Jump to content

Think my PC infected with mining trojan


Dayaes

Recommended Posts

Hi, I hope you can help. I'm not an IT specialist by any means but have noticed our family PC which really only holds files for kids homework, so lots of GB storage left, is running very slowly and hangs, won't open simple word documents for about 2 minutes etc. I have looked at various methods to improve performance, but when I run a perfmon /report I get a red error message with process called taskhostw.exe running CPU 99.9%. When I open task manager this process is not listed and no single process is using more than 4-5% of CPU. I have read that these mining trojans can camouflage and are difficult to identify. Why am I getting such a different report on CPU usage from the perfmon /report compared to Task manager and is this a hidden malware which is leading to such slow performance? I have scanned with Malwarebytes, and Spyhunter5 and neither finds any threats. Can you help please? I have attached the recommended logs.

 

 

Addition_25-01-2019 13.45.43.txt

FRST_25-01-2019 13.45.43.txt

Perflog.PNG

Malware log.txt

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
Driver Support (HKLM-x32\...\DriverSupport) (Version: 10.1.4.86 - PC Drivers HeadQuarters LP) <==== ATTENTION
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know what problems you have with this computer.

fixlist.txt

Link to post
Share on other sites

Found a way to move the location of FRST where it runs from, so have now performed fix and attached fixlog. The problems we were having was very slow performance, unable to cope with more than a few web tabs open, taking 3-4 mins to open a word document, start-up really slow and sometimes just going into sleep mode and not able to re-awaken without turning off and back on. See my first post about the issue with the CPU usage from a process called taskhostw.exe running at 100% but then when Task manager opens the CPU usage drops to 4% and that process is not listed which I find suspicious. Anyway thanks for your help, here is the fixlog.

Fixlog.txt

Link to post
Share on other sites

Hi,

p.s.
According to this topic Malwarebytes would normally remove that infection.
https://forums.malwarebytes.com/topic/221879-removal-instructions-for-taskhostw-miner/
Before you start please update Malwarebytes and run normally.

If that fails try this way.

Open Malwarebytes Anti-Malware.

On the Settings tab > Protection Scroll to and make sure the following are selected: Scroll to and make sure the following are selected:
Scan for Rootkits
Scan within Archives

Scroll further to Potential Threat Protection make sure the following are set as follows:

Potentially Unwanted Programs (PUP`s)        set as :- Always detect PUP`s (recommended)
Potentially Unwanted Modifications (PUM`s)  set as :- Always detect PUM`s (recommended)

Click on the Scan make sure Threat Scan is selected,

A Threat Scan will begin.

When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab

If asked to restart your computer to complete the removal, please do so

When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.

Wait for the prompt to restart the computer to appear, then click on Yes.

After the restart once you are back at your desktop, open MBAM once more to retrieve the log.

To get the log from Malwarebytes do the following:

Click on the Reports tab > from main interface.
Double click on the Scan log which shows the Date and time of the scan just performed.
Click Export > From export you have two options: > From export you have two options:
  Copy to Clipboard - if selected right click to your reply and select "Paste" log will be pasted to your reply
  Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
 
Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply.
===

If the problem persists run this program.

Read carefully and follow these steps.
TDSS

  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

  • If an infected file is detected, the default action will be Cure, click on Continue.

  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.

  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


===

Wait for further instructions.

Link to post
Share on other sites

OK, updated Malwarebytes but think was already running latest version. Folllowed instructions as per link about taskhostw.exe but no threats detected; followed next steps ensuring Scan Rootkits checked. No threats found- perfmon /report still showing taskhostw.exe processing CPU consumptions of 99%. Now to the final step- will let you know.

MBAMlog1.txt

Link to post
Share on other sites

Nothing found with TDSSKiller either. CPU sill showing 99% from process taskhostw.exe and the ID number changes every time I run a report.

 

 

16:59:40.0505 5708  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:59:41.0476 5708  ============================================================
16:59:41.0476 5708  Current date / time: 2019/01/26 16:59:41.0476
16:59:41.0476 5708  SystemInfo:
16:59:41.0476 5708 
16:59:41.0476 5708  OS Version: 6.2.9200 ServicePack: 0.0
16:59:41.0476 5708  Product type: Workstation
16:59:41.0476 5708  ComputerName: OPTIPLEX
16:59:41.0476 5708  UserName: Me
16:59:41.0476 5708  Windows directory: C:\WINDOWS
16:59:41.0476 5708  System windows directory: C:\WINDOWS
16:59:41.0476 5708  Running under WOW64
16:59:41.0476 5708  Processor architecture: Intel x64
16:59:41.0476 5708  Number of processors: 4
16:59:41.0476 5708  Page size: 0x1000
16:59:41.0476 5708  Boot type: Normal boot
16:59:41.0476 5708  ============================================================
16:59:42.0125 5708  Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:59:42.0132 5708  ============================================================
16:59:42.0132 5708  \Device\Harddisk0\DR0:
16:59:42.0132 5708  MBR partitions:
16:59:42.0147 5708  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:59:42.0147 5708  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1CFCEB48
16:59:42.0147 5708  ============================================================
16:59:42.0163 5708  C: <-> \Device\Harddisk0\DR0\Partition2
16:59:42.0163 5708  ============================================================
16:59:42.0163 5708  Initialize success
16:59:42.0163 5708  ============================================================
17:00:09.0772 14096  ============================================================
17:00:09.0772 14096  Scan started
17:00:09.0772 14096  Mode: Manual;
17:00:09.0772 14096  ============================================================
17:00:13.0582 14096  ================ Scan system memory ========================
17:00:13.0582 14096  System memory - ok
17:00:13.0582 14096  ================ Scan services =============================
17:00:14.0284 14096  1394ohci - ok
17:00:14.0300 14096  3ware - ok
17:00:14.0316 14096  ACPI - ok
17:00:14.0322 14096  AcpiDev - ok
17:00:14.0338 14096  acpiex - ok
17:00:14.0338 14096  acpipagr - ok
17:00:14.0385 14096  [ 6AFFD57803BBB6FBCB483F983900A5C4 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
17:00:14.0385 14096  AcpiPmi - ok
17:00:14.0385 14096  acpitime - ok
17:00:14.0485 14096  [ 696A8431DD22EDE385D7AB84E0EAF4C9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:00:14.0485 14096  AdobeARMservice - ok
17:00:14.0501 14096  ADP80XX - ok
17:00:14.0501 14096  AFD - ok
17:00:14.0538 14096  [ F267095A11A461BEF39FB180750BE801 ] afunix          C:\WINDOWS\system32\drivers\afunix.sys
17:00:14.0554 14096  afunix - ok
17:00:14.0585 14096  [ 0CD0F0C62414217DE9EA7EC8D425277E ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
17:00:14.0585 14096  ahcache - ok
17:00:14.0617 14096  [ 2BF4DA8EC5F1A0D88D2DDE1E6821076B ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
17:00:14.0654 14096  AJRouter - ok
17:00:14.0686 14096  [ 9E9D78D1C179EB2E3E2282A1DC409D93 ] ALG             C:\WINDOWS\System32\alg.exe
17:00:14.0686 14096  ALG - ok
17:00:14.0701 14096  AmdK8 - ok
17:00:14.0701 14096  AmdPPM - ok
17:00:14.0701 14096  amdsata - ok
17:00:14.0701 14096  amdsbs - ok
17:00:14.0717 14096  amdxata - ok
17:00:14.0739 14096  AppID - ok
17:00:14.0770 14096  [ F1A04835C7FA75C8215961C1095D5EBF ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
17:00:14.0786 14096  AppIDSvc - ok
17:00:14.0824 14096  [ 48EA4B4CCC920D130529A1EF85388B6A ] Appinfo         C:\WINDOWS\System32\appinfo.dll
17:00:14.0839 14096  Appinfo - ok
17:00:14.0870 14096  [ 4E59668442D1A2479E17F2FB5F819A7B ] AppleKmdfFilter C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys
17:00:14.0870 14096  AppleKmdfFilter - ok
17:00:14.0886 14096  [ 0122ECE34AEEC95212A211C016270937 ] AppleLowerFilter C:\WINDOWS\System32\drivers\AppleLowerFilter.sys
17:00:14.0886 14096  AppleLowerFilter - ok
17:00:14.0955 14096  [ 769316CA5884FBBD02D45C28FE105922 ] applockerfltr   C:\WINDOWS\system32\drivers\applockerfltr.sys
17:00:14.0955 14096  applockerfltr - ok
17:00:15.0002 14096  [ 78548DB096DA7BA26BAA318FE9B0CEC1 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
17:00:15.0024 14096  AppMgmt - ok
17:00:15.0024 14096  AppReadiness - ok
17:00:15.0040 14096  AppVClient - ok
17:00:15.0102 14096  [ 5CD58F779237F533D5F30C294DA04C0E ] AppvStrm        C:\WINDOWS\system32\drivers\AppvStrm.sys
17:00:15.0118 14096  AppvStrm - ok
17:00:15.0171 14096  [ A4354E3EF779E4CDC6C9D705FFBD3652 ] AppvVemgr       C:\WINDOWS\system32\drivers\AppvVemgr.sys
17:00:15.0187 14096  AppvVemgr - ok
17:00:15.0218 14096  [ 467021D15ED33D9B8CD313C7631A89B6 ] AppvVfs         C:\WINDOWS\system32\drivers\AppvVfs.sys
17:00:15.0218 14096  AppvVfs - ok
17:00:15.0240 14096  AppXSvc - ok
17:00:15.0256 14096  arcsas - ok
17:00:15.0387 14096  [ 44EDBC9E6F5823D2F529113C26368A9E ] AssignedAccessManagerSvc C:\WINDOWS\System32\assignedaccessmanagersvc.dll
17:00:15.0403 14096  AssignedAccessManagerSvc - ok
17:00:15.0425 14096  AsyncMac - ok
17:00:15.0425 14096  atapi - ok
17:00:15.0619 14096  [ 255F5245A58253E5703F395FF3E04638 ] atc             C:\WINDOWS\system32\DRIVERS\atc.sys
17:00:15.0626 14096  atc - ok
17:00:15.0673 14096  AudioEndpointBuilder - ok
17:00:15.0704 14096  Audiosrv - ok
17:00:15.0742 14096  [ D7BFD86F7A9ABE39351199869D093110 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
17:00:15.0789 14096  AxInstSV - ok
17:00:15.0804 14096  b06bdrv - ok
17:00:15.0826 14096  [ 982FAA5686F67BFEF3E6094705C2621F ] bam             C:\WINDOWS\system32\drivers\bam.sys
17:00:15.0826 14096  bam - ok
17:00:15.0842 14096  BasicDisplay - ok
17:00:15.0858 14096  BasicRender - ok
17:00:15.0889 14096  BcastDVRUserService - ok
17:00:15.0927 14096  bcmfn2 - ok
17:00:15.0958 14096  [ 71A50C80AF0A8A44E313AB0CD493FC16 ] BdDci           C:\WINDOWS\system32\DRIVERS\bddci.sys
17:00:15.0974 14096  BdDci - ok
17:00:15.0989 14096  [ 32E4F9537DE915333C2DBECEFCDCDD23 ] bdelam          C:\WINDOWS\system32\drivers\bdelam.sys
17:00:15.0989 14096  bdelam - ok
17:00:16.0005 14096  BDESVC - ok
17:00:16.0321 14096  [ 1A9155F5AF4C04BAEA79F6374CD31412 ] bdredline       C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
17:00:16.0475 14096  bdredline - ok
17:00:16.0506 14096  [ 9B068DF7B7B3DDF768D06DFD69B49FD0 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
17:00:16.0528 14096  Beep - ok
17:00:17.0208 14096  [ 9D489EB6E1E0F54E95611B4A04F2435C ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
17:00:17.0346 14096  BEService - ok
17:00:17.0377 14096  BFE - ok
17:00:17.0393 14096  bindflt - ok
17:00:17.0531 14096  [ 97F4C0B9741E06BAC6AD2D93ABCEAED8 ] BITS            C:\WINDOWS\System32\qmgr.dll
17:00:18.0496 14096  BITS - ok
17:00:18.0534 14096  [ 30D75769E23CCFBE13DB41FC54243BB1 ] BluetoothUserService C:\WINDOWS\System32\Microsoft.Bluetooth.UserService.dll
17:00:18.0534 14096  BluetoothUserService - ok
17:00:18.0565 14096  bowser - ok
17:00:18.0596 14096  BrokerInfrastructure - ok
17:00:18.0650 14096  [ 3E4BF0145201239E0BBD0A937431C14C ] Browser         C:\WINDOWS\System32\browser.dll
17:00:18.0666 14096  Browser - ok
17:00:18.0681 14096  BTAGService - ok
17:00:18.0712 14096  BthAvctpSvc - ok
17:00:18.0750 14096  BthHFEnum - ok
17:00:18.0781 14096  [ A0EC1D5C937995A2C5F1179538A8A6B4 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
17:00:18.0781 14096  BTHMODEM - ok
17:00:18.0813 14096  bthserv - ok
17:00:18.0835 14096  bttflt - ok
17:00:18.0835 14096  buttonconverter - ok
17:00:18.0866 14096  [ 9983FF8D9834F2E67787F4BDC42A8E36 ] CAD             C:\WINDOWS\System32\drivers\CAD.sys
17:00:18.0866 14096  CAD - ok
17:00:18.0897 14096  camsvc - ok
17:00:18.0935 14096  CapImg - ok
17:00:18.0966 14096  [ 1200CA82E0D59510F69B6839540A76AA ] CaptureService  C:\WINDOWS\System32\CaptureService.dll
17:00:18.0966 14096  CaptureService - ok
17:00:18.0966 14096  cdfs - ok
17:00:18.0982 14096  CDPSvc - ok
17:00:18.0998 14096  CDPUserSvc - ok
17:00:19.0013 14096  cdrom - ok
17:00:19.0035 14096  CertPropSvc - ok
17:00:19.0051 14096  cht4iscsi - ok
17:00:19.0067 14096  cht4vbd - ok
17:00:19.0098 14096  [ 3AA86DA04A561E8162C2DBBF92D12074 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
17:00:19.0114 14096  circlass - ok
17:00:19.0129 14096  CldFlt - ok
17:00:19.0136 14096  CLFS - ok
17:00:19.0938 14096  [ 2B6646A094D37461EC5BD08AC357C88D ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
17:00:20.0185 14096  ClickToRunSvc - ok
17:00:20.0270 14096  [ 5BD85187D6A6A37D2A4563F33D7A76E4 ] ClipSVC         C:\WINDOWS\System32\ClipSVC.dll
17:00:20.0286 14096  ClipSVC - ok
17:00:20.0339 14096  CmBatt - ok
17:00:20.0370 14096  CNG - ok
17:00:20.0417 14096  [ 037DCC7A71938729CB12E8174E03031C ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
17:00:20.0417 14096  cnghwassist - ok
17:00:20.0671 14096  [ E40C99A3E0FFF49687F2187BF3E3050D ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys
17:00:20.0671 14096  CompositeBus - ok
17:00:20.0671 14096  COMSysApp - ok
17:00:20.0702 14096  condrv - ok
17:00:20.0718 14096  CoreMessagingRegistrar - ok
17:00:20.0856 14096  [ F5EB6730278154866BA8ACE23CE6699C ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
17:00:21.0157 14096  cphs - ok
17:00:21.0172 14096  CryptSvc - ok
17:00:21.0188 14096  CSC - ok
17:00:21.0242 14096  [ E20EC7EA6EEF16B5780B459FBA86C521 ] CscService      C:\WINDOWS\System32\cscsvc.dll
17:00:21.0273 14096  CscService - ok
17:00:21.0320 14096  [ 8711386E9B04357F8F58166760759F3A ] dam             C:\WINDOWS\system32\drivers\dam.sys
17:00:21.0320 14096  dam - ok
17:00:21.0342 14096  DcomLaunch - ok
17:00:21.0373 14096  defragsvc - ok
17:00:21.0389 14096  DeviceAssociationService - ok
17:00:21.0420 14096  DeviceInstall - ok
17:00:21.0489 14096  [ 38D6ED38A46F815C24C5656E8A5AB083 ] DevicePickerUserSvc C:\WINDOWS\System32\Windows.Devices.Picker.dll
17:00:22.0006 14096  DevicePickerUserSvc - ok
17:00:22.0059 14096  [ 372BD821867225F32DE87A6B3FEC8A2E ] DevicesFlowUserSvc C:\WINDOWS\System32\DevicesFlowBroker.dll
17:00:22.0091 14096  DevicesFlowUserSvc - ok
17:00:22.0138 14096  [ C48C4D6B8D9C53F0399DEDA402A6FAE5 ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
17:00:22.0144 14096  DevQueryBroker - ok
17:00:22.0144 14096  Dfsc - ok
17:00:22.0175 14096  Dhcp - ok
17:00:22.0207 14096  diagnosticshub.standardcollector.service - ok
17:00:22.0244 14096  [ 6EC6BB6EF31C85FD72D14BE4A1BD1B03 ] diagsvc         C:\WINDOWS\system32\DiagSvc.dll
17:00:22.0244 14096  diagsvc - ok
17:00:22.0276 14096  DiagTrack - ok
17:00:22.0291 14096  Disk - ok
17:00:22.0338 14096  DmEnrollmentSvc - ok
17:00:22.0345 14096  dmvsc - ok
17:00:22.0392 14096  [ 8B3601E34BD1D693598F968D70361C37 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
17:00:22.0392 14096  dmwappushservice - ok
17:00:22.0423 14096  Dnscache - ok
17:00:22.0461 14096  [ C79E79CD4DE45EC0EC0ECB5C76D6CB11 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
17:00:22.0476 14096  dot3svc - ok
17:00:22.0492 14096  [ 5B1EF28DE7302A6BD5DF8459E2C598EF ] DPS             C:\WINDOWS\system32\dps.dll
17:00:22.0507 14096  DPS - ok
17:00:22.0507 14096  drmkaud - ok
17:00:22.0507 14096  DsmSvc - ok
17:00:22.0523 14096  DsSvc - ok
17:00:22.0561 14096  DusmSvc - ok
17:00:22.0577 14096  DXGKrnl - ok
17:00:22.0608 14096  Eaphost - ok
17:00:22.0692 14096  [ A2C75D28F62DE01B00EBE0A5F216DFF0 ] EasyAntiCheat   C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
17:00:22.0724 14096  EasyAntiCheat - ok
17:00:22.0746 14096  ebdrv - ok
17:00:22.0777 14096  [ C817E1AD1EBBBBB494D10F7E74AED561 ] edrsensor       C:\WINDOWS\system32\DRIVERS\edrsensor.sys
17:00:22.0793 14096  edrsensor - ok
17:00:22.0808 14096  EFS - ok
17:00:22.0846 14096  EhStorClass - ok
17:00:22.0862 14096  EhStorTcgDrv - ok
17:00:22.0909 14096  [ 80D5BD4804C587B21A121566549A63FB ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
17:00:22.0909 14096  embeddedmode - ok
17:00:22.0962 14096  [ 11FF5613BC402549B3497BA73ED36058 ] EnigmaFileMonDriver C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
17:00:22.0962 14096  EnigmaFileMonDriver - ok
17:00:22.0993 14096  EntAppSvc - ok
17:00:22.0993 14096  ErrDev - ok
17:00:23.0727 14096  [ B072AB8ADDDF8B823693692E257E2BE8 ] EsgShKernel     C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
17:00:23.0927 14096  EsgShKernel - ok
17:00:23.0965 14096  [ C5713A2B4C9D9150041FB70C4A2ADE07 ] EUBAKUP         C:\WINDOWS\system32\drivers\eubakup.sys
17:00:23.0980 14096  EUBAKUP - ok
17:00:23.0996 14096  [ 5061B571167E1EE26E8D549CCDBE9CC6 ] EUBKMON         C:\WINDOWS\system32\drivers\EUBKMON.sys
17:00:23.0996 14096  EUBKMON - ok
17:00:24.0081 14096  [ 9B538A1E44E1D61FA80E80EA75A085FA ] EventSystem     C:\WINDOWS\system32\es.dll
17:00:24.0081 14096  EventSystem - ok
17:00:24.0081 14096  exfat - ok
17:00:24.0112 14096  fastfat - ok
17:00:24.0150 14096  [ BBD6407DA3DA4FC718710587E253C7BF ] Fax             C:\WINDOWS\system32\fxssvc.exe
17:00:24.0165 14096  Fax - ok
17:00:24.0181 14096  fdc - ok
17:00:24.0228 14096  [ A2037943CCC079307A383C5543607CEF ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
17:00:24.0244 14096  fdPHost - ok
17:00:24.0266 14096  [ C11A1A9CF331B7AA2F04974EE262EC07 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
17:00:24.0281 14096  FDResPub - ok
17:00:24.0313 14096  [ 71CECDA2DCF81E0AD8C30440C77966E2 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
17:00:24.0313 14096  fhsvc - ok
17:00:24.0350 14096  [ 9BC7FE262AF52B341048234809AA7D91 ] FileCrypt       C:\WINDOWS\system32\drivers\filecrypt.sys
17:00:24.0366 14096  FileCrypt - ok
17:00:24.0382 14096  FileInfo - ok
17:00:24.0382 14096  Filetrace - ok
17:00:24.0382 14096  flpydisk - ok
17:00:24.0382 14096  FltMgr - ok
17:00:24.0428 14096  FontCache - ok
17:00:24.0497 14096  FontCache3.0.0.0 - ok
17:00:24.0544 14096  FrameServer - ok
17:00:24.0551 14096  FsDepends - ok
17:00:24.0551 14096  Fs_Rec - ok
17:00:24.0582 14096  fvevol - ok
17:00:24.0598 14096  [ 9CD7A67F9BE9CB3C3FD052A9B621BAA6 ] Gemma           C:\WINDOWS\system32\DRIVERS\Gemma.sys
17:00:24.0613 14096  Gemma - ok
17:00:24.0682 14096  [ 71DBED7FB264DB60341BC796EC2E8135 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
17:00:24.0814 14096  gencounter - ok
17:00:24.0852 14096  genericusbfn - ok
17:00:24.0899 14096  [ 80DEABD6F6DAD85AA9F89F685B7A974E ] GKUPRO2D        C:\WINDOWS\System32\drivers\GKUPRO2D.sys
17:00:24.0914 14096  GKUPRO2D - ok
17:00:25.0052 14096  [ DDD204D449710B6A54E42F9630A10A29 ] GoogleChromeElevationService C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
17:00:25.0068 14096  GoogleChromeElevationService - ok
17:00:25.0084 14096  GPIOClx0101 - ok
17:00:25.0115 14096  gpsvc - ok
17:00:25.0153 14096  [ 508614CAC7BF8AEE4FB9002A413919B1 ] GpuEnergyDrv    C:\WINDOWS\system32\drivers\gpuenergydrv.sys
17:00:25.0168 14096  GpuEnergyDrv - ok
17:00:25.0200 14096  [ 248739BB0F3A1156A2C0AF51F39A9EA2 ] GraphicsPerfSvc C:\WINDOWS\System32\GraphicsPerfSvc.dll
17:00:25.0215 14096  GraphicsPerfSvc - ok
17:00:25.0253 14096  [ 750446ED76A5D13E902174DDDDA1A62B ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:00:25.0253 14096  gupdate - ok
17:00:25.0269 14096  [ 750446ED76A5D13E902174DDDDA1A62B ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:00:25.0269 14096  gupdatem - ok
17:00:25.0300 14096  [ 92338233B46725495A5830651AE359F3 ] gzflt           C:\WINDOWS\system32\drivers\gzflt.sys
17:00:25.0315 14096  gzflt - ok
17:00:25.0400 14096  HdAudAddService - ok
17:00:25.0431 14096  HDAudBus - ok
17:00:25.0431 14096  HidBatt - ok
17:00:25.0454 14096  HidBth - ok
17:00:25.0454 14096  hidi2c - ok
17:00:25.0454 14096  hidinterrupt - ok
17:00:25.0500 14096  [ 1553DF41F4EE4F60B4BEEEC62264BE71 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
17:00:25.0516 14096  HidIr - ok
17:00:25.0532 14096  hidserv - ok
17:00:25.0554 14096  HidUsb - ok
17:00:25.0569 14096  HpSAMD - ok
17:00:25.0585 14096  HTTP - ok
17:00:25.0616 14096  [ 9E1F3BA540DB9F4942A3F50A92E5754F ] hvcrash         C:\WINDOWS\System32\drivers\hvcrash.sys
17:00:25.0632 14096  hvcrash - ok
17:00:25.0648 14096  HvHost - ok
17:00:25.0670 14096  hvservice - ok
17:00:25.0717 14096  [ B149905CD7451160B6BFA2191A3F6182 ] HwNClx0101      C:\WINDOWS\system32\Drivers\mshwnclx.sys
17:00:25.0732 14096  HwNClx0101 - ok
17:00:25.0732 14096  hwpolicy - ok
17:00:25.0732 14096  hyperkbd - ok
17:00:25.0732 14096  HyperVideo - ok
17:00:25.0748 14096  i8042prt - ok
17:00:25.0770 14096  iagpio - ok
17:00:25.0770 14096  iai2c - ok
17:00:25.0786 14096  iaLPSS2i_GPIO2 - ok
17:00:25.0801 14096  iaLPSS2i_GPIO2_BXT_P - ok
17:00:25.0817 14096  iaLPSS2i_I2C - ok
17:00:25.0817 14096  iaLPSS2i_I2C_BXT_P - ok
17:00:25.0848 14096  iaLPSSi_GPIO - ok
17:00:25.0848 14096  iaLPSSi_I2C - ok
17:00:25.0855 14096  iaStorAVC - ok
17:00:25.0870 14096  iaStorV - ok
17:00:25.0886 14096  ibbus - ok
17:00:25.0901 14096  icssvc - ok
17:00:26.0287 14096  [ C3AACD8BDBFD6AE5766BCB99E4FEF227 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
17:00:26.0356 14096  igfx - ok
17:00:26.0387 14096  IKEEXT - ok
17:00:26.0434 14096  [ AA38C19A3D65E8228D822EB18037E19D ] IndirectKmd     C:\WINDOWS\System32\drivers\IndirectKmd.sys
17:00:26.0434 14096  IndirectKmd - ok
17:00:26.0472 14096  InstallService - ok
17:00:26.0503 14096  intelide - ok
17:00:26.0557 14096  [ E6CC7C1E7CEDC81D6B15BF2CF4C99109 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
17:00:26.0557 14096  intelpep - ok
17:00:26.0572 14096  intelppm - ok
17:00:26.0588 14096  iorate - ok
17:00:26.0635 14096  [ FB72A49FAD5C343C8C38948F92D87BBF ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:00:26.0635 14096  IpFilterDriver - ok
17:00:26.0688 14096  [ 9064A49C03F1CED42EAC2B4636C87192 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
17:00:26.0704 14096  iphlpsvc - ok
17:00:26.0704 14096  IPMIDRV - ok
17:00:26.0735 14096  [ 7408B83959A4B8271EF67FD06A6B366B ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
17:00:26.0751 14096  IPNAT - ok
17:00:26.0773 14096  [ 7BEA2228C81FB6E1EADDD54D615B4C7E ] IPT             C:\WINDOWS\System32\drivers\ipt.sys
17:00:26.0773 14096  IPT - ok
17:00:26.0804 14096  [ AD0574F12AA812340BD39071FD30AD1E ] IpxlatCfgSvc    C:\WINDOWS\System32\IpxlatCfg.dll
17:00:26.0820 14096  IpxlatCfgSvc - ok
17:00:26.0851 14096  [ 030AE3773151CFA728C67E38416FAD8D ] irda            C:\WINDOWS\system32\drivers\irda.sys
17:00:26.0857 14096  irda - ok
17:00:26.0873 14096  [ 79D02DC54AB4F85D2C13A728A0E36193 ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
17:00:26.0873 14096  IRENUM - ok
17:00:26.0920 14096  [ 6ADE9DCAF71DCD888320CA47DB8B05EF ] irmon           C:\WINDOWS\System32\irmon.dll
17:00:26.0935 14096  irmon - ok
17:00:26.0958 14096  isapnp - ok
17:00:26.0958 14096  iScsiPrt - ok
17:00:26.0958 14096  ItSas35i - ok
17:00:26.0973 14096  kbdclass - ok
17:00:26.0973 14096  kbdhid - ok
17:00:26.0989 14096  kdnic - ok
17:00:26.0989 14096  KeyIso - ok
17:00:27.0005 14096  KSecDD - ok
17:00:27.0005 14096  KSecPkg - ok
17:00:27.0020 14096  ksthunk - ok
17:00:27.0089 14096  [ C4151271434A490707B4FD4E6AAE9EED ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
17:00:27.0105 14096  KtmRm - ok
17:00:27.0120 14096  LanmanServer - ok
17:00:27.0120 14096  LanmanWorkstation - ok
17:00:27.0174 14096  [ C2A49E8EEE7C3D06ECA80847A42F65D5 ] lfsvc           C:\WINDOWS\System32\lfsvc.dll
17:00:27.0174 14096  lfsvc - ok
17:00:27.0205 14096  [ DB8F10ED986BFE0A5B663A1D067F2CCC ] LicenseManager  C:\WINDOWS\system32\LicenseManagerSvc.dll
17:00:27.0221 14096  LicenseManager - ok
17:00:27.0258 14096  [ 3CF979AFF0196DF3DF5E54DFC049EB1F ] lltdio          C:\WINDOWS\system32\drivers\lltdio.sys
17:00:27.0258 14096  lltdio - ok
17:00:27.0321 14096  [ D6DD748EAC3BC540CFE65C73FE20C099 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
17:00:27.0337 14096  lltdsvc - ok
17:00:27.0352 14096  lmhosts - ok
17:00:27.0406 14096  LSI_SAS - ok
17:00:27.0421 14096  LSI_SAS2i - ok
17:00:27.0421 14096  LSI_SAS3i - ok
17:00:27.0437 14096  LSI_SSS - ok
17:00:27.0453 14096  LSM - ok
17:00:27.0490 14096  [ E86400D7B6E095E89CF63667D94D3F50 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
17:00:27.0506 14096  luafv - ok
17:00:27.0537 14096  [ A0A527569856B9814E8920F52EBB67F5 ] LVRS64          C:\WINDOWS\system32\DRIVERS\lvrs64.sys
17:00:27.0553 14096  LVRS64 - ok
17:00:27.0622 14096  [ 07514F5635999D7DDB5F3A62B5C5AEB3 ] LxpSvc          C:\WINDOWS\System32\LanguageOverlayServer.dll
17:00:27.0622 14096  LxpSvc - ok
17:00:27.0675 14096  MapsBroker - ok
17:00:27.0691 14096  mausbhost - ok
17:00:27.0691 14096  mausbip - ok
17:00:27.0738 14096  [ AC5EE6C2018136DC8A3CBC7E5FEF5647 ] MBAMChameleon   C:\WINDOWS\System32\Drivers\MbamChameleon.sys
17:00:27.0738 14096  MBAMChameleon - ok
17:00:27.0760 14096  [ 45462C8601CE05E6224346AB605BAD55 ] MBAMFarflt      C:\WINDOWS\system32\DRIVERS\farflt.sys
17:00:27.0760 14096  MBAMFarflt - ok
17:00:27.0775 14096  [ E3724C41E2768239CCFC92710B28EF19 ] MBAMProtection  C:\WINDOWS\system32\DRIVERS\mbam.sys
17:00:27.0775 14096  MBAMProtection - ok
17:00:28.0362 14096  [ ECB760B2391608BA4E0A7987ADA70CCF ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
17:00:28.0462 14096  MBAMService - ok
17:00:28.0493 14096  [ 690EFB99D5633F95C884BD538CB708A6 ] MBAMSwissArmy   C:\WINDOWS\System32\Drivers\mbamswissarmy.sys
17:00:28.0509 14096  MBAMSwissArmy - ok
17:00:28.0562 14096  [ 0643C7FA9CC800C6B5F74D3D265D6F63 ] MBAMWebProtection C:\WINDOWS\system32\DRIVERS\mwac.sys
17:00:28.0562 14096  MBAMWebProtection - ok
17:00:28.0662 14096  [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
17:00:28.0678 14096  MDM - ok
17:00:28.0709 14096  megasas - ok
17:00:28.0709 14096  megasas2i - ok
17:00:28.0725 14096  megasas35i - ok
17:00:28.0741 14096  megasr - ok
17:00:28.0756 14096  [ 6D1671CB2E5402F01D2F13ECF764CAA1 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
17:00:28.0763 14096  MEIx64 - ok
17:00:28.0794 14096  [ 69259AFDF347B5F4AF06E900C4A1F62E ] MessagingService C:\WINDOWS\System32\MessagingService.dll
17:00:28.0809 14096  MessagingService - ok
17:00:28.0809 14096  mlx4_bus - ok
17:00:28.0825 14096  MMCSS - ok
17:00:28.0879 14096  [ CA25F2D78FDD0D36E3F3071B4B317BD4 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
17:00:28.0879 14096  Modem - ok
17:00:28.0910 14096  [ 13142B3B30F633F407D5256B2FFCCEF0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
17:00:28.0910 14096  monitor - ok
17:00:28.0925 14096  mouclass - ok
17:00:28.0925 14096  mouhid - ok
17:00:28.0925 14096  mountmgr - ok
17:00:28.0979 14096  [ F9B1419B15CC3C848EE2E98758B05363 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:00:28.0979 14096  MozillaMaintenance - ok
17:00:28.0994 14096  mpsdrv - ok
17:00:29.0026 14096  mpssvc - ok
17:00:29.0063 14096  MRxDAV - ok
17:00:29.0063 14096  mrxsmb - ok
17:00:29.0079 14096  mrxsmb10 - ok
17:00:29.0079 14096  mrxsmb20 - ok
17:00:29.0126 14096  [ F14DE177087F9E990EDE95ACE1F94662 ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
17:00:29.0142 14096  MsBridge - ok
17:00:29.0195 14096  [ 9A94F32C1DC90A7E5A35D0F820A8FB1D ] MSDTC           C:\WINDOWS\System32\msdtc.exe
17:00:29.0195 14096  MSDTC - ok
17:00:29.0211 14096  Msfs - ok
17:00:29.0264 14096  [ 5A5ABA987943317300A4E55A5C5EB8C4 ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
17:00:29.0280 14096  msgpiowin32 - ok
17:00:29.0295 14096  mshidkmdf - ok
17:00:29.0311 14096  [ E12A703CE10B068727499276340D5296 ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
17:00:29.0311 14096  mshidumdf - ok
17:00:29.0327 14096  msisadrv - ok
17:00:29.0342 14096  MSiSCSI - ok
17:00:29.0342 14096  msiserver - ok
17:00:29.0364 14096  MSKSSRV - ok
17:00:29.0411 14096  [ AECFFBE104D428E8A74BCABF5B3B9912 ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
17:00:29.0411 14096  MsLldp - ok
17:00:29.0427 14096  MSPCLOCK - ok
17:00:29.0427 14096  MSPQM - ok
17:00:29.0442 14096  MsRPC - ok
17:00:29.0458 14096  MsSecFlt - ok
17:00:29.0480 14096  mssmbios - ok
17:00:29.0480 14096  MSTEE - ok
17:00:29.0496 14096  MTConfig - ok
17:00:29.0496 14096  Mup - ok
17:00:29.0511 14096  mvumis - ok
17:00:29.0527 14096  NativeWifiP - ok
17:00:29.0596 14096  [ B281FAC1C60FE21ED3F635ECF673A981 ] NaturalAuthentication C:\WINDOWS\System32\NaturalAuth.dll
17:00:29.0612 14096  NaturalAuthentication - ok
17:00:29.0643 14096  [ 6FEC83EDC4A3D1E99039CA1D96AD720D ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
17:00:29.0665 14096  NcaSvc - ok
17:00:29.0728 14096  [ C3D3E2DFBD52C48EA787604F49060A5C ] NcbService      C:\WINDOWS\System32\ncbservice.dll
17:00:29.0759 14096  NcbService - ok
17:00:29.0781 14096  [ 9AB04C4C14B32D127DB6E7D3DF79FF26 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
17:00:29.0797 14096  NcdAutoSetup - ok
17:00:29.0866 14096  ndfltr - ok
17:00:29.0866 14096  NDIS - ok
17:00:29.0897 14096  [ AF73B18F3096B165A6F4417C5ED36B01 ] NdisCap         C:\WINDOWS\system32\drivers\ndiscap.sys
17:00:29.0897 14096  NdisCap - ok
17:00:29.0928 14096  [ 1A9B1F5B8B131CE461A01C9424E149D7 ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
17:00:29.0944 14096  NdisImPlatform - ok
17:00:29.0982 14096  NdisTapi - ok
17:00:29.0982 14096  Ndisuio - ok
17:00:29.0997 14096  NdisVirtualBus - ok
17:00:30.0028 14096  NdisWan - ok
17:00:30.0028 14096  ndiswanlegacy - ok
17:00:30.0044 14096  ndproxy - ok
17:00:30.0066 14096  [ 0E3B0F3645D1BAE79397C66FE8AF6402 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
17:00:30.0082 14096  Ndu - ok
17:00:30.0082 14096  NetAdapterCx - ok
17:00:30.0082 14096  NetBIOS - ok
17:00:30.0113 14096  NetBT - ok
17:00:30.0113 14096  Netlogon - ok
17:00:30.0129 14096  Netman - ok
17:00:30.0166 14096  netprofm - ok
17:00:30.0383 14096  [ BA0C8F0B8B10968B63D85D665A6C280E ] netr28ux        C:\WINDOWS\System32\drivers\netr28ux.sys
17:00:30.0430 14096  netr28ux - ok
17:00:30.0445 14096  NetSetupSvc - ok
17:00:30.0568 14096  [ 7EC8B56348F9298BCCA7A745C7F70E2C ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:00:30.0615 14096  NetTcpPortSharing - ok
17:00:30.0630 14096  netvsc - ok
17:00:30.0684 14096  [ 162A571ABAF9546339EE0BB482FF6AE7 ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
17:00:30.0699 14096  NgcCtnrSvc - ok
17:00:30.0715 14096  NgcSvc - ok
17:00:30.0730 14096  NlaSvc - ok
17:00:30.0746 14096  Npfs - ok
17:00:30.0746 14096  npsvctrig - ok
17:00:30.0784 14096  nsi - ok
17:00:30.0815 14096  nsiproxy - ok
17:00:30.0831 14096  Ntfs - ok
17:00:30.0846 14096  Null - ok
17:00:30.0931 14096  [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub        C:\WINDOWS\system32\drivers\nusb3hub.sys
17:00:30.0947 14096  nusb3hub - ok
17:00:31.0047 14096  [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc        C:\WINDOWS\system32\drivers\nusb3xhc.sys
17:00:31.0047 14096  nusb3xhc - ok
17:00:31.0069 14096  nvdimm - ok
17:00:31.0069 14096  nvraid - ok
17:00:31.0069 14096  nvstor - ok
17:00:31.0169 14096  [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:00:31.0169 14096  odserv - ok
17:00:31.0232 14096  [ 9DBC464AB85AA48C9760C6C2E591E2D3 ] OneSyncSvc      C:\WINDOWS\System32\APHostService.dll
17:00:31.0247 14096  OneSyncSvc - ok
17:00:31.0317 14096  [ 4A843E6D2507A4E6BFD4F6004AA5899D ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:00:31.0317 14096  ose - ok
17:00:31.0370 14096  [ CD5ECD6470B6B235B73569A091150299 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
17:00:31.0386 14096  p2pimsvc - ok
17:00:31.0417 14096  [ CCD10679BA0D9EF549F80C458C2AD1C4 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
17:00:31.0432 14096  p2psvc - ok
17:00:31.0564 14096  [ ED487965E4EA3EB5427BD40308EAB615 ] PanoptoRecorderService C:\Program Files\Panopto\Recorder\Recorder.exe
17:00:31.0586 14096  PanoptoRecorderService - ok
17:00:31.0617 14096  Parport - ok
17:00:31.0617 14096  partmgr - ok
17:00:31.0649 14096  PcaSvc - ok
17:00:31.0671 14096  pci - ok
17:00:31.0671 14096  pciide - ok
17:00:31.0702 14096  pcmcia - ok
17:00:31.0718 14096  pcw - ok
17:00:31.0718 14096  pdc - ok
17:00:31.0834 14096  [ 42B12A76D3C98AE69C97727E3BEC7D8A ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
17:00:31.0849 14096  PEAUTH - ok
17:00:32.0034 14096  [ 05A0A1AC00A8653B49F94381872D47E7 ] PeerDistSvc     C:\WINDOWS\system32\peerdistsvc.dll
17:00:32.0065 14096  PeerDistSvc - ok
17:00:32.0072 14096  percsas2i - ok
17:00:32.0103 14096  percsas3i - ok
17:00:32.0351 14096  [ 185100798FBD23C849DC1C00ED43D99D ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
17:00:32.0605 14096  PerfHost - ok
17:00:32.0636 14096  PhoneSvc - ok
17:00:32.0705 14096  [ 807ED476A62E79935315342BD3FAA046 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
17:00:32.0720 14096  PimIndexMaintenanceSvc - ok
17:00:32.0874 14096  [ 4E614DBE28B5857F70DEBCC804629E67 ] pla             C:\WINDOWS\system32\pla.dll
17:00:32.0890 14096  pla - ok
17:00:32.0921 14096  PlugPlay - ok
17:00:32.0937 14096  pmem - ok
17:00:32.0974 14096  [ 99ECEDA6B2E1FDB6892FBD5AED1E5D99 ] PNPMEM          C:\WINDOWS\System32\drivers\pnpmem.sys
17:00:32.0990 14096  PNPMEM - ok
17:00:33.0021 14096  [ 75690F495CEDBEF3D5989828AEEAE832 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
17:00:33.0037 14096  PNRPAutoReg - ok
17:00:33.0053 14096  [ CD5ECD6470B6B235B73569A091150299 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
17:00:33.0068 14096  PNRPsvc - ok
17:00:33.0090 14096  PolicyAgent - ok
17:00:33.0106 14096  Power - ok
17:00:33.0122 14096  PptpMiniport - ok
17:00:33.0407 14096  [ AD62FCEC1CB8ECD7C0E3DFD2FA79FDE4 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
17:00:33.0469 14096  PrintNotify - ok
17:00:33.0507 14096  [ A60202AE474E2173ED91118DD73ADAAD ] PrintWorkflowUserSvc C:\WINDOWS\System32\PrintWorkflowService.dll
17:00:33.0523 14096  PrintWorkflowUserSvc - ok
17:00:33.0554 14096  Processor - ok
17:00:33.0654 14096  [ C8A03715DBE271AA23295ECD1E240359 ] ProductAgentService C:\Program Files\Bitdefender Agent\ProductAgentService.exe
17:00:33.0676 14096  ProductAgentService - ok
17:00:33.0692 14096  ProfSvc - ok
17:00:33.0739 14096  [ E4BF8BE7B3711BCBBC95EE983C0236F4 ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
17:00:33.0755 14096  Psched - ok
17:00:33.0777 14096  PushToInstall - ok
17:00:33.0808 14096  [ 8AB5F41584C98047ABEF490FC1E31F7E ] QWAVE           C:\WINDOWS\system32\qwave.dll
17:00:33.0824 14096  QWAVE - ok
17:00:33.0870 14096  [ 00F72861538B6C4E925A21BAE397A49D ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
17:00:33.0870 14096  QWAVEdrv - ok
17:00:33.0877 14096  Ramdisk - ok
17:00:33.0893 14096  RasAcd - ok
17:00:33.0908 14096  RasAgileVpn - ok
17:00:33.0924 14096  RasAuto - ok
17:00:33.0939 14096  Rasl2tp - ok
17:00:33.0971 14096  RasMan - ok
17:00:33.0977 14096  RasPppoe - ok
17:00:33.0977 14096  RasSstp - ok
17:00:33.0993 14096  rdbss - ok
17:00:34.0024 14096  [ 206AB796793FDBD518B82E2F308A7176 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
17:00:34.0024 14096  rdpbus - ok
17:00:34.0040 14096  RDPDR - ok
17:00:34.0093 14096  [ 0600DF60EF88FD10663EC84709E5E245 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
17:00:34.0124 14096  RdpVideoMiniport - ok
17:00:34.0225 14096  [ 65652EFAAF4A8A59E60A2D7BE15317E8 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
17:00:34.0240 14096  rdyboost - ok
17:00:34.0240 14096  ReFS - ok
17:00:34.0256 14096  ReFSv1 - ok
17:00:34.0356 14096  [ 980F60634FAF9C58FC468AF9AA609D68 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
17:00:34.0410 14096  RemoteAccess - ok
17:00:34.0441 14096  [ 106E630F1B2A8BF2BBD4508D9B166406 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
17:00:34.0441 14096  RemoteRegistry - ok
17:00:34.0525 14096  [ 53BE6D9C36A9CB95A1568C24D44A8A34 ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
17:00:34.0541 14096  RetailDemo - ok
17:00:34.0579 14096  [ 3D4F4CCE0364CD3F1B539D2630686F24 ] rhproxy         C:\WINDOWS\System32\drivers\rhproxy.sys
17:00:34.0579 14096  rhproxy - ok
17:00:34.0610 14096  RmSvc - ok
17:00:34.0641 14096  RpcEptMapper - ok
17:00:34.0673 14096  [ 19EC4D05E01FE350B3494CEA122D64EB ] RpcLocator      C:\WINDOWS\system32\locator.exe
17:00:34.0679 14096  RpcLocator - ok
17:00:34.0695 14096  RpcSs - ok
17:00:34.0742 14096  [ FFFB16EF6E0B8B5F7F19B425923E7D12 ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
17:00:34.0757 14096  rspndr - ok
17:00:34.0795 14096  rt640x64 - ok
17:00:34.0826 14096  [ A2939E69027B97105014434BFBFF7195 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
17:00:34.0826 14096  s3cap - ok
17:00:34.0842 14096  SamSs - ok
17:00:34.0873 14096  sbp2port - ok
17:00:34.0895 14096  SCardSvr - ok
17:00:34.0958 14096  [ 1B1FB3D8403E621F2B9201EF414E21D9 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
17:00:34.0980 14096  ScDeviceEnum - ok
17:00:35.0011 14096  [ 0070C2DC6563C48EDA63A282748F3FCD ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
17:00:35.0027 14096  scfilter - ok
17:00:35.0042 14096  Schedule - ok
17:00:35.0058 14096  scmbus - ok
17:00:35.0080 14096  SCPolicySvc - ok
17:00:35.0096 14096  sdbus - ok
17:00:35.0143 14096  [ 9EF09DE84CE20B787C02395394AC2A7E ] SDFRd           C:\WINDOWS\System32\drivers\SDFRd.sys
17:00:35.0143 14096  SDFRd - ok
17:00:35.0181 14096  [ 01607A2FAB0068450A06C90AF755D57E ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
17:00:35.0196 14096  SDRSVC - ok
17:00:35.0196 14096  sdstor - ok
17:00:35.0212 14096  seclogon - ok
17:00:35.0243 14096  SecurityHealthService - ok
17:00:35.0328 14096  [ B2A91F7491623480CEBF260355943E76 ] sedsvc          C:\Program Files\rempl\sedsvc.exe
17:00:35.0328 14096  sedsvc - ok
17:00:35.0397 14096  [ 7D7ED932B6417D8687D1D972989B310B ] SEMgrSvc        C:\WINDOWS\system32\SEMgrSvc.dll
17:00:35.0428 14096  SEMgrSvc - ok
17:00:35.0481 14096  [ CA614C9FBC8307AB1DC937F3393899E2 ] SENS            C:\WINDOWS\System32\sens.dll
17:00:35.0481 14096  SENS - ok
17:00:35.0528 14096  Sense - ok
17:00:35.0660 14096  [ 46AEFFC68BEAF89805B95CC6F9529C2E ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
17:00:35.0698 14096  SensorDataService - ok
17:00:35.0760 14096  [ 2B81117E9C3E20BBAA2CB5467D000F77 ] SensorService   C:\WINDOWS\system32\SensorService.dll
17:00:35.0782 14096  SensorService - ok
17:00:35.0814 14096  SensrSvc - ok
17:00:35.0829 14096  SerCx - ok
17:00:35.0845 14096  SerCx2 - ok
17:00:35.0860 14096  Serenum - ok
17:00:35.0876 14096  Serial - ok
17:00:35.0883 14096  sermouse - ok
17:00:35.0983 14096  [ 87340BC77470B34F11A9E558B591DB08 ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
17:00:35.0998 14096  SessionEnv - ok
17:00:36.0014 14096  sfloppy - ok
17:00:36.0061 14096  [ 1941F5CA54C469E16957587FD56ED842 ] SgrmAgent       C:\WINDOWS\system32\drivers\SgrmAgent.sys
17:00:36.0061 14096  SgrmAgent - ok
17:00:36.0083 14096  [ D3170A3F3A9626597EEE1888686E3EA6 ] SgrmBroker      C:\WINDOWS\system32\SgrmBroker.exe
17:00:36.0130 14096  SgrmBroker - ok
17:00:36.0183 14096  [ AC1D97F89F2EC7E334A406603A686973 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
17:00:36.0199 14096  SharedAccess - ok
17:00:36.0230 14096  SharedRealitySvc - ok
17:00:36.0315 14096  [ 63B104867F70F0D81125C37989146960 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:00:36.0346 14096  ShellHWDetection - ok
17:00:36.0400 14096  [ F386F3E87033DF9936072B4A91627B34 ] ShMonitor       C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
17:00:36.0415 14096  ShMonitor - ok
17:00:36.0462 14096  [ F6D90D09D2BCFA2B5E492BFECA40EDE4 ] shpamsvc        C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
17:00:36.0562 14096  shpamsvc - ok
17:00:36.0600 14096  SiSRaid2 - ok
17:00:36.0616 14096  SiSRaid4 - ok
17:00:36.0631 14096  smphost - ok
17:00:36.0747 14096  [ A3BEF2736E902B9DCA68554F4E10E08C ] SmsRouter       C:\WINDOWS\system32\SmsRouterSvc.dll
17:00:36.0763 14096  SmsRouter - ok
17:00:36.0816 14096  [ 577EC13EB5215325E9B9FC51FB56A974 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
17:00:36.0832 14096  SNMPTRAP - ok
17:00:36.0848 14096  spaceport - ok
17:00:36.0901 14096  [ FE1776E587227120DC04EAEC45473245 ] SpatialGraphFilter C:\WINDOWS\system32\drivers\SpatialGraphFilter.sys
17:00:36.0901 14096  SpatialGraphFilter - ok
17:00:36.0917 14096  SpbCx - ok
17:00:36.0948 14096  spectrum - ok
17:00:37.0064 14096  [ C05A19A38D7D203B738771FD1854656F ] Spooler         C:\WINDOWS\System32\spoolsv.exe
17:00:37.0086 14096  Spooler - ok
17:00:37.0133 14096  sppsvc - ok
17:00:37.0133 14096  srv - ok
17:00:37.0164 14096  srv2 - ok
17:00:37.0186 14096  srvnet - ok
17:00:37.0249 14096  [ 1AEA66706573E8CCD6038369FE37F237 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
17:00:37.0264 14096  SSDPSRV - ok
17:00:37.0349 14096  [ 5EE518DFADC18573E681BB78833E93FA ] ssh-agent       C:\WINDOWS\System32\OpenSSH\ssh-agent.exe
17:00:37.0365 14096  ssh-agent - ok
17:00:37.0387 14096  SstpSvc - ok
17:00:37.0402 14096  StateRepository - ok
17:00:37.0434 14096  stexstor - ok
17:00:37.0518 14096  [ EB2C25A3700309F3F67D9334CF33A36C ] stisvc          C:\WINDOWS\System32\wiaservc.dll
17:00:37.0534 14096  stisvc - ok
17:00:37.0534 14096  storahci - ok
17:00:37.0565 14096  storflt - ok
17:00:37.0581 14096  stornvme - ok
17:00:37.0587 14096  storqosflt - ok
17:00:37.0619 14096  StorSvc - ok
17:00:37.0634 14096  storufs - ok
17:00:37.0650 14096  storvsc - ok
17:00:37.0665 14096  svsvc - ok
17:00:37.0819 14096  swenum - ok
17:00:37.0835 14096  swprv - ok
17:00:37.0904 14096  [ A2A42A570524C975259E3B81C4D80DCA ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
17:00:37.0904 14096  Synth3dVsc - ok
17:00:37.0919 14096  SysMain - ok
17:00:37.0935 14096  SystemEventsBroker - ok
17:00:37.0982 14096  [ CE9975A9E0DFBEFECECE218D2674C1CD ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
17:00:37.0988 14096  TabletInputService - ok
17:00:38.0035 14096  [ E38C7C4D57B1438F70A1B913870E8665 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
17:00:38.0051 14096  TapiSrv - ok
17:00:38.0067 14096  Tcpip - ok
17:00:38.0082 14096  Tcpip6 - ok
17:00:38.0104 14096  [ 085F8A5F09E64CC27309AF160EF4F9BA ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
17:00:38.0120 14096  tcpipreg - ok
17:00:38.0136 14096  tdx - ok
17:00:38.0167 14096  [ B2C4D7CB291293CAC636748E695D111E ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
17:00:38.0182 14096  terminpt - ok
17:00:38.0252 14096  [ 10ADC3589E50B1ED8452C86E0CBE8248 ] TermService     C:\WINDOWS\System32\termsrv.dll
17:00:38.0289 14096  TermService - ok
17:00:38.0305 14096  [ 1A0A0F6A139148AFDC4622046D4B3CBD ] Themes          C:\WINDOWS\system32\themeservice.dll
17:00:38.0321 14096  Themes - ok
17:00:38.0352 14096  [ 811910E891A6DB4A864AE119EB71218C ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
17:00:38.0367 14096  TieringEngineService - ok
17:00:38.0390 14096  TimeBrokerSvc - ok
17:00:38.0405 14096  TokenBroker - ok
17:00:38.0421 14096  TPM - ok
17:00:38.0452 14096  [ A5C0F857C38278A90E953A24E1701196 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
17:00:38.0490 14096  TrkWks - ok
17:00:38.0537 14096  [ C27F61929B1C271382A72E17DDDE7BCE ] trufos          C:\WINDOWS\system32\drivers\trufos.sys
17:00:38.0552 14096  trufos - ok
17:00:38.0606 14096  TrustedInstaller - ok
17:00:38.0637 14096  [ 0D721F40C179EC5737C15E551F22C69B ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
17:00:38.0637 14096  TsUsbFlt - ok
17:00:38.0684 14096  [ DE1296871208D1F13B7AC57C4B1FA46C ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
17:00:38.0690 14096  TsUsbGD - ok
17:00:38.0722 14096  [ 3A84A09CBC42148A0C7D00B3E82517F1 ] tsusbhub        C:\WINDOWS\system32\drivers\tsusbhub.sys
17:00:38.0737 14096  tsusbhub - ok
17:00:38.0769 14096  [ BC938ABBF586272BD4063CA51F09149F ] tunnel          C:\WINDOWS\system32\drivers\tunnel.sys
17:00:38.0791 14096  tunnel - ok
17:00:38.0822 14096  tzautoupdate - ok
17:00:38.0853 14096  UASPStor - ok
17:00:38.0907 14096  [ 00C4396DE1CD3502884BB2E2B6D6861C ] UcmCx0101       C:\WINDOWS\system32\Drivers\UcmCx.sys
17:00:38.0907 14096  UcmCx0101 - ok
17:00:38.0954 14096  [ ED9CBD1541C8AFDAA9B8255A384E2B53 ] UcmTcpciCx0101  C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
17:00:38.0954 14096  UcmTcpciCx0101 - ok
17:00:39.0007 14096  [ F58F1BC6A6972437CE18516F8ACCEB9F ] UcmUcsi         C:\WINDOWS\System32\drivers\UcmUcsi.sys
17:00:39.0007 14096  UcmUcsi - ok
17:00:39.0023 14096  Ucx01000 - ok
17:00:39.0038 14096  UdeCx - ok
17:00:39.0038 14096  udfs - ok
17:00:39.0054 14096  UEFI - ok
17:00:39.0107 14096  [ AD58EA78772B8163CFDE9BF671B6F8F1 ] UevAgentDriver  C:\WINDOWS\system32\drivers\UevAgentDriver.sys
17:00:39.0107 14096  UevAgentDriver - ok
17:00:39.0270 14096  [ F7E36C20DB953DFF4FDDB817904C0E48 ] UevAgentService C:\WINDOWS\system32\AgentService.exe
17:00:39.0292 14096  UevAgentService - ok
17:00:39.0355 14096  [ 588B9212DEE84F5192C09A147AA5C316 ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
17:00:39.0355 14096  Ufx01000 - ok
17:00:39.0370 14096  UfxChipidea - ok
17:00:39.0370 14096  ufxsynopsys - ok
17:00:39.0392 14096  umbus - ok
17:00:39.0392 14096  UmPass - ok
17:00:39.0455 14096  [ 0D806415E1F86E7C1C192261C247EF0D ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
17:00:39.0486 14096  UmRdpService - ok
17:00:39.0624 14096  [ EAEC69961D9D8B39FEA44D56F7FB259D ] UnistoreSvc     C:\WINDOWS\System32\unistore.dll
17:00:39.0655 14096  UnistoreSvc - ok
17:00:39.0756 14096  [ A84EF422924343A319D84874D1FF92DD ] updatesrv       C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
17:00:39.0794 14096  updatesrv - ok
17:00:39.0825 14096  [ 2362D5C18120FAB9CE5BD1F73EE33758 ] upnphost        C:\WINDOWS\System32\upnphost.dll
17:00:39.0840 14096  upnphost - ok
17:00:39.0909 14096  [ 49A5E1B43C59DC0E363AD9C2D7D10BE4 ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
17:00:39.0941 14096  UrsChipidea - ok
17:00:39.0972 14096  [ 53F1DA2D92D1D8CE4BB9D33E58D7DF01 ] UrsCx01000      C:\WINDOWS\system32\drivers\urscx01000.sys
17:00:39.0988 14096  UrsCx01000 - ok
17:00:40.0025 14096  [ 09518A324B95BBC0B472BD5A472CB916 ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
17:00:40.0041 14096  UrsSynopsys - ok
17:00:40.0057 14096  usbaudio - ok
17:00:40.0072 14096  usbccgp - ok
17:00:40.0110 14096  [ 250D21958EE5F45CD13FE6BE3788EE70 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
17:00:40.0110 14096  usbcir - ok
17:00:40.0110 14096  usbehci - ok
17:00:40.0126 14096  usbhub - ok
17:00:40.0141 14096  USBHUB3 - ok
17:00:40.0157 14096  usbohci - ok
17:00:40.0195 14096  [ 692C0BA4109C8F78392A299369F51129 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
17:00:40.0195 14096  usbprint - ok
17:00:40.0210 14096  usbser - ok
17:00:40.0210 14096  USBSTOR - ok
17:00:40.0226 14096  usbuhci - ok
17:00:40.0295 14096  [ 9431F7E997A8750139517709B04D8629 ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
17:00:40.0311 14096  usbvideo - ok
17:00:40.0311 14096  USBXHCI - ok
17:00:40.0411 14096  [ CE0E3BA8FC974BEE5BE20E4F43A1C583 ] UserDataSvc     C:\WINDOWS\System32\userdataservice.dll
17:00:40.0473 14096  UserDataSvc - ok
17:00:40.0495 14096  UserManager - ok
17:00:40.0511 14096  UsoSvc - ok
17:00:40.0611 14096  [ 3E283D06357616CD4117CC15BDB7C4C3 ] VacSvc          C:\WINDOWS\System32\vac.dll
17:00:40.0643 14096  VacSvc - ok
17:00:40.0658 14096  VaultSvc - ok
17:00:40.0658 14096  vdrvroot - ok
17:00:40.0696 14096  vds - ok
17:00:40.0712 14096  VerifierExt - ok
17:00:40.0727 14096  vhdmp - ok
17:00:40.0759 14096  vhf - ok
17:00:40.0790 14096  vmbus - ok
17:00:40.0796 14096  VMBusHID - ok
17:00:40.0812 14096  vmgid - ok
17:00:40.0875 14096  [ E4F5E83951810583FE8C2423772171DF ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll
17:00:40.0890 14096  vmicguestinterface - ok
17:00:40.0897 14096  [ E4F5E83951810583FE8C2423772171DF ] vmicheartbeat   C:\WINDOWS\System32\icsvc.dll
17:00:40.0897 14096  vmicheartbeat - ok
17:00:40.0944 14096  [ E4F5E83951810583FE8C2423772171DF ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll
17:00:40.0944 14096  vmickvpexchange - ok
17:00:40.0975 14096  [ DB7FB1DA7E1564EACBADD436191309C5 ] vmicrdv         C:\WINDOWS\System32\icsvcext.dll
17:00:40.0997 14096  vmicrdv - ok
17:00:40.0997 14096  [ E4F5E83951810583FE8C2423772171DF ] vmicshutdown    C:\WINDOWS\System32\icsvc.dll
17:00:40.0997 14096  vmicshutdown - ok
17:00:41.0028 14096  [ E4F5E83951810583FE8C2423772171DF ] vmictimesync    C:\WINDOWS\System32\icsvc.dll
17:00:41.0028 14096  vmictimesync - ok
17:00:41.0044 14096  [ E4F5E83951810583FE8C2423772171DF ] vmicvmsession   C:\WINDOWS\System32\icsvc.dll
17:00:41.0059 14096  vmicvmsession - ok
17:00:41.0075 14096  [ DB7FB1DA7E1564EACBADD436191309C5 ] vmicvss         C:\WINDOWS\System32\icsvcext.dll
17:00:41.0075 14096  vmicvss - ok
17:00:41.0097 14096  volmgr - ok
17:00:41.0113 14096  volmgrx - ok
17:00:41.0128 14096  volsnap - ok
17:00:41.0160 14096  volume - ok
17:00:41.0175 14096  vpci - ok
17:00:41.0197 14096  vsmraid - ok
17:00:41.0229 14096  VSS - ok
17:00:41.0298 14096  [ D71E05566DA06F33D635B62A81F4ED37 ] vsserv          C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
17:00:41.0313 14096  vsserv - ok
17:00:41.0345 14096  [ 33A6C4AD0EF2B9D2297967E5B3647C25 ] vsservppl       C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
17:00:41.0360 14096  vsservppl - ok
17:00:41.0376 14096  VSTXRAID - ok
17:00:41.0376 14096  vwifibus - ok
17:00:41.0376 14096  vwififlt - ok
17:00:41.0391 14096  vwifimp - ok
17:00:41.0414 14096  W32Time - ok
17:00:41.0461 14096  WaaSMedicSvc - ok
17:00:41.0461 14096  WacomPen - ok
17:00:41.0592 14096  [ 25FAB8A2CFFA21FDB472AB3AE6C17A57 ] WalletService   C:\WINDOWS\system32\WalletService.dll
17:00:41.0599 14096  WalletService - ok
17:00:41.0614 14096  wanarp - ok
17:00:41.0630 14096  wanarpv6 - ok
17:00:41.0661 14096  [ 395447583F42FD840520EE87AE439D74 ] WarpJITSvc      C:\WINDOWS\System32\Windows.WARP.JITService.dll
17:00:41.0692 14096  WarpJITSvc - ok
17:00:41.0761 14096  wbengine - ok
17:00:41.0830 14096  WbioSrvc - ok
17:00:41.0931 14096  [ 8A304D6CDC067922448CBA1EBB9FFCA8 ] wcifs           C:\WINDOWS\system32\drivers\wcifs.sys
17:00:42.0093 14096  wcifs - ok
17:00:42.0100 14096  Wcmsvc - ok
17:00:42.0131 14096  wcncsvc - ok
17:00:42.0147 14096  wcnfs - ok
17:00:42.0194 14096  WdBoot - ok
17:00:42.0216 14096  Wdf01000 - ok
17:00:42.0231 14096  WdFilter - ok
17:00:42.0278 14096  [ 067D1A81B4708CA97523709FDF57B728 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
17:00:42.0294 14096  WdiServiceHost - ok
17:00:42.0300 14096  [ 067D1A81B4708CA97523709FDF57B728 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
17:00:42.0300 14096  WdiSystemHost - ok
17:00:42.0316 14096  wdiwifi - ok
17:00:42.0363 14096  [ EAF4FB729E94561EE31BDE5BEF869C65 ] WdmCompanionFilter C:\WINDOWS\system32\drivers\WdmCompanionFilter.sys
17:00:42.0363 14096  WdmCompanionFilter - ok
17:00:42.0401 14096  [ 8542EAE47D35CB658614C1813C7599A2 ] wdm_usb         C:\WINDOWS\system32\DRIVERS\usb2ser.sys
17:00:42.0401 14096  wdm_usb - ok
17:00:42.0416 14096  WdNisDrv - ok
17:00:42.0517 14096  WdNisSvc - ok
17:00:42.0564 14096  [ BDCC510E85F7AF152E2DFF030A526EA2 ] WebClient       C:\WINDOWS\System32\webclnt.dll
17:00:42.0579 14096  WebClient - ok
17:00:42.0617 14096  [ 506F0A1CCABF4428733CF854BCBB6832 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
17:00:42.0633 14096  Wecsvc - ok
17:00:42.0680 14096  [ D8D727E8311C86B2A993A9006A453BAC ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
17:00:42.0717 14096  WEPHOSTSVC - ok
17:00:42.0764 14096  [ 30B4568D058E17500E7BF88AECEDF3F1 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
17:00:42.0795 14096  wercplsupport - ok
17:00:42.0818 14096  WerSvc - ok
17:00:42.0896 14096  WFDSConMgrSvc - ok
17:00:42.0949 14096  WFPLWFS - ok
17:00:43.0018 14096  [ 752F5931696914DF2EC0B27275C38458 ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
17:00:43.0049 14096  WiaRpc - ok
17:00:43.0150 14096  WIMMount - ok
17:00:43.0197 14096  WinDefend - ok
17:00:43.0250 14096  WindowsTrustedRT - ok
17:00:43.0319 14096  [ 5F0EDDA201630E132C2251BC9DA85023 ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
17:00:43.0350 14096  WindowsTrustedRTProxy - ok
17:00:43.0404 14096  WinHttpAutoProxySvc - ok
17:00:43.0466 14096  WinMad - ok
17:00:43.0867 14096  Winmgmt - ok
17:00:43.0898 14096  WinNat - ok
17:00:44.0654 14096  [ C57185CC62AA13E4F5A989D904CC9A16 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
17:00:45.0171 14096  WinRM - ok
17:00:45.0240 14096  [ 6FA3D810FE082001B16ADE19829F1E8E ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
17:00:45.0255 14096  WINUSB - ok
17:00:45.0271 14096  WinVerbs - ok
17:00:45.0340 14096  wisvc - ok
17:00:45.0425 14096  WlanSvc - ok
17:00:45.0572 14096  wlidsvc - ok
17:00:45.0610 14096  wlpasvc - ok
17:00:45.0688 14096  WmiAcpi - ok
17:00:45.0726 14096  wmiApSrv - ok
17:00:45.0926 14096  WMPNetworkSvc - ok
17:00:45.0989 14096  [ E122AD60BF4D7E4B28CCBABF33B28C1F ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
17:00:46.0027 14096  Wof - ok
17:00:46.0606 14096  [ 0D3303BDBC591ECF113601D7853A1AA7 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
17:00:46.0644 14096  workfolderssvc - ok
17:00:46.0713 14096  WpcMonSvc - ok
17:00:46.0775 14096  WPDBusEnum - ok
17:00:46.0829 14096  [ 15C1131EA0216F799C86B03EDAE0BE45 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
17:00:46.0860 14096  WpdUpFltr - ok
17:00:46.0992 14096  [ 096969606BB5C4822AB020081EA07FC5 ] WpnService      C:\WINDOWS\system32\WpnService.dll
17:00:47.0014 14096  WpnService - ok
17:00:47.0076 14096  [ 8B694BC50D2D2B98311283CFE5B40EE6 ] WpnUserService  C:\WINDOWS\System32\WpnUserService.dll
17:00:47.0114 14096  WpnUserService - ok
17:00:47.0130 14096  ws2ifsl - ok
17:00:47.0245 14096  [ DCB549367EB94CD8AFAA28E3F77F6493 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
17:00:47.0261 14096  wscsvc - ok
17:00:47.0261 14096  WSearch - ok
17:00:47.0315 14096  wuauserv - ok
17:00:47.0393 14096  [ 813DC18CC654CFB1875074139B0FEFD3 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
17:00:47.0415 14096  WudfPf - ok
17:00:47.0531 14096  [ FB64BAD6DEDB27EA39B03685AC0A8EB4 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
17:00:47.0578 14096  WUDFRd - ok
17:00:47.0609 14096  [ FB64BAD6DEDB27EA39B03685AC0A8EB4 ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
17:00:47.0615 14096  WUDFWpdFs - ok
17:00:47.0678 14096  [ FB64BAD6DEDB27EA39B03685AC0A8EB4 ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
17:00:47.0694 14096  WUDFWpdMtp - ok
17:00:47.0731 14096  WwanSvc - ok
17:00:47.0809 14096  [ 51D3A1E2285E2E931A553281BBA10E81 ] xbgm            C:\WINDOWS\system32\xbgmsvc.exe
17:00:47.0816 14096  xbgm - ok
17:00:48.0148 14096  [ DB952AD196A9548CF5235A71E5197F3F ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
17:00:48.0164 14096  XblAuthManager - ok
17:00:48.0465 14096  [ 8C0DD7BFFF5A81AEC26AD720057F5451 ] XblGameSave     C:\WINDOWS\System32\XblGameSave.dll
17:00:48.0496 14096  XblGameSave - ok
17:00:48.0518 14096  xboxgip - ok
17:00:48.0580 14096  [ C7FEC5C0377E5598BA919B29731CA45F ] XboxGipSvc      C:\WINDOWS\System32\XboxGipSvc.dll
17:00:48.0596 14096  XboxGipSvc - ok
17:00:48.0897 14096  [ 3A94BD93CD2D9C34725D924230B502A5 ] XboxNetApiSvc   C:\WINDOWS\system32\XboxNetApiSvc.dll
17:00:48.0919 14096  XboxNetApiSvc - ok
17:00:48.0982 14096  [ CE1F78B5C1F14F74242008B2B3153FA2 ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
17:00:48.0997 14096  xinputhid - ok
17:00:48.0997 14096  ================ Scan global ===============================
17:00:49.0113 14096  [Global] - ok
17:00:49.0113 14096  ================ Scan MBR ==================================
17:00:49.0135 14096  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:00:50.0053 14096  \Device\Harddisk0\DR0 - ok
17:00:50.0053 14096  ================ Scan VBR ==================================
17:00:50.0085 14096  [ CBBFF06A66D6E1149AEB74F490B857A0 ] \Device\Harddisk0\DR0\Partition1
17:00:50.0100 14096  \Device\Harddisk0\DR0\Partition1 - ok
17:00:50.0122 14096  [ 16A9B6283985F46F17670BF1F255F140 ] \Device\Harddisk0\DR0\Partition2
17:00:50.0122 14096  \Device\Harddisk0\DR0\Partition2 - ok
17:00:50.0122 14096  ============================================================
17:00:50.0122 14096  Scan finished
17:00:50.0122 14096  ============================================================
17:00:50.0138 8648  Detected object count: 0
17:00:50.0138 8648  Actual detected object count: 0
 

 

Link to post
Share on other sites

Hi,

We must be dealing with a new variant but may be a false positive.

But because your CPU is acting up we must investigate further.

I'm giving you this topic which you should only read it for now.
https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/taskhostwexe-on-windows-10/db876c06-0329-465a-bab0-35997a575d17?page=3

Once I see the following reports will advise.
===

Lets see check your files.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
taskhostw.exe
Once done, click on the Search File search button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
===

Lets see what we can find in the Registry.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
taskhostw.exe
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

Link to post
Share on other sites

Thanks- here are the 2 logs as requested.

 

Farbar Recovery Scan Tool (x64) Version: 27.01.2019
Ran by Me (27-01-2019 19:00:03)
Running from C:\Users\Me\Downloads
Boot Mode: Normal

================== Search Files: "taskhostw.exe" =============

C:\Windows\WinSxS\amd64_microsoft-windows-taskhost_31bf3856ad364e35_10.0.17134.1_none_0dbf34b0c3803ee3\taskhostw.exe
[2018-04-11 23:34][2018-04-11 23:34] 000087904 _____ (Microsoft Corporation) CE95E236FC9FE2D6F16C926C75B18BAF [File is digitally signed]

C:\Windows\System32\taskhostw.exe
[2018-04-11 23:34][2018-04-11 23:34] 000087904 _____ (Microsoft Corporation) CE95E236FC9FE2D6F16C926C75B18BAF [File is digitally signed]


====== End of Search ======

Second log won't copy and paste so attached as a file

SearchReg.txt

Link to post
Share on other sites

Hi

Copy all the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.

Quote

 

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-192917314-1030872874-1699296577-1000\Software\Microsoft\Internet Explorer\TypedURLs]
"url2"=-
[HKEY_USERS\S-1-5-21-192917314-1030872874-1699296577-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"d"=-

 


Restart the computer when completed.

You can delete the fixme.reg file when done.

How is it now?

Link to post
Share on other sites

OK, have done all of that, thanks for the help. Seemed to restart ok, ran the perfmon /report again and I have the same error about taskhostw.exe using 99.7% of CPU plus a new error about one or more services failing- see attached pic.

Seems this mining trojan if it is one is particularly stubborn- is there any chance this performance report is wrong? Seems to odd that no matter which anti-malware I use, nothing finds an issue yet the report keeps showing the same issue.

 

Perfmon 27119.PNG

Link to post
Share on other sites

  • 1 month later...
  • 2 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.