.8
    TCP: Interfaces\{6e5bb8b9-3db4-4c2c-bed2-c9e2e9d80ef2} : DHCPNameServer = 83.139.103.3 83.139.121.8
    TCP: Interfaces\{6e5bb8b9-3db4-4c2c-bed2-c9e2e9d80ef2}\144393935373 : DHCPNameServer = 83.139.103.3 83.139.121.8
    Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    SSODL: WebCheck - <orphaned>
    LSA: Security Packages = ""
    CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
    x64-Run: [SecurityHealth] C:\Windows\System32\SecurityHealthSystray.exe
    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-mPolicies-Explorer: HideSCAMeetNow = dword:1
    x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
    x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
    x64-mPolicies-System: EnableUwpStartupTasks = dword:2
    x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
    x64-mPolicies-System: SupportUwpStartupTasks = dword:1
    x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
    x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
    x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
    x64-mASetup: {9459C573-B17A-45AE-9F64-1857B5D58CEE} - "C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.35\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable
    x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
    Hosts: 0.0.0.0 choice.microsoft.com
    Hosts: 0.0.0.0 choice.microsoft.com.nstac.net
    Hosts: 0.0.0.0 df.telemetry.microsoft.com
    Hosts: 0.0.0.0 oca.telemetry.microsoft.com
    Hosts: 0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\Windows\System32\drivers\intelpep.sys [2022-9-8 418800]
    R0 iorate;Disk I/O Rate Filter Driver;C:\Windows\System32\drivers\iorate.sys [2022-9-8 57168]
    R0 MsSecFlt;Microsoft Security Events Component Minifilter;C:\Windows\System32\drivers\mssecflt.sys [2022-9-8 367432]
    R0 SgrmAgent;System Guard Runtime Monitor Agent;C:\Windows\System32\drivers\SgrmAgent.sys [2019-12-7 88080]
    R0 Telemetry;Intel(R) Telemetry Service;C:\Windows\System32\drivers\IntelTA.sys [2022-9-8 26608]
    R0 volume;Volume driver;C:\Windows\System32\drivers\volume.sys [2019-12-7 16696]
    R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\Windows\System32\drivers\WindowsTrustedRT.sys [2019-12-7 76984]
    R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [2019-12-7 18920]
    R0 Wof;Windows Overlay File System Filter Driver;C:\Windows\System32\drivers\wof.sys [2022-9-8 234296]
    R1 afunix;afunix;C:\Windows\System32\drivers\afunix.sys [2022-9-8 44032]
    R1 ahcache;Application Compatibility Cache;C:\Windows\System32\drivers\ahcache.sys [2022-9-8 292352]
    R1 bam;Background Activity Moderator Driver;C:\Windows\System32\drivers\bam.sys [2019-12-7 78136]
    R1 CimFS;CimFS;C:\Windows\System32\drivers\cimfs.sys [2022-9-8 98816]
    R1 FileCrypt;FileCrypt;C:\Windows\System32\drivers\filecrypt.sys [2019-12-7 59392]
    R1 GpuEnergyDrv;GPU Energy Driver;C:\Windows\System32\drivers\gpuenergydrv.sys [2019-12-7 8704]
    R2 bindflt;Windows Bind Filter Driver;C:\Windows\System32\drivers\bindflt.sys [2022-9-8 145768]
    R2 CDPSvc;Connected Devices Platform Service;C:\Windows\System32\svchost.exe -k LocalService -p [2022-9-8 55320]
    R2 CDPUserSvc_489bd;Connected Devices Platform User Service_489bd;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2022-9-8 55320]
    R2 CldFlt;Windows Cloud Files Filter Driver;C:\Windows\System32\drivers\cldflt.sys [2022-9-8 496640]
    R2 CoreMessagingRegistrar;CoreMessaging;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p [2022-9-8 55320]
    R2 DispBrokerDesktopSvc;Display Policy Service;C:\Windows\System32\svchost.exe -k LocalService -p [2022-9-8 55320]
    R2 DusmSvc;Data Usage;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2022-9-8 55320]
    R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2015-10-7 144072]
    R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2016-4-26 373736]
    R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2022-11-5 458176]
    R2 OneSyncSvc_489bd;Sync Host_489bd;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2022-9-8 55320]
    R2 SgrmBroker;System Guard Runtime Monitor Broker;C:\Windows\System32\SgrmBroker.exe [2022-9-8 329504]
    R2 storqosflt;Storage QoS Filter Driver;C:\Windows\System32\drivers\storqosflt.sys [2019-12-7 92984]
    R2 UserManager;User Manager;C:\Windows\System32\svchost.exe -k netsvcs -p [2022-9-8 55320]
    R2 UsoSvc;Update Orchestrator Service;C:\Windows\System32\svchost.exe -k netsvcs -p [2022-9-8 55320]
    R2 wcifs;Windows Container Isolation;C:\Windows\System32\drivers\wcifs.sys [2022-9-8 202568]
    R2 WpnService;Windows Push Notifications System Service;C:\Windows\System32\svchost.exe -k netsvcs -p [2022-9-8 55320]
    R2 WpnUserService_489bd;Windows Push Notifications User Service_489bd;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2022-9-8 55320]
    R3 BthAvctpSvc;AVCTP service;C:\Windows\System32\svchost.exe -k LocalService -p [2022-9-8 55320]
    R3 CAD;Charge Arbitration Driver;C:\Windows\System32\drivers\CAD.sys [2019-12-7 66576]
    R3 camsvc;Capability Access Manager Service;C:\Windows\System32\svchost.exe -k appmodel -p [2022-9-8 55320]
    R3 cbdhsvc_489bd;Clipboard User Service_489bd;C:\Windows\System32\svchost.exe -k ClipboardSvcGroup -p [2022-9-8 55320]
    R3 DisplayEnhancementService;Display Enhancement Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2022-9-8 55320]
    R3 DoSvc;Delivery Optimization;C:\Windows\System32\svchost.exe -k NetworkService -p [2022-9-8 55320]
    R3 ETD;ELAN Input Device;C:\Windows\System32\drivers\ETD.sys [2015-10-7 525512]
    R3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [2019-12-7 171520]
    R3 InstallService;Microsoft Store Install Service;C:\Windows\System32\svchost.exe -k netsvcs -p [2022-9-8 55320]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2016-3-3 816616]
    R3 lfsvc;Geolocation Service;C:\Windows\System32\svchost.exe -k netsvcs -p [2022-9-8 55320]
    R3 LicenseManager;Windows License Manager Service;C:\Windows\System32\svchost.exe -k LocalService -p [2022-9-8 55320]
    R3 MpKslac1f07e0;MpKslac1f07e0;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BBFA86D9-0A26-4375-BC38-DC0B10F44D3A}\MpKslDrv.sys [2022-11-6 228632]
    R3 MsQuic;MsQuic;C:\Windows\System32\drivers\msquic.sys [2022-9-8 322376]
    R3 NcbService;Network Connection Broker;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2022-9-8 55320]
    R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\Windows\System32\drivers\NdisVirtualBus.sys [2019-12-7 23040]
    R3 NgcCtnrSvc;Microsoft Passport Container;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2022-9-8 55320]
    R3 NgcSvc;Microsoft Passport;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2022-9-8 55320]
    R3 Qcamain10x64;Qualcomm Atheros Extensible Wireless LAN 11AC device driver;C:\Windows\System32\drivers\Qcamain10x64.sys [2019-12-7 2342912]
    R3 rt640x64;Realtek RT640 NT Driver;C:\Windows\System32\drivers\rt640x64.sys [2019-12-7 694272]
    R3 SecurityHealthService;Windows Security Service;C:\Windows\System32\SecurityHealthService.exe [2022-9-8 988104]
    R3 StateRepository;State Repository Service;C:\Windows\System32\svchost.exe -k appmodel -p [2022-9-8 55320]
    R3 TimeBrokerSvc;Time Broker;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2022-9-8 55320]
    R3 TokenBroker;Web Account Manager;C:\Windows\System32\svchost.exe -k netsvcs -p [2022-9-8 55320]
    R3 UdkUserSvc_489bd;Udk User Service_489bd;C:\Windows\System32\svchost.exe -k UdkSvcGroup [2022-9-8 55320]
    R3 UEFI;Microsoft UEFI Driver;C:\Windows\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\uefi.sys [2019-12-7 34104]
    R3 wdiwifi;WDI Driver Framework;C:\Windows\System32\drivers\WdiWiFi.sys [2022-9-8 967168]
    R3 WdNisDrv;Microsoft Defender Antivirus Network Inspection System Driver;C:\Windows\System32\drivers\wd\WdNisDrv.sys [2022-11-6 95520]
    R3 WdNisSvc;Microsoft Defender Antivirus Network Inspection Service;C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\NisSrv.exe [2022-11-6 3191224]
    S2 edgeupdate;Microsoft Edge Update Service (edgeupdate);C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [2021-8-5 214952]
    S2 MapsBroker;Downloaded Maps Manager;C:\Windows\System32\svchost.exe -k NetworkService -p [2022-9-8 55320]
    S3 520af686;520af686;C:\Windows\System32\drivers\520af686.sys [2022-11-6 299544]
    S3 AarSvc_489bd;Agent Activation Runtime_489bd;C:\Windows\System32\svchost.exe -k AarSvcGroup -p [2022-9-8 55320]
    S3 AcpiDev;ACPI Devices driver;C:\Windows\System32\drivers\AcpiDev.sys [2019-12-7 23040]
    S3 Acx01000;Acx01000;C:\Windows\System32\drivers\Acx01000.sys [2022-9-8 694272]
    S3 ADP80XX;ADP80XX;C:\Windows\System32\drivers\adp80xx.sys [2019-12-7 1135416]
    S3 AJRouter;AllJoyn Router Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2022-9-8 55320]
    S3 amdgpio2;AMD GPIO Client Driver;C:\Windows\System32\drivers\amdgpio2.sys [2019-12-7 18432]
    S3 amdi2c;AMD I2C Controller Service;C:\Windows\System32\drivers\amdi2c.sys [2019-12-7 45568]
    S3 applockerfltr;Smartlocker Filter Driver;C:\Windows\System32\drivers\applockerfltr.sys [2022-9-8 18432]
    S3 AppReadiness;App Readiness;C:\Windows\System32\svchost.exe -k AppReadiness -p [2022-9-8 55320]
    S3 AppvStrm;AppvStrm;C:\Windows\System32\drivers\AppVStrm.sys [2022-9-8 138056]
    S3 AppvVemgr;AppvVemgr;C:\Windows\System32\drivers\AppvVemgr.sys [2022-9-8 174408]
    S3 AppvVfs;AppvVfs;C:\Windows\System32\drivers\AppvVfs.sys [2022-9-8 154952]
    S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\Windows\System32\svchost.exe -k wsappx -p [2022-9-8 55320]
    S3 AssignedAccessManagerSvc;AssignedAccessManager Service;C:\Windows\System32\svchost.exe -k AssignedAccessManagerSvc [2022-9-8 55320]
    S3 autotimesvc;Cellular Time;C:\Windows\System32\svchost.exe -k autoTimeSvc [2022-9-8 55320]
    S3 BcastDVRUserService_489bd;GameDVR and Broadcast User Service_489bd;C:\Windows\System32\svchost.exe -k BcastDVRUserService [2022-9-8 55320]
    S3 bcmfn2;bcmfn2 Service;C:\Windows\System32\drivers\bcmfn2.sys [2019-12-7 9728]
    S3 BdDci;BdDci Service;C:\Windows\System32\drivers\bddci.sys [2020-12-4 802976]
    S3 BluetoothUserService_489bd;Bluetooth User Support Service_489bd;C:\Windows\System32\svchost.exe -k BthAppGroup -p [2022-9-8 55320]
    S3 BTAGService;Bluetooth Audio Gateway Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2022-9-8 55320]
    S3 BthA2dp;Microsoft Bluetooth A2dp driver;C:\Windows\System32\drivers\BthA2dp.sys [2022-11-6 287232]
    S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2022-9-8 106496]
    S3 BthMini;Bluetooth Radio Driver;C:\Windows\System32\drivers\BthMini.SYS [2022-9-8 45568]
    S3 bttflt;Microsoft Hyper-V VHDPMEM BTT Filter;C:\Windows\System32\drivers\bttflt.sys [2019-12-7 43832]
    S3 buttonconverter;Service for Portable Device Control devices;C:\Windows\System32\drivers\buttonconverter.sys [2019-12-7 44032]
    S3 CaptureService_489bd;CaptureService_489bd;C:\Windows\System32\svchost.exe -k LocalService -p [2022-9-8 55320]
    S3 cht4iscsi;cht4iscsi;C:\Windows\System32\drivers\cht4sx64.sys [2019-12-7 319800]
    S3 cht4vbd;Chelsio Virtual Bus Driver;C:\Windows\System32\drivers\cht4vx64.sys [2019-12-7 1853752]
    S3 ClipSVC;Client License Service (ClipSVC);C:\Windows\System32\svchost.exe -k wsappx -p [2022-9-8 55320]
    S3 cloudidsvc;Microsoft Cloud Identity Service;C:\Windows\System32\svchost.exe -k CloudIdServiceGroup -p [2022-9-8 55320]
    S3 ConsentUxUserSvc_489bd;ConsentUX_489bd;C:\Windows\System32\svchost.exe -k DevicesFlow [2022-9-8 55320]
    S3 cplspcon;Intel(R) Content Protection HDCP Service;C:\Windows\System32\IntelCpHDCPSvc.exe [2016-4-26 622056]
    S3 CredentialEnrollmentManagerUserSvc_489bd;CredentialEnrollmentManagerUserSvc_489bd;C:\Windows\System32\CredentialEnrollmentManager.exe [2022-9-8 382696]
    S3 DeviceAssociationBrokerSvc_489bd;DeviceAssociationBroker_489bd;C:\Windows\System32\svchost.exe -k DevicesFlow -p [2022-9-8 55320]
    S3 DevicePickerUserSvc_489bd;DevicePicker_489bd;C:\Windows\System32\svchost.exe -k DevicesFlow [2022-9-8 55320]
    S3 DevicesFlowUserSvc_489bd;DevicesFlow_489bd;C:\Windows\System32\svchost.exe -k DevicesFlow [2022-9-8 55320]
    S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2022-9-8 55320]
    S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2022-9-8 94208]
    S3 diagsvc;Diagnostic Execution Service;C:\Windows\System32\svchost.exe -k diagnostics [2022-9-8 55320]
    S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\Windows\System32\svchost.exe -k netsvcs -p [2022-9-8 55320]
    S3 dmwappushservice;Device Management Wireless Application Protocol (WAP) Push message Routing Service;C:\Windows\System32\svchost.exe -k netsvcs -p [2022-9-8 55320]
    S3 DsSvc;Data Sharing Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2022-9-8 55320]
    S3 edgeupdatem;Microsoft Edge Update Service (edgeupdatem);C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [2021-8-5 214952]
    S3 embeddedmode;Embedded Mode;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2022-9-8 55320]
    S3 EntAppSvc;Enterprise App Management Service;C:\Windows\System32\svchost.exe -k appmodel -p [2022-9-8 55320]
    S3 FrameServer;Windows Camera Frame Server;C:\Windows\System32\svchost.exe -k Camera [2022-9-8 55320]
    S3 genericusbfn;Generic USB Function Class;C:\Windows\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_53931f0ae21d6d2c\genericusbfn.sys [2019-12-7 23040]
    S3 GraphicsPerfSvc;GraphicsPerfSvc;C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup [2022-9-8 55320]
    S3 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2021-9-30 176008]
    S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\Windows\System32\drivers\hidinterrupt.sys [2019-12-7 55824]
    S3 hidspi;Microsoft SPI HID Miniport Driver;C:\Windows\System32\drivers\hidspi.sys [2019-12-7 66560]
    S3 HvHost;HV Host Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2022-9-8 55320]
    S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\Windows\System32\drivers\mshwnclx.sys [2019-12-7 30208]
    S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\Windows\System32\drivers\iagpio.sys [2019-12-7 36352]
    S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\Windows\System32\drivers\iai2c.sys [2019-12-7 91136]
    S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [2019-12-7 79360]
    S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2019-12-7 93184]
    S3 iaLPSS2i_GPIO2_CNL;Intel(R) Serial IO GPIO Driver v2;C:\Windows\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [2019-12-7 112128]
    S3 iaLPSS2i_GPIO2_GLK;Intel(R) Serial IO GPIO Driver v2;C:\Windows\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [2019-12-7 96256]
    S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2019-12-7 175104]
    S3 iaLPSS2i_I2C_CNL;Intel(R) Serial IO I2C Driver v2;C:\Windows\System32\drivers\iaLPSS2i_I2C_CNL.sys [2019-12-7 177152]
    S3 iaLPSS2i_I2C_GLK;Intel(R) Serial IO I2C Driver v2;C:\Windows\System32\drivers\iaLPSS2i_I2C_GLK.sys [2019-12-7 177664]
    S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [2019-12-7 38128]
    S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\Windows\System32\drivers\iaLPSSi_I2C.sys [2019-12-7 113152]
    S3 iaStorAVC;Intel Chipset SATA RAID Controller;C:\Windows\System32\drivers\iaStorAVC.sys [2019-12-7 884752]
    S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\Windows\System32\drivers\ibbus.sys [2019-12-7 558904]
    S3 icssvc;Windows Mobile Hotspot Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2022-9-8 55320]
    S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\Windows\System32\drivers\IndirectKmd.sys [2022-9-8 47104]
    S3 intelpmax;Intel(R) Dynamic Device Peak Power Manager Driver;C:\Windows\System32\drivers\intelpmax.sys [2019-12-7 30720]
    S3 IPT;IPT;C:\Windows\System32\drivers\ipt.sys [2019-12-7 59704]
    S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2022-9-8 55320]
    S3 ItSas35i;ItSas35i;C:\Windows\System32\drivers\ItSas35i.sys [2019-12-7 172344]
    S3 kbldfltr;kbldfltr;C:\Windows\System32\drivers\kbldfltr.sys [2022-9-8 29000]
    S3 LSI_SAS2i;LSI_SAS2i;C:\Windows\System32\drivers\lsi_sas2i.sys [2019-12-7 124216]
    S3 LSI_SAS3i;LSI_SAS3i;C:\Windows\System32\drivers\lsi_sas3i.sys [2019-12-7 135992]
    S3 LxpSvc;Language Experience Service;C:\Windows\System32\svchost.exe -k netsvcs [2022-9-8 55320]
    S3 mausbhost;MA-USB Host Controller Driver;C:\Windows\System32\drivers\mausbhost.sys [2019-12-7 537608]
    S3 mausbip;MA-USB IP Filter Driver;C:\Windows\System32\drivers\mausbip.sys [2019-12-7 64016]
    S3 MbbCx;MBB Network Adapter Class Extension;C:\Windows\System32\drivers\MbbCx.sys [2022-9-8 386048]
    S3 McpManagementService;McpManagementService;C:\Windows\System32\svchost.exe -k McpManagementServiceGroup [2022-9-8 55320]
    S3 megasas2i;megasas2i;C:\Windows\System32\drivers\MegaSas2i.sys [2019-12-7 81720]
    S3 megasas35i;megasas35i;C:\Windows\System32\drivers\megasas35i.sys [2019-12-7 105480]
    S3 MessagingService_489bd;MessagingService_489bd;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2022-9-8 55320]
    S3 Microsoft_Bluetooth_AvrcpTransport;Microsoft Bluetooth Avrcp Transport Driver;C:\Windows\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [2019-12-7 65024]
    S3 MicrosoftEdgeElevationService;Microsoft Edge Elevation Service (MicrosoftEdgeElevationService);C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.35\elevation_service.exe [2022-11-5 1755048]
    S3 MixedRealityOpenXRSvc;Windows Mixed Reality OpenXR Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2022-9-8 55320]
    S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\Windows\System32\drivers\mlx4_bus.sys [2019-12-7 1131320]
    S3 NaturalAuthentication;Natural Authentication;C:\Windows\System32\svchost.exe -k netsvcs -p [2022-9-8 55320]
    S3 ndfltr;NetworkDirect Service;C:\Windows\System32\drivers\ndfltr.sys [2019-12-7 146232]
    S3 NDKPing;NDKPing Driver;C:\Windows\System32\drivers\NDKPing.sys [2019-12-7 72720]
    S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\Windows\System32\drivers\NetAdapterCx.sys [2022-9-8 210944]
    S3 NetSetupSvc;Network Setup Service;C:\Windows\System32\svchost.exe -k netsvcs -p [2022-9-8 55320]
    S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc.sys [2022-9-8 252264]
    S3 nvdimm;Microsoft NVDIMM device driver;C:\Windows\System32\drivers\nvdimm.sys [2019-12-7 168464]
    S3 perceptionsimulation;Windows Perception Simulation Service;C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe [2022-9-8 106496]
    S3 percsas2i;percsas2i;C:\Windows\System32\drivers\percsas2i.sys [2019-12-7 58680]
    S3 percsas3i;percsas3i;C:\Windows\System32\drivers\percsas3i.sys [2019-12-7 68408]
    S3 PhoneSvc;Phone Service;C:\Windows\System32\svchost.exe -k LocalService -p [2022-9-8 55320]
    S3 PimIndexMaintenanceSvc_489bd;Contact Data_489bd;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2022-9-8 55320]
    S3 PktMon;Packet Monitor Driver;C:\Windows\System32\drivers\PktMon.sys [2022-9-8 131424]
    S3 PNPMEM;Microsoft Memory Module Driver;C:\Windows\System32\drivers\pnpmem.sys [2019-12-7 17408]
    S3 portcfg;portcfg;C:\Windows\System32\drivers\portcfg.sys [2019-12-7 27136]
    S3 PrintWorkflowUserSvc_489bd;PrintWorkflow_489bd;C:\Windows\System32\svchost.exe -k PrintWorkflow [2022-9-8 55320]
    S3 PushToInstall;Windows PushToInstall Service;C:\Windows\System32\svchost.exe -k netsvcs -p [2022-9-8 55320]
    S3 Ramdisk;Windows RAM Disk Driver;C:\Windows\System32\drivers\ramdisk.sys [2019-12-7 42296]
    S3 ReFS;ReFS;C:\Windows\System32\drivers\refs.sys [2022-9-8 2010464]
    S3 ReFSv1;ReFSv1;C:\Windows\System32\drivers\refsv1.sys [2022-9-8 990536]
    S3 rhproxy;Resource Hub proxy driver;C:\Windows\System32\drivers\rhproxy.sys [2019-12-7 115712]
    S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2022-9-8 55320]
    S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\Windows\System32\drivers\scmbus.sys [2022-9-8 158520]
    S3 SDFRd;SDF Reflector;C:\Windows\System32\drivers\SDFRd.sys [2019-12-7 35128]
    S3 SEMgrSvc;Payments and NFC/SE Manager;C:\Windows\System32\svchost.exe -k LocalService -p [2022-9-8 55320]
    S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2022-9-8 224192]
    S3 SensorDataService;Sensor Data Service;C:\Windows\System32\SensorDataService.exe [2022-9-8 1265152]
    S3 SensorService;Sensor Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2022-9-8 55320]
    S3 SerCx2;Serial UART Support Library;C:\Windows\System32\drivers\SerCx2.sys [2019-12-7 173072]
    S3 SharedRealitySvc;Spatial Data Service;C:\Windows\System32\svchost.exe -k LocalService -p [2022-9-8 55320]
    S3 SIVDriver;SIV Kernel Driver;C:\Windows\System32\drivers\SIVX64.sys [2022-11-6 205552]
    S3 SmartSAMD;SmartSAMD;C:\Windows\System32\drivers\SmartSAMD.sys [2019-12-7 209720]
    S3 smbdirect;smbdirect;C:\Windows\System32\drivers\smbdirect.sys [2019-12-7 172544]
    S3 smphost;Microsoft Storage Spaces SMP;C:\Windows\System32\svchost.exe -k smphost [2022-9-8 55320]
    S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2022-9-8 55320]
    S3 spaceparser;Space Parser;C:\Windows\System32\drivers\spaceparser.sys [2019-12-7 26624]
    S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\Windows\System32\drivers\SpatialGraphFilter.sys [2019-12-7 90936]
    S3 spectrum;Windows Perception Service;C:\Windows\System32\Spectrum.exe [2022-9-8 877056]
    S3 stornvme;Microsoft Standard NVM Express Driver;C:\Windows\System32\drivers\stornvme.sys [2022-9-8 162128]
    S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\Windows\System32\drivers\storufs.sys [2022-9-8 64856]
    S3 TieringEngineService;Storage Tiers Management;C:\Windows\System32\TieringEngineService.exe [2022-9-8 326144]
    S3 TroubleshootingSvc;Recommended Troubleshooting Service;C:\Windows\System32\svchost.exe -k netsvcs -p [2022-9-8 55320]
    S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\Windows\System32\drivers\UcmCx.sys [2022-9-8 160256]
    S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\Windows\System32\drivers\UcmTcpciCx.sys [2019-12-7 188416]
    S3 UcmUcsiAcpiClient;UCM-UCSI ACPI Client;C:\Windows\System32\drivers\UcmUcsiAcpiClient.sys [2019-12-7 36864]
    S3 UcmUcsiCx0101;UCM-UCSI KMDF Class Extension;C:\Windows\System32\drivers\UcmUcsiCx.sys [2022-9-8 113152]
    S3 UdeCx;USB Device Emulation Support Library;C:\Windows\System32\drivers\Udecx.sys [2019-12-7 52736]
    S3 Ufx01000;USB Function Class Extension;C:\Windows\System32\drivers\ufx01000.sys [2022-9-8 324432]
    S3 UfxChipidea;USB Chipidea Controller;C:\Windows\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_1c78775fffab6a0a\UfxChipidea.sys [2019-12-7 110608]
    S3 ufxsynopsys;USB Synopsys Controller;C:\Windows\System32\drivers\ufxsynopsys.sys [2022-9-8 168264]
    S3 UnistoreSvc_489bd;User Data Storage_489bd;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2022-9-8 55320]
    S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\Windows\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\urschipidea.sys [2019-12-7 32056]
    S3 UrsCx01000;USB Role-Switch Support Library;C:\Windows\System32\drivers\urscx01000.sys [2019-12-7 76304]
    S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\Windows\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\urssynopsys.sys [2019-12-7 29496]
    S3 usbaudio2;USB Audio 2.0 Service;C:\Windows\System32\drivers\usbaudio2.sys [2019-12-7 260608]
    S3 UserDataSvc_489bd;User Data Access_489bd;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2022-9-8 55320]
    S3 VacSvc;Volumetric Audio Compositor Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2022-9-8 55320]
    S3 vhf;Virtual HID Framework (VHF) Driver;C:\Windows\System32\drivers\vhf.sys [2019-12-7 47616]
    S3 VirtualRender;VirtualRender;C:\Windows\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\vrd.sys [2019-12-7 11264]
    S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\Windows\System32\drivers\vmgid.sys [2019-12-7 19768]
    S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2022-9-8 55320]
    S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2022-9-8 55320]
    S3 WaaSMedicSvc;Windows Update Medic Service;C:\Windows\System32\svchost.exe -k wusvcs -p [2022-9-8 55320]
    S3 WalletService;WalletService;C:\Windows\System32\svchost.exe -k appmodel -p [2022-9-8 55320]
    S3 WarpJITSvc;WarpJITSvc;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2022-9-8 55320]
    S3 wcnfs;Windows Container Name Virtualization;C:\Windows\System32\drivers\wcnfs.sys [2022-9-8 93184]
    S3 WdmCompanionFilter;WdmCompanionFilter;C:\Windows\System32\drivers\WdmCompanionFilter.sys [2019-12-7 23560]
    S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\Windows\System32\svchost.exe -k WepHostSvcGroup [2022-9-8 55320]
    S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2022-9-8 55320]
    S3 WinMad;WinMad Service;C:\Windows\System32\drivers\winmad.sys [2019-12-7 36152]
    S3 WinNat;Windows NAT Driver;C:\Windows\System32\drivers\winnat.sys [2022-9-8 261120]
    S3 WinVerbs;WinVerbs Service;C:\Windows\System32\drivers\winverbs.sys [2019-12-7 73016]
    S3 wisvc;Windows Insider Service;C:\Windows\System32\svchost.exe -k netsvcs -p [2022-9-8 55320]
    S3 wlpasvc;Local Profile Assistant Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2022-9-8 55320]
    S3 WManSvc;Windows Management Service;C:\Windows\System32\svchost.exe -k netsvcs -p [2022-9-8 55320]
    S3 workfolderssvc;Work Folders;C:\Windows\System32\svchost.exe -k LocalService -p [2022-9-8 55320]
    S3 WpcMonSvc;Parental Controls;C:\Windows\System32\svchost.exe -k LocalService [2022-9-8 55320]
    S3 XblAuthManager;Xbox Live Auth Manager;C:\Windows\System32\svchost.exe -k netsvcs -p [2022-9-8 55320]
    S3 XblGameSave;Xbox Live Game Save;C:\Windows\System32\svchost.exe -k netsvcs -p [2022-9-8 55320]
    S3 xboxgip;Xbox Game Input Protocol Driver;C:\Windows\System32\drivers\xboxgip.sys [2022-9-8 332288]
    S3 XboxGipSvc;Xbox Accessory Management Service;C:\Windows\System32\svchost.exe -k netsvcs -p [2022-9-8 55320]
    S3 XboxNetApiSvc;Xbox Live Networking Service;C:\Windows\System32\svchost.exe -k netsvcs -p [2022-9-8 55320]
    S3 xinputhid;XINPUT HID Filter Driver;C:\Windows\System32\drivers\xinputhid.sys [2022-9-8 51712]
    S4 AppVClient;Microsoft App-V Client;C:\Windows\System32\AppVClient.exe [2022-9-8 777064]
    S4 DiagTrack;Connected User Experiences and Telemetry;C:\Windows\System32\svchost.exe -k utcsvc -p [2022-9-8 55320]
    S4 DialogBlockingService;DialogBlockingService;C:\Windows\System32\svchost.exe -k DialogBlockingService [2022-9-8 55320]
    S4 hvcrash;hvcrash;C:\Windows\System32\drivers\hvcrash.sys [2019-12-7 35128]
    S4 MsKeyboardFilter;Microsoft Keyboard Filter;C:\Windows\System32\svchost.exe -k netsvcs -p [2022-9-8 55320]
    S4 shpamsvc;Shared PC Account Manager;C:\Windows\System32\svchost.exe -k netsvcs -p [2022-9-8 55320]
    S4 ssh-agent;OpenSSH Authentication Agent;C:\Windows\System32\OpenSSH\ssh-agent.exe [2022-9-8 382976]
    S4 tzautoupdate;Auto Time Zone Updater;C:\Windows\System32\svchost.exe -k LocalService -p [2022-9-8 55320]
    S4 UevAgentDriver;UevAgentDriver;C:\Windows\System32\drivers\UevAgentDriver.sys [2022-9-8 41288]
    S4 UevAgentService;User Experience Virtualization Service;C:\Windows\System32\AgentService.exe [2022-9-8 1220096]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
    FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
    FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2022-11-06 17:15:06 228632 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BBFA86D9-0A26-4375-BC38-DC0B10F44D3A}\MpKslDrv.sys
    2022-11-06 17:14:35 -------- d-----w- C:\Windows\pss
    2022-11-06 16:44:07 17392936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BBFA86D9-0A26-4375-BC38-DC0B10F44D3A}\mpengine.dll
    2022-11-06 16:38:06 208216 ----a-w- C:\Windows\System32\drivers\37982745.sys
    2022-11-06 16:11:38 -------- d-----w- C:\Program Files\Microsoft
    2022-11-06 15:17:36 -------- d-----w- C:\Windows\System32\gf2engine
    2022-11-06 15:15:24 -------- d-----w- C:\ProgramData\Avast Software
    2022-11-06 14:10:08 -------- d-----w- C:\Users\damie\AppData\Local\RCS_LT
    2022-11-06 14:00:53 17392936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2022-11-06 13:52:44 -------- d-----w- C:\Users\damie\AppData\Local\OO Software
    2022-11-06 13:52:21 287232 ----a-w- C:\Windows\System32\drivers\BthA2dp.sys
    2022-11-06 13:52:21 147968 ----a-w- C:\Windows\System32\drivers\BthHfEnum.sys
    2022-11-06 13:44:09 -------- d-----w- C:\Users\damie\AppData\Local\mbam
    2022-11-06 13:41:33 360000 ----a-w- C:\Windows\System32\drivers\klupd_520af686a_klark.sys
    2022-11-06 13:41:32 270672 ----a-w- C:\Windows\System32\drivers\klupd_520af686a_mark.sys
    2022-11-06 13:41:22 299544 ----a-w- C:\Windows\System32\drivers\520af686.sys
    2022-11-06 13:41:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2022-11-06 13:41:07 -------- d-----w- C:\Users\damie\AppData\Local\mbamtray
    2022-11-06 13:40:47 -------- d-----w- C:\Users\damie\AppData\Local\Programs
    2022-11-06 13:34:38 -------- d-sh--w- C:\$RECYCLE.BIN
    2022-11-06 13:28:43 205552 ----a-w- C:\Windows\System32\drivers\SIVX64.sys
    2022-11-06 13:28:05 -------- d-----w- C:\logs
    2022-11-06 12:24:03 17392936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\StableEngineEtwLocation\mpengine_etw.dll
    2022-11-06 12:16:16 -------- d-----w- C:\ProgramData\Malwarebytes
    2022-11-06 12:16:08 255928 ----a-w- C:\Windows\System32\drivers\277325B9.sys
    2022-11-06 12:15:52 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2022-11-06 12:10:04 803176 ------w- C:\Windows\System32\MpSigStub.exe
    2022-11-06 12:09:14 -------- d--h--w- C:\$WinREAgent
    2022-11-06 07:16:02 -------- d-----w- C:\Windows\Panther
    2022-11-06 00:01:20 -------- d-----w- C:\Users\damie\AppData\Local\Diagnostics
    2022-11-06 00:00:29 -------- d-----w- C:\Users\damie\AppData\Local\PeerDistRepub
    2022-11-05 23:06:09 781384 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll
    2022-11-05 23:06:09 37864 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
    2022-11-05 23:06:09 105544 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2022-11-05 23:06:06 38072 ----a-w- C:\Windows\System32\TsWpfWrp.exe
    2022-11-05 23:06:06 127056 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    2022-11-05 23:06:06 1168968 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll
    2022-11-05 23:03:04 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
    2022-11-05 23:03:04 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
    2022-11-05 23:03:03 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
    2022-11-05 23:03:03 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
    2022-11-05 23:03:03 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
    2022-11-05 23:02:42 -------- d-----w- C:\Users\damie\AppData\Local\CEF
    2022-11-05 23:01:39 -------- d-----w- C:\Users\damie\AppData\Local\Riot Games
    2022-11-05 23:01:39 -------- d-----w- C:\ProgramData\Riot Games
    2022-11-05 22:49:37 1918464 ----a-w- C:\Windows\System32\MLS2.dll
    2022-11-05 22:49:37 1874944 ----a-w- C:\Windows\SysWow64\MLS2.dll
    2022-11-05 22:49:37 134656 ----a-w- C:\Windows\SysWow64\NlsData001a.dll
    2022-11-05 22:49:36 6015488 ----a-w- C:\Windows\System32\NlsLexicons001a.dll
    2022-11-05 22:49:36 182784 ----a-w- C:\Windows\System32\NlsData001a.dll
    2022-11-05 22:48:53 -------- d-----w- C:\Users\damie\AppData\Local\Comms
    2022-11-05 22:44:57 -------- d-----w- C:\Users\damie\AppData\Local\Google
    2022-11-05 22:40:04 -------- d-----w- C:\Users\damie\AppData\Local\PlaceholderTileLogoFolder
    2022-11-05 22:36:04 -------- d-----w- C:\Users\damie\AppData\Local\D3DSCache
    2022-11-05 22:35:24 -------- d--h--w- C:\OneDriveTemp
    2022-11-05 22:34:32 -------- d---a-re C:\Users\damie\OneDrive
    2022-11-05 22:33:23 -------- d-----w- C:\ProgramData\Microsoft OneDrive
    2022-11-05 22:32:02 -------- d-----w- C:\Users\damie\AppData\Local\Publishers
    2022-11-05 22:31:58 -------- d-----w- C:\ProgramData\Packages
    2022-11-05 22:31:55 -------- d-----r- C:\Users\damie\Searches
    2022-11-05 22:31:55 -------- d-----r- C:\Users\damie\Contacts
    2022-11-05 22:31:55 -------- d-----r- C:\Users\damie\3D Objects
    2022-11-05 22:31:54 -------- d-----w- C:\Users\damie\AppData\Local\VirtualStore
    2022-11-05 22:31:54 -------- d-----w- C:\Users\damie\AppData\Local\Packages
    2022-11-05 22:31:53 -------- d-sh--w- C:\Users\damie\IntelGraphicsProfiles
    2022-11-05 22:31:53 -------- d-----w- C:\Users\damie\AppData\Local\ConnectedDevicesPlatform
    2022-11-05 22:30:06 0 ----a-w- C:\Windows\System32\GfxValDisplayLog.bin
    2022-11-05 22:30:05 200 ----a-w- C:\Windows\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
    2022-11-05 22:30:05 180 ----a-w- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2022-11-05 22:28:20 -------- d-----w- C:\Program Files\Elantech
    2022-11-05 22:26:56 -------- d-----w- C:\Program Files\NVIDIA Corporation
    2022-11-05 22:25:42 -------- d-----w- C:\Windows\System32\wbem\Performance
    2022-11-05 22:20:59 3011072 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
    2022-11-05 22:18:58 -------- d-sh--w- C:\Recovery
    2022-11-05 22:18:58 -------- d-----w- C:\Windows\System32\wbem\MOF\good
    2022-11-05 22:18:58 -------- d-----w- C:\Windows\System32\wbem\MOF\bad
    2022-11-05 22:18:56 -------- d-sh--we C:\ProgramData\Documents
    2022-11-05 22:18:56 -------- d-sh--we C:\Documents and Settings
    2022-11-05 22:16:33 -------- d-----w- C:\Windows\System32\wbem\MOF
    2022-11-05 22:16:33 -------- d-----w- C:\Windows\System32\drivers\wd
    2022-11-05 22:16:23 -------- d-----w- C:\Windows\System32\SleepStudy
    2022-11-05 22:16:23 -------- d-----w- C:\Windows\ServiceProfiles
    2022-11-05 22:16:22 -------- d-s---w- C:\Windows\System32\Microsoft
    .
    ==================== Find3M ====================
    .
    2022-11-06 12:23:36 95520 ----a-w- C:\Windows\System32\drivers\wd\WdNisDrv.sys
    2022-11-06 12:23:36 49616 ----a-w- C:\Windows\System32\drivers\wd\WdBoot.sys
    2022-11-06 12:23:36 469280 ----a-w- C:\Windows\System32\drivers\wd\WdFilter.sys
    2022-11-06 12:23:36 185632 ----a-w- C:\Windows\System32\drivers\wd\WdDevFlt.sys
    2022-09-08 03:11:47 23552 ----a-w- C:\Windows\System32\OEMDefaultAssociations.dll
    2022-09-08 03:07:59 95232 ----a-w- C:\Windows\System32\ie4ushowIE.exe
    2022-09-08 03:06:59 995672 ----a-w- C:\Windows\System32\WWAHost.exe
    2022-09-08 03:01:06 1593744 ----a-w- C:\Windows\System32\dfshim.dll
    2022-09-08 03:01:06 1178512 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2022-09-08 03:00:38 497664 ----a-w- C:\Windows\System32\poqexec.exe
    2022-09-08 03:00:38 392704 ----a-w- C:\Windows\SysWow64\poqexec.exe
    .
    ============= FINISH: 20:40:06.47 ===============

    I would be very grateful if someone solved this, also please feel free to point out any weird steps I took or better testing actions, this got me extremely Interested in malware analysis!
     
    BlueDolphin873,
    #1
  2. 2022/11/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Unfortunately, for whatever reason, I can't see any of the images, you posted.
    Anyhow, most of today's browsers will show multiple processes in Task Manager. Those separate processes will not only run for every tab, but also for every extension and plugin, so it's normal.
    Likewise, having multiple svchost.exe processes is also normal.
    As for your CPU usage during gaming, it's hard to comment not knowing your computer specs.
     
    broni,
    #2


  3. to hide this advert.

Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...