Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

HP Notebook needs reanimation

Started by Fidel Castro , Aug 04 2015 10:06 AM

slow windows 10 hp pavilion dm1 help problem

Page 5 of 10
3
4
5
6
7

Please log in to reply

#61
Fidel Castro

Posted 12 August 2015 - 05:22 AM

Member

Topic Starter
Member
162 posts

When I click (once) on the System, the System is highlighted but nothing happens. No new windows on the bottom or anything like that.

When I'm saving file it's 'System.txt' but it doesn't have the stuff your log has. (the above logs are 'System.txt' as well)

I've tried on my main PC and the same thing happens.

Maybe it's something in the options/view?

#62
RKinner

Posted 12 August 2015 - 07:02 AM

Malware Expert

Expert
24,625 posts

You may be right. See if under View you have an option Show Lower Pane. It should be checked.

#63
Fidel Castro

Posted 12 August 2015 - 09:12 AM

Member

Topic Starter
Member
162 posts

Yeah, that was not checked.

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name
System Idle Process    71.72    0 K    24 K    0        
System    10.78    64 K    7.880 K    4        
Interrupts    1.09    0 K    0 K    n/a    Hardware Interrupts and DPCs    
csrss.exe    0.22    10.152 K    10.780 K    492    Client Server Runtime Process    Microsoft Corporation
explorer.exe    0.10    33.572 K    50.948 K    2492    Windows Explorer    Microsoft Corporation
csrss.exe    0.01    1.556 K    3.652 K    392    Client Server Runtime Process    Microsoft Corporation
winlogon.exe        1.816 K    5.620 K    596    Windows Logon Application    Microsoft Corporation
wininit.exe        980 K    3.416 K    484    Windows Start-Up Application    Microsoft Corporation
wimserv.exe        16.400 K    616 K    2888    Wimfltr v2 extractor    Microsoft Corporation
SynTPHelper.exe        608 K    2.512 K    2956    Synaptics Pointing Device Helper    Synaptics Incorporated
smss.exe        256 K    784 K    268    Windows Session Manager    Microsoft Corporation
GWX.exe        2.364 K    800 K    3636    GWX    Microsoft Corporation

Process: System Pid: 4

Type    Name
ALPC Port    \PowerMonitorPort
ALPC Port    \PowerPort
ALPC Port    \SeRmCommandPort
Desktop    \Disconnect
Desktop    \Disconnect
Directory    \GLOBAL??
Directory    \Device\Harddisk0
Directory    \Windows\WindowStations
Directory    \Sessions\1\Windows\WindowStations
Directory    \Sessions\0\DosDevices\00000000-000003e4
Directory    \Sessions\0\DosDevices\00000000-000003e5
Directory    \Device\Http
Directory    \Sessions\0\DosDevices\00000000-0002523c
Event    \i8042PortAccessMutex
Event    \i8042PortAccessMutex
Event    \EFSInitEvent
Event    \UniqueSessionIdEvent
Event    \UniqueInteractiveSessionIdEvent
Event    \Sessions\1\BaseNamedObjects\EventShutDownCSRSS
Event    \KernelObjects\LowMemoryCondition
Event    \LanmanServerAnnounceEvent
File    C:\System Volume Information\{3e5b3d65-3e7e-11e5-aefe-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{3e5b3d55-3e7e-11e5-aefe-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{3e5b3d3e-3e7e-11e5-aefe-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{3e5b3d2f-3e7e-11e5-aefe-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{3e5b3d11-3e7e-11e5-aefe-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{1f1cdc60-4070-11e5-be33-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{3e5b3d0c-3e7e-11e5-aefe-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{3e5b3cf6-3e7e-11e5-aefe-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{ae2cb974-3e12-11e5-ba83-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{ae2cb940-3e12-11e5-ba83-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{ae2cb94e-3e12-11e5-ba83-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{1965f5de-3ded-11e5-b400-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{1965f5d1-3ded-11e5-b400-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{1965f5d5-3ded-11e5-b400-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{1965f5cd-3ded-11e5-b400-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{1965f5da-3ded-11e5-b400-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{ae2cb935-3e12-11e5-ba83-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    \clfs
File    \clfs
File    \clfs
File    C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File    \clfs
File    C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File    C:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File    C:\$Extend\$RmMetadata\$Txf
File    \clfs
File    C:\System Volume Information\{1965f5e2-3ded-11e5-b400-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    \clfs
File    C:\System Volume Information\{3e5b3dbd-3e7e-11e5-aefe-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    \clfs
File    D:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File    D:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File    F:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File    F:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File    \clfs
File    D:\$Extend\$RmMetadata\$Txf
File    D:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File    \clfs
File    C:\System Volume Information\{1f1cdcc6-4070-11e5-be33-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    \Device\Tcp
File    \clfs
File    \clfs
File    C:\Windows\bootstat.dat
File    \Device\KsecDD
File    \clfs
File    \clfs
File    F:\$Extend\$RmMetadata\$Txf
File    \clfs
File    F:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File    \clfs
File    \clfs
File    \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File    \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File    \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File    \clfs
File    \clfs
File    \Device\HarddiskVolume1\$Extend\$RmMetadata\$Txf
File    \clfs
File    \clfs
File    \clfs
File    C:\Windows\System32\config\SOFTWARE.LOG1
File    C:\Windows\System32\config\SOFTWARE
File    C:\Windows\System32\config\SYSTEM.LOG1
File    C:\Windows\System32\config\SOFTWARE.LOG2
File    C:\Windows\System32\config\TxR\{febd23ee-0389-11e4-ba7a-60d819db7858}.TMContainer00000000000000000001.regtrans-ms
File    \Device\Tcp
File    C:\Windows\System32\config\SYSTEM
File    C:\Windows\System32\config\TxR\{febd23ee-0389-11e4-ba7a-60d819db7858}.TM.blf
File    C:\Windows\System32\config\SYSTEM.LOG2
File    C:\pagefile.sys
File    C:\Windows\System32\config\RegBack\SYSTEM
File    C:\Windows\System32\config\TxR\{febd23ee-0389-11e4-ba7a-60d819db7858}.TMContainer00000000000000000002.regtrans-ms
File    C:\Windows\System32\drivers\en-US\bthenum.sys.mui
File    \Device\HarddiskVolume1\Boot\BCD
File    \Device\HarddiskVolume1\Boot\BCD.LOG
File    \clfs
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
File    C:\Windows\System32\config\RegBack\SOFTWARE
File    C:\Windows\System32\config\RegBack\DEFAULT
File    C:\Windows\System32\config\DEFAULT
File    C:\Windows\System32\config\DEFAULT.LOG1
File    C:\Windows\System32\config\DEFAULT.LOG2
File    C:\Windows\System32\wdi\LogFiles\WdiContextLog.etl.003
File    C:\Windows\ehome\WTVGOTHIC-S.ttc
File    C:\Windows\System32\en-US\win32k.sys.mui
File    \Device\Tcp
File    C:\Windows\ehome\malgunmc.ttf
File    C:\Windows\ehome\WTVGOTHIC-S.ttc
File    C:\Windows\ehome\malgunmc.ttf
File    C:\Windows\System32\config\RegBack\SECURITY
File    C:\Windows\System32\config\SECURITY
File    C:\Windows\System32\config\SECURITY.LOG1
File    C:\Windows\System32\config\SECURITY.LOG2
File    \Device\Tcp
File    C:\Windows\System32\config\SAM.LOG1
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    C:\Windows\System32\config\RegBack\SAM
File    C:\Windows\System32\config\SAM
File    C:\Program Files\Common Files\microsoft shared\EQUATION\MTEXTRA.TTF
File    C:\Windows\System32\config\SAM.LOG2
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{8a213784-2af9-11e5-ba09-806e6f6e6963}.TM.blf
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
File    \Device\HarddiskVolume2
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{8a213784-2af9-11e5-ba09-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{8a213784-2af9-11e5-ba09-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
File    \clfs
File    \clfs
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{8a213788-2af9-11e5-ba09-60d819db7858}.TM.blf
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{8a213788-2af9-11e5-ba09-60d819db7858}.TMContainer00000000000000000001.regtrans-ms
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{8a213788-2af9-11e5-ba09-60d819db7858}.TMContainer00000000000000000002.regtrans-ms
File    \clfs
File    \clfs
File    C:\Program Files\Common Files\microsoft shared\EQUATION\MTEXTRA.TTF
File    \clfs
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NamedPipe\
File    \Device\Tcp
File    \Device\Mup
File    \Device\Mup
File    \Device\Tcp
File    \Device\NamedPipe\
File    C:\Users\inFidel\ntuser.dat{febd240b-0389-11e4-ba7a-60d819db7858}.TM.blf
File    C:\Users\inFidel\ntuser.dat
File    C:\Users\inFidel\ntuser.dat.LOG2
File    C:\Users\inFidel\ntuser.dat{febd240b-0389-11e4-ba7a-60d819db7858}.TMContainer00000000000000000002.regtrans-ms
File    C:\Users\inFidel\ntuser.dat.LOG1
File    C:\Users\inFidel\ntuser.dat{febd240b-0389-11e4-ba7a-60d819db7858}.TMContainer00000000000000000001.regtrans-ms
File    \clfs
File    \clfs
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    C:\Windows\System32\SMI\Store\Machine\schema.dat{1f61abb4-4061-11e5-a7ee-60d819db7858}.TMContainer00000000000000000002.regtrans-ms
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    C:\Windows\System32\config\COMPONENTS.LOG2
File    C:\Windows\System32\config\components{c2e640c2-0b6d-11e4-9166-60d819db7858}.TMContainer00000000000000000002.regtrans-ms
File    C:\Windows\System32\SMI\Store\Machine\schema.dat
File    C:\Windows\System32\config\components{c2e640c1-0b6d-11e4-9166-60d819db7858}.TxR.1.regtrans-ms
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat{f9bbcfbb-2846-11e5-b980-60d819db7858}.TM.blf
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat{f9bbcfbb-2846-11e5-b980-60d819db7858}.TMContainer00000000000000000001.regtrans-ms
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat{f9bbcfbb-2846-11e5-b980-60d819db7858}.TMContainer00000000000000000002.regtrans-ms
File    \clfs
File    \clfs
File    \Device\Udp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTNT Kernel Logger.etl
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    C:\Windows\System32\config\components{c2e640c1-0b6d-11e4-9166-60d819db7858}.TxR.0.regtrans-ms
File    \clfs
File    \clfs
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    C:\Windows\System32\config\TxR\{febd23ed-0389-11e4-ba7a-60d819db7858}.TxR.1.regtrans-ms
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagtrack-Listener.etl
File    \Device\Tcp
File    \Device\Udp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    C:\Windows\System32\config\components{c2e640c1-0b6d-11e4-9166-60d819db7858}.TxR.2.regtrans-ms
File    \Device\Tcp
File    C:\Windows\System32\config\TxR\{febd23ed-0389-11e4-ba7a-60d819db7858}.TxR.0.regtrans-ms
File    \clfs
File    C:\System Volume Information\{ffd77c8a-407a-11e5-920d-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT.LOG1
File    C:\Windows\System32\config\components{c2e640c2-0b6d-11e4-9166-60d819db7858}.TM.blf
File    C:\Windows\System32\config\TxR\{febd23ed-0389-11e4-ba7a-60d819db7858}.TxR.2.regtrans-ms
File    C:\Windows\System32\wfp\wfpdiag.etl
File    C:\Windows\System32\config\COMPONENTS.LOG1
File    C:\Windows\System32\config\components{c2e640c1-0b6d-11e4-9166-60d819db7858}.TxR.blf
File    C:\Windows\System32\SMI\Store\Machine\schema.dat{1f61abb4-4061-11e5-a7ee-60d819db7858}.TM.blf
File    \clfs
File    C:\Windows\System32\config\TxR\{febd23ed-0389-11e4-ba7a-60d819db7858}.TxR.blf
File    C:\Windows\System32\SMI\Store\Machine\schema.dat{1f61abb4-4061-11e5-a7ee-60d819db7858}.TMContainer00000000000000000001.regtrans-ms
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\HarddiskVolume2
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    C:\Windows\System32\config\components{c2e640c2-0b6d-11e4-9166-60d819db7858}.TMContainer00000000000000000001.regtrans-ms
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\0000008b
File    \clfs
File    \Device\Tcp
File    C:\Windows\System32\config\components
File    C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT.LOG2
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    C:\System Volume Information\Syscache.hve
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    C:\System Volume Information\Syscache.hve.LOG1
File    \Device\Tcp
File    \Device\Tcp
File    C:\Windows\System32\LogFiles\HTTPERR\httperr1.log
File    \Device\Tcp
File    C:\System Volume Information\Syscache.hve.LOG2
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
FilterConnectionPort    \PFPort
Key    HKLM\SYSTEM\ControlSet001\Control\hivelist
Key    \REGISTRY
Key    HKLM\HARDWARE\DESCRIPTION\System\MultifunctionAdapter
Key    HKLM\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\PrefetchParameters
Key    HKLM\SYSTEM\ControlSet001\Control\ProductOptions
Key    HKLM\SYSTEM\Setup
Key    HKLM\SYSTEM\ControlSet001
Key    HKLM\SYSTEM\ControlSet001\Enum
Key    HKLM\SYSTEM\ControlSet001\Control\Class
Key    HKLM\SYSTEM\ControlSet001\services
Key    HKLM\SYSTEM\ControlSet001\Control\WMI\Security
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 1
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 2
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\1
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 3
Key    HKLM\SYSTEM\ControlSet001
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 4
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0
Key    HKLM\SYSTEM\ControlSet001\services\Disk
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 5
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 6
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 7
Key    HKLM\SYSTEM\ControlSet001\Control\PCW\Security
Key    HKLM\SYSTEM\ControlSet001\Policies
Key    HKLM\SYSTEM\ControlSet001\Control\FileSystem
Key    HKLM\SYSTEM\RNG
Key    HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\Order
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\131
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\23
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\24
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\6
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\71
Key    HKLM\SYSTEM\ControlSet001\services\Mup
Key    HKLM\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Enum\SCSI\Disk&Ven_ST950032&Prod_5AS\4&36a3793&0&000000
Key    HKLM\SYSTEM\ControlSet001\services\NDProxy
Key    HKLM\SYSTEM\ControlSet001\Control\Lsa
Key    HKLM\SYSTEM\ControlSet001\Control\Lsa
Key    HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0001
Key    HKLM\SYSTEM\ControlSet001\Control\FileSystem
Key    HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0000
Key    HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\60d819db7858
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{00001112-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000\7&319823d8&0&188796EC54C9_C00000001\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000110e-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&1200\7&319823d8&0&AC220BA10E66_C00000000\Device Parameters
Key    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Key    HKLM\SOFTWARE\Policies\Microsoft\Windows
Key    HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000110a-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000\7&319823d8&0&188796EC54C9_C00000001\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000110c-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&1200\7&319823d8&0&AC220BA10E66_C00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000111f-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000\7&319823d8&0&188796EC54C9_C00000001\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000110c-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000\7&319823d8&0&188796EC54C9_C00000001\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000110a-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&1200\7&319823d8&0&AC220BA10E66_C00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{00001112-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&1200\7&319823d8&0&AC220BA10E66_C00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{24df01a9-3e4f-4c9f-9f66-5aa8ab14f8f4}_LOCALMFG&0000\7&319823d8&0&000000000000_00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{24df01a9-3e4f-4c9f-9f66-5aa8ab14f8f4}_LOCALMFG&0000\7&319823d8&0&000000000000_00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{6e0c8f4c-d928-4852-b6b2-f0f0e0d126fa}_LOCALMFG&0000\7&319823d8&0&000000000000_00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{7788fa25-dfe4-4ea4-b838-4771e26ccf82}_LOCALMFG&0000\7&319823d8&0&000000000000_00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{84a1e9b8-12ba-4a9c-8ab0-a43784e0d149}_LOCALMFG&0000\7&319823d8&0&000000000000_00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Control\Session Manager\Quota System
Key    HKLM\SYSTEM\WPA\8DEC0AF1-0341-4b93-85CD-72606C2DF94C-5P-31
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters\Adapters
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters\Adapters\{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}\ExtSTA
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine
Key    HKLM\SYSTEM\ControlSet001\services\HTTP\Parameters\UrlAclInfo
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{105A5B5F-4AF5-4AF1-ABB2-C5304DF513A9}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{179481F9-0A44-409D-9AD9-2FE55069DD52}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{19F818F0-E665-49E7-84BF-E215C05C41AA}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33663898-4FD8-499E-9E16-5ABCA8084DA8}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{4459446D-3659-49AA-8470-2B38E8147E19}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{7F94628A-6998-49B9-AA7D-0153527815E8}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{CDDE74BD-9F9E-4285-AA4E-78167B3EBFB0}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\PersistentRoutes
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters\Adapters\{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}\ExtSTAMib
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters\Adapters\{33663898-4FD8-499E-9E16-5ABCA8084DA8}\ExtAPMib
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters\Adapters\{33663898-4FD8-499E-9E16-5ABCA8084DA8}\ExtAP
Key    HKLM\SYSTEM\WPA\8DEC0AF1-0341-4b93-85CD-72606C2DF94C-5P-31
Key    \REGISTRY\A\{FFD77CD9-407A-11E5-920D-60D819DB7858}\DefaultObjectStore\ObjectTable
Key    \REGISTRY\A\{FFD77CD9-407A-11E5-920D-60D819DB7858}\DefaultObjectStore\IndexTable
Key    \REGISTRY\A\{FFD77CD9-407A-11E5-920D-60D819DB7858}\DefaultObjectStore\IndexTable\FileIdIndex-{c4b275cf-8585-11e1-8bc1-806e6f6e6963}
Key    HKLM\SYSTEM\WPA\8DEC0AF1-0341-4b93-85CD-72606C2DF94C-5P-31
Key    HKLM\SYSTEM\WPA\8DEC0AF1-0341-4b93-85CD-72606C2DF94C-5P-31
Key    \REGISTRY\A\{FFD77CD9-407A-11E5-920D-60D819DB7858}\DefaultObjectStore
Key    \REGISTRY\A\{FFD77CD9-407A-11E5-920D-60D819DB7858}
Key    \REGISTRY\A\{FFD77CD9-407A-11E5-920D-60D819DB7858}\DefaultObjectStore\LruList
Process    System(4)
Process    System(4)
Process    smss.exe(268)
Process    dllhost.exe(3888)
Process    wininit.exe(484)
Process    winlogon.exe(596)
Process    lsass.exe(556)
Process    lsass.exe(556)
Process    lsass.exe(556)
Process    lsass.exe(556)
Process    services.exe(532)
Process    lsm.exe(564)
Process    services.exe(532)
Process    svchost.exe(776)
Process    svchost.exe(708)
Process    services.exe(532)
Process    svchost.exe(708)
Process    svchost.exe(708)
Process    svchost.exe(776)
Process    atiesrxx.exe(832)
Process    atiesrxx.exe(832)
Process    svchost.exe(904)
Process    svchost.exe(948)
Process    svchost.exe(904)
Process    svchost.exe(904)
Process    svchost.exe(904)
Process    svchost.exe(1052)
Process    svchost.exe(948)
Process    svchost.exe(1052)
Process    svchost.exe(904)
Process    svchost.exe(1076)
Process    svchost.exe(1260)
Process    atieclxx.exe(1236)
Process    atieclxx.exe(1236)
Process    wlanext.exe(1400)
Process    svchost.exe(1076)
Process    spoolsv.exe(1520)
Process    spoolsv.exe(1520)
Process    svchost.exe(1556)
Process    svchost.exe(1260)
Process    svchost.exe(1556)
Process    svchost.exe(1664)
Process    svchost.exe(1556)
Process    svchost.exe(1684)
Process    svchost.exe(1684)
Process    svchost.exe(1684)
Process    svchost.exe(1052)
Process    svchost.exe(1076)
Process    svchost.exe(1076)
Process    svchost.exe(1076)
Process    svchost.exe(1684)
Process    svchost.exe(1684)
Process    svchost.exe(1684)
Process    svchost.exe(1684)
Process    svchost.exe(1684)
Process    svchost.exe(1684)
Process    svchost.exe(1684)
Process    svchost.exe(1684)
Process    svchost.exe(1808)
Process    WLIDSVC.EXE(1908)
Process    svchost.exe(1076)
Process    WLIDSVC.EXE(1908)
Process    WLIDSVC.EXE(1908)
Process    WLIDSVCM.EXE(768)
Process    WLIDSVCM.EXE(768)
Process    WLIDSVCM.EXE(768)
Process    svchost.exe(1076)
Process    alg.exe(1596)
Process    services.exe(532)
Process    svchost.exe(1336)
Process    procexp.exe(3684)
Process    TrustedInstaller.exe(3348)
Process    GWX.exe(3636)
Process    svchost.exe(1664)
Process    dwm.exe(2452)
Process    svchost.exe(2188)
Process    taskhost.exe(2340)
Process    svchost.exe(2188)
Process    svchost.exe(1684)
Process    svchost.exe(1664)
Process    svchost.exe(1052)
Process    procexp.exe(3684)
Process    svchost.exe(1052)
Process    svchost.exe(1052)
Process    svchost.exe(1052)
Process    explorer.exe(2492)
Process    spoolsv.exe(1520)
Process    spoolsv.exe(1520)
Process    spoolsv.exe(1520)
Process    svchost.exe(2012)
Process    SynTPEnh.exe(2708)
Process    wmpnetwk.exe(3192)
Process    SynTPEnh.exe(2708)
Process    svchost.exe(2012)
Process    mspaint.exe(1740)
Process    svchost.exe(1684)
Process    svchost.exe(2012)
Process    svchost.exe(1684)
Process    svchost.exe(3460)
Process    wimserv.exe(2888)
Process    wmpnetwk.exe(3192)
Process    explorer.exe(2492)
Process    SearchIndexer.exe(3092)
Process    firefox.exe(4004)
Process    svchost.exe(948)
Process    svchost.exe(1684)
Process    svchost.exe(2012)
Process    dllhost.exe(3888)
Process    HPSupportSolutionsFrameworkService.exe(3364)
Process    svchost.exe(1664)
Process    TrustedInstaller.exe(3348)
Process    GWX.exe(3636)
Process    svchost.exe(1052)
Process    svchost.exe(1052)
Process    svchost.exe(1052)
Process    svchost.exe(1052)
Process    svchost.exe(1052)
Process    svchost.exe(1260)
Process    svchost.exe(1052)
Process    svchost.exe(1076)
Process    wimserv.exe(2888)
Process    svchost.exe(948)
Process    wimserv.exe(2888)
Process    svchost.exe(1052)
Process    svchost.exe(1052)
Process    svchost.exe(1052)
Process    svchost.exe(1052)
Process    svchost.exe(1052)
Process    svchost.exe(1052)
Process    svchost.exe(1052)
Process    svchost.exe(1052)
Process    svchost.exe(1052)
Section    \Win32kCrossSessionGlobals
Section    \Device\PhysicalMemory
Session    \KernelObjects\Session0
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Thread    System(4): 164
Thread    System(4): 292
Thread    System(4): 308
Thread    System(4): 300
Thread    System(4): 288
Thread    System(4): 304
Thread    System(4): 440
Thread    System(4): 512
Thread    System(4): 1512
Thread    System(4): 1508
Thread    System(4): 1516
Thread    System(4): 1592
Thread    System(4): 336
Thread    System(4): 3952
Thread    System(4): 3948
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\NETWORK SERVICE:3e4
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\NETWORK SERVICE:3e4
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\ANONYMOUS LOGON:23f65
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\NETWORK SERVICE:3e4
Token    NT AUTHORITY\NETWORK SERVICE:3e4
Token    inFidel-1337\inFidel:2523c
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\ANONYMOUS LOGON:3e6
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\SYSTEM:3e7
Token    inFidel-1337\inFidel:2523c
Token    NT AUTHORITY\LOCAL SERVICE:3e5

Please note that this was running for much longer than 1 minute (maybe even 20-30 min) so I'm not sure if that makes some difference or not.

Edited by Fidel Castro, 12 August 2015 - 09:16 AM.

#64
RKinner

Posted 12 August 2015 - 10:30 AM

Malware Expert

Expert
24,625 posts

Remove all but the last System Restore point.
Click 'Start' / All Programs /Accessories / System Tools / Disk Cleanup / Click the 'OK' button.
After cleanup finishes its calculations, down in the lower left click on 'Clean up system files' and click 'OK'.
Now click on the 'More Options' tab and in the box named 'System Restore and Shadow Copies' click 'Clean Up'.
This will remove all but the last 'Restore Point'.

Uninstall Windows Live

Reboot and make a new system.txt file. and post it.

#65
Fidel Castro

Posted 12 August 2015 - 11:57 AM

Member

Topic Starter
Member
162 posts

I have cleared all in the Disk Cleanup as well as all restore points (except the most recent one).

I don't have 'Windows Live' as stand-alone 'item'. Instead, I found 'Windows Live Essentials 2011' and when I want to uninstall it, it asks me what exactly I want to remove.

I have selected all except 'Photo Viewer and Movie Maker' because I do use that 'Photo Viewer' to see the photos. If you think I should remove that one as well, I'm sure I can live with some other photo viewer, no problem.

Here is the new log, after rebooting the notebook.

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name
System Idle Process    78.33    0 K    24 K    0        
System    10.64    44 K    640 K    4        
Interrupts    1.10    0 K    0 K    n/a    Hardware Interrupts and DPCs    
csrss.exe    0.21    10.012 K    11.344 K    480    Client Server Runtime Process    Microsoft Corporation
explorer.exe    0.09    26.456 K    37.788 K    3528    Windows Explorer    Microsoft Corporation
csrss.exe    < 0.01    1.252 K    3.380 K    400    Client Server Runtime Process    Microsoft Corporation
winlogon.exe        1.776 K    5.448 K    616    Windows Logon Application    Microsoft Corporation
wininit.exe        984 K    3.424 K    472    Windows Start-Up Application    Microsoft Corporation
SynTPHelper.exe        608 K    2.508 K    3808    Synaptics Pointing Device Helper    Synaptics Incorporated
smss.exe        256 K    784 K    268    Windows Session Manager    Microsoft Corporation
GWX.exe        2.424 K    2.032 K    2316    GWX    Microsoft Corporation

Process: System Pid: 4

Type    Name
ALPC Port    \PowerMonitorPort
ALPC Port    \PowerPort
ALPC Port    \SeRmCommandPort
Desktop    \Disconnect
Desktop    \Disconnect
Directory    \GLOBAL??
Directory    \Device\Harddisk0
Directory    \Windows\WindowStations
Directory    \Sessions\1\Windows\WindowStations
Directory    \Sessions\0\DosDevices\00000000-000003e4
Directory    \Sessions\0\DosDevices\00000000-000003e5
Directory    \Device\Http
Directory    \Sessions\0\DosDevices\00000000-000aab0a
Event    \i8042PortAccessMutex
Event    \i8042PortAccessMutex
Event    \EFSInitEvent
Event    \UniqueSessionIdEvent
Event    \UniqueInteractiveSessionIdEvent
Event    \Sessions\1\BaseNamedObjects\EventShutDownCSRSS
Event    \KernelObjects\LowMemoryCondition
Event    \LanmanServerAnnounceEvent
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
File    F:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File    D:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File    D:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File    \clfs
File    C:\System Volume Information\{ffd77e2e-407a-11e5-920d-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    \clfs
File    C:\System Volume Information\{ffd77c8a-407a-11e5-920d-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
File    \clfs
File    \clfs
File    \clfs
File    C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File    \clfs
File    C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File    C:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File    C:\$Extend\$RmMetadata\$Txf
File    \clfs
File    D:\$Extend\$RmMetadata\$Txf
File    C:\Windows\bootstat.dat
File    \clfs
File    D:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File    \clfs
File    \clfs
File    C:\System Volume Information\{ffd77e33-407a-11e5-920d-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    \Device\HarddiskVolume1\Boot\BCD
File    C:\Windows\System32\SMI\Store\Machine\schema.dat
File    \Device\Tcp
File    \Device\Tcp
File    C:\Windows\System32\drivers\en-US\bthenum.sys.mui
File    \Device\KsecDD
File    C:\Windows\System32\config\SYSTEM
File    F:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File    F:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File    \clfs
File    \clfs
File    F:\$Extend\$RmMetadata\$Txf
File    \clfs
File    \clfs
File    \clfs
File    \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File    \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File    \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File    \clfs
File    \clfs
File    \Device\HarddiskVolume1\$Extend\$RmMetadata\$Txf
File    \clfs
File    \clfs
File    \clfs
File    C:\Windows\System32\config\SYSTEM.LOG1
File    C:\Windows\System32\config\SYSTEM.LOG2
File    C:\pagefile.sys
File    \Device\HarddiskVolume1\Boot\BCD.LOG
File    C:\Windows\System32\config\RegBack\SYSTEM
File    C:\Windows\System32\config\SOFTWARE.LOG1
File    C:\Windows\System32\config\SOFTWARE.LOG2
File    C:\Windows\System32\config\SOFTWARE
File    C:\Windows\System32\config\TxR\{febd23ee-0389-11e4-ba7a-60d819db7858}.TM.blf
File    C:\Windows\System32\config\TxR\{febd23ee-0389-11e4-ba7a-60d819db7858}.TMContainer00000000000000000001.regtrans-ms
File    C:\Windows\System32\config\TxR\{febd23ee-0389-11e4-ba7a-60d819db7858}.TMContainer00000000000000000002.regtrans-ms
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
File    \clfs
File    \clfs
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
File    C:\Windows\System32\config\RegBack\SOFTWARE
File    C:\Windows\System32\wdi\LogFiles\WdiContextLog.etl.001
File    C:\Windows\System32\config\RegBack\DEFAULT
File    C:\Windows\System32\config\DEFAULT
File    C:\Windows\System32\config\DEFAULT.LOG1
File    C:\Windows\System32\config\DEFAULT.LOG2
File    C:\Windows\System32\en-US\win32k.sys.mui
File    C:\Windows\ehome\malgunmc.ttf
File    C:\Windows\ehome\WTVGOTHIC-S.ttc
File    \Device\0000008a
File    \Device\Tcp
File    C:\Windows\System32\config\RegBack\SECURITY
File    C:\Windows\ehome\WTVGOTHIC-S.ttc
File    C:\Windows\System32\config\SECURITY
File    C:\Windows\ehome\malgunmc.ttf
File    C:\Windows\System32\config\SECURITY.LOG1
File    C:\Windows\System32\config\SECURITY.LOG2
File    C:\Program Files\Common Files\microsoft shared\EQUATION\MTEXTRA.TTF
File    C:\Windows\System32\config\RegBack\SAM
File    C:\Windows\System32\config\SAM
File    C:\Windows\System32\config\SAM.LOG1
File    C:\Windows\System32\config\SAM.LOG2
File    \Device\HarddiskVolume2
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{8a213784-2af9-11e5-ba09-806e6f6e6963}.TM.blf
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{8a213784-2af9-11e5-ba09-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{8a213784-2af9-11e5-ba09-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
File    \clfs
File    \clfs
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{8a213788-2af9-11e5-ba09-60d819db7858}.TM.blf
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{8a213788-2af9-11e5-ba09-60d819db7858}.TMContainer00000000000000000001.regtrans-ms
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{8a213788-2af9-11e5-ba09-60d819db7858}.TMContainer00000000000000000002.regtrans-ms
File    \clfs
File    \clfs
File    C:\Program Files\Common Files\microsoft shared\EQUATION\MTEXTRA.TTF
File    C:\Windows\System32\config\COMPONENTS.LOG1
File    C:\Windows\System32\config\components{c2e640c2-0b6d-11e4-9166-60d819db7858}.TM.blf
File    C:\Windows\System32\config\components
File    C:\Windows\System32\config\COMPONENTS.LOG2
File    C:\Windows\System32\config\components{c2e640c2-0b6d-11e4-9166-60d819db7858}.TMContainer00000000000000000001.regtrans-ms
File    C:\Windows\System32\config\components{c2e640c2-0b6d-11e4-9166-60d819db7858}.TMContainer00000000000000000002.regtrans-ms
File    \clfs
File    \clfs
File    C:\Windows\System32\config\components{c2e640c1-0b6d-11e4-9166-60d819db7858}.TxR.blf
File    \clfs
File    C:\Windows\System32\config\components{c2e640c1-0b6d-11e4-9166-60d819db7858}.TxR.0.regtrans-ms
File    C:\Windows\System32\config\components{c2e640c1-0b6d-11e4-9166-60d819db7858}.TxR.1.regtrans-ms
File    C:\Windows\System32\config\components{c2e640c1-0b6d-11e4-9166-60d819db7858}.TxR.2.regtrans-ms
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Mup
File    \Device\Mup
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagtrack-Listener.etl
File    \Device\Tcp
File    \Device\NamedPipe\
File    \Device\NamedPipe\
File    \Device\Udp
File    \Device\Tcp
File    \Device\Udp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    C:\Windows\System32\config\TxR\{febd23ed-0389-11e4-ba7a-60d819db7858}.TxR.blf
File    C:\Windows\System32\config\TxR\{febd23ed-0389-11e4-ba7a-60d819db7858}.TxR.0.regtrans-ms
File    C:\Windows\System32\config\TxR\{febd23ed-0389-11e4-ba7a-60d819db7858}.TxR.1.regtrans-ms
File    C:\Windows\System32\config\TxR\{febd23ed-0389-11e4-ba7a-60d819db7858}.TxR.2.regtrans-ms
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \clfs
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    C:\Windows\System32\SMI\Store\Machine\schema.dat{0ec13bc0-411a-11e5-9ee8-60d819db7858}.TMContainer00000000000000000001.regtrans-ms
File    C:\Windows\System32\SMI\Store\Machine\schema.dat{0ec13bc0-411a-11e5-9ee8-60d819db7858}.TMContainer00000000000000000002.regtrans-ms
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT.LOG1
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTNT Kernel Logger.etl
File    \clfs
File    \clfs
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
File    C:\Windows\System32\wfp\wfpdiag.etl
File    \clfs
File    \clfs
File    \clfs
File    \clfs
File    C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT.LOG2
File    C:\Windows\System32\SMI\Store\Machine\schema.dat{0ec13bc0-411a-11e5-9ee8-60d819db7858}.TM.blf
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat{f9bbcfbb-2846-11e5-b980-60d819db7858}.TMContainer00000000000000000002.regtrans-ms
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat{f9bbcfbb-2846-11e5-b980-60d819db7858}.TMContainer00000000000000000001.regtrans-ms
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat{f9bbcfbb-2846-11e5-b980-60d819db7858}.TM.blf
File    C:\Users\inFidel\ntuser.dat
File    C:\Users\inFidel\ntuser.dat.LOG1
File    C:\Users\inFidel\ntuser.dat.LOG2
File    C:\Users\inFidel\ntuser.dat{febd240b-0389-11e4-ba7a-60d819db7858}.TMContainer00000000000000000001.regtrans-ms
File    C:\Users\inFidel\ntuser.dat{febd240b-0389-11e4-ba7a-60d819db7858}.TMContainer00000000000000000002.regtrans-ms
File    C:\Users\inFidel\ntuser.dat{febd240b-0389-11e4-ba7a-60d819db7858}.TM.blf
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
Key    HKLM\SYSTEM\ControlSet001\Control\hivelist
Key    \REGISTRY
Key    HKLM\HARDWARE\DESCRIPTION\System\MultifunctionAdapter
Key    HKLM\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\PrefetchParameters
Key    HKLM\SYSTEM\ControlSet001\Control\ProductOptions
Key    HKLM\SYSTEM\Setup
Key    HKLM\SYSTEM\ControlSet001
Key    HKLM\SYSTEM\ControlSet001\Enum
Key    HKLM\SYSTEM\ControlSet001\Control\Class
Key    HKLM\SYSTEM\ControlSet001\services
Key    HKLM\SYSTEM\ControlSet001\services\NDProxy
Key    HKLM\SYSTEM\ControlSet001\Control\WMI\Security
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000110a-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&1200\7&319823d8&0&AC220BA10E66_C00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Control\Lsa
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 1
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 2
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\1
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 3
Key    HKLM\SYSTEM\ControlSet001
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 4
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0
Key    HKLM\SYSTEM\ControlSet001\services\Disk
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 5
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 6
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 7
Key    HKLM\SYSTEM\ControlSet001\Control\PCW\Security
Key    HKLM\SYSTEM\ControlSet001\Policies
Key    HKLM\SYSTEM\ControlSet001\Control\FileSystem
Key    HKLM\SYSTEM\RNG
Key    HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\Order
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\131
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\23
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\24
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\6
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\71
Key    HKLM\SYSTEM\ControlSet001\services\Mup
Key    HKLM\SYSTEM\ControlSet001\Control\FileSystem
Key    HKLM\SYSTEM\ControlSet001\Control\Lsa
Key    HKLM\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Enum\SCSI\Disk&Ven_ST950032&Prod_5AS\4&36a3793&0&000000
Key    HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0001
Key    HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\60d819db7858
Key    HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0000
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000110c-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000\7&319823d8&0&188796EC54C9_C00000001\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters
Key    HKLM\SOFTWARE\Policies\Microsoft\Windows
Key    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{00001112-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000\7&319823d8&0&188796EC54C9_C00000001\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000110e-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&1200\7&319823d8&0&AC220BA10E66_C00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000110a-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000\7&319823d8&0&188796EC54C9_C00000001\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000111f-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000\7&319823d8&0&188796EC54C9_C00000001\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000110c-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&1200\7&319823d8&0&AC220BA10E66_C00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{00001112-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&1200\7&319823d8&0&AC220BA10E66_C00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{24df01a9-3e4f-4c9f-9f66-5aa8ab14f8f4}_LOCALMFG&0000\7&319823d8&0&000000000000_00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{6e0c8f4c-d928-4852-b6b2-f0f0e0d126fa}_LOCALMFG&0000\7&319823d8&0&000000000000_00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{24df01a9-3e4f-4c9f-9f66-5aa8ab14f8f4}_LOCALMFG&0000\7&319823d8&0&000000000000_00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{7788fa25-dfe4-4ea4-b838-4771e26ccf82}_LOCALMFG&0000\7&319823d8&0&000000000000_00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{84a1e9b8-12ba-4a9c-8ab0-a43784e0d149}_LOCALMFG&0000\7&319823d8&0&000000000000_00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Control\Session Manager\Quota System
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters\Adapters
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters\Adapters\{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}\ExtSTA
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine
Key    HKLM\SYSTEM\ControlSet001\services\HTTP\Parameters\UrlAclInfo
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{105A5B5F-4AF5-4AF1-ABB2-C5304DF513A9}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{179481F9-0A44-409D-9AD9-2FE55069DD52}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{19F818F0-E665-49E7-84BF-E215C05C41AA}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33663898-4FD8-499E-9E16-5ABCA8084DA8}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{4459446D-3659-49AA-8470-2B38E8147E19}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{7F94628A-6998-49B9-AA7D-0153527815E8}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{CDDE74BD-9F9E-4285-AA4E-78167B3EBFB0}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\PersistentRoutes
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters\Adapters\{33663898-4FD8-499E-9E16-5ABCA8084DA8}\ExtAP
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters\Adapters\{33663898-4FD8-499E-9E16-5ABCA8084DA8}\ExtAPMib
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters\Adapters\{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}\ExtSTAMib
Key    HKLM\SYSTEM\WPA\8DEC0AF1-0341-4b93-85CD-72606C2DF94C-5P-31
Process    System(4)
Process    smss.exe(268)
Process    System(4)
Process    procexp.exe(3008)
Process    wininit.exe(472)
Process    lsass.exe(540)
Process    lsass.exe(540)
Process    lsass.exe(540)
Process    winlogon.exe(616)
Process    lsass.exe(540)
Process    lsm.exe(552)
Process    services.exe(520)
Process    services.exe(520)
Process    svchost.exe(692)
Process    svchost.exe(692)
Process    svchost.exe(772)
Process    services.exe(520)
Process    svchost.exe(692)
Process    svchost.exe(772)
Process    atiesrxx.exe(820)
Process    atiesrxx.exe(820)
Process    svchost.exe(892)
Process    svchost.exe(968)
Process    svchost.exe(944)
Process    svchost.exe(892)
Process    svchost.exe(968)
Process    svchost.exe(892)
Process    svchost.exe(892)
Process    svchost.exe(1692)
Process    svchost.exe(1024)
Process    svchost.exe(944)
Process    svchost.exe(892)
Process    TrustedInstaller.exe(1156)
Process    services.exe(520)
Process    svchost.exe(1344)
Process    wlanext.exe(1432)
Process    svchost.exe(1024)
Process    svchost.exe(1548)
Process    spoolsv.exe(1508)
Process    spoolsv.exe(1508)
Process    svchost.exe(1548)
Process    svchost.exe(1344)
Process    svchost.exe(1548)
Process    svchost.exe(1648)
Process    svchost.exe(1648)
Process    svchost.exe(1648)
Process    svchost.exe(1692)
Process    svchost.exe(1692)
Process    svchost.exe(1692)
Process    svchost.exe(1024)
Process    svchost.exe(1024)
Process    svchost.exe(1024)
Process    svchost.exe(1800)
Process    svchost.exe(968)
Process    svchost.exe(1692)
Process    WLIDSVC.EXE(1896)
Process    svchost.exe(1692)
Process    svchost.exe(1692)
Process    svchost.exe(1692)
Process    svchost.exe(1692)
Process    svchost.exe(1692)
Process    svchost.exe(1692)
Process    svchost.exe(1692)
Process    svchost.exe(1692)
Process    WLIDSVC.EXE(1896)
Process    svchost.exe(1024)
Process    WLIDSVC.EXE(1896)
Process    WLIDSVCM.EXE(788)
Process    svchost.exe(1024)
Process    WLIDSVCM.EXE(788)
Process    WLIDSVCM.EXE(788)
Process    svchost.exe(1328)
Process    dllhost.exe(3468)
Process    svchost.exe(1648)
Process    alg.exe(1736)
Process    svchost.exe(2140)
Process    svchost.exe(2140)
Process    svchost.exe(2824)
Process    spoolsv.exe(1508)
Process    atieclxx.exe(2512)
Process    spoolsv.exe(1508)
Process    mscorsvw.exe(2668)
Process    svchost.exe(968)
Process    atieclxx.exe(2512)
Process    SynTPEnh.exe(3688)
Process    SearchIndexer.exe(2880)
Process    svchost.exe(2824)
Process    HPSupportSolutionsFrameworkService.exe(2692)
Process    mscorsvw.exe(2668)
Process    taskhost.exe(3392)
Process    spoolsv.exe(1508)
Process    svchost.exe(2824)
Process    svchost.exe(968)
Process    svchost.exe(968)
Process    svchost.exe(968)
Process    svchost.exe(968)
Process    GWX.exe(2316)
Process    svchost.exe(968)
Process    explorer.exe(3528)
Process    SynTPEnh.exe(3688)
Process    dwm.exe(3512)
Process    explorer.exe(3528)
Process    svchost.exe(2824)
Process    WmiPrvSE.exe(2360)
Process    svchost.exe(968)
Process    svchost.exe(968)
Process    svchost.exe(968)
Process    wmpnetwk.exe(4088)
Process    procexp.exe(3008)
Process    wmpnetwk.exe(4088)
Process    WmiPrvSE.exe(2360)
Process    GWX.exe(2316)
Process    svchost.exe(968)
Process    svchost.exe(968)
Process    svchost.exe(968)
Process    svchost.exe(968)
Process    svchost.exe(968)
Process    svchost.exe(968)
Process    svchost.exe(968)
Process    svchost.exe(2068)
Process    svchost.exe(1024)
Process    svchost.exe(944)
Process    svchost.exe(1344)
Process    svchost.exe(944)
Process    svchost.exe(968)
Process    dllhost.exe(3468)
Process    svchost.exe(968)
Process    svchost.exe(968)
Process    svchost.exe(968)
Process    firefox.exe(1836)
Process    svchost.exe(968)
Process    svchost.exe(1692)
Process    svchost.exe(1692)
Section    \Win32kCrossSessionGlobals
Section    \Device\PhysicalMemory
Session    \KernelObjects\Session0
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Thread    System(4): 164
Thread    System(4): 292
Thread    System(4): 300
Thread    System(4): 296
Thread    System(4): 308
Thread    System(4): 304
Thread    System(4): 384
Thread    System(4): 500
Thread    System(4): 1500
Thread    System(4): 1496
Thread    System(4): 1504
Thread    System(4): 1596
Thread    System(4): 1304
Thread    System(4): 3548
Thread    System(4): 3540
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\NETWORK SERVICE:3e4
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\NETWORK SERVICE:3e4
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\ANONYMOUS LOGON:237c6
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\NETWORK SERVICE:3e4
Token    inFidel-1337\inFidel:aab0a
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\ANONYMOUS LOGON:3e6
Token    NT AUTHORITY\NETWORK SERVICE:3e4
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    inFidel-1337\inFidel:aab0a

#66
RKinner

Posted 12 August 2015 - 12:15 PM

Malware Expert

Expert
24,625 posts

Do the same for dllhost.exe as you did for system. I want to see what it is up to.

#67
Fidel Castro

Posted 12 August 2015 - 12:36 PM

Member

Topic Starter
Member
162 posts

Here it is...

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name
System Idle Process    74.75    0 K    24 K    0        
System    10.66    48 K    592 K    4        
csrss.exe    0.33    10.152 K    12.504 K    488    Client Server Runtime Process    Microsoft Corporation
dwm.exe    0.14    1.200 K    4.604 K    3536    Desktop Window Manager    Microsoft Corporation
svchost.exe    0.10    5.528 K    9.996 K    1704    Host Process for Windows Services    Microsoft Corporation
explorer.exe    0.08    38.408 K    56.228 K    3636    Windows Explorer    Microsoft Corporation
svchost.exe    0.05    8.904 K    10.312 K    2668    Host Process for Windows Services    Microsoft Corporation
svchost.exe    0.02    7.268 K    13.156 K    988    Host Process for Windows Services    Microsoft Corporation
SearchIndexer.exe    0.01    20.624 K    9.220 K    2336    Microsoft Windows Search Indexer    Microsoft Corporation
svchost.exe    < 0.01    11.080 K    13.116 K    1376    Host Process for Windows Services    Microsoft Corporation
WLIDSVC.EXE    < 0.01    4.464 K    10.712 K    1868    Microsoft® Windows Live ID Service    Microsoft Corp.
svchost.exe    < 0.01    19.804 K    32.732 K    1052    Host Process for Windows Services    Microsoft Corporation
svchost.exe    < 0.01    58.608 K    64.484 K    964    Host Process for Windows Services    Microsoft Corporation
wmpnetwk.exe    < 0.01    8.824 K    4.632 K    3000    Windows Media Player Network Sharing Service    Microsoft Corporation
csrss.exe    < 0.01    1.252 K    3.384 K    412    Client Server Runtime Process    Microsoft Corporation
WmiPrvSE.exe        1.800 K    4.628 K    2524    WMI Provider Host    Microsoft Corporation
WLIDSVCM.EXE        644 K    2.368 K    328    Microsoft® Windows Live ID Service Monitor    Microsoft Corp.
wlanext.exe        1.356 K    4.136 K    1464    Windows Wireless LAN 802.11 Extensibility Framework    Microsoft Corporation
winlogon.exe        1.780 K    5.476 K    620    Windows Logon Application    Microsoft Corporation
wininit.exe        980 K    3.400 K    480    Windows Start-Up Application    Microsoft Corporation
TrustedInstaller.exe        15.220 K    21.556 K    1256    Windows Modules Installer    Microsoft Corporation
taskhost.exe        7.928 K    8.228 K    3424    Host Process for Windows Tasks    Microsoft Corporation
SynTPHelper.exe        608 K    2.468 K    3916    Synaptics Pointing Device Helper    Synaptics Incorporated
svchost.exe        1.292 K    4.052 K    1408    Host Process for Windows Services    Microsoft Corporation
svchost.exe        44.544 K    9.340 K    2484    Host Process for Windows Services    Microsoft Corporation
svchost.exe        2.740 K    6.884 K    708    Host Process for Windows Services    Microsoft Corporation
svchost.exe        20.196 K    16.204 K    912    Host Process for Windows Services    Microsoft Corporation
svchost.exe        2.968 K    6.032 K    772    Host Process for Windows Services    Microsoft Corporation
svchost.exe        10.936 K    10.864 K    1576    Host Process for Windows Services    Microsoft Corporation
svchost.exe        3.756 K    7.976 K    1660    Host Process for Windows Services    Microsoft Corporation
svchost.exe        1.300 K    4.356 K    1792    Host Process for Windows Services    Microsoft Corporation
svchost.exe        1.808 K    4.568 K    2128    Host Process for Windows Services    Microsoft Corporation
spoolsv.exe        5.176 K    9.756 K    1540    Spooler SubSystem App    Microsoft Corporation
services.exe        4.084 K    7.024 K    528    Services and Controller app    Microsoft Corporation
msiexec.exe        1.856 K    6.288 K    1680    Windows® installer    Microsoft Corporation
lsm.exe        1.244 K    3.016 K    552    Local Session Manager Service    Microsoft Corporation
lsass.exe        3.976 K    10.232 K    544    Local Security Authority Process    Microsoft Corporation
HPSupportSolutionsFrameworkService.exe        22.548 K    25.012 K    3104    HP Support Solutions Framework Service    Hewlett-Packard Company
dllhost.exe        1.452 K    4.872 K    2752    COM Surrogate    Microsoft Corporation
conhost.exe        496 K    2.116 K    1472    Console Window Host    Microsoft Corporation
atiesrxx.exe        884 K    3.112 K    832    AMD External Events Service Module    AMD
alg.exe        1.048 K    3.792 K    1784    Application Layer Gateway Service    Microsoft Corporation

Process: dllhost.exe Pid: 2752

Type    Name
ALPC Port    \RPC Control\OLE835667F5EC7D49429FA50D59A277
Desktop    \Default
Directory    \KnownDlls
Directory    \BaseNamedObjects
Event    \KernelObjects\MaximumCommitCondition
Event    \BaseNamedObjects\{695A39F6-2456-4E06-A18C-3246F1504B68}
Event    \BaseNamedObjects\{44ea083b-899c-4440-8338-2469fd4681cf}
File    C:\Windows\System32
File    \Device\KsecDD
Key    HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
Key    HKLM\SYSTEM\ControlSet001\Control\Session Manager
Key    HKLM
Key    HKCR
Key    HKU\.DEFAULT
Section    \BaseNamedObjects\__ComCatalogCache__
Section    \BaseNamedObjects\__ComCatalogCache__
Thread    dllhost.exe(2752): 2728
Thread    dllhost.exe(2752): 2972
Thread    dllhost.exe(2752): 2972
Thread    dllhost.exe(2752): 2568
Thread    dllhost.exe(2752): 2792
Thread    dllhost.exe(2752): 2508
Thread    dllhost.exe(2752): 2508
WindowStation    \Windows\WindowStations\Service-0x0-3e7$
WindowStation    \Windows\WindowStations\Service-0x0-3e7$

#68
RKinner

Posted 12 August 2015 - 01:02 PM

Malware Expert

Expert
24,625 posts

Can't tell from that what file it is running. Usually there is a line in FRST that calls it but I don't see one. Let's try:

Copy the next two line:

tasklist /m > \junk.txt

notepad \junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

#69
Fidel Castro

Posted 12 August 2015 - 01:39 PM

Member

Topic Starter
Member
162 posts

Here it is...

Image Name                     PID Modules                                     
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       268 ntdll.dll                                   
csrss.exe                      412 ntdll.dll, CSRSRV.dll, basesrv.DLL,         
                                   winsrv.DLL, USER32.dll, GDI32.dll,          
                                   kernel32.dll, KERNELBASE.dll, LPK.dll,      
                                   USP10.dll, msvcrt.dll, sxssrv.DLL, sxs.dll,
                                   RPCRT4.dll, CRYPTBASE.dll, ADVAPI32.dll,    
                                   sechost.dll                                 
wininit.exe                    480 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   USER32.dll, GDI32.dll, LPK.dll, USP10.dll,  
                                   msvcrt.dll, RPCRT4.dll, sechost.dll,        
                                   profapi.dll, IMM32.DLL, MSCTF.dll,          
                                   RpcRtRemote.dll, apphelp.dll,               
                                   CRYPTBASE.dll, WS2_32.dll, NSI.dll,         
                                   mswsock.dll, wshtcpip.dll, wship6.dll,      
                                   secur32.dll, SSPICLI.DLL, credssp.dll,      
                                   ADVAPI32.dll                                
csrss.exe                      488 ntdll.dll, CSRSRV.dll, basesrv.DLL,         
                                   winsrv.DLL, USER32.dll, GDI32.dll,          
                                   kernel32.dll, KERNELBASE.dll, LPK.dll,      
                                   USP10.dll, msvcrt.dll, sxssrv.DLL, sxs.dll,
                                   RPCRT4.dll, CRYPTBASE.dll, ADVAPI32.dll,    
                                   sechost.dll                                 
services.exe                   528 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, RPCRT4.dll, SspiCli.dll,        
                                   profapi.dll, sechost.dll, CRYPTBASE.dll,    
                                   scext.dll, USER32.dll, GDI32.dll, LPK.dll,  
                                   USP10.dll, Secur32.dll, SCESRV.dll,         
                                   srvcli.dll, IMM32.DLL, MSCTF.dll,           
                                   RpcRtRemote.dll, credssp.dll, AUTHZ.dll,    
                                   UBPM.dll, ADVAPI32.dll, apphelp.dll,        
                                   WTSAPI32.dll, WINSTA.dll, WS2_32.dll,       
                                   NSI.dll, mswsock.dll, wshtcpip.dll,         
                                   wship6.dll                                  
lsass.exe                      544 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, RPCRT4.dll, SspiSrv.dll,        
                                   lsasrv.dll, sechost.dll, SspiCli.dll,       
                                   ADVAPI32.dll, USER32.dll, GDI32.dll,        
                                   LPK.dll, USP10.dll, SAMSRV.dll,             
                                   cryptdll.dll, MSASN1.dll, wevtapi.dll,      
                                   IMM32.DLL, MSCTF.dll, cngaudit.dll,         
                                   AUTHZ.dll, ncrypt.dll, bcrypt.dll,          
                                   msprivs.DLL, netjoin.dll, negoexts.DLL,     
                                   Secur32.dll, cryptbase.dll, kerberos.DLL,   
                                   CRYPTSP.dll, WS2_32.dll, NSI.dll,           
                                   mswsock.dll, wship6.dll, msv1_0.DLL,        
                                   netlogon.DLL, DNSAPI.dll, logoncli.dll,     
                                   schannel.DLL, CRYPT32.dll, wdigest.DLL,     
                                   rsaenh.dll, tspkg.DLL, pku2u.DLL,           
                                   livessp.DLL, PSAPI.DLL, SHLWAPI.dll,        
                                   bcryptprimitives.dll, RpcRtRemote.dll,      
                                   efslsaext.dll, scecli.DLL,                  
                                   BtwProximityCP.dll, WTSAPI32.dll,           
                                   ole32.dll, credui.dll, bthprops.cpl,        
                                   SHELL32.dll, OLEAUT32.dll, SETUPAPI.dll,    
                                   CFGMGR32.dll, DEVOBJ.dll, MSIMG32.dll,      
                                   MSVCR80.dll, comctl32.dll, WINSTA.dll,      
                                   credssp.dll, wshtcpip.dll, keyiso.dll,      
                                   dssenh.dll, USERENV.dll, profapi.dll,       
                                   GPAPI.dll, IPHLPAPI.DLL, WINNSI.DLL,        
                                   netutils.dll, wkscli.dll, cryptnet.dll,     
                                   WLDAP32.dll                                 
lsm.exe                        552 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   SYSNTFY.dll, WMsgAPI.dll, CRYPTBASE.dll,    
                                   pcwum.dll, RpcRtRemote.dll, secur32.dll,    
                                   SSPICLI.DLL, credssp.dll, ADVAPI32.dll      
winlogon.exe                   620 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   USER32.dll, GDI32.dll, LPK.dll, USP10.dll,  
                                   msvcrt.dll, WINSTA.dll, RPCRT4.dll,         
                                   IMM32.DLL, MSCTF.dll, ADVAPI32.dll,         
                                   sechost.dll, profapi.dll, RpcRtRemote.dll,  
                                   apphelp.dll, UXINIT.dll, UxTheme.dll,       
                                   CRYPTSP.dll, rsaenh.dll, CRYPTBASE.dll,     
                                   WindowsCodecs.dll, ole32.dll, wkscli.dll,   
                                   netutils.dll, SspiCli.dll, slc.dll, MPR.dll
svchost.exe                    708 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   umpnpmgr.dll, SPINF.dll, USER32.dll,        
                                   GDI32.dll, LPK.dll, USP10.dll, DEVRTL.dll,  
                                   IMM32.DLL, MSCTF.dll, RpcRtRemote.dll,      
                                   USERENV.dll, profapi.dll, GPAPI.dll,        
                                   CRYPTBASE.dll, umpo.dll, WINSTA.dll,        
                                   SETUPAPI.dll, CFGMGR32.dll, ADVAPI32.dll,   
                                   OLEAUT32.dll, ole32.dll, DEVOBJ.dll,        
                                   pcwum.DLL, rpcss.dll, SspiCli.dll,          
                                   credssp.dll, CLBCatQ.DLL, ntmarta.dll,      
                                   WLDAP32.dll, wmidcprv.dll, FastProx.dll,    
                                   wbemcomn.dll, WS2_32.dll, NSI.dll,          
                                   NTDSAPI.dll, wbemprox.dll, CRYPTSP.dll,     
                                   rsaenh.dll, wbemsvc.dll, wmiutils.dll,      
                                   WINTRUST.dll, CRYPT32.dll, MSASN1.dll,      
                                   apphelp.dll, WTSAPI32.dll                   
svchost.exe                    772 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   rpcepmap.dll, RpcRtRemote.dll, secur32.dll,
                                   SSPICLI.DLL, credssp.dll, CRYPTBASE.dll,    
                                   rpcss.dll, ADVAPI32.dll, CRYPTSP.dll,       
                                   rsaenh.dll, WS2_32.dll, NSI.dll,            
                                   mswsock.dll, user32.dll, GDI32.dll,         
                                   LPK.dll, USP10.dll, IMM32.DLL, MSCTF.dll,   
                                   wshtcpip.dll, wship6.dll, FirewallAPI.dll,  
                                   VERSION.dll, CLBCatQ.DLL, ole32.dll,        
                                   OLEAUT32.dll, fwpuclnt.dll, WTSAPI32.dll,   
                                   WINSTA.dll                                  
atiesrxx.exe                   832 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   USER32.dll, GDI32.dll, LPK.dll, USP10.dll,  
                                   msvcrt.dll, ADVAPI32.dll, sechost.dll,      
                                   RPCRT4.dll, WTSAPI32.dll, PSAPI.DLL,        
                                   USERENV.dll, profapi.dll, POWRPROF.dll,     
                                   SETUPAPI.dll, CFGMGR32.dll, OLEAUT32.dll,   
                                   ole32.dll, DEVOBJ.dll, IMM32.DLL,           
                                   MSCTF.dll, WINSTA.dll, apphelp.dll          
svchost.exe                    912 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, wevtsvc.dll,   
                                   RpcRtRemote.dll, secur32.dll, SSPICLI.DLL,  
                                   credssp.dll, WS2_32.dll, NSI.dll,           
                                   mswsock.dll, wshtcpip.dll, wship6.dll,      
                                   GPAPI.dll, audiosrv.dll, POWRPROF.dll,      
                                   SETUPAPI.dll, CFGMGR32.dll, OLEAUT32.dll,   
                                   DEVOBJ.dll, MMDevAPI.DLL, PROPSYS.dll,      
                                   AVRT.dll, CLBCatQ.DLL, WINSTA.dll,          
                                   SHLWAPI.dll, CRYPTSP.dll, rsaenh.dll,       
                                   audioses.dll, lmhsvc.dll, IPHLPAPI.DLL,     
                                   WINNSI.DLL, nrpsrv.DLL, dhcpcore.dll,       
                                   DNSAPI.dll, firewallapi.dll, VERSION.dll,   
                                   dhcpcore6.dll, dhcpcsvc.DLL, dhcpcsvc6.DLL,
                                   provsvc.dll, npmproxy.dll, FunDisc.dll,     
                                   ATL.DLL, msxml6.dll, bcrypt.dll,            
                                   bcryptprimitives.dll, actxprxy.dll,         
                                   fdproxy.dll, P2P.dll, P2PCOLLAB.dll,        
                                   SHELL32.dll, ieproxy.dll,                   
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-shlwapi-l2-1-0.dll,    
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   pnrpnsp.dll, wscsvc.dll, dbghelp.dll,       
                                   wbemprox.dll, wbemcomn.dll, wbemsvc.dll,    
                                   fastprox.dll, NTDSAPI.dll, wuapi.dll,       
                                   CRYPT32.dll, MSASN1.dll, Cabinet.dll,       
                                   WINTRUST.dll, profapi.dll, USERENV.dll,     
                                   wkscli.dll, netutils.dll, XmlLite.dll,      
                                   stapo.dll, audioeng.dll, WMALFXGFXDSP.dll,  
                                   mfplat.DLL, sluapo32.dll                    
svchost.exe                    964 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, audiosrv.dll,  
                                   POWRPROF.dll, SETUPAPI.dll, CFGMGR32.dll,   
                                   OLEAUT32.dll, DEVOBJ.dll, MMDevAPI.DLL,     
                                   PROPSYS.dll, AVRT.dll, CLBCatQ.DLL,         
                                   SHLWAPI.dll, uxsms.dll, WTSAPI32.dll,       
                                   WINSTA.dll, wlansvc.dll, CRYPT32.dll,       
                                   MSASN1.dll, bcrypt.dll, dsrole.dll,         
                                   SHELL32.dll, WLANMSM.DLL, WLANSEC.dll,      
                                   WS2_32.dll, NSI.dll, OneX.DLL,              
                                   eappprxy.dll, AUTHZ.dll, dhcpcsvc.DLL,      
                                   IPHLPAPI.DLL, WINNSI.DLL, eappcfg.dll,      
                                   wlgpclnt.dll, l2gpstore.dll, wlanutil.dll,  
                                   SYSNTFY.dll, WinSCard.dll, msxml6.dll,      
                                   bcryptprimitives.dll, CRYPTSP.dll,          
                                   rsaenh.dll, RpcRtRemote.dll, secur32.dll,   
                                   SSPICLI.DLL, credssp.dll, kerberos.DLL,     
                                   cryptdll.dll, WINTRUST.dll, apphelp.dll,    
                                   profapi.dll, netman.dll, sysmain.dll,       
                                   ntmarta.dll, WLDAP32.dll, trkwks.dll,       
                                   netcfgx.dll, slc.dll, devrtl.DLL,           
                                   netshell.dll, nlaapi.dll, hnetcfg.dll,      
                                   ATL.DLL, GPAPI.dll, USERENV.dll,            
                                   wbemprox.dll, wbemcomn.dll, wbemsvc.dll,    
                                   fastprox.dll, NTDSAPI.dll,                  
                                   PortableDeviceApi.dll,                      
                                   portabledeviceconnectapi.dll, RASAPI32.dll,
                                   rasman.dll, RASDLG.dll, MPRAPI.dll,         
                                   rtutils.dll, listsvc.dll, FirewallAPI.dll,  
                                   VERSION.dll, actxprxy.dll, IdListen.dll,    
                                   XmlLite.dll, NETAPI32.dll, netutils.dll,    
                                   srvcli.dll, wkscli.dll, SAMCLI.DLL,         
                                   ncrypt.dll, hgprint.dll, WINSPOOL.DRV,      
                                   SAMLIB.dll, shacct.dll, COMCTL32.dll,       
                                   cscapi.dll, comctl32.dll, pcasvc.dll,       
                                   AEPIC.dll, sfc_os.dll, sfc.dll, wevtapi.dll
svchost.exe                    988 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, fntcache.dll,  
                                   es.dll, OLEAUT32.dll, CRYPTSP.dll,          
                                   rsaenh.dll, RpcRtRemote.dll, CLBCatQ.DLL,   
                                   nsisvc.dll, NSI.dll, SXS.DLL, sstpsvc.dll,  
                                   rtutils.dll, HTTPAPI.dll, CRYPT32.dll,      
                                   MSASN1.dll, WS2_32.dll, webio.dll,          
                                   IPHLPAPI.DLL, WINNSI.DLL, netprofm.dll,     
                                   nlaapi.dll, wdi.dll, winhttp.dll,           
                                   npmproxy.dll, perftrack.dll, wer.dll,       
                                   dwmapi.dll, Secur32.dll, SSPICLI.DLL,       
                                   AEPIC.dll, sfc_os.dll, powertracker.dll,    
                                   DEVOBJ.dll, CFGMGR32.dll, SHLWAPI.dll,      
                                   credssp.dll, DNSAPI.dll, napinsp.dll,       
                                   pnrpnsp.dll, mswsock.dll, winrnr.dll,       
                                   WLIDNSP.DLL, PSAPI.DLL, wshbth.dll,         
                                   wshtcpip.dll, wship6.dll, GPAPI.dll,        
                                   rasadhlp.dll, fwpuclnt.dll, dhcpcsvc.DLL,   
                                   dhcpcsvc6.DLL, fdphost.dll, fdwsd.dll,      
                                   ATL.DLL, bcrypt.dll, MLANG.dll, wsdapi.dll,
                                   webservices.dll, FirewallAPI.dll,           
                                   VERSION.dll, fdssdp.dll, SSDPAPI.dll,       
                                   fdproxy.dll, bcryptprimitives.dll,          
                                   XmlLite.dll, FunDisc.dll, msxml6.dll,       
                                   propsys.dll, ieproxy.dll,                   
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-shlwapi-l2-1-0.dll,    
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll    
svchost.exe                   1052 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, gpsvc.dll,     
                                   GPAPI.dll, WLDAP32.dll, Secur32.dll,        
                                   SSPICLI.DLL, NSI.dll, SYSNTFY.dll,          
                                   nlaapi.dll, themeservice.dll,               
                                   RpcRtRemote.dll, profsvc.dll, OLEAUT32.dll,
                                   USERENV.dll, profapi.dll, SHLWAPI.dll,      
                                   ATL.DLL, WINSTA.dll, CLBCatQ.DLL,           
                                   dsrole.dll, CRYPTSP.dll, slc.dll,           
                                   rsaenh.dll, sens.dll, WS2_32.dll,           
                                   IPHLPAPI.DLL, WINNSI.DLL, eapsvc.dll,       
                                   eapphost.dll, CRYPT32.dll, MSASN1.dll,      
                                   umb.dll, shsvcs.dll, CFGMGR32.dll,          
                                   schedsvc.dll, pcwum.dll, SHELL32.dll,       
                                   NETAPI32.dll, netutils.dll, srvcli.dll,     
                                   wkscli.dll, wevtapi.dll, AUTHZ.dll,         
                                   UBPM.dll, ktmw32.dll, XmlLite.dll,          
                                   SETUPAPI.dll, DEVOBJ.dll, credssp.dll,      
                                   WINTRUST.dll, FVEAPI.dll, tbs.dll,          
                                   FVECERTS.dll, LOGONCLI.DLL, taskcomp.dll,   
                                   VERSION.dll, ntmarta.dll, mswsock.dll,      
                                   wshtcpip.dll, wship6.dll, netjoin.dll,      
                                   WTSAPI32.dll, wiarpc.dll, comctl32.dll,     
                                   PROPSYS.dll, ikeext.dll, fwpuclnt.dll,      
                                   ncrypt.dll, bcrypt.dll,                     
                                   bcryptprimitives.dll, dhcpcsvc.DLL,         
                                   dhcpcsvc6.DLL, wmisvc.dll, wbemcomn.dll,    
                                   iphlpsvc.dll, FirewallAPI.dll, rtutils.dll,
                                   sqmapi.dll, WDSCORE.dll, rasmans.dll,       
                                   eappprxy.dll, rastapi.DLL, TAPI32.dll,      
                                   devrtl.DLL, srvsvc.dll, browser.dll,        
                                   VSSAPI.DLL, VssTrace.DLL, samcli.dll,       
                                   SAMLIB.dll, SSCORE.DLL, CLUSAPI.DLL,        
                                   cryptdll.dll, RESUTILS.DLL, rasppp.dll,     
                                   DNSAPI.dll, RASAPI32.dll, rasman.dll,       
                                   eappcfg.dll, vpnike.dll, kerberos.DLL,      
                                   hnetcfg.dll, netprofm.dll, raschap.dll,     
                                   credui.dll, wbemcore.dll, esscli.dll,       
                                   FastProx.dll, NTDSAPI.dll, wbemsvc.dll,     
                                   wmiutils.dll, repdrvfs.dll, ipnathlp.dll,   
                                   MPRAPI.dll, netshell.dll, WLIDNSP.DLL,      
                                   PSAPI.DLL, rasadhlp.dll, wmiprvsd.dll,      
                                   NCObjAPI.DLL, wbemess.dll, npmproxy.dll,    
                                   SPINF.dll, SXS.DLL, NCI.dll, UxTheme.dll,   
                                   SPFILEQ.dll, ncprov.dll, wuaueng.dll,       
                                   ESENT.dll, WINHTTP.dll, webio.dll,          
                                   WINSPOOL.DRV, Cabinet.dll, mspatcha.dll,    
                                   WMsgAPI.dll, wer.dll, SPPC.DLL, msi.dll,    
                                   advpack.dll, apphelp.dll, cryptnet.dll,     
                                   SensApi.dll, msxml3.dll, wbemprox.dll,      
                                   aelupsvc.dll                                
TrustedInstaller.exe          1256 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, ole32.dll, GDI32.dll,           
                                   USER32.dll, LPK.dll, USP10.dll, IMM32.DLL,  
                                   MSCTF.dll, wdscore.dll, OLEAUT32.dll,       
                                   dbghelp.dll, CRYPTBASE.dll, cbscore.dll,    
                                   VERSION.dll, CRYPT32.dll, MSASN1.dll,       
                                   WINTRUST.dll, USERENV.dll, profapi.dll,     
                                   Ktmw32.dll, dpx.dll, wcp.dll, DrUpdate.dll,
                                   SETUPAPI.dll, CFGMGR32.dll, DEVOBJ.dll,     
                                   MPR.dll, SrClient.dll, SPP.dll, VSSAPI.DLL,
                                   ATL.DLL, VssTrace.DLL, wrpint.dll,          
                                   SxsStore.dll, sqmapi.dll, RpcRtRemote.dll,  
                                   drvstore.dll, devrtl.dll, ntmarta.dll,      
                                   WLDAP32.dll, apphelp.dll, XmlLite.dll,      
                                   CLBCatQ.DLL, taskschd.dll, SspiCli.dll,     
                                   CRYPTSP.dll, rsaenh.dll, WinSATAPI.dll,     
                                   dxgi.dll, dwmapi.dll, gdiplus.dll,          
                                   SHLWAPI.dll, SHELL32.dll, msxml6.dll,       
                                   bcrypt.dll, bcryptprimitives.dll,           
                                   urlmon.dll,                                 
                                   api-ms-win-downlevel-ole32-l1-1-0.dll,      
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   api-ms-win-downlevel-user32-l1-1-0.dll,     
                                   api-ms-win-downlevel-version-l1-1-0.dll,    
                                   api-ms-win-downlevel-normaliz-l1-1-0.dll,   
                                   normaliz.DLL, iertutil.dll, WININET.dll,    
                                   api-ms-win-downlevel-shlwapi-l2-1-0.dll,    
                                   PROPSYS.dll, CbsApi.dll                     
svchost.exe                   1376 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, dnsrslvr.dll,  
                                   WS2_32.dll, NSI.dll, DNSAPI.dll,            
                                   WINNSI.DLL, Fwpuclnt.dll, dnsext.dll,       
                                   USERENV.dll, profapi.dll, GPAPI.dll,        
                                   mswsock.dll, RpcRtRemote.dll, wship6.dll,   
                                   iphlpapi.dll, dhcpcsvc.DLL, dhcpcsvc6.DLL,  
                                   wkssvc.dll, netutils.dll, netjoin.dll,      
                                   SspiCli.dll, cryptsvc.dll, CRYPTNET.dll,    
                                   CRYPT32.dll, MSASN1.dll, WLDAP32.dll,       
                                   VSSAPI.DLL, ATL.DLL, VssTrace.DLL,          
                                   OLEAUT32.dll, samcli.dll, SAMLIB.dll,       
                                   CRYPTSP.dll, rsaenh.dll, CLBCatQ.DLL,       
                                   es.dll, PROPSYS.dll, nlasvc.dll,            
                                   wevtapi.dll, ncsi.dll, WINHTTP.dll,         
                                   webio.dll, CFGMGR32.dll, secur32.dll,       
                                   credssp.dll, ssdpapi.dll, tapisrv.dll,      
                                   rtutils.dll, wkscli.dll, unimdm.tsp,        
                                   uniplat.dll, SETUPAPI.dll, DEVOBJ.dll,      
                                   WINTRUST.dll, kmddsp.tsp, ndptsp.tsp,       
                                   hidphone.tsp, HID.DLL, WINMM.dll,           
                                   WTSAPI32.dll, WINSTA.dll, wshtcpip.dll,     
                                   bcrypt.dll, bcryptprimitives.dll,           
                                   logoncli.dll, SHLWAPI.dll, WLIDNSP.DLL,     
                                   PSAPI.DLL, rasadhlp.dll, SensApi.dll,       
                                   ESENT.dll                                   
wlanext.exe                   1464 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, USER32.dll, GDI32.dll, LPK.dll,
                                   USP10.dll, CRYPT32.dll, MSASN1.dll,         
                                   IMM32.DLL, MSCTF.dll, CRYPTBASE.dll,        
                                   RpcRtRemote.dll, secur32.dll, SSPICLI.DLL,  
                                   credssp.dll, bcmihvsrv.dll, XmlLite.dll,    
                                   IPHLPAPI.DLL, NSI.dll, WINNSI.DLL,          
                                   WS2_32.dll, Wlanapi.dll, wlanutil.dll,      
                                   WTSAPI32.dll, ole32.dll, OLEAUT32.dll,      
                                   dhcpcsvc.DLL, dhcpcsvc6.DLL                 
conhost.exe                   1472 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   GDI32.dll, USER32.dll, LPK.dll, USP10.dll,  
                                   msvcrt.dll, IMM32.dll, MSCTF.dll,           
                                   ole32.dll, RPCRT4.dll, OLEAUT32.dll         
spoolsv.exe                   1540 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   USER32.dll, GDI32.dll, LPK.dll, USP10.dll,  
                                   POWRPROF.dll, SETUPAPI.dll, CFGMGR32.dll,   
                                   ADVAPI32.dll, OLEAUT32.dll, ole32.dll,      
                                   DEVOBJ.dll, DNSAPI.dll, WS2_32.dll,         
                                   NSI.dll, IMM32.DLL, MSCTF.dll,              
                                   CRYPTBASE.dll, slc.dll, RpcRtRemote.dll,    
                                   secur32.dll, SSPICLI.DLL, credssp.dll,      
                                   WTSAPI32.dll, WINSTA.dll, IPHLPAPI.DLL,     
                                   WINNSI.DLL, mswsock.dll, wshtcpip.dll,      
                                   wship6.dll, WLIDNSP.DLL, PSAPI.DLL,         
                                   SHLWAPI.dll, rasadhlp.dll, fwpuclnt.dll,    
                                   CLBCatQ.DLL, umb.dll, ATL.DLL,              
                                   WINTRUST.dll, CRYPT32.dll, MSASN1.dll,      
                                   localspl.dll, SPOOLSS.DLL, srvcli.dll,      
                                   winspool.drv, PrintIsolationProxy.dll,      
                                   hpinksts8911LM.dll, USERENV.dll,            
                                   profapi.dll, VERSION.dll, SHELL32.dll,      
                                   FXSMON.DLL, msonpmon.dll, MSVCR80.dll,      
                                   msi.dll, tcpmon.dll, snmpapi.dll,           
                                   wsnmp32.dll, msxml6.dll, bcrypt.dll,        
                                   bcryptprimitives.dll, usbmon.dll,           
                                   wls0wndh.dll, WSDMon.dll, wsdapi.dll,       
                                   webservices.dll, FirewallAPI.dll,           
                                   FunDisc.dll, fdPnp.dll, winprint.dll,       
                                   GPAPI.dll, msonpppr.dll, dsrole.dll,        
                                   win32spl.dll, DEVRTL.dll, SPINF.dll,        
                                   inetpp.dll, CRYPTSP.dll, rsaenh.dll,        
                                   cscapi.dll, netutils.dll                    
svchost.exe                   1576 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, bfe.dll,       
                                   AUTHZ.dll, slc.dll, SspiCli.dll, pcwum.dll,
                                   RpcRtRemote.dll, mpssvc.dll,                
                                   FirewallAPI.dll, VERSION.dll, fwpuclnt.dll,
                                   NSI.dll, CFGMGR32.dll, SHLWAPI.dll,         
                                   secur32.dll, credssp.dll, USERENV.dll,      
                                   profapi.dll, GPAPI.dll, WS2_32.dll,         
                                   IPHLPAPI.DLL, WINNSI.DLL, dhcpcsvc.DLL,     
                                   dhcpcsvc6.DLL, wfapigp.dll, dps.dll,        
                                   ntmarta.dll, WLDAP32.dll, OLEAUT32.dll,     
                                   CLBCatQ.DLL, taskschd.dll, bcrypt.dll,      
                                   wdi.dll, netprofm.dll, nlaapi.dll,          
                                   CRYPTSP.dll, rsaenh.dll, mswsock.dll,       
                                   wshqos.dll, wshtcpip.DLL, wship6.dll,       
                                   npmproxy.dll, wdiasqmmodule.dll,            
                                   radardt.dll, WTSAPI32.dll, SETUPAPI.dll,    
                                   DEVOBJ.dll, WINTRUST.dll, CRYPT32.dll,      
                                   MSASN1.dll, WINSTA.dll                      
svchost.exe                   1660 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, diagtrack.dll,
                                   OLEAUT32.dll, WS2_32.dll, NSI.dll,          
                                   bcrypt.dll, SHLWAPI.dll, XmlLite.dll,       
                                   WINHTTP.dll, webio.dll, CRYPT32.dll,        
                                   MSASN1.dll, WTSAPI32.dll, USERENV.dll,      
                                   profapi.dll, CLBCatQ.DLL, netprofm.dll,     
                                   nlaapi.dll, bcryptprimitives.dll,           
                                   aepic.dll, sfc_os.dll, SspiCli.dll,         
                                   credssp.dll, mswsock.dll, wshqos.dll,       
                                   wshtcpip.DLL, wship6.dll, IPHLPAPI.DLL,     
                                   WINNSI.DLL, dhcpcsvc.DLL, dhcpcsvc6.DLL,    
                                   DNSAPI.dll, WLIDNSP.DLL, PSAPI.DLL,         
                                   rasadhlp.dll, fwpuclnt.dll, schannel.DLL,   
                                   secur32.dll, ncrypt.dll, GPAPI.dll,         
                                   CRYPTSP.dll, rsaenh.dll, cryptnet.dll,      
                                   WLDAP32.dll, SensApi.dll, CFGMGR32.dll      
svchost.exe                   1704 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, fdrespub.dll,  
                                   wsdapi.dll, WS2_32.dll, NSI.dll,            
                                   IPHLPAPI.DLL, WINNSI.DLL, webservices.dll,  
                                   FirewallAPI.dll, VERSION.dll, CLBCatQ.DLL,  
                                   OLEAUT32.dll, FunDisc.dll, ATL.DLL,         
                                   SHLWAPI.dll, dhcpcsvc.DLL, dhcpcsvc6.DLL,   
                                   mswsock.dll, wship6.dll, wshqos.dll,        
                                   wshtcpip.DLL, WINHTTP.dll, webio.dll,       
                                   HTTPAPI.dll, pcwum.dll, wkscli.dll,         
                                   netutils.dll, msxml6.dll, bcrypt.dll,       
                                   bcryptprimitives.dll, CRYPTSP.dll,          
                                   rsaenh.dll, XmlLite.dll, ssdpsrv.dll,       
                                   secur32.dll, SSPICLI.DLL, credssp.dll,      
                                   RpcRtRemote.dll, upnphost.dll, SHELL32.dll,
                                   SSDPAPI.dll, USERENV.dll, profapi.dll,      
                                   msxml3.dll,                                 
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   api-ms-win-downlevel-shlwapi-l2-1-0.dll,    
                                   udhisapi.dll                                
svchost.exe                   1792 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   wiaservc.dll, ADVAPI32.dll, USER32.dll,     
                                   GDI32.dll, LPK.dll, USP10.dll,              
                                   OLEAUT32.dll, ole32.dll, VERSION.dll,       
                                   IMM32.DLL, MSCTF.dll, wiatrace.dll,         
                                   CRYPTBASE.dll, RpcRtRemote.dll,             
                                   secur32.dll, SSPICLI.DLL, credssp.dll,      
                                   msv1_0.DLL, cryptdll.dll, CFGMGR32.dll,     
                                   CLBCatQ.DLL, CRYPTSP.dll, rsaenh.dll,       
                                   SETUPAPI.dll, DEVOBJ.dll                    
WLIDSVC.EXE                   1868 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, OLEAUT32.dll, ole32.dll,        
                                   GDI32.dll, USER32.dll, LPK.dll, USP10.dll,  
                                   SHLWAPI.dll, CRYPT32.dll, MSASN1.dll,       
                                   SensApi.dll, PSAPI.DLL, sqmapi.dll,         
                                   NETAPI32.dll, netutils.dll, srvcli.dll,     
                                   wkscli.dll, SAMCLI.DLL, WINHTTP.dll,        
                                   webio.dll, IPHLPAPI.DLL, NSI.dll,           
                                   WINNSI.DLL, wer.dll, SHELL32.dll,           
                                   WS2_32.dll, WTSAPI32.dll, USERENV.dll,      
                                   profapi.dll, WINTRUST.dll, VERSION.dll,     
                                   WinSCard.dll, IMM32.DLL, MSCTF.dll,         
                                   CRYPTBASE.dll, CRYPTSP.dll, rsaenh.dll,     
                                   CLBCatQ.DLL, RpcRtRemote.dll, msxml3.dll,   
                                   bcrypt.dll, bcryptprimitives.dll,           
                                   WINSTA.dll, apphelp.dll, wbemprox.dll,      
                                   wbemcomn.dll, wbemsvc.dll, fastprox.dll,    
                                   NTDSAPI.dll, dssenh.dll, SspiCli.dll,       
                                   credssp.dll, mswsock.dll, wshqos.dll,       
                                   wshtcpip.DLL, wship6.dll, dhcpcsvc.DLL,     
                                   dhcpcsvc6.DLL, CFGMGR32.dll, DNSAPI.dll,    
                                   WLIDNSP.DLL, rasadhlp.dll, fwpuclnt.dll,    
                                   schannel.DLL, secur32.dll, ncrypt.dll,      
                                   GPAPI.dll, cryptnet.dll, WLDAP32.dll        
WLIDSVCM.EXE                   328 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, USER32.dll, GDI32.dll, LPK.dll,
                                   USP10.dll, PSAPI.DLL, SHELL32.dll,          
                                   SHLWAPI.dll, IMM32.DLL, MSCTF.dll           
svchost.exe                   1408 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   bthserv.dll, SHFOLDER.dll, SHELL32.dll,     
                                   SHLWAPI.dll, GDI32.dll, USER32.dll,         
                                   LPK.dll, USP10.dll, IMM32.DLL, MSCTF.dll,   
                                   SETUPAPI.dll, CFGMGR32.dll, ADVAPI32.dll,   
                                   OLEAUT32.dll, ole32.dll, DEVOBJ.dll,        
                                   Wlanapi.dll, wlanutil.dll, CRYPTBASE.dll,   
                                   WINTRUST.dll, CRYPT32.dll, MSASN1.dll,      
                                   RpcRtRemote.dll, secur32.dll, SSPICLI.DLL,  
                                   credssp.dll, msv1_0.DLL, cryptdll.dll       
alg.exe                       1784 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, ATL.DLL, USER32.dll, GDI32.dll,
                                   LPK.dll, USP10.dll, WS2_32.dll, NSI.dll,    
                                   ole32.dll, OLEAUT32.dll, WSOCK32.dll,       
                                   MSWSOCK.DLL, IMM32.DLL, MSCTF.dll,          
                                   CRYPTBASE.dll, CLBCatQ.DLL, CRYPTSP.dll,    
                                   rsaenh.dll, RpcRtRemote.dll, hnetcfg.dll,   
                                   IPHLPAPI.DLL, WINNSI.DLL, slc.dll,          
                                   GPAPI.dll, USERENV.dll, profapi.dll         
svchost.exe                   2128 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ipsecsvc.dll, AUTHZ.dll, fwpuclnt.dll,      
                                   FirewallAPI.dll, VERSION.dll,               
                                   FwRemoteSvr.DLL, ADVAPI32.dll, ole32.dll,   
                                   GDI32.dll, USER32.dll, LPK.dll, USP10.dll,  
                                   IMM32.DLL, MSCTF.dll, CRYPTBASE.dll,        
                                   CLBCatQ.DLL, OLEAUT32.dll, WS2_32.dll,      
                                   NSI.dll, mswsock.dll, wshtcpip.dll,         
                                   wship6.dll, IPHLPAPI.DLL, WINNSI.DLL,       
                                   dhcpcsvc.DLL, dhcpcsvc6.DLL, secur32.dll,   
                                   SSPICLI.DLL, credssp.dll, RpcRtRemote.dll   
SearchIndexer.exe             2336 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, USER32.dll, GDI32.dll, LPK.dll,
                                   USP10.dll, ole32.dll, OLEAUT32.dll,         
                                   TQUERY.DLL, SHLWAPI.dll, MSSRCH.DLL,        
                                   ESENT.dll, IMM32.dll, MSCTF.dll, psapi.dll,
                                   SHELL32.dll, profapi.dll, CRYPTBASE.dll,    
                                   secur32.dll, SSPICLI.DLL, credssp.dll,      
                                   CLBCatQ.DLL, Msidle.dll, CRYPTSP.dll,       
                                   rsaenh.dll, RpcRtRemote.dll, mssprxy.dll,   
                                   propsys.dll, tQuery.dll.mui, ntmarta.dll,   
                                   WLDAP32.dll, VSSAPI.DLL, ATL.DLL,           
                                   VssTrace.DLL, samcli.dll, SAMLIB.dll,       
                                   netutils.dll, es.dll, CFGMGR32.dll,         
                                   WTSAPI32.dll, WINSTA.dll, USERENV.dll,      
                                   SXS.DLL, apphelp.dll, NaturalLanguage6.dll,
                                   CRYPT32.dll, MSASN1.dll, elscore.dll,       
                                   ElsLad.dll, NLSData0009.dll,                
                                   NLSLexicons0009.dll                         
atieclxx.exe                  3112 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   USER32.dll, GDI32.dll, LPK.dll, USP10.dll,  
                                   msvcrt.dll, ADVAPI32.dll, sechost.dll,      
                                   RPCRT4.dll, USERENV.dll, profapi.dll,       
                                   WTSAPI32.dll, POWRPROF.dll, SETUPAPI.dll,   
                                   CFGMGR32.dll, OLEAUT32.dll, ole32.dll,      
                                   DEVOBJ.dll, dwmapi.dll, IMM32.DLL,          
                                   MSCTF.dll, atiadlxx.dll, SHELL32.dll,       
                                   SHLWAPI.dll, PSAPI.DLL, WINTRUST.dll,       
                                   CRYPT32.dll, MSASN1.dll, WINSTA.dll,        
                                   uxtheme.dll, SspiCli.dll                    
taskhost.exe                  3424 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, ole32.dll, GDI32.dll,           
                                   USER32.dll, LPK.dll, USP10.dll, RPCRT4.dll,
                                   OLEAUT32.dll, IMM32.DLL, MSCTF.dll,         
                                   CRYPTBASE.dll, sechost.dll, ADVAPI32.dll,   
                                   uxtheme.dll, dwmapi.dll, CLBCatQ.DLL,       
                                   wininet.dll,                                
                                   api-ms-win-downlevel-user32-l1-1-0.dll,     
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   shlwapi.DLL,                                
                                   api-ms-win-downlevel-version-l1-1-0.dll,    
                                   version.DLL,                                
                                   api-ms-win-downlevel-normaliz-l1-1-0.dll,   
                                   normaliz.DLL, iertutil.dll,                 
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   USERENV.dll, profapi.dll,                   
                                   api-ms-win-downlevel-ole32-l1-1-0.dll,      
                                   api-ms-win-downlevel-advapi32-l2-1-0.dll,   
                                   dimsjob.dll, PlaySndSrv.dll, taskschd.dll,  
                                   SspiCli.dll, RpcRtRemote.dll,               
                                   MsCtfMonitor.dll, MSUTB.dll, WINSTA.dll,    
                                   WTSAPI32.dll, ESENT.dll, psapi.dll,         
                                   SHELL32.dll, netprofm.dll, NSI.dll,         
                                   nlaapi.dll, CRYPTSP.dll, rsaenh.dll,        
                                   npmproxy.dll, WINMM.dll, dsrole.dll,        
                                   MMDevAPI.DLL, PROPSYS.dll, wdmaud.drv,      
                                   ksuser.dll, AVRT.dll, SETUPAPI.dll,         
                                   CFGMGR32.dll, DEVOBJ.dll, AUDIOSES.DLL,     
                                   msacm32.drv, MSACM32.dll, midimap.dll,      
                                   sqmapi.dll                                  
dwm.exe                       3536 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   GDI32.dll, USER32.dll, LPK.dll, USP10.dll,  
                                   msvcrt.dll, UxTheme.dll, IMM32.dll,         
                                   MSCTF.dll, dwmredir.dll, dwmcore.dll,       
                                   ADVAPI32.dll, sechost.dll, RPCRT4.dll,      
                                   WindowsCodecs.dll, ole32.dll, d3d10_1.dll,  
                                   d3d10_1core.dll, dxgi.dll, VERSION.dll,     
                                   dwmapi.dll, d3d11.dll, WINTRUST.dll,        
                                   CRYPT32.dll, MSASN1.dll, atiuxpag.dll       
explorer.exe                  3636 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, GDI32.dll, USER32.dll, LPK.dll,
                                   USP10.dll, SHLWAPI.dll, SHELL32.dll,        
                                   ole32.dll, OLEAUT32.dll, EXPLORERFRAME.dll,
                                   DUser.dll, DUI70.dll, IMM32.dll, MSCTF.dll,
                                   UxTheme.dll, POWRPROF.dll, SETUPAPI.dll,    
                                   CFGMGR32.dll, DEVOBJ.dll, dwmapi.dll,       
                                   slc.dll, gdiplus.dll, Secur32.dll,          
                                   SSPICLI.DLL, PROPSYS.dll, CRYPTBASE.dll,    
                                   comctl32.dll, WindowsCodecs.dll,            
                                   profapi.dll, apphelp.dll, CLBCatQ.DLL,      
                                   DropboxExt.27.dll, VERSION.dll,             
                                   EhStorShell.dll, GrooveShellExtensions.dll,
                                   GrooveUtil.DLL, WININET.dll,                
                                   api-ms-win-downlevel-user32-l1-1-0.dll,     
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-version-l1-1-0.dll,    
                                   api-ms-win-downlevel-normaliz-l1-1-0.dll,   
                                   normaliz.DLL, iertutil.dll,                 
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   USERENV.dll, CRYPT32.dll, MSASN1.dll,       
                                   MSVCR80.dll, GrooveNew.DLL, ATL80.DLL,      
                                   CRYPTSP.dll, rsaenh.dll, MSImg32.dll,       
                                   IconCodecService.dll, RpcRtRemote.dll,      
                                   SndVolSSO.DLL, HID.DLL, MMDevApi.dll,       
                                   timedate.cpl, ATL.DLL, actxprxy.dll,        
                                   ntmarta.dll, WLDAP32.dll, shdocvw.dll,      
                                   LINKINFO.dll, msutb.dll, shacct.dll,        
                                   SAMLIB.dll, samcli.dll, netutils.dll,       
                                   MsftEdit.dll, msls31.dll, authui.dll,       
                                   CRYPTUI.dll, GrooveSystemServices.dll,      
                                   WINSTA.dll, GrooveMisc.dll, msxml3.dll,     
                                   bcrypt.dll, bcryptprimitives.dll,           
                                   gameux.dll, XmlLite.dll, wer.dll,           
                                   urlmon.dll,                                 
                                   api-ms-win-downlevel-ole32-l1-1-0.dll,      
                                   api-ms-win-downlevel-advapi32-l2-1-0.dll,   
                                   msiltcfg.dll, msi.dll, NetworkExplorer.dll,
                                   WINMM.dll, wdmaud.drv, ksuser.dll,          
                                   AVRT.dll, AUDIOSES.DLL, msacm32.drv,        
                                   MSACM32.dll, midimap.dll, ntshrui.dll,      
                                   srvcli.dll, cscapi.dll, stobject.dll,       
                                   BatMeter.dll, WTSAPI32.dll, WINTRUST.dll,   
                                   prnfldr.dll, WINSPOOL.DRV, es.dll, dxp.dll,
                                   Syncreg.dll, ehSSO.dll, netshell.dll,       
                                   IPHLPAPI.DLL, NSI.dll, WINNSI.DLL,          
                                   nlaapi.dll, AltTab.dll,                     
                                   wpdshserviceobj.dll,                        
                                   PortableDeviceTypes.dll,                    
                                   PortableDeviceApi.dll, pnidui.dll,          
                                   QUtil.dll, wevtapi.dll, fzshellext.dll,     
                                   btncopy.dll, srchadmin.dll, dhcpcsvc.DLL,   
                                   WS2_32.dll, dhcpcsvc6.DLL, mssprxy.dll,     
                                   credssp.dll, npmproxy.dll, SXS.DLL,         
                                   SyncCenter.dll, Actioncenter.dll,           
                                   Wlanapi.dll, wlanutil.dll, imapi2.dll,      
                                   wwanapi.dll, wwapi.dll, hgcpl.dll,          
                                   provsvc.dll, fxsst.dll, FXSAPI.dll,         
                                   FXSRESM.DLL, QAgent.dll, bthprops.cpl,      
                                   wkscli.dll, wscinterop.dll, WSCAPI.dll,     
                                   wscui.cpl, werconcpl.dll, framedynos.dll,   
                                   wercplsupport.dll, msxml6.dll,              
                                   hcproviders.dll, ieproxy.dll,               
                                   api-ms-win-downlevel-shlwapi-l2-1-0.dll,    
                                   ieframe.dll,                                
                                   api-ms-win-downlevel-shell32-l1-1-0.dll,    
                                   GrooveIntlResource.dll, OLEACC.dll,         
                                   mswsock.dll, wship6.dll, appwiz.cpl,        
                                   osbaseln.dll, comsvcs.dll, mtxoci.dll,      
                                   NETAPI32.DLL, COMDLG32.DLL,                 
                                   SearchFolder.dll, StructuredQuery.dll,      
                                   MPR.dll, BtwNamespaceExt.dll, RASAPI32.dll,
                                   rasman.dll, BtwNeLib.dll, btwapi.dll,       
                                   MFC80.DLL, btosif.dll, MFC80U.DLL,          
                                   btwpimif.dll, MSVCP80.dll, MFC80ENU.DLL,    
                                   wshBth.dll, btrez.dll, DEVRTL.dll,          
                                   twext.dll, mbamext.dll, rarext.dll,         
                                   syncui.dll, SYNCENG.dll, NppShell_06.dll,   
                                   acppage.dll, sfc.dll, sfc_os.DLL,           
                                   MLANG.dll, NaturalLanguage6.dll,            
                                   NLSData081a.dll, NLSLexicons081a.dll,       
                                   NLSData0009.dll, NLSLexicons0009.dll,       
                                   thumbcache.dll, PSAPI.DLL, tquery.dll,      
                                   EhStorAPI.dll                               
SynTPEnh.exe                  3764 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   NETAPI32.dll, netutils.dll, msvcrt.dll,     
                                   srvcli.dll, RPCRT4.dll, wkscli.dll,         
                                   SAMCLI.DLL, VERSION.dll, WINMM.dll,         
                                   USER32.dll, GDI32.dll, LPK.dll, USP10.dll,  
                                   PSAPI.DLL, COMDLG32.dll, SHLWAPI.dll,       
                                   COMCTL32.dll, ADVAPI32.dll, sechost.dll,    
                                   SHELL32.dll, ole32.dll, OLEAUT32.dll,       
                                   IMM32.DLL, MSCTF.dll, CRYPTBASE.dll,        
                                   uxtheme.dll, CLBCatQ.DLL, CRYPTSP.dll,      
                                   rsaenh.dll, RpcRtRemote.dll, SynCOM.dll,    
                                   dwmapi.dll, MMDevApi.dll, PROPSYS.dll,      
                                   SETUPAPI.dll, CFGMGR32.dll, DEVOBJ.dll,     
                                   apphelp.dll, AUDIOSES.DLL, SynTPAPI.dll,    
                                   WINSTA.dll, SspiCli.dll, SAMLIB.dll,        
                                   SynTPRes.dll, profapi.dll                   
SynTPHelper.exe               3916 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   PSAPI.DLL, USER32.dll, GDI32.dll, LPK.dll,  
                                   USP10.dll, msvcrt.dll, ADVAPI32.dll,        
                                   sechost.dll, RPCRT4.dll, IMM32.DLL,         
                                   MSCTF.dll, uxtheme.dll, cryptbase.dll       
wmpnetwk.exe                  3000 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, USER32.dll, GDI32.dll, LPK.dll,
                                   USP10.dll, OLEAUT32.dll, ole32.dll,         
                                   WSOCK32.dll, WS2_32.dll, NSI.dll,           
                                   IPHLPAPI.DLL, WINNSI.DLL, SHLWAPI.dll,      
                                   USERENV.dll, profapi.dll, WTSAPI32.dll,     
                                   IMM32.DLL, MSCTF.dll, CRYPTBASE.dll,        
                                   WINSTA.dll, ntmarta.dll, WLDAP32.dll,       
                                   wmdrmdev.dll, drmv2clt.dll, VERSION.dll,    
                                   MFPlat.DLL, AVRT.dll, SETUPAPI.dll,         
                                   CFGMGR32.dll, DEVOBJ.dll, SHELL32.dll,      
                                   WINTRUST.dll, CRYPT32.dll, MSASN1.dll,      
                                   CLBCatQ.DLL, CRYPTSP.dll, rsaenh.dll,       
                                   RpcRtRemote.dll, upnp.dll, WINHTTP.dll,     
                                   webio.dll, SSDPAPI.dll, SXS.DLL,            
                                   dhcpcsvc.DLL, dhcpcsvc6.DLL, wmp.dll,       
                                   gdiplus.dll, dwmapi.dll, wmploc.dll,        
                                   ieproxy.dll,                                
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-shlwapi-l2-1-0.dll,    
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   windowscodecs.dll, provsvc.dll, slc.dll,    
                                   SspiCli.dll, NETAPI32.dll, netutils.dll,    
                                   srvcli.dll, wkscli.dll, wmpps.dll,          
                                   wmpmde.dll, HTTPAPI.dll, pcwum.dll,         
                                   mswsock.dll, wshtcpip.dll, wship6.dll,      
                                   BlackBox.dll, WinSATAPI.dll, dxgi.dll,      
                                   msxml6.dll, bcrypt.dll,                     
                                   bcryptprimitives.dll, urlmon.dll,           
                                   api-ms-win-downlevel-ole32-l1-1-0.dll,      
                                   api-ms-win-downlevel-user32-l1-1-0.dll,     
                                   api-ms-win-downlevel-version-l1-1-0.dll,    
                                   api-ms-win-downlevel-normaliz-l1-1-0.dll,   
                                   normaliz.DLL, iertutil.dll, WININET.dll,    
                                   PROPSYS.dll, msmpeg2enc.dll, devenum.dll,   
                                   WINMM.dll, msdmo.dll, netprofm.dll,         
                                   nlaapi.dll, npmproxy.dll, upnphost.dll,     
                                   wbemprox.dll, wbemcomn.dll, wbemsvc.dll,    
                                   fastprox.dll, NTDSAPI.dll, credssp.dll,     
                                   msxml3.dll, DNSAPI.dll, GPAPI.dll,          
                                   comctl32.dll, XmlLite.dll, LINKINFO.dll,    
                                   apphelp.dll, NetworkExplorer.dll, MPR.dll,  
                                   drprov.dll, ntlanman.dll, davclnt.dll,      
                                   DAVHLPR.dll, AUTHZ.dll, dsrole.dll,         
                                   SAMLIB.dll, FirewallAPI.dll                 
svchost.exe                   2668 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   pnrpsvc.dll, USERENV.dll, profapi.dll,      
                                   GPAPI.dll, CRYPTBASE.dll, secur32.dll,      
                                   SSPICLI.DLL, credssp.dll, RpcRtRemote.dll,  
                                   WS2_32.dll, NSI.dll, mswsock.dll,           
                                   user32.dll, GDI32.dll, LPK.dll, USP10.dll,  
                                   IMM32.DLL, MSCTF.dll, wship6.dll,           
                                   IPHLPAPI.DLL, WINNSI.DLL, dhcpcsvc.DLL,     
                                   dhcpcsvc6.DLL, sqmapi.dll, ADVAPI32.dll,    
                                   ole32.dll, SSDPAPI.DLL, SHELL32.dll,        
                                   SHLWAPI.dll, CRYPT32.dll, MSASN1.dll,       
                                   CRYPTSP.dll, rsaenh.dll, ncrypt.dll,        
                                   bcrypt.dll, p2psvc.dll, P2PGRAPH.dll,       
                                   ESENT.dll, slc.dll, XmlLite.dll, psapi.dll,
                                   OLEAUT32.dll, AUTHZ.dll, pnrpnsp.dll,       
                                   rasadhlp.dll, ntmarta.dll, WLDAP32.dll,     
                                   schannel.DLL, drttransport.dll, drt.dll,    
                                   pcwum.dll, CLBCatQ.DLL, bcryptprimitives.dl
HPSupportSolutionsFramewo     3104 ntdll.dll, MSCOREE.DLL, KERNEL32.dll,       
                                   KERNELBASE.dll, ADVAPI32.dll, msvcrt.dll,   
                                   sechost.dll, RPCRT4.dll, mscoreei.dll,      
                                   SHLWAPI.dll, GDI32.dll, USER32.dll,         
                                   LPK.dll, USP10.dll, IMM32.DLL, MSCTF.dll,   
                                   clr.dll, MSVCR110_CLR0400.dll,              
                                   mscorlib.ni.dll, ole32.dll, CRYPTBASE.dll,  
                                   clrjit.dll, OLEAUT32.dll, System.ni.dll,    
                                   System.ServiceProcess.ni.dll,               
                                   nlssorting.dll, shell32.dll, profapi.dll,   
                                   WindowsBase.ni.dll, CRYPTSP.dll,            
                                   rsaenh.dll, System.Core.ni.dll,             
                                   System.ServiceModel.ni.dll,                 
                                   System.Runtime.Serialization.ni.dll,        
                                   SMDiagnostics.ni.dll, System.Xml.ni.dll,    
                                   System.ServiceModel.Internals.ni.dll,       
                                   System.Configuration.ni.dll, pcwum.DLL,     
                                   System.IdentityModel.ni.dll, ws2_32.dll,    
                                   NSI.dll, mswsock.dll, wshtcpip.dll,         
                                   wship6.dll, DNSAPI.dll, WLIDNSP.DLL,        
                                   PSAPI.DLL, IPHLPAPI.DLL, WINNSI.DLL,        
                                   rasadhlp.dll, fwpuclnt.dll, httpapi.dll,    
                                   CRYPT32.dll, MSASN1.dll, imagehlp.dll,      
                                   ncrypt.dll, bcrypt.dll,                     
                                   bcryptprimitives.dll, urlmon.dll,           
                                   api-ms-win-downlevel-ole32-l1-1-0.dll,      
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   api-ms-win-downlevel-user32-l1-1-0.dll,     
                                   api-ms-win-downlevel-version-l1-1-0.dll,    
                                   version.DLL,                                
                                   api-ms-win-downlevel-normaliz-l1-1-0.dll,   
                                   normaliz.DLL, iertutil.dll, WININET.dll,    
                                   USERENV.dll, Secur32.dll, SSPICLI.DLL,      
                                   api-ms-win-downlevel-advapi32-l2-1-0.dll,   
                                   System.Web.ni.dll,                          
                                   System.Configuration.Install.ni.dll,        
                                   System.Drawing.ni.dll,                      
                                   System.Windows.Forms.ni.dll, CLBCatQ.DLL,   
                                   taskschd.dll, RpcRtRemote.dll               
svchost.exe                   2484 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   mpsvc.dll, ADVAPI32.dll, ole32.dll,         
                                   GDI32.dll, USER32.dll, LPK.dll, USP10.dll,  
                                   WTSAPI32.dll, sfc.dll, sfc_os.DLL,          
                                   MpClient.dll, OLEAUT32.dll, USERENV.dll,    
                                   profapi.dll, WINTRUST.dll, CRYPT32.dll,     
                                   MSASN1.dll, VERSION.dll, SHELL32.dll,       
                                   SHLWAPI.dll, IMM32.DLL, MSCTF.dll,          
                                   GPAPI.dll, CRYPTSP.dll, rsaenh.dll,         
                                   CRYPTBASE.dll, imagehlp.dll, bcrypt.dll,    
                                   bcryptprimitives.dll, ncrypt.dll,           
                                   mprtp.dll, PSAPI.DLL, tdh.dll,              
                                   mpengine.dll, WS2_32.dll, NSI.dll,          
                                   secur32.dll, SSPICLI.DLL, credssp.dll,      
                                   ntmarta.dll, WLDAP32.dll, RpcRtRemote.dll,  
                                   wscapi.dll, urlmon.dll,                     
                                   api-ms-win-downlevel-ole32-l1-1-0.dll,      
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   api-ms-win-downlevel-user32-l1-1-0.dll,     
                                   api-ms-win-downlevel-version-l1-1-0.dll,    
                                   api-ms-win-downlevel-normaliz-l1-1-0.dll,   
                                   normaliz.DLL, iertutil.dll, WININET.dll,    
                                   CLBCatQ.DLL, XmlLite.dll                    
dllhost.exe                   2752 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, ole32.dll, GDI32.dll,           
                                   USER32.dll, LPK.dll, USP10.dll, RPCRT4.dll,
                                   IMM32.DLL, MSCTF.dll, CRYPTBASE.dll,        
                                   CLBCatQ.DLL, ADVAPI32.dll, sechost.dll,     
                                   OLEAUT32.dll, CRYPTSP.dll, rsaenh.dll,      
                                   RpcRtRemote.dll, IDStore.dll, actxprxy.dll,
                                   WLIDPROV.DLL, wlidcli.dll, SHLWAPI.dll,     
                                   CRYPT32.dll, MSASN1.dll, OLEACC.dll,        
                                   PSAPI.DLL, USERENV.dll, profapi.dll,        
                                   SHELL32.dll, WININET.dll,                   
                                   api-ms-win-downlevel-user32-l1-1-0.dll,     
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-version-l1-1-0.dll,    
                                   version.DLL,                                
                                   api-ms-win-downlevel-normaliz-l1-1-0.dll,   
                                   normaliz.DLL, iertutil.dll,                 
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   WINTRUST.dll, WinSCard.dll, PROPSYS.dll     
firefox.exe                   2100 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   mozglue.dll, VERSION.dll, msvcrt.dll,       
                                   MSVCR120.dll, MSVCP120.dll, nss3.dll,       
                                   WINMM.dll, USER32.dll, GDI32.dll, LPK.dll,  
                                   USP10.dll, WSOCK32.dll, WS2_32.dll,         
                                   RPCRT4.dll, NSI.dll, ADVAPI32.dll,          
                                   sechost.dll, IMM32.DLL, MSCTF.dll,          
                                   sandboxbroker.dll, mozalloc.dll, xul.dll,   
                                   icuin52.dll, icuuc52.dll, icudt52.dll,      
                                   NETAPI32.dll, netutils.dll, srvcli.dll,     
                                   wkscli.dll, SAMCLI.DLL, SHELL32.dll,        
                                   SHLWAPI.dll, ole32.dll, MSIMG32.dll,        
                                   IPHLPAPI.DLL, WINNSI.DLL, UxTheme.dll,      
                                   SETUPAPI.dll, CFGMGR32.dll, OLEAUT32.dll,   
                                   DEVOBJ.dll, WINTRUST.dll, CRYPT32.dll,      
                                   MSASN1.dll, WTSAPI32.dll, pdh.dll,          
                                   dwmapi.dll, dbghelp.dll, CRYPTBASE.dll,     
                                   dwrite.dll, comctl32.dll, CLBCatQ.DLL,      
                                   propsys.dll, ntmarta.dll, WLDAP32.dll,      
                                   Dnsapi.dll, mswsock.dll, wshtcpip.dll,      
                                   browsercomps.dll, profapi.dll, NLAapi.dll,  
                                   napinsp.dll, pnrpnsp.dll, winrnr.dll,       
                                   WLIDNSP.DLL, PSAPI.DLL, wshbth.dll,         
                                   wbemprox.dll, wbemcomn.dll, CRYPTSP.dll,    
                                   rsaenh.dll, RpcRtRemote.dll, wbemsvc.dll,   
                                   fastprox.dll, NTDSAPI.dll, WINSTA.dll,      
                                   Wpc.dll, USERENV.dll, wevtapi.dll,          
                                   SAMLIB.dll, MMDevApi.dll, AUDIOSES.DLL,     
                                   d3d11.dll, dxgi.dll, aticfx32.dll,          
                                   atiuxpag.dll, atidxx32.dll, d2d1.dll,       
                                   XmlLite.dll, mscms.dll, softokn3.dll,       
                                   nssdbm3.dll, freebl3.dll, nssckbi.dll,      
                                   explorerframe.dll, DUser.dll, DUI70.dll,    
                                   wship6.dll, rasadhlp.dll, fwpuclnt.dll,     
                                   dhcpcsvc.DLL, dhcpcsvc6.DLL, LINKINFO.dll,  
                                   ntshrui.dll, cscapi.dll, slc.dll            
procexp.exe                   1140 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   SHLWAPI.dll, GDI32.dll, USER32.dll,         
                                   LPK.dll, USP10.dll, msvcrt.dll, WS2_32.dll,
                                   RPCRT4.dll, NSI.dll, MPR.dll, COMCTL32.dll,
                                   VERSION.dll, credui.dll, SETUPAPI.dll,      
                                   CFGMGR32.dll, ADVAPI32.dll, sechost.dll,    
                                   OLEAUT32.dll, ole32.dll, DEVOBJ.dll,        
                                   CRYPT32.dll, MSASN1.dll, COMDLG32.dll,      
                                   SHELL32.dll, WINHTTP.dll, webio.dll,        
                                   PSAPI.DLL, IMM32.DLL, MSCTF.dll,            
                                   uxtheme.dll, ntmarta.dll, WLDAP32.dll,      
                                   dbghelp.dll, aclui.dll, NTDSAPI.dll,        
                                   iphlpapi.dll, WINNSI.DLL, wtsapi32.dll,     
                                   winsta.dll, mscoree.dll, mscoreei.dll,      
                                   CorperfmonExt.dll, MSVCR110_CLR0400.dll,    
                                   CRYPTBASE.dll, netfxperf.dll,               
                                   perfcounter.dll, pdh.dll, dwmapi.dll,       
                                   Wintrust.dll, CLBCatQ.DLL, taskschd.dll,    
                                   SspiCli.dll, Powrprof.dll, mscordbi.dll,    
                                   MSVCR80.dll, propsys.dll, profapi.dll,      
                                   WindowsCodecs.dll, apphelp.dll,             
                                   DropboxExt.27.dll, EhStorShell.dll,         
                                   GrooveShellExtensions.dll, GrooveUtil.DLL,  
                                   WININET.dll,                                
                                   api-ms-win-downlevel-user32-l1-1-0.dll,     
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-version-l1-1-0.dll,    
                                   api-ms-win-downlevel-normaliz-l1-1-0.dll,   
                                   normaliz.DLL, iertutil.dll,                 
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   USERENV.dll, GrooveNew.DLL, ATL80.DLL,      
                                   CRYPTSP.dll, rsaenh.dll, MSImg32.dll,       
                                   wbemprox.dll, wbemcomn.dll,                 
                                   RpcRtRemote.dll, wbemsvc.dll, fastprox.dll,
                                   XmlLite.dll, explorerframe.dll, DUser.dll,  
                                   DUI70.dll, msls31.dll, StructuredQuery.dll,
                                   Secur32.dll, actxprxy.dll, ieproxy.dll,     
                                   api-ms-win-downlevel-shlwapi-l2-1-0.dll,    
                                   thumbcache.dll, SHDOCVW.dll, ieframe.DLL,   
                                   api-ms-win-downlevel-shell32-l1-1-0.dll,    
                                   slc.dll, NetworkExplorer.dll, oleacc.dll,   
                                   ntshrui.dll, srvcli.dll, cscapi.dll,        
                                   LINKINFO.dll, samcli.dll, SAMLIB.dll,       
                                   drprov.dll, ntlanman.dll, davclnt.dll,      
                                   DAVHLPR.dll, netutils.dll, wkscli.dll,      
                                   BtwNamespaceExt.dll, RASAPI32.dll,          
                                   rasman.dll, BtwNeLib.dll, btwapi.dll,       
                                   msi.dll, MFC80.DLL, btosif.dll, MFC80U.DLL,
                                   WINSPOOL.DRV, btwpimif.dll, bthprops.cpl,   
                                   MSVCP80.dll, gdiplus.dll, MFC80ENU.DLL,     
                                   mswsock.dll, wshBth.dll, btrez.dll,         
                                   urlmon.dll,                                 
                                   api-ms-win-downlevel-ole32-l1-1-0.dll       
notepad.exe                    400 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, GDI32.dll, USER32.dll, LPK.dll,
                                   USP10.dll, COMDLG32.dll, SHLWAPI.dll,       
                                   COMCTL32.dll, SHELL32.dll, WINSPOOL.DRV,    
                                   ole32.dll, OLEAUT32.dll, VERSION.dll,       
                                   IMM32.DLL, MSCTF.dll, CRYPTBASE.dll,        
                                   uxtheme.dll, dwmapi.dll, CLBCatQ.DLL        
cmd.exe                       3968 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, WINBRAND.dll, USER32.dll,       
                                   GDI32.dll, LPK.dll, USP10.dll, IMM32.DLL,   
                                   MSCTF.dll, apphelp.dll                      
conhost.exe                   2304 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   GDI32.dll, USER32.dll, LPK.dll, USP10.dll,  
                                   msvcrt.dll, IMM32.dll, MSCTF.dll,           
                                   ole32.dll, RPCRT4.dll, OLEAUT32.dll,        
                                   uxtheme.dll, dwmapi.dll, ADVAPI32.dll,      
                                   sechost.dll, comctl32.DLL, SHLWAPI.dll,     
                                   CRYPTBASE.dll, CLBCatQ.DLL                  
tasklist.exe                  2320 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, USER32.dll, GDI32.dll, LPK.dll,
                                   USP10.dll, ole32.dll, VERSION.dll, MPR.dll,
                                   OLEAUT32.dll, Secur32.dll, SSPICLI.DLL,     
                                   WS2_32.dll, NSI.dll, framedynos.dll,        
                                   WTSAPI32.dll, NETAPI32.dll, netutils.dll,   
                                   srvcli.dll, wkscli.dll, dbghelp.dll,        
                                   SHLWAPI.dll, IMM32.DLL, MSCTF.dll,          
                                   CRYPTBASE.dll, CLBCatQ.DLL, wbemprox.dll,   
                                   wbemcomn.dll, Winsta.dll, CRYPTSP.dll,      
                                   rsaenh.dll, RpcRtRemote.dll, wbemsvc.dll,   
                                   fastprox.dll, NTDSAPI.dll, wmiutils.dll     
WmiPrvSE.exe                  2200 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, USER32.dll, GDI32.dll, LPK.dll,
                                   USP10.dll, wbemcomn.dll, OLEAUT32.dll,      
                                   ole32.dll, WS2_32.dll, NSI.dll,             
                                   FastProx.dll, NTDSAPI.dll, NCObjAPI.DLL,    
                                   IMM32.DLL, MSCTF.dll, CRYPTBASE.dll,        
                                   ntmarta.dll, WLDAP32.dll, CLBCatQ.DLL,      
                                   wbemprox.dll, CRYPTSP.dll, rsaenh.dll,      
                                   RpcRtRemote.dll, wbemsvc.dll, wmiutils.dll,
                                   cimwin32.dll, framedynos.dll, SspiCli.dll,  
                                   WTSAPI32.dll, WINSTA.dll, DEVOBJ.dll,       
                                   CFGMGR32.dll, WMI.DLL, POWRPROF.dll,        
                                   SETUPAPI.dll, NETAPI32.DLL, netutils.dll,   
                                   srvcli.dll, wkscli.dll, SAMCLI.DLL,         
                                   LOGONCLI.DLL, BROWCLI.DLL, SCHEDCLI.DLL,    
                                   DSROLE.DLL, WINBRAND.dll

#70
RKinner

Posted 12 August 2015 - 02:09 PM

Malware Expert

Expert
24,625 posts

Go ahead and remove all of the windows live stuff. You can reinstall later if you need it.

#71
Fidel Castro

Posted 12 August 2015 - 02:25 PM

Member

Topic Starter
Member
162 posts

I have removed all 'Windows Live Essentials 2011' programs as well as 'Windows Live Mesh ActiveX Control' or something like that.

Then I rebooted.

This is the new junk file from cmd.

Image Name                     PID Modules                                     
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       260 ntdll.dll                                   
csrss.exe                      416 ntdll.dll, CSRSRV.dll, basesrv.DLL,         
                                   winsrv.DLL, USER32.dll, GDI32.dll,          
                                   kernel32.dll, KERNELBASE.dll, LPK.dll,      
                                   USP10.dll, msvcrt.dll, sxssrv.DLL, sxs.dll,
                                   RPCRT4.dll, CRYPTBASE.dll, ADVAPI32.dll,    
                                   sechost.dll                                 
wininit.exe                    484 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   USER32.dll, GDI32.dll, LPK.dll, USP10.dll,  
                                   msvcrt.dll, RPCRT4.dll, sechost.dll,        
                                   profapi.dll, IMM32.DLL, MSCTF.dll,          
                                   RpcRtRemote.dll, apphelp.dll,               
                                   CRYPTBASE.dll, WS2_32.dll, NSI.dll,         
                                   mswsock.dll, wshtcpip.dll, wship6.dll,      
                                   secur32.dll, SSPICLI.DLL, credssp.dll,      
                                   ADVAPI32.dll                                
csrss.exe                      492 ntdll.dll, CSRSRV.dll, basesrv.DLL,         
                                   winsrv.DLL, USER32.dll, GDI32.dll,          
                                   kernel32.dll, KERNELBASE.dll, LPK.dll,      
                                   USP10.dll, msvcrt.dll, sxssrv.DLL, sxs.dll,
                                   RPCRT4.dll, CRYPTBASE.dll, ADVAPI32.dll,    
                                   sechost.dll                                 
services.exe                   532 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, RPCRT4.dll, SspiCli.dll,        
                                   profapi.dll, sechost.dll, CRYPTBASE.dll,    
                                   scext.dll, USER32.dll, GDI32.dll, LPK.dll,  
                                   USP10.dll, Secur32.dll, SCESRV.dll,         
                                   srvcli.dll, IMM32.DLL, MSCTF.dll,           
                                   RpcRtRemote.dll, credssp.dll, AUTHZ.dll,    
                                   UBPM.dll, ADVAPI32.dll, apphelp.dll,        
                                   WTSAPI32.dll, WINSTA.dll, WS2_32.dll,       
                                   NSI.dll, mswsock.dll, wshtcpip.dll,         
                                   wship6.dll                                  
lsass.exe                      548 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, RPCRT4.dll, SspiSrv.dll,        
                                   lsasrv.dll, sechost.dll, SspiCli.dll,       
                                   ADVAPI32.dll, USER32.dll, GDI32.dll,        
                                   LPK.dll, USP10.dll, SAMSRV.dll,             
                                   cryptdll.dll, MSASN1.dll, wevtapi.dll,      
                                   IMM32.DLL, MSCTF.dll, cngaudit.dll,         
                                   AUTHZ.dll, ncrypt.dll, bcrypt.dll,          
                                   msprivs.DLL, netjoin.dll, negoexts.DLL,     
                                   Secur32.dll, cryptbase.dll, kerberos.DLL,   
                                   CRYPTSP.dll, WS2_32.dll, NSI.dll,           
                                   mswsock.dll, wship6.dll, msv1_0.DLL,        
                                   netlogon.DLL, DNSAPI.dll, logoncli.dll,     
                                   schannel.DLL, CRYPT32.dll, wdigest.DLL,     
                                   rsaenh.dll, tspkg.DLL, pku2u.DLL,           
                                   bcryptprimitives.dll, RpcRtRemote.dll,      
                                   efslsaext.dll, scecli.DLL,                  
                                   BtwProximityCP.dll, WTSAPI32.dll,           
                                   SHLWAPI.dll, ole32.dll, credui.dll,         
                                   bthprops.cpl, SHELL32.dll, OLEAUT32.dll,    
                                   SETUPAPI.dll, CFGMGR32.dll, DEVOBJ.dll,     
                                   MSIMG32.dll, PSAPI.DLL, MSVCR80.dll,        
                                   comctl32.dll, credssp.dll, WINSTA.dll,      
                                   keyiso.dll, wshtcpip.dll, IPHLPAPI.DLL,     
                                   WINNSI.DLL, netutils.dll, wkscli.dll,       
                                   USERENV.dll, profapi.dll, dssenh.dll,       
                                   GPAPI.dll, cryptnet.dll, WLDAP32.dll        
lsm.exe                        556 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   SYSNTFY.dll, WMsgAPI.dll, CRYPTBASE.dll,    
                                   pcwum.dll, RpcRtRemote.dll, secur32.dll,    
                                   SSPICLI.DLL, credssp.dll, ADVAPI32.dll      
winlogon.exe                   636 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   USER32.dll, GDI32.dll, LPK.dll, USP10.dll,  
                                   msvcrt.dll, WINSTA.dll, RPCRT4.dll,         
                                   IMM32.DLL, MSCTF.dll, ADVAPI32.dll,         
                                   sechost.dll, profapi.dll, RpcRtRemote.dll,  
                                   apphelp.dll, UXINIT.dll, UxTheme.dll,       
                                   CRYPTSP.dll, rsaenh.dll, CRYPTBASE.dll,     
                                   WindowsCodecs.dll, ole32.dll, wkscli.dll,   
                                   netjoin.dll, netutils.dll, SspiCli.dll,     
                                   slc.dll, MPR.dll                            
svchost.exe                    708 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   umpnpmgr.dll, SPINF.dll, USER32.dll,        
                                   GDI32.dll, LPK.dll, USP10.dll, DEVRTL.dll,  
                                   IMM32.DLL, MSCTF.dll, RpcRtRemote.dll,      
                                   USERENV.dll, profapi.dll, GPAPI.dll,        
                                   CRYPTBASE.dll, umpo.dll, WINSTA.dll,        
                                   SETUPAPI.dll, CFGMGR32.dll, ADVAPI32.dll,   
                                   OLEAUT32.dll, ole32.dll, DEVOBJ.dll,        
                                   pcwum.DLL, rpcss.dll, SspiCli.dll,          
                                   credssp.dll, CLBCatQ.DLL, ntmarta.dll,      
                                   WLDAP32.dll, wmidcprv.dll, FastProx.dll,    
                                   wbemcomn.dll, WS2_32.dll, NSI.dll,          
                                   NTDSAPI.dll, wbemprox.dll, CRYPTSP.dll,     
                                   rsaenh.dll, wbemsvc.dll, wmiutils.dll,      
                                   WINTRUST.dll, CRYPT32.dll, MSASN1.dll,      
                                   apphelp.dll, WTSAPI32.dll                   
svchost.exe                    780 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   rpcepmap.dll, RpcRtRemote.dll, secur32.dll,
                                   SSPICLI.DLL, credssp.dll, CRYPTBASE.dll,    
                                   rpcss.dll, ADVAPI32.dll, CRYPTSP.dll,       
                                   rsaenh.dll, WS2_32.dll, NSI.dll,            
                                   mswsock.dll, user32.dll, GDI32.dll,         
                                   LPK.dll, USP10.dll, IMM32.DLL, MSCTF.dll,   
                                   wshtcpip.dll, wship6.dll, FirewallAPI.dll,  
                                   VERSION.dll, CLBCatQ.DLL, ole32.dll,        
                                   OLEAUT32.dll, fwpuclnt.dll, WTSAPI32.dll,   
                                   WINSTA.dll                                  
atiesrxx.exe                   828 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   USER32.dll, GDI32.dll, LPK.dll, USP10.dll,  
                                   msvcrt.dll, ADVAPI32.dll, sechost.dll,      
                                   RPCRT4.dll, WTSAPI32.dll, PSAPI.DLL,        
                                   USERENV.dll, profapi.dll, POWRPROF.dll,     
                                   SETUPAPI.dll, CFGMGR32.dll, OLEAUT32.dll,   
                                   ole32.dll, DEVOBJ.dll, IMM32.DLL,           
                                   MSCTF.dll, WINSTA.dll, apphelp.dll          
svchost.exe                    900 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, wevtsvc.dll,   
                                   RpcRtRemote.dll, secur32.dll, SSPICLI.DLL,  
                                   credssp.dll, WS2_32.dll, NSI.dll,           
                                   mswsock.dll, wshtcpip.dll, wship6.dll,      
                                   GPAPI.dll, audiosrv.dll, POWRPROF.dll,      
                                   SETUPAPI.dll, CFGMGR32.dll, OLEAUT32.dll,   
                                   DEVOBJ.dll, MMDevAPI.DLL, PROPSYS.dll,      
                                   AVRT.dll, CLBCatQ.DLL, WINSTA.dll,          
                                   SHLWAPI.dll, CRYPTSP.dll, rsaenh.dll,       
                                   audioses.dll, lmhsvc.dll, IPHLPAPI.DLL,     
                                   WINNSI.DLL, nrpsrv.DLL, dhcpcore.dll,       
                                   DNSAPI.dll, firewallapi.dll, VERSION.dll,   
                                   dhcpcore6.dll, dhcpcsvc.DLL, dhcpcsvc6.DLL,
                                   provsvc.dll, npmproxy.dll, actxprxy.dll,    
                                   FunDisc.dll, ATL.DLL, msxml6.dll,           
                                   bcrypt.dll, bcryptprimitives.dll,           
                                   fdproxy.dll, P2P.dll, P2PCOLLAB.dll,        
                                   SHELL32.dll, ieproxy.dll,                   
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-shlwapi-l2-1-0.dll,    
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   pnrpnsp.dll, XmlLite.dll, CRYPT32.dll,      
                                   MSASN1.dll, USERENV.dll, profapi.dll,       
                                   wscsvc.dll, dbghelp.dll, wbemprox.dll,      
                                   wbemcomn.dll, wbemsvc.dll, fastprox.dll,    
                                   NTDSAPI.dll, wuapi.dll, Cabinet.dll,        
                                   WINTRUST.dll, wkscli.dll, netutils.dll      
svchost.exe                    944 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, audiosrv.dll,  
                                   POWRPROF.dll, SETUPAPI.dll, CFGMGR32.dll,   
                                   OLEAUT32.dll, DEVOBJ.dll, MMDevAPI.DLL,     
                                   PROPSYS.dll, AVRT.dll, CLBCatQ.DLL,         
                                   SHLWAPI.dll, uxsms.dll, WTSAPI32.dll,       
                                   WINSTA.dll, wlansvc.dll, CRYPT32.dll,       
                                   MSASN1.dll, bcrypt.dll, dsrole.dll,         
                                   SHELL32.dll, WLANMSM.DLL, WLANSEC.dll,      
                                   WS2_32.dll, NSI.dll, OneX.DLL,              
                                   eappprxy.dll, AUTHZ.dll, dhcpcsvc.DLL,      
                                   IPHLPAPI.DLL, WINNSI.DLL, eappcfg.dll,      
                                   wlgpclnt.dll, l2gpstore.dll, wlanutil.dll,  
                                   SYSNTFY.dll, WinSCard.dll, msxml6.dll,      
                                   bcryptprimitives.dll, CRYPTSP.dll,          
                                   rsaenh.dll, RpcRtRemote.dll, secur32.dll,   
                                   SSPICLI.DLL, credssp.dll, kerberos.DLL,     
                                   cryptdll.dll, WINTRUST.dll, apphelp.dll,    
                                   profapi.dll, netman.dll, sysmain.dll,       
                                   ntmarta.dll, WLDAP32.dll, trkwks.dll,       
                                   netcfgx.dll, slc.dll, devrtl.DLL,           
                                   netshell.dll, nlaapi.dll, hnetcfg.dll,      
                                   ATL.DLL, GPAPI.dll, USERENV.dll,            
                                   wbemprox.dll, wbemcomn.dll, wbemsvc.dll,    
                                   fastprox.dll, NTDSAPI.dll, wdi.dll,         
                                   APPHLPDM.DLL, wer.dll,                      
                                   PortableDeviceApi.dll,                      
                                   portabledeviceconnectapi.dll, RASAPI32.dll,
                                   rasman.dll, RASDLG.dll, MPRAPI.dll,         
                                   rtutils.dll, listsvc.dll, FirewallAPI.dll,  
                                   VERSION.dll, actxprxy.dll, IdListen.dll,    
                                   XmlLite.dll, NETAPI32.dll, netutils.dll,    
                                   srvcli.dll, wkscli.dll, SAMCLI.DLL,         
                                   ncrypt.dll, hgprint.dll, WINSPOOL.DRV,      
                                   SAMLIB.dll, shacct.dll, COMCTL32.dll,       
                                   cscapi.dll, comctl32.dll, pcasvc.dll,       
                                   AEPIC.dll, sfc_os.dll, sfc.dll, wevtapi.dll
svchost.exe                    984 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, fntcache.dll,  
                                   es.dll, OLEAUT32.dll, CRYPTSP.dll,          
                                   rsaenh.dll, RpcRtRemote.dll, CLBCatQ.DLL,   
                                   nsisvc.dll, NSI.dll, SXS.DLL, sstpsvc.dll,  
                                   rtutils.dll, HTTPAPI.dll, CRYPT32.dll,      
                                   MSASN1.dll, WS2_32.dll, webio.dll,          
                                   IPHLPAPI.DLL, WINNSI.DLL, wdi.dll,          
                                   perftrack.dll, wer.dll, dwmapi.dll,         
                                   Secur32.dll, SSPICLI.DLL, AEPIC.dll,        
                                   sfc_os.dll, netprofm.dll, nlaapi.dll,       
                                   winhttp.dll, npmproxy.dll,                  
                                   powertracker.dll, DEVOBJ.dll, CFGMGR32.dll,
                                   SHLWAPI.dll, credssp.dll, DNSAPI.dll,       
                                   napinsp.dll, pnrpnsp.dll, mswsock.dll,      
                                   winrnr.dll, wshbth.dll, wshtcpip.dll,       
                                   wship6.dll, rasadhlp.dll, fwpuclnt.dll,     
                                   dhcpcsvc.DLL, dhcpcsvc6.DLL, GPAPI.dll,     
                                   fdphost.dll, fdwsd.dll, ATL.DLL,            
                                   bcrypt.dll, MLANG.dll, wsdapi.dll,          
                                   webservices.dll, FirewallAPI.dll,           
                                   VERSION.dll, fdssdp.dll, SSDPAPI.dll,       
                                   fdproxy.dll, bcryptprimitives.dll,          
                                   XmlLite.dll, FunDisc.dll, msxml6.dll,       
                                   propsys.dll, ieproxy.dll,                   
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-shlwapi-l2-1-0.dll,    
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll    
svchost.exe                   1056 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, gpsvc.dll,     
                                   GPAPI.dll, WLDAP32.dll, Secur32.dll,        
                                   SSPICLI.DLL, NSI.dll, SYSNTFY.dll,          
                                   nlaapi.dll, profsvc.dll, OLEAUT32.dll,      
                                   USERENV.dll, profapi.dll, SHLWAPI.dll,      
                                   ATL.DLL, RpcRtRemote.dll, themeservice.dll,
                                   WINSTA.dll, CLBCatQ.DLL, dsrole.dll,        
                                   CRYPTSP.dll, slc.dll, rsaenh.dll, sens.dll,
                                   WS2_32.dll, SAMLIB.dll, eapsvc.dll,         
                                   eapphost.dll, CRYPT32.dll, MSASN1.dll,      
                                   umb.dll, UxTheme.dll, shsvcs.dll,           
                                   CFGMGR32.dll, schedsvc.dll, pcwum.dll,      
                                   SHELL32.dll, NETAPI32.dll, netutils.dll,    
                                   srvcli.dll, wkscli.dll, wevtapi.dll,        
                                   AUTHZ.dll, UBPM.dll, ktmw32.dll,            
                                   XmlLite.dll, credssp.dll, SETUPAPI.dll,     
                                   DEVOBJ.dll, WINTRUST.dll, FVEAPI.dll,       
                                   tbs.dll, FVECERTS.dll, LOGONCLI.DLL,        
                                   taskcomp.dll, VERSION.dll, ntmarta.dll,     
                                   mswsock.dll, wshtcpip.dll, wship6.dll,      
                                   netjoin.dll, WTSAPI32.dll, wiarpc.dll,      
                                   comctl32.dll, PROPSYS.dll, ikeext.dll,      
                                   fwpuclnt.dll, ncrypt.dll, bcrypt.dll,       
                                   bcryptprimitives.dll, IPHLPAPI.DLL,         
                                   WINNSI.DLL, dhcpcsvc.DLL, dhcpcsvc6.DLL,    
                                   wmisvc.dll, wbemcomn.dll, rasmans.dll,      
                                   rtutils.dll, eappprxy.dll, rastapi.DLL,     
                                   TAPI32.dll, iphlpsvc.dll, FirewallAPI.dll,  
                                   sqmapi.dll, WDSCORE.dll, srvsvc.dll,        
                                   browser.dll, VSSAPI.DLL, VssTrace.DLL,      
                                   samcli.dll, devrtl.DLL, wbemcore.dll,       
                                   esscli.dll, FastProx.dll, NTDSAPI.dll,      
                                   wbemsvc.dll, SSCORE.DLL, CLUSAPI.DLL,       
                                   cryptdll.dll, hnetcfg.dll, wmiutils.dll,    
                                   repdrvfs.dll, netprofm.dll, RESUTILS.DLL,   
                                   rasppp.dll, DNSAPI.dll, RASAPI32.dll,       
                                   rasman.dll, eappcfg.dll, vpnike.dll,        
                                   kerberos.DLL, raschap.dll, credui.dll,      
                                   ipnathlp.dll, MPRAPI.dll, netshell.dll,     
                                   wmiprvsd.dll, NCObjAPI.DLL, wbemess.dll,    
                                   rasadhlp.dll, npmproxy.dll, SPINF.dll,      
                                   NCI.dll, SPFILEQ.dll, SXS.DLL,              
                                   aelupsvc.dll, ncprov.dll, wuaueng.dll,      
                                   ESENT.dll, WINHTTP.dll, webio.dll,          
                                   WINSPOOL.DRV, Cabinet.dll, mspatcha.dll,    
                                   psapi.dll, WMsgAPI.dll, wer.dll, SPPC.DLL,  
                                   msi.dll, advpack.dll, apphelp.dll           
svchost.exe                   1244 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, dnsrslvr.dll,  
                                   WS2_32.dll, NSI.dll, DNSAPI.dll,            
                                   WINNSI.DLL, Fwpuclnt.dll, dnsext.dll,       
                                   USERENV.dll, profapi.dll, GPAPI.dll,        
                                   mswsock.dll, wship6.dll, iphlpapi.dll,      
                                   dhcpcsvc.DLL, dhcpcsvc6.DLL,                
                                   RpcRtRemote.dll, wkssvc.dll, netutils.dll,  
                                   netjoin.dll, SspiCli.dll, cryptsvc.dll,     
                                   CRYPTNET.dll, CRYPT32.dll, MSASN1.dll,      
                                   WLDAP32.dll, VSSAPI.DLL, ATL.DLL,           
                                   VssTrace.DLL, OLEAUT32.dll, samcli.dll,     
                                   SAMLIB.dll, CRYPTSP.dll, rsaenh.dll,        
                                   CLBCatQ.DLL, es.dll, PROPSYS.dll,           
                                   nlasvc.dll, wevtapi.dll, ncsi.dll,          
                                   WINHTTP.dll, webio.dll, CFGMGR32.dll,       
                                   secur32.dll, credssp.dll, ssdpapi.dll,      
                                   tapisrv.dll, rtutils.dll, wkscli.dll,       
                                   unimdm.tsp, uniplat.dll, SETUPAPI.dll,      
                                   DEVOBJ.dll, WINTRUST.dll, kmddsp.tsp,       
                                   ndptsp.tsp, hidphone.tsp, HID.DLL,          
                                   WINMM.dll, WTSAPI32.dll, WINSTA.dll,        
                                   wshtcpip.dll, SHLWAPI.dll, bcrypt.dll,      
                                   bcryptprimitives.dll, logoncli.dll,         
                                   rasadhlp.dll, ESENT.dll, psapi.dll          
atieclxx.exe                  1252 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   USER32.dll, GDI32.dll, LPK.dll, USP10.dll,  
                                   msvcrt.dll, ADVAPI32.dll, sechost.dll,      
                                   RPCRT4.dll, USERENV.dll, profapi.dll,       
                                   WTSAPI32.dll, POWRPROF.dll, SETUPAPI.dll,   
                                   CFGMGR32.dll, OLEAUT32.dll, ole32.dll,      
                                   DEVOBJ.dll, dwmapi.dll, IMM32.DLL,          
                                   MSCTF.dll, atiadlxx.dll, SHELL32.dll,       
                                   SHLWAPI.dll, PSAPI.DLL, WINTRUST.dll,       
                                   CRYPT32.dll, MSASN1.dll, WINSTA.dll,        
                                   uxtheme.dll, SspiCli.dll                    
wlanext.exe                   1400 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, USER32.dll, GDI32.dll, LPK.dll,
                                   USP10.dll, CRYPT32.dll, MSASN1.dll,         
                                   IMM32.DLL, MSCTF.dll, CRYPTBASE.dll,        
                                   RpcRtRemote.dll, secur32.dll, SSPICLI.DLL,  
                                   credssp.dll, bcmihvsrv.dll, XmlLite.dll,    
                                   IPHLPAPI.DLL, NSI.dll, WINNSI.DLL,          
                                   WS2_32.dll, Wlanapi.dll, wlanutil.dll,      
                                   WTSAPI32.dll, ole32.dll, OLEAUT32.dll,      
                                   dhcpcsvc.DLL, dhcpcsvc6.DLL                 
conhost.exe                   1412 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   GDI32.dll, USER32.dll, LPK.dll, USP10.dll,  
                                   msvcrt.dll, IMM32.dll, MSCTF.dll,           
                                   ole32.dll, RPCRT4.dll, OLEAUT32.dll         
spoolsv.exe                   1532 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   USER32.dll, GDI32.dll, LPK.dll, USP10.dll,  
                                   POWRPROF.dll, SETUPAPI.dll, CFGMGR32.dll,   
                                   ADVAPI32.dll, OLEAUT32.dll, ole32.dll,      
                                   DEVOBJ.dll, DNSAPI.dll, WS2_32.dll,         
                                   NSI.dll, IMM32.DLL, MSCTF.dll,              
                                   CRYPTBASE.dll, slc.dll, RpcRtRemote.dll,    
                                   secur32.dll, SSPICLI.DLL, credssp.dll,      
                                   WTSAPI32.dll, WINSTA.dll, IPHLPAPI.DLL,     
                                   WINNSI.DLL, mswsock.dll, wshtcpip.dll,      
                                   wship6.dll, rasadhlp.dll, fwpuclnt.dll,     
                                   CLBCatQ.DLL, umb.dll, ATL.DLL,              
                                   WINTRUST.dll, CRYPT32.dll, MSASN1.dll,      
                                   localspl.dll, SPOOLSS.DLL, srvcli.dll,      
                                   winspool.drv, PrintIsolationProxy.dll,      
                                   hpinksts8911LM.dll, SHLWAPI.dll,            
                                   USERENV.dll, profapi.dll, PSAPI.DLL,        
                                   VERSION.dll, SHELL32.dll, FXSMON.DLL,       
                                   msonpmon.dll, MSVCR80.dll, msi.dll,         
                                   tcpmon.dll, snmpapi.dll, wsnmp32.dll,       
                                   msxml6.dll, bcrypt.dll,                     
                                   bcryptprimitives.dll, usbmon.dll,           
                                   wls0wndh.dll, WSDMon.dll, wsdapi.dll,       
                                   webservices.dll, FirewallAPI.dll,           
                                   FunDisc.dll, fdPnp.dll, winprint.dll,       
                                   GPAPI.dll, msonpppr.dll, dsrole.dll,        
                                   win32spl.dll, DEVRTL.dll, SPINF.dll,        
                                   inetpp.dll, CRYPTSP.dll, rsaenh.dll,        
                                   cscapi.dll, netutils.dll                    
svchost.exe                   1592 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, bfe.dll,       
                                   AUTHZ.dll, slc.dll, SspiCli.dll, pcwum.dll,
                                   RpcRtRemote.dll, mpssvc.dll,                
                                   FirewallAPI.dll, VERSION.dll, fwpuclnt.dll,
                                   NSI.dll, CFGMGR32.dll, SHLWAPI.dll,         
                                   secur32.dll, credssp.dll, USERENV.dll,      
                                   profapi.dll, GPAPI.dll, WS2_32.dll,         
                                   IPHLPAPI.DLL, WINNSI.DLL, dhcpcsvc.DLL,     
                                   dhcpcsvc6.DLL, wfapigp.dll, ntmarta.dll,    
                                   WLDAP32.dll, dps.dll, OLEAUT32.dll,         
                                   CLBCatQ.DLL, taskschd.dll, bcrypt.dll,      
                                   wdi.dll, diagperf.dll, netprofm.dll,        
                                   nlaapi.dll, CRYPTSP.dll, rsaenh.dll,        
                                   pnpts.dll, wdiasqmmodule.dll, npmproxy.dll,
                                   mswsock.dll, wshqos.dll, wshtcpip.DLL,      
                                   wship6.dll, radardt.dll, WTSAPI32.dll       
svchost.exe                   1676 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, diagtrack.dll,
                                   OLEAUT32.dll, WS2_32.dll, NSI.dll,          
                                   bcrypt.dll, SHLWAPI.dll, XmlLite.dll,       
                                   WINHTTP.dll, webio.dll, CRYPT32.dll,        
                                   MSASN1.dll, WTSAPI32.dll, USERENV.dll,      
                                   profapi.dll, CLBCatQ.DLL, netprofm.dll,     
                                   nlaapi.dll, bcryptprimitives.dll,           
                                   aepic.dll, sfc_os.dll, SspiCli.dll,         
                                   credssp.dll, mswsock.dll, wshqos.dll,       
                                   wshtcpip.DLL, wship6.dll, IPHLPAPI.DLL,     
                                   WINNSI.DLL, dhcpcsvc.DLL, dhcpcsvc6.DLL,    
                                   DNSAPI.dll, rasadhlp.dll                    
svchost.exe                   1720 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, fdrespub.dll,  
                                   wsdapi.dll, WS2_32.dll, NSI.dll,            
                                   IPHLPAPI.DLL, WINNSI.DLL, webservices.dll,  
                                   FirewallAPI.dll, VERSION.dll, CLBCatQ.DLL,  
                                   OLEAUT32.dll, FunDisc.dll, ATL.DLL,         
                                   SHLWAPI.dll, dhcpcsvc.DLL, dhcpcsvc6.DLL,   
                                   mswsock.dll, wship6.dll, wshqos.dll,        
                                   wshtcpip.DLL, WINHTTP.dll, webio.dll,       
                                   HTTPAPI.dll, pcwum.dll, wkscli.dll,         
                                   netutils.dll, msxml6.dll, bcrypt.dll,       
                                   bcryptprimitives.dll, CRYPTSP.dll,          
                                   rsaenh.dll, XmlLite.dll, ssdpsrv.dll,       
                                   secur32.dll, SSPICLI.DLL, credssp.dll,      
                                   RpcRtRemote.dll, upnphost.dll, SHELL32.dll,
                                   SSDPAPI.dll, USERENV.dll, profapi.dll,      
                                   msxml3.dll,                                 
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   api-ms-win-downlevel-shlwapi-l2-1-0.dll,    
                                   udhisapi.dll                                
svchost.exe                   1812 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   wiaservc.dll, ADVAPI32.dll, USER32.dll,     
                                   GDI32.dll, LPK.dll, USP10.dll,              
                                   OLEAUT32.dll, ole32.dll, VERSION.dll,       
                                   IMM32.DLL, MSCTF.dll, wiatrace.dll,         
                                   CRYPTBASE.dll, RpcRtRemote.dll,             
                                   secur32.dll, SSPICLI.DLL, credssp.dll,      
                                   msv1_0.DLL, cryptdll.dll, CFGMGR32.dll,     
                                   CLBCatQ.DLL, CRYPTSP.dll, rsaenh.dll,       
                                   SETUPAPI.dll, DEVOBJ.dll                    
svchost.exe                   1380 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   bthserv.dll, SHFOLDER.dll, SHELL32.dll,     
                                   SHLWAPI.dll, GDI32.dll, USER32.dll,         
                                   LPK.dll, USP10.dll, IMM32.DLL, MSCTF.dll,   
                                   SETUPAPI.dll, CFGMGR32.dll, ADVAPI32.dll,   
                                   OLEAUT32.dll, ole32.dll, DEVOBJ.dll,        
                                   Wlanapi.dll, wlanutil.dll, CRYPTBASE.dll,   
                                   WINTRUST.dll, CRYPT32.dll, MSASN1.dll,      
                                   RpcRtRemote.dll, secur32.dll, SSPICLI.DLL,  
                                   credssp.dll, msv1_0.DLL, cryptdll.dll       
alg.exe                        132 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, ATL.DLL, USER32.dll, GDI32.dll,
                                   LPK.dll, USP10.dll, WS2_32.dll, NSI.dll,    
                                   ole32.dll, OLEAUT32.dll, WSOCK32.dll,       
                                   MSWSOCK.DLL, IMM32.DLL, MSCTF.dll,          
                                   CRYPTBASE.dll, CLBCatQ.DLL, CRYPTSP.dll,    
                                   rsaenh.dll, RpcRtRemote.dll, hnetcfg.dll,   
                                   IPHLPAPI.DLL, WINNSI.DLL, slc.dll,          
                                   GPAPI.dll, USERENV.dll, profapi.dll         
svchost.exe                   2052 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ipsecsvc.dll, AUTHZ.dll, fwpuclnt.dll,      
                                   FirewallAPI.dll, VERSION.dll,               
                                   FwRemoteSvr.DLL, ADVAPI32.dll, ole32.dll,   
                                   GDI32.dll, USER32.dll, LPK.dll, USP10.dll,  
                                   IMM32.DLL, MSCTF.dll, CRYPTBASE.dll,        
                                   CLBCatQ.DLL, OLEAUT32.dll, WS2_32.dll,      
                                   NSI.dll, mswsock.dll, wshtcpip.dll,         
                                   wship6.dll, IPHLPAPI.DLL, WINNSI.DLL,       
                                   dhcpcsvc.DLL, dhcpcsvc6.DLL, secur32.dll,   
                                   SSPICLI.DLL, credssp.dll, RpcRtRemote.dll   
taskhost.exe                  2340 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, ole32.dll, GDI32.dll,           
                                   USER32.dll, LPK.dll, USP10.dll, RPCRT4.dll,
                                   OLEAUT32.dll, IMM32.DLL, MSCTF.dll,         
                                   CRYPTBASE.dll, sechost.dll, ADVAPI32.dll,   
                                   uxtheme.dll, dwmapi.dll, CLBCatQ.DLL,       
                                   dimsjob.dll, SHLWAPI.dll, taskschd.dll,     
                                   SspiCli.dll, wininet.dll,                   
                                   api-ms-win-downlevel-user32-l1-1-0.dll,     
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-version-l1-1-0.dll,    
                                   version.DLL,                                
                                   api-ms-win-downlevel-normaliz-l1-1-0.dll,   
                                   normaliz.DLL, iertutil.dll,                 
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   USERENV.dll, profapi.dll, PlaySndSrv.dll,   
                                   RpcRtRemote.dll, MsCtfMonitor.dll,          
                                   MSUTB.dll, WINSTA.dll, WTSAPI32.dll,        
                                   api-ms-win-downlevel-ole32-l1-1-0.dll,      
                                   api-ms-win-downlevel-advapi32-l2-1-0.dll,   
                                   netprofm.dll, NSI.dll, nlaapi.dll,          
                                   CRYPTSP.dll, rsaenh.dll, ESENT.dll,         
                                   psapi.dll, SHELL32.dll, npmproxy.dll,       
                                   dsrole.dll, WINMM.dll, sqmapi.dll           
dwm.exe                       2416 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   GDI32.dll, USER32.dll, LPK.dll, USP10.dll,  
                                   msvcrt.dll, UxTheme.dll, IMM32.dll,         
                                   MSCTF.dll, dwmredir.dll, dwmcore.dll,       
                                   ADVAPI32.dll, sechost.dll, RPCRT4.dll,      
                                   WindowsCodecs.dll, ole32.dll, d3d10_1.dll,  
                                   d3d10_1core.dll, dxgi.dll, VERSION.dll,     
                                   dwmapi.dll, d3d11.dll, WINTRUST.dll,        
                                   CRYPT32.dll, MSASN1.dll, atiuxpag.dll       
explorer.exe                  2496 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, GDI32.dll, USER32.dll, LPK.dll,
                                   USP10.dll, SHLWAPI.dll, SHELL32.dll,        
                                   ole32.dll, OLEAUT32.dll, EXPLORERFRAME.dll,
                                   DUser.dll, DUI70.dll, IMM32.dll, MSCTF.dll,
                                   UxTheme.dll, POWRPROF.dll, SETUPAPI.dll,    
                                   CFGMGR32.dll, DEVOBJ.dll, dwmapi.dll,       
                                   slc.dll, gdiplus.dll, Secur32.dll,          
                                   SSPICLI.DLL, PROPSYS.dll, CRYPTBASE.dll,    
                                   comctl32.dll, WindowsCodecs.dll,            
                                   profapi.dll, apphelp.dll, CLBCatQ.DLL,      
                                   DropboxExt.27.dll, VERSION.dll,             
                                   EhStorShell.dll, GrooveShellExtensions.dll,
                                   GrooveUtil.DLL, WININET.dll,                
                                   api-ms-win-downlevel-user32-l1-1-0.dll,     
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-version-l1-1-0.dll,    
                                   api-ms-win-downlevel-normaliz-l1-1-0.dll,   
                                   normaliz.DLL, iertutil.dll,                 
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   USERENV.dll, CRYPT32.dll, MSASN1.dll,       
                                   MSVCR80.dll, GrooveNew.DLL, ATL80.DLL,      
                                   CRYPTSP.dll, rsaenh.dll, MSImg32.dll,       
                                   IconCodecService.dll, RpcRtRemote.dll,      
                                   SndVolSSO.DLL, HID.DLL, MMDevApi.dll,       
                                   timedate.cpl, ATL.DLL, actxprxy.dll,        
                                   ntmarta.dll, WLDAP32.dll, shdocvw.dll,      
                                   LINKINFO.dll, msutb.dll, shacct.dll,        
                                   SAMLIB.dll, samcli.dll, netutils.dll,       
                                   MsftEdit.dll, msls31.dll, authui.dll,       
                                   CRYPTUI.dll, WINSTA.dll,                    
                                   GrooveSystemServices.dll, GrooveMisc.dll,   
                                   msxml3.dll, bcrypt.dll,                     
                                   bcryptprimitives.dll, urlmon.dll,           
                                   api-ms-win-downlevel-ole32-l1-1-0.dll,      
                                   api-ms-win-downlevel-advapi32-l2-1-0.dll,   
                                   NetworkExplorer.dll, XmlLite.dll,           
                                   WINMM.dll, wdmaud.drv, ksuser.dll,          
                                   AVRT.dll, AUDIOSES.DLL, msacm32.drv,        
                                   MSACM32.dll, midimap.dll, ntshrui.dll,      
                                   srvcli.dll, cscapi.dll, gameux.dll,         
                                   wer.dll, msiltcfg.dll, msi.dll, msxml5.dll,
                                   stobject.dll, BatMeter.dll, WTSAPI32.dll,   
                                   WINTRUST.dll, es.dll, prnfldr.dll,          
                                   WINSPOOL.DRV, dxp.dll, Syncreg.dll,         
                                   ehSSO.dll, netshell.dll, IPHLPAPI.DLL,      
                                   NSI.dll, WINNSI.DLL, nlaapi.dll,            
                                   AltTab.dll, wpdshserviceobj.dll,            
                                   PortableDeviceTypes.dll,                    
                                   PortableDeviceApi.dll, pnidui.dll,          
                                   QUtil.dll, wevtapi.dll, fzshellext.dll,     
                                   srchadmin.dll, btncopy.dll, taskschd.dll,   
                                   bthprops.cpl, Actioncenter.dll,             
                                   dhcpcsvc.DLL, WS2_32.dll, dhcpcsvc6.DLL,    
                                   credssp.dll, npmproxy.dll, mssprxy.dll,     
                                   Wlanapi.dll, wlanutil.dll, wwanapi.dll,     
                                   wwapi.dll, fxsst.dll, FXSAPI.dll,           
                                   FXSRESM.DLL, QAgent.dll, SyncCenter.dll,    
                                   imapi2.dll, hgcpl.dll, provsvc.dll,         
                                   SXS.DLL, netprofm.dll, wkscli.dll,          
                                   DEVRTL.dll, MPR.dll, wscinterop.dll,        
                                   WSCAPI.dll, wscui.cpl, werconcpl.dll,       
                                   framedynos.dll, wercplsupport.dll,          
                                   msxml6.dll, hcproviders.dll, ieproxy.dll,   
                                   api-ms-win-downlevel-shlwapi-l2-1-0.dll,    
                                   SearchFolder.dll, StructuredQuery.dll,      
                                   NaturalLanguage6.dll, NLSData081a.dll,      
                                   NLSLexicons081a.dll, NLSData0009.dll,       
                                   NLSLexicons0009.dll, thumbcache.dll,        
                                   PSAPI.DLL, tquery.dll, mlang.dll,           
                                   twext.dll, mbamext.dll, rarext.dll,         
                                   syncui.dll, SYNCENG.dll, NppShell_06.dll,   
                                   acppage.dll, sfc.dll, sfc_os.DLL,           
                                   drprov.dll, ntlanman.dll, davclnt.dll,      
                                   DAVHLPR.dll, EhStorAPI.dll,                 
                                   BtwNamespaceExt.dll, RASAPI32.dll,          
                                   rasman.dll, BtwNeLib.dll, btwapi.dll,       
                                   MFC80.DLL, btosif.dll, MFC80U.DLL,          
                                   COMDLG32.dll, btwpimif.dll, MSVCP80.dll,    
                                   MFC80ENU.DLL, mswsock.dll, wshBth.dll,      
                                   btrez.dll                                   
SynTPEnh.exe                  2636 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   NETAPI32.dll, netutils.dll, msvcrt.dll,     
                                   srvcli.dll, RPCRT4.dll, wkscli.dll,         
                                   SAMCLI.DLL, VERSION.dll, WINMM.dll,         
                                   USER32.dll, GDI32.dll, LPK.dll, USP10.dll,  
                                   PSAPI.DLL, COMDLG32.dll, SHLWAPI.dll,       
                                   COMCTL32.dll, ADVAPI32.dll, sechost.dll,    
                                   SHELL32.dll, ole32.dll, OLEAUT32.dll,       
                                   IMM32.DLL, MSCTF.dll, CRYPTBASE.dll,        
                                   uxtheme.dll, CLBCatQ.DLL, CRYPTSP.dll,      
                                   rsaenh.dll, RpcRtRemote.dll, SynCOM.dll,    
                                   dwmapi.dll, MMDevApi.dll, PROPSYS.dll,      
                                   apphelp.dll, SETUPAPI.dll, CFGMGR32.dll,    
                                   DEVOBJ.dll, AUDIOSES.DLL, SynTPAPI.dll,     
                                   WINSTA.dll, SspiCli.dll, SAMLIB.dll,        
                                   SynTPRes.dll, profapi.dll                   
SynTPHelper.exe               2796 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   PSAPI.DLL, USER32.dll, GDI32.dll, LPK.dll,  
                                   USP10.dll, msvcrt.dll, ADVAPI32.dll,        
                                   sechost.dll, RPCRT4.dll, IMM32.DLL,         
                                   MSCTF.dll, uxtheme.dll, cryptbase.dll       
SearchIndexer.exe             2932 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, USER32.dll, GDI32.dll, LPK.dll,
                                   USP10.dll, ole32.dll, OLEAUT32.dll,         
                                   TQUERY.DLL, SHLWAPI.dll, MSSRCH.DLL,        
                                   ESENT.dll, IMM32.dll, MSCTF.dll, psapi.dll,
                                   SHELL32.dll, profapi.dll, CRYPTBASE.dll,    
                                   secur32.dll, SSPICLI.DLL, credssp.dll,      
                                   CLBCatQ.DLL, Msidle.dll, CRYPTSP.dll,       
                                   rsaenh.dll, RpcRtRemote.dll, mssprxy.dll,   
                                   propsys.dll, tQuery.dll.mui, ntmarta.dll,   
                                   WLDAP32.dll, VSSAPI.DLL, ATL.DLL,           
                                   VssTrace.DLL, samcli.dll, SAMLIB.dll,       
                                   netutils.dll, es.dll, CFGMGR32.dll,         
                                   WTSAPI32.dll, WINSTA.dll, USERENV.dll,      
                                   SXS.DLL, NaturalLanguage6.dll, CRYPT32.dll,
                                   MSASN1.dll, NLSData0009.dll,                
                                   NLSLexicons0009.dll                         
wmpnetwk.exe                  3024 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, USER32.dll, GDI32.dll, LPK.dll,
                                   USP10.dll, OLEAUT32.dll, ole32.dll,         
                                   WSOCK32.dll, WS2_32.dll, NSI.dll,           
                                   IPHLPAPI.DLL, WINNSI.DLL, SHLWAPI.dll,      
                                   USERENV.dll, profapi.dll, WTSAPI32.dll,     
                                   IMM32.DLL, MSCTF.dll, CRYPTBASE.dll,        
                                   WINSTA.dll, ntmarta.dll, WLDAP32.dll,       
                                   wmdrmdev.dll, drmv2clt.dll, VERSION.dll,    
                                   MFPlat.DLL, AVRT.dll, SETUPAPI.dll,         
                                   CFGMGR32.dll, DEVOBJ.dll, SHELL32.dll,      
                                   WINTRUST.dll, CRYPT32.dll, MSASN1.dll,      
                                   CLBCatQ.DLL, CRYPTSP.dll, rsaenh.dll,       
                                   RpcRtRemote.dll, upnp.dll, WINHTTP.dll,     
                                   webio.dll, SSDPAPI.dll, SXS.DLL,            
                                   dhcpcsvc.DLL, dhcpcsvc6.DLL, wmp.dll,       
                                   gdiplus.dll, dwmapi.dll, wmploc.dll,        
                                   ieproxy.dll,                                
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-shlwapi-l2-1-0.dll,    
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   windowscodecs.dll, provsvc.dll, slc.dll,    
                                   SspiCli.dll, mswsock.dll, wshqos.dll,       
                                   wshtcpip.DLL, wship6.dll, NETAPI32.dll,     
                                   netutils.dll, srvcli.dll, wkscli.dll,       
                                   wmpps.dll, credssp.dll, msxml3.dll,         
                                   bcrypt.dll, bcryptprimitives.dll,           
                                   DNSAPI.dll, wmpmde.dll, HTTPAPI.dll,        
                                   pcwum.dll, BlackBox.dll, urlmon.dll,        
                                   api-ms-win-downlevel-ole32-l1-1-0.dll,      
                                   api-ms-win-downlevel-user32-l1-1-0.dll,     
                                   api-ms-win-downlevel-version-l1-1-0.dll,    
                                   api-ms-win-downlevel-normaliz-l1-1-0.dll,   
                                   normaliz.DLL, iertutil.dll, WININET.dll,    
                                   netprofm.dll, nlaapi.dll, npmproxy.dll,     
                                   WinSATAPI.dll, dxgi.dll, msxml6.dll,        
                                   PROPSYS.dll, msmpeg2enc.dll, devenum.dll,   
                                   WINMM.dll, msdmo.dll, upnphost.dll,         
                                   wbemprox.dll, wbemcomn.dll, wbemsvc.dll,    
                                   fastprox.dll, NTDSAPI.dll, GPAPI.dll,       
                                   comctl32.dll, XmlLite.dll, LINKINFO.dll,    
                                   apphelp.dll, NetworkExplorer.dll, MPR.dll,  
                                   drprov.dll, ntlanman.dll, davclnt.dll,      
                                   DAVHLPR.dll, AUTHZ.dll, dsrole.dll,         
                                   SAMLIB.dll                                  
svchost.exe                   3252 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   pnrpsvc.dll, USERENV.dll, profapi.dll,      
                                   GPAPI.dll, CRYPTBASE.dll, secur32.dll,      
                                   SSPICLI.DLL, credssp.dll, RpcRtRemote.dll,  
                                   WS2_32.dll, NSI.dll, mswsock.dll,           
                                   user32.dll, GDI32.dll, LPK.dll, USP10.dll,  
                                   IMM32.DLL, MSCTF.dll, wship6.dll,           
                                   IPHLPAPI.DLL, WINNSI.DLL, dhcpcsvc.DLL,     
                                   dhcpcsvc6.DLL, sqmapi.dll, ADVAPI32.dll,    
                                   ole32.dll, SSDPAPI.DLL, SHELL32.dll,        
                                   SHLWAPI.dll, CRYPT32.dll, MSASN1.dll,       
                                   CRYPTSP.dll, rsaenh.dll, ncrypt.dll,        
                                   bcrypt.dll, p2psvc.dll, P2PGRAPH.dll,       
                                   ESENT.dll, slc.dll, XmlLite.dll, psapi.dll,
                                   OLEAUT32.dll, AUTHZ.dll, pnrpnsp.dll,       
                                   rasadhlp.dll, ntmarta.dll, WLDAP32.dll,     
                                   schannel.DLL, drttransport.dll, drt.dll,    
                                   pcwum.dll, CLBCatQ.DLL, bcryptprimitives.dl
HPSupportSolutionsFramewo     3812 ntdll.dll, MSCOREE.DLL, KERNEL32.dll,       
                                   KERNELBASE.dll, ADVAPI32.dll, msvcrt.dll,   
                                   sechost.dll, RPCRT4.dll, mscoreei.dll,      
                                   SHLWAPI.dll, GDI32.dll, USER32.dll,         
                                   LPK.dll, USP10.dll, IMM32.DLL, MSCTF.dll,   
                                   clr.dll, MSVCR110_CLR0400.dll,              
                                   mscorlib.ni.dll, ole32.dll, CRYPTBASE.dll,  
                                   clrjit.dll, OLEAUT32.dll, System.ni.dll,    
                                   System.ServiceProcess.ni.dll,               
                                   nlssorting.dll, shell32.dll, profapi.dll,   
                                   WindowsBase.ni.dll, CRYPTSP.dll,            
                                   rsaenh.dll, System.Core.ni.dll,             
                                   System.ServiceModel.ni.dll,                 
                                   System.Runtime.Serialization.ni.dll,        
                                   SMDiagnostics.ni.dll, System.Xml.ni.dll,    
                                   System.ServiceModel.Internals.ni.dll,       
                                   System.Configuration.ni.dll, pcwum.DLL,     
                                   System.IdentityModel.ni.dll, ws2_32.dll,    
                                   NSI.dll, mswsock.dll, wshtcpip.dll,         
                                   wship6.dll, DNSAPI.dll, IPHLPAPI.DLL,       
                                   WINNSI.DLL, rasadhlp.dll, fwpuclnt.dll,     
                                   httpapi.dll, CRYPT32.dll, MSASN1.dll,       
                                   imagehlp.dll, ncrypt.dll, bcrypt.dll,       
                                   bcryptprimitives.dll, urlmon.dll,           
                                   api-ms-win-downlevel-ole32-l1-1-0.dll,      
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   api-ms-win-downlevel-user32-l1-1-0.dll,     
                                   api-ms-win-downlevel-version-l1-1-0.dll,    
                                   version.DLL,                                
                                   api-ms-win-downlevel-normaliz-l1-1-0.dll,   
                                   normaliz.DLL, iertutil.dll, WININET.dll,    
                                   USERENV.dll, Secur32.dll, SSPICLI.DLL,      
                                   api-ms-win-downlevel-advapi32-l2-1-0.dll,   
                                   System.Web.ni.dll,                          
                                   System.Configuration.Install.ni.dll,        
                                   System.Drawing.ni.dll,                      
                                   System.Windows.Forms.ni.dll, CLBCatQ.DLL,   
                                   taskschd.dll, RpcRtRemote.dll               
sppsvc.exe                    3884 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, ole32.dll, GDI32.dll,           
                                   USER32.dll, LPK.dll, USP10.dll, IMM32.DLL,  
                                   MSCTF.dll, CRYPTBASE.dll, RpcRtRemote.dll,  
                                   CRYPTSP.dll, rsaenh.dll, sppwinob.dll,      
                                   sppobjs.dll, DNSAPI.dll, WS2_32.dll,        
                                   NSI.dll, OLEAUT32.dll, CLBCatQ.DLL,         
                                   SspiCli.dll                                 
svchost.exe                   3992 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   mpsvc.dll, ADVAPI32.dll, ole32.dll,         
                                   GDI32.dll, USER32.dll, LPK.dll, USP10.dll,  
                                   WTSAPI32.dll, sfc.dll, sfc_os.DLL,          
                                   MpClient.dll, OLEAUT32.dll, USERENV.dll,    
                                   profapi.dll, WINTRUST.dll, CRYPT32.dll,     
                                   MSASN1.dll, VERSION.dll, SHELL32.dll,       
                                   SHLWAPI.dll, IMM32.DLL, MSCTF.dll,          
                                   GPAPI.dll, CRYPTSP.dll, rsaenh.dll,         
                                   CRYPTBASE.dll, imagehlp.dll, bcrypt.dll,    
                                   bcryptprimitives.dll, ncrypt.dll,           
                                   mprtp.dll, PSAPI.DLL, tdh.dll,              
                                   mpengine.dll, WS2_32.dll, NSI.dll,          
                                   ntmarta.dll, WLDAP32.dll, secur32.dll,      
                                   SSPICLI.DLL, credssp.dll, RpcRtRemote.dll,  
                                   wscapi.dll, urlmon.dll,                     
                                   api-ms-win-downlevel-ole32-l1-1-0.dll,      
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   api-ms-win-downlevel-user32-l1-1-0.dll,     
                                   api-ms-win-downlevel-version-l1-1-0.dll,    
                                   api-ms-win-downlevel-normaliz-l1-1-0.dll,   
                                   normaliz.DLL, iertutil.dll, WININET.dll,    
                                   CLBCatQ.DLL                                 
firefox.exe                   2172 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   mozglue.dll, VERSION.dll, msvcrt.dll,       
                                   MSVCR120.dll, MSVCP120.dll, nss3.dll,       
                                   WINMM.dll, USER32.dll, GDI32.dll, LPK.dll,  
                                   USP10.dll, WSOCK32.dll, WS2_32.dll,         
                                   RPCRT4.dll, NSI.dll, ADVAPI32.dll,          
                                   sechost.dll, IMM32.DLL, MSCTF.dll,          
                                   sandboxbroker.dll, mozalloc.dll, xul.dll,   
                                   icuin52.dll, icuuc52.dll, icudt52.dll,      
                                   NETAPI32.dll, netutils.dll, srvcli.dll,     
                                   wkscli.dll, SAMCLI.DLL, SHELL32.dll,        
                                   SHLWAPI.dll, ole32.dll, MSIMG32.dll,        
                                   IPHLPAPI.DLL, WINNSI.DLL, UxTheme.dll,      
                                   SETUPAPI.dll, CFGMGR32.dll, OLEAUT32.dll,   
                                   DEVOBJ.dll, WINTRUST.dll, CRYPT32.dll,      
                                   MSASN1.dll, WTSAPI32.dll, pdh.dll,          
                                   dwmapi.dll, dwrite.dll, dbghelp.dll,        
                                   CRYPTBASE.dll, comctl32.dll, CLBCatQ.DLL,   
                                   propsys.dll, ntmarta.dll, WLDAP32.dll,      
                                   Dnsapi.dll, mswsock.dll, wshtcpip.dll,      
                                   browsercomps.dll, wbemprox.dll,             
                                   wbemcomn.dll, CRYPTSP.dll, rsaenh.dll,      
                                   RpcRtRemote.dll, wbemsvc.dll, profapi.dll,  
                                   fastprox.dll, NTDSAPI.dll, NLAapi.dll,      
                                   napinsp.dll, pnrpnsp.dll, winrnr.dll,       
                                   wshbth.dll, WINSTA.dll, Wpc.dll,            
                                   USERENV.dll, wevtapi.dll, SAMLIB.dll,       
                                   MMDevApi.dll, AUDIOSES.DLL, d3d11.dll,      
                                   dxgi.dll, aticfx32.dll, atiuxpag.dll,       
                                   atidxx32.dll, d2d1.dll, XmlLite.dll,        
                                   mscms.dll, softokn3.dll, nssdbm3.dll,       
                                   freebl3.dll, nssckbi.dll,                   
                                   explorerframe.dll, DUser.dll, DUI70.dll,    
                                   wship6.dll, rasadhlp.dll, fwpuclnt.dll,     
                                   PSAPI.DLL, dhcpcsvc.DLL, dhcpcsvc6.DLL,     
                                   LINKINFO.dll, ntshrui.dll, cscapi.dll,      
                                   slc.dll                                     
TrustedInstaller.exe          3180 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, ole32.dll, GDI32.dll,           
                                   USER32.dll, LPK.dll, USP10.dll, IMM32.DLL,  
                                   MSCTF.dll, wdscore.dll, OLEAUT32.dll,       
                                   dbghelp.dll, CRYPTBASE.dll, cbscore.dll,    
                                   VERSION.dll, CRYPT32.dll, MSASN1.dll,       
                                   WINTRUST.dll, USERENV.dll, profapi.dll,     
                                   Ktmw32.dll, dpx.dll, wcp.dll, apphelp.dll,  
                                   DrUpdate.dll, SETUPAPI.dll, CFGMGR32.dll,   
                                   DEVOBJ.dll, MPR.dll, SrClient.dll, SPP.dll,
                                   VSSAPI.DLL, ATL.DLL, VssTrace.DLL,          
                                   wrpint.dll, SxsStore.dll, sqmapi.dll,       
                                   CRYPTSP.dll, rsaenh.dll, RpcRtRemote.dll,   
                                   CLBCatQ.DLL, CbsApi.dll                     
cmd.exe                       2548 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, WINBRAND.dll, USER32.dll,       
                                   GDI32.dll, LPK.dll, USP10.dll, IMM32.DLL,   
                                   MSCTF.dll, apphelp.dll                      
conhost.exe                   2764 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   GDI32.dll, USER32.dll, LPK.dll, USP10.dll,  
                                   msvcrt.dll, IMM32.dll, MSCTF.dll,           
                                   ole32.dll, RPCRT4.dll, OLEAUT32.dll,        
                                   uxtheme.dll, dwmapi.dll, ADVAPI32.dll,      
                                   sechost.dll, comctl32.DLL, SHLWAPI.dll,     
                                   CRYPTBASE.dll, CLBCatQ.DLL                  
tasklist.exe                  3852 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, USER32.dll, GDI32.dll, LPK.dll,
                                   USP10.dll, ole32.dll, VERSION.dll, MPR.dll,
                                   OLEAUT32.dll, Secur32.dll, SSPICLI.DLL,     
                                   WS2_32.dll, NSI.dll, framedynos.dll,        
                                   WTSAPI32.dll, NETAPI32.dll, netutils.dll,   
                                   srvcli.dll, wkscli.dll, dbghelp.dll,        
                                   SHLWAPI.dll, IMM32.DLL, MSCTF.dll,          
                                   CRYPTBASE.dll, CLBCatQ.DLL, wbemprox.dll,   
                                   wbemcomn.dll, Winsta.dll, CRYPTSP.dll,      
                                   rsaenh.dll, RpcRtRemote.dll, wbemsvc.dll,   
                                   fastprox.dll, NTDSAPI.dll, wmiutils.dll     
WmiPrvSE.exe                  2336 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, USER32.dll, GDI32.dll, LPK.dll,
                                   USP10.dll, wbemcomn.dll, OLEAUT32.dll,      
                                   ole32.dll, WS2_32.dll, NSI.dll,             
                                   FastProx.dll, NTDSAPI.dll, NCObjAPI.DLL,    
                                   IMM32.DLL, MSCTF.dll, CRYPTBASE.dll,        
                                   ntmarta.dll, WLDAP32.dll, CLBCatQ.DLL,      
                                   wbemprox.dll, CRYPTSP.dll, rsaenh.dll,      
                                   RpcRtRemote.dll, wbemsvc.dll, wmiutils.dll,
                                   cimwin32.dll, framedynos.dll, SspiCli.dll,  
                                   WTSAPI32.dll, WINSTA.dll, DEVOBJ.dll,       
                                   CFGMGR32.dll, WMI.DLL, POWRPROF.dll,        
                                   SETUPAPI.dll, NETAPI32.DLL, netutils.dll,   
                                   srvcli.dll, wkscli.dll, SAMCLI.DLL,         
                                   LOGONCLI.DLL, BROWCLI.DLL, SCHEDCLI.DLL,    
                                   DSROLE.DLL, WINBRAND.dll

#72
Fidel Castro

Posted 12 August 2015 - 02:32 PM

Member

Topic Starter
Member
162 posts

And this is the new 'explorer.txt' log from Procexp, in case you want to take a look:

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name
System Idle Process    76.60    0 K    24 K    0        
System    10.43    44 K    568 K    4        
procexp.exe    7.54    12.148 K    19.520 K    1148    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com
firefox.exe    3.72    283.008 K    279.248 K    2172    Firefox    Mozilla Corporation
Interrupts    1.03    0 K    0 K    n/a    Hardware Interrupts and DPCs    
csrss.exe    0.28    10.068 K    9.804 K    492    Client Server Runtime Process    Microsoft Corporation
explorer.exe    0.15    32.460 K    47.400 K    2496    Windows Explorer    Microsoft Corporation
dwm.exe    0.15    1.200 K    4.612 K    2416    Desktop Window Manager    Microsoft Corporation
svchost.exe    0.03    5.440 K    9.732 K    1720    Host Process for Windows Services    Microsoft Corporation
svchost.exe    0.02    8.752 K    10.204 K    3252    Host Process for Windows Services    Microsoft Corporation
svchost.exe    0.02    272.552 K    156.292 K    1056    Host Process for Windows Services    Microsoft Corporation
taskhost.exe    0.01    5.856 K    7.976 K    2340    Host Process for Windows Tasks    Microsoft Corporation
SearchIndexer.exe    0.01    15.176 K    9.000 K    2932    Microsoft Windows Search Indexer    Microsoft Corporation
svchost.exe    < 0.01    6.272 K    11.872 K    984    Host Process for Windows Services    Microsoft Corporation
svchost.exe    < 0.01    12.172 K    12.632 K    1244    Host Process for Windows Services    Microsoft Corporation
csrss.exe    < 0.01    1.332 K    3.444 K    416    Client Server Runtime Process    Microsoft Corporation
SynTPEnh.exe    < 0.01    7.284 K    9.672 K    2636    Synaptics TouchPad Enhancements    Synaptics Incorporated
wmpnetwk.exe        9.352 K    4.412 K    3024    Windows Media Player Network Sharing Service    Microsoft Corporation
WmiPrvSE.exe        1.880 K    4.688 K    2544    WMI Provider Host    Microsoft Corporation
wlanext.exe        1.256 K    4.000 K    1400    Windows Wireless LAN 802.11 Extensibility Framework    Microsoft Corporation
winlogon.exe        1.800 K    5.520 K    636    Windows Logon Application    Microsoft Corporation
wininit.exe        964 K    3.380 K    484    Windows Start-Up Application    Microsoft Corporation
TrustedInstaller.exe        2.996 K    7.444 K    3180    Windows Modules Installer    Microsoft Corporation
SynTPHelper.exe        612 K    2.524 K    2796    Synaptics Pointing Device Helper    Synaptics Incorporated
svchost.exe        56.540 K    64.140 K    944    Host Process for Windows Services    Microsoft Corporation
svchost.exe        1.288 K    4.048 K    1380    Host Process for Windows Services    Microsoft Corporation
svchost.exe        44.400 K    28.424 K    3992    Host Process for Windows Services    Microsoft Corporation
svchost.exe        1.296 K    4.356 K    1812    Host Process for Windows Services    Microsoft Corporation
svchost.exe        2.576 K    5.640 K    780    Host Process for Windows Services    Microsoft Corporation
svchost.exe        14.160 K    15.172 K    900    Host Process for Windows Services    Microsoft Corporation
svchost.exe        2.872 K    6.968 K    708    Host Process for Windows Services    Microsoft Corporation
svchost.exe        10.364 K    10.792 K    1592    Host Process for Windows Services    Microsoft Corporation
svchost.exe        3.120 K    6.184 K    1676    Host Process for Windows Services    Microsoft Corporation
svchost.exe        1.752 K    4.520 K    2052    Host Process for Windows Services    Microsoft Corporation
spoolsv.exe        5.128 K    9.600 K    1532    Spooler SubSystem App    Microsoft Corporation
smss.exe        256 K    788 K    260    Windows Session Manager    Microsoft Corporation
services.exe        4.116 K    7.052 K    532    Services and Controller app    Microsoft Corporation
lsm.exe        1.336 K    3.092 K    556    Local Session Manager Service    Microsoft Corporation
lsass.exe        3.928 K    9.960 K    548    Local Security Authority Process    Microsoft Corporation
HPSupportSolutionsFrameworkService.exe        22.872 K    25.196 K    3812    HP Support Solutions Framework Service    Hewlett-Packard Company
conhost.exe        496 K    2.116 K    1412    Console Window Host    Microsoft Corporation
atiesrxx.exe        872 K    3.112 K    828    AMD External Events Service Module    AMD
atieclxx.exe        1.496 K    5.068 K    1252    AMD External Events Client Module    AMD
alg.exe        1.040 K    3.784 K    132    Application Layer Gateway Service    Microsoft Corporation

Process: System Pid: 4

Type    Name
ALPC Port    \PowerMonitorPort
ALPC Port    \PowerPort
ALPC Port    \SeRmCommandPort
Desktop    \Disconnect
Desktop    \Disconnect
Directory    \GLOBAL??
Directory    \Device\Harddisk0
Directory    \Windows\WindowStations
Directory    \Sessions\1\Windows\WindowStations
Directory    \Sessions\0\DosDevices\00000000-000003e4
Directory    \Sessions\0\DosDevices\00000000-000003e5
Directory    \Device\Http
Directory    \Sessions\0\DosDevices\00000000-0004d702
Event    \i8042PortAccessMutex
Event    \EFSInitEvent
Event    \i8042PortAccessMutex
Event    \UniqueSessionIdEvent
Event    \UniqueInteractiveSessionIdEvent
Event    \Sessions\1\BaseNamedObjects\EventShutDownCSRSS
Event    \KernelObjects\LowMemoryCondition
Event    \LanmanServerAnnounceEvent
File    D:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File    D:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File    C:\Windows\System32\config\DEFAULT
File    D:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File    \Device\Tcp
File    \clfs
File    C:\System Volume Information\{0ec13c0c-411a-11e5-9ee8-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    \clfs
File    C:\System Volume Information\{ffd77e2e-407a-11e5-920d-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{ffd77c8a-407a-11e5-920d-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{ffd77e33-407a-11e5-920d-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
File    \clfs
File    \clfs
File    \clfs
File    C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File    \clfs
File    C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File    C:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File    C:\$Extend\$RmMetadata\$Txf
File    \clfs
File    D:\$Extend\$RmMetadata\$Txf
File    C:\System Volume Information\{eab429b6-411e-11e5-bfa4-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{eab429ba-411e-11e5-bfa4-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{eab429d0-411e-11e5-bfa4-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\Windows\System32\config\SOFTWARE
File    \clfs
File    \clfs
File    \clfs
File    \Device\KsecDD
File    \Device\Tcp
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
File    C:\Windows\bootstat.dat
File    F:\$Extend\$RmMetadata\$Txf
File    C:\Windows\System32\drivers\en-US\bthenum.sys.mui
File    \clfs
File    F:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File    \Device\00000085
File    \Device\Tcp
File    F:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File    \clfs
File    C:\Windows\System32\config\SYSTEM.LOG2
File    F:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File    \clfs
File    \clfs
File    \clfs
File    \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File    \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File    \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File    \clfs
File    \clfs
File    \Device\HarddiskVolume1\$Extend\$RmMetadata\$Txf
File    \clfs
File    \clfs
File    \clfs
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
File    C:\Windows\System32\config\RegBack\SYSTEM
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
File    \Device\HarddiskVolume1\Boot\BCD
File    \Device\HarddiskVolume1\Boot\BCD.LOG
File    C:\pagefile.sys
File    C:\Windows\System32\config\SOFTWARE.LOG1
File    C:\Windows\System32\config\SYSTEM
File    C:\Windows\System32\config\SOFTWARE.LOG2
File    C:\Windows\System32\config\SYSTEM.LOG1
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
File    C:\Windows\System32\config\TxR\{febd23ee-0389-11e4-ba7a-60d819db7858}.TMContainer00000000000000000001.regtrans-ms
File    C:\Windows\System32\config\TxR\{febd23ee-0389-11e4-ba7a-60d819db7858}.TMContainer00000000000000000002.regtrans-ms
File    C:\Windows\System32\config\TxR\{febd23ee-0389-11e4-ba7a-60d819db7858}.TM.blf
File    \clfs
File    \clfs
File    C:\Windows\System32\config\RegBack\SOFTWARE
File    C:\Windows\System32\config\DEFAULT.LOG2
File    C:\Windows\System32\config\RegBack\DEFAULT
File    C:\Windows\System32\config\DEFAULT.LOG1
File    C:\Windows\ehome\malgunmc.ttf
File    C:\Windows\ehome\WTVGOTHIC-S.ttc
File    C:\Windows\System32\en-US\win32k.sys.mui
File    C:\Windows\ehome\WTVGOTHIC-S.ttc
File    C:\Windows\ehome\malgunmc.ttf
File    C:\Windows\System32\config\RegBack\SECURITY
File    C:\Windows\System32\config\SECURITY
File    C:\Windows\System32\config\SECURITY.LOG1
File    C:\Windows\System32\config\SECURITY.LOG2
File    C:\Program Files\Common Files\microsoft shared\EQUATION\MTEXTRA.TTF
File    C:\Windows\System32\config\RegBack\SAM
File    C:\Windows\System32\config\SAM
File    C:\Windows\System32\config\SAM.LOG1
File    C:\Windows\System32\config\SAM.LOG2
File    \Device\HarddiskVolume2
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{8a213784-2af9-11e5-ba09-806e6f6e6963}.TM.blf
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{8a213784-2af9-11e5-ba09-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
File    \clfs
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{8a213784-2af9-11e5-ba09-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
File    \clfs
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{8a213788-2af9-11e5-ba09-60d819db7858}.TM.blf
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTNT Kernel Logger.etl
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{8a213788-2af9-11e5-ba09-60d819db7858}.TMContainer00000000000000000001.regtrans-ms
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{8a213788-2af9-11e5-ba09-60d819db7858}.TMContainer00000000000000000002.regtrans-ms
File    \clfs
File    \clfs
File    C:\Program Files\Common Files\microsoft shared\EQUATION\MTEXTRA.TTF
File    C:\Windows\System32\wdi\LogFiles\WdiContextLog.etl.003
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Mup
File    \Device\Mup
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagtrack-Listener.etl
File    \Device\NamedPipe\
File    \Device\NamedPipe\
File    \Device\Tcp
File    \Device\Udp
File    \Device\Udp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    C:\Windows\System32\config\components{0c1aafdb-412f-11e5-bda3-60d819db7858}.TxR.0.regtrans-ms
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
File    C:\Windows\System32\wfp\wfpdiag.etl
File    C:\Windows\System32\config\COMPONENTS.LOG2
File    C:\Windows\System32\config\COMPONENTS.LOG1
File    \clfs
File    \clfs
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat{f9bbcfbb-2846-11e5-b980-60d819db7858}.TMContainer00000000000000000002.regtrans-ms
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat{f9bbcfbb-2846-11e5-b980-60d819db7858}.TMContainer00000000000000000001.regtrans-ms
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat{f9bbcfbb-2846-11e5-b980-60d819db7858}.TM.blf
File    \clfs
File    \clfs
File    C:\Users\inFidel\ntuser.dat{febd240b-0389-11e4-ba7a-60d819db7858}.TMContainer00000000000000000002.regtrans-ms
File    C:\Users\inFidel\ntuser.dat{febd240b-0389-11e4-ba7a-60d819db7858}.TMContainer00000000000000000001.regtrans-ms
File    C:\Users\inFidel\ntuser.dat
File    C:\Users\inFidel\ntuser.dat.LOG1
File    C:\Users\inFidel\ntuser.dat{febd240b-0389-11e4-ba7a-60d819db7858}.TM.blf
File    C:\Users\inFidel\ntuser.dat.LOG2
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \clfs
File    C:\Windows\System32\config\TxR\{febd23ed-0389-11e4-ba7a-60d819db7858}.TxR.2.regtrans-ms
File    C:\Windows\System32\config\TxR\{febd23ed-0389-11e4-ba7a-60d819db7858}.TxR.blf
File    C:\Windows\System32\config\components
File    C:\Windows\System32\config\components{0c1aafdc-412f-11e5-bda3-60d819db7858}.TM.blf
File    C:\Windows\System32\config\TxR\{febd23ed-0389-11e4-ba7a-60d819db7858}.TxR.0.regtrans-ms
File    C:\Windows\System32\config\TxR\{febd23ed-0389-11e4-ba7a-60d819db7858}.TxR.1.regtrans-ms
File    \clfs
File    \clfs
File    C:\Windows\System32\config\components{0c1aafdc-412f-11e5-bda3-60d819db7858}.TMContainer00000000000000000001.regtrans-ms
File    C:\Windows\System32\config\components{0c1aafdc-412f-11e5-bda3-60d819db7858}.TMContainer00000000000000000002.regtrans-ms
File    C:\Windows\System32\config\components{0c1aafdb-412f-11e5-bda3-60d819db7858}.TxR.blf
File    \clfs
File    C:\Windows\System32\config\components{0c1aafdb-412f-11e5-bda3-60d819db7858}.TxR.1.regtrans-ms
File    C:\Windows\System32\config\components{0c1aafdb-412f-11e5-bda3-60d819db7858}.TxR.2.regtrans-ms
Key    HKLM\SYSTEM\ControlSet001\Control\hivelist
Key    \REGISTRY
Key    HKLM\HARDWARE\DESCRIPTION\System\MultifunctionAdapter
Key    HKLM\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\PrefetchParameters
Key    HKLM\SYSTEM\ControlSet001\Control\ProductOptions
Key    HKLM\SYSTEM\Setup
Key    HKLM\SYSTEM\ControlSet001
Key    HKLM\SYSTEM\ControlSet001\Enum
Key    HKLM\SYSTEM\ControlSet001\Control\Class
Key    HKLM\SYSTEM\ControlSet001\services
Key    HKLM\SYSTEM\ControlSet001\Control\WMI\Security
Key    HKLM\SYSTEM\ControlSet001\Control\Lsa
Key    HKLM\SYSTEM\ControlSet001\Control\Lsa
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000110a-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&1200\7&319823d8&0&AC220BA10E66_C00000000\Device Parameters
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 1
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 2
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\1
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 3
Key    HKLM\SYSTEM\ControlSet001
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 4
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0
Key    HKLM\SYSTEM\ControlSet001\services\Disk
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 5
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 6
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 7
Key    HKLM\SYSTEM\ControlSet001\Control\PCW\Security
Key    HKLM\SYSTEM\ControlSet001\Policies
Key    HKLM\SYSTEM\ControlSet001\Control\FileSystem
Key    HKLM\SYSTEM\RNG
Key    HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\Order
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\131
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\23
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\24
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\6
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\71
Key    HKLM\SYSTEM\ControlSet001\services\Mup
Key    HKLM\SYSTEM\ControlSet001\services\NDProxy
Key    HKLM\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Enum\SCSI\Disk&Ven_ST950032&Prod_5AS\4&36a3793&0&000000
Key    HKLM\SYSTEM\ControlSet001\Control\FileSystem
Key    HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0001
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000110c-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000\7&319823d8&0&188796EC54C9_C00000001\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0000
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{00001112-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000\7&319823d8&0&188796EC54C9_C00000001\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\60d819db7858
Key    HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000111f-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000\7&319823d8&0&188796EC54C9_C00000001\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000110a-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000\7&319823d8&0&188796EC54C9_C00000001\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000110e-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&1200\7&319823d8&0&AC220BA10E66_C00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000110c-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&1200\7&319823d8&0&AC220BA10E66_C00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{00001112-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&1200\7&319823d8&0&AC220BA10E66_C00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{24df01a9-3e4f-4c9f-9f66-5aa8ab14f8f4}_LOCALMFG&0000\7&319823d8&0&000000000000_00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{6e0c8f4c-d928-4852-b6b2-f0f0e0d126fa}_LOCALMFG&0000\7&319823d8&0&000000000000_00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{7788fa25-dfe4-4ea4-b838-4771e26ccf82}_LOCALMFG&0000\7&319823d8&0&000000000000_00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{24df01a9-3e4f-4c9f-9f66-5aa8ab14f8f4}_LOCALMFG&0000\7&319823d8&0&000000000000_00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{84a1e9b8-12ba-4a9c-8ab0-a43784e0d149}_LOCALMFG&0000\7&319823d8&0&000000000000_00000000\Device Parameters
Key    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Key    HKLM\SOFTWARE\Policies\Microsoft\Windows
Key    HKLM\SYSTEM\ControlSet001\Control\Session Manager\Quota System
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters\Adapters
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters\Adapters\{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}\ExtSTA
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine
Key    HKLM\SYSTEM\ControlSet001\services\HTTP\Parameters\UrlAclInfo
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{105A5B5F-4AF5-4AF1-ABB2-C5304DF513A9}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{179481F9-0A44-409D-9AD9-2FE55069DD52}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{19F818F0-E665-49E7-84BF-E215C05C41AA}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33663898-4FD8-499E-9E16-5ABCA8084DA8}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{4459446D-3659-49AA-8470-2B38E8147E19}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{7F94628A-6998-49B9-AA7D-0153527815E8}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{CDDE74BD-9F9E-4285-AA4E-78167B3EBFB0}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\PersistentRoutes
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters\Adapters\{33663898-4FD8-499E-9E16-5ABCA8084DA8}\ExtAP
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters\Adapters\{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}\ExtSTAMib
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters\Adapters\{33663898-4FD8-499E-9E16-5ABCA8084DA8}\ExtAPMib
Key    HKLM\SYSTEM\WPA\8DEC0AF1-0341-4b93-85CD-72606C2DF94C-5P-31
Process    System(4)
Process    System(4)
Process    smss.exe(260)
Process    wininit.exe(484)
Process    lsass.exe(548)
Process    SearchIndexer.exe(2932)
Process    lsass.exe(548)
Process    lsass.exe(548)
Process    lsass.exe(548)
Process    winlogon.exe(636)
Process    services.exe(532)
Process    lsm.exe(556)
Process    services.exe(532)
Process    svchost.exe(708)
Process    services.exe(532)
Process    svchost.exe(708)
Process    svchost.exe(708)
Process    svchost.exe(780)
Process    svchost.exe(780)
Process    atiesrxx.exe(828)
Process    atiesrxx.exe(828)
Process    svchost.exe(900)
Process    svchost.exe(944)
Process    svchost.exe(984)
Process    svchost.exe(900)
Process    svchost.exe(1056)
Process    svchost.exe(900)
Process    svchost.exe(900)
Process    svchost.exe(944)
Process    svchost.exe(984)
Process    svchost.exe(900)
Process    svchost.exe(2052)
Process    svchost.exe(1056)
Process    atieclxx.exe(1252)
Process    svchost.exe(1244)
Process    wlanext.exe(1400)
Process    atieclxx.exe(1252)
Process    spoolsv.exe(1532)
Process    svchost.exe(1592)
Process    spoolsv.exe(1532)
Process    svchost.exe(1244)
Process    svchost.exe(1592)
Process    svchost.exe(1676)
Process    svchost.exe(1676)
Process    svchost.exe(1676)
Process    svchost.exe(1720)
Process    svchost.exe(1592)
Process    svchost.exe(1720)
Process    svchost.exe(1812)
Process    svchost.exe(1056)
Process    svchost.exe(984)
Process    svchost.exe(1056)
Process    svchost.exe(1056)
Process    svchost.exe(1720)
Process    svchost.exe(1720)
Process    svchost.exe(1056)
Process    svchost.exe(1720)
Process    svchost.exe(1720)
Process    svchost.exe(1720)
Process    svchost.exe(1720)
Process    svchost.exe(1720)
Process    svchost.exe(1720)
Process    svchost.exe(1720)
Process    svchost.exe(1720)
Process    svchost.exe(1056)
Process    svchost.exe(1380)
Process    alg.exe(132)
Process    svchost.exe(2052)
Process    services.exe(532)
Process    svchost.exe(3992)
Process    procexp.exe(1148)
Process    svchost.exe(3992)
Process    svchost.exe(944)
Process    firefox.exe(2172)
Process    svchost.exe(3992)
Process    wmpnetwk.exe(3024)
Process    WmiPrvSE.exe(2544)
Process    SynTPEnh.exe(2636)
Process    svchost.exe(1720)
Process    wmpnetwk.exe(3024)
Process    explorer.exe(2496)
Process    SynTPEnh.exe(2636)
Process    dwm.exe(2416)
Process    spoolsv.exe(1532)
Process    taskhost.exe(2340)
Process    spoolsv.exe(1532)
Process    spoolsv.exe(1532)
Process    explorer.exe(2496)
Process    svchost.exe(3992)
Process    svchost.exe(1720)
Process    svchost.exe(1720)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(3252)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    HPSupportSolutionsFrameworkService.exe(3812)
Process    TrustedInstaller.exe(3180)
Process    svchost.exe(1056)
Process    svchost.exe(1056)
Process    procexp.exe(1148)
Process    svchost.exe(1244)
Process    svchost.exe(944)
Section    \Win32kCrossSessionGlobals
Section    \Device\PhysicalMemory
Session    \KernelObjects\Session0
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Thread    System(4): 164
Thread    System(4): 292
Thread    System(4): 296
Thread    System(4): 308
Thread    System(4): 300
Thread    System(4): 304
Thread    System(4): 352
Thread    System(4): 512
Thread    System(4): 1524
Thread    System(4): 1520
Thread    System(4): 1528
Thread    System(4): 1628
Thread    System(4): 1184
Thread    System(4): 3768
Thread    System(4): 3772
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\NETWORK SERVICE:3e4
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\NETWORK SERVICE:3e4
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\ANONYMOUS LOGON:22ccf
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\NETWORK SERVICE:3e4
Token    inFidel-1337\inFidel:4d702
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\NETWORK SERVICE:3e4
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    inFidel-1337\inFidel:4d702

#73
RKinner

Posted 12 August 2015 - 02:46 PM

Malware Expert

Expert
24,625 posts

OK. It appears it was windows live using the dllhost.exe to run their junk. Didn't help the problem tho.

Run Process Explorer and find each of these. Right click on each and Suspend.

HPSupportSolutionsFrameworkService.exe
TrustedInstaller.exe

Then make sure Process Explorer is not stopped and look at System again. Is it still around 10 %

#74
Fidel Castro

Posted 12 August 2015 - 02:58 PM

Member

Topic Starter
Member
162 posts

I have suspended the "HPSupportSolutionsFrameworkService.exe" but I couldn't find the "TrustedInstaller.exe".

Here is the new 'system.txt' log from Procexp:

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name
System Idle Process    69.44    0 K    24 K    0        
System    11.22    44 K    576 K    4        
procexp.exe    11.10    13.584 K    20.472 K    3936    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com
firefox.exe    3.36    283.564 K    280.412 K    2172    Firefox    Mozilla Corporation
Interrupts    2.07    0 K    0 K    n/a    Hardware Interrupts and DPCs    
SynTPEnh.exe    1.54    7.284 K    9.692 K    2636    Synaptics TouchPad Enhancements    Synaptics Incorporated
csrss.exe    0.91    10.072 K    9.508 K    492    Client Server Runtime Process    Microsoft Corporation
dwm.exe    0.15    1.200 K    4.612 K    2416    Desktop Window Manager    Microsoft Corporation
explorer.exe    0.08    34.260 K    51.176 K    2496    Windows Explorer    Microsoft Corporation
svchost.exe    0.06    5.448 K    9.912 K    1720    Host Process for Windows Services    Microsoft Corporation
svchost.exe    0.01    12.576 K    13.296 K    1244    Host Process for Windows Services    Microsoft Corporation
wmpnetwk.exe    0.01    9.312 K    8.732 K    3024    Windows Media Player Network Sharing Service    Microsoft Corporation
taskhost.exe    0.01    5.856 K    8.240 K    2340    Host Process for Windows Tasks    Microsoft Corporation
svchost.exe    0.01    20.176 K    31.800 K    1056    Host Process for Windows Services    Microsoft Corporation
svchost.exe    0.01    6.276 K    11.940 K    984    Host Process for Windows Services    Microsoft Corporation
SearchIndexer.exe    < 0.01    19.908 K    11.264 K    2932    Microsoft Windows Search Indexer    Microsoft Corporation
svchost.exe    < 0.01    66.508 K    74.524 K    944    Host Process for Windows Services    Microsoft Corporation
svchost.exe    < 0.01    9.112 K    10.608 K    3252    Host Process for Windows Services    Microsoft Corporation
csrss.exe    < 0.01    1.332 K    3.440 K    416    Client Server Runtime Process    Microsoft Corporation
WmiPrvSE.exe        1.892 K    4.796 K    2740    WMI Provider Host    Microsoft Corporation
wlanext.exe        1.256 K    4.000 K    1400    Windows Wireless LAN 802.11 Extensibility Framework    Microsoft Corporation
winlogon.exe        1.800 K    5.556 K    636    Windows Logon Application    Microsoft Corporation
wininit.exe        964 K    3.380 K    484    Windows Start-Up Application    Microsoft Corporation
SynTPHelper.exe        612 K    2.516 K    2796    Synaptics Pointing Device Helper    Synaptics Incorporated
svchost.exe        1.288 K    4.048 K    1380    Host Process for Windows Services    Microsoft Corporation
svchost.exe        3.096 K    6.988 K    708    Host Process for Windows Services    Microsoft Corporation
svchost.exe        10.768 K    11.100 K    1592    Host Process for Windows Services    Microsoft Corporation
svchost.exe        2.676 K    5.772 K    780    Host Process for Windows Services    Microsoft Corporation
svchost.exe        13.292 K    14.156 K    900    Host Process for Windows Services    Microsoft Corporation
svchost.exe        44.400 K    18.092 K    3992    Host Process for Windows Services    Microsoft Corporation
svchost.exe        1.752 K    4.520 K    2052    Host Process for Windows Services    Microsoft Corporation
svchost.exe        1.296 K    4.356 K    1812    Host Process for Windows Services    Microsoft Corporation
svchost.exe        3.876 K    7.888 K    1676    Host Process for Windows Services    Microsoft Corporation
spoolsv.exe        5.128 K    9.604 K    1532    Spooler SubSystem App    Microsoft Corporation
smss.exe        256 K    784 K    260    Windows Session Manager    Microsoft Corporation
services.exe        4.168 K    7.052 K    532    Services and Controller app    Microsoft Corporation
lsm.exe        1.288 K    3.040 K    556    Local Session Manager Service    Microsoft Corporation
lsass.exe        3.892 K    10.056 K    548    Local Security Authority Process    Microsoft Corporation
HPSupportSolutionsFrameworkService.exe    Suspended    22.872 K    25.196 K    3812    HP Support Solutions Framework Service    Hewlett-Packard Company
conhost.exe        496 K    2.112 K    1412    Console Window Host    Microsoft Corporation
atiesrxx.exe        872 K    3.100 K    828    AMD External Events Service Module    AMD
atieclxx.exe        1.496 K    5.052 K    1252    AMD External Events Client Module    AMD
alg.exe        1.040 K    3.780 K    132    Application Layer Gateway Service    Microsoft Corporation

Process: System Pid: 4

Type    Name
ALPC Port    \PowerMonitorPort
ALPC Port    \PowerPort
ALPC Port    \SeRmCommandPort
Desktop    \Disconnect
Desktop    \Disconnect
Directory    \GLOBAL??
Directory    \Device\Harddisk0
Directory    \Windows\WindowStations
Directory    \Sessions\1\Windows\WindowStations
Directory    \Sessions\0\DosDevices\00000000-000003e4
Directory    \Sessions\0\DosDevices\00000000-000003e5
Directory    \Device\Http
Directory    \Sessions\0\DosDevices\00000000-0004d702
Event    \i8042PortAccessMutex
Event    \EFSInitEvent
Event    \i8042PortAccessMutex
Event    \UniqueSessionIdEvent
Event    \UniqueInteractiveSessionIdEvent
Event    \Sessions\1\BaseNamedObjects\EventShutDownCSRSS
Event    \KernelObjects\LowMemoryCondition
Event    \LanmanServerAnnounceEvent
File    D:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File    D:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File    C:\Windows\System32\config\DEFAULT
File    D:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File    \Device\Tcp
File    \clfs
File    C:\System Volume Information\{0ec13c0c-411a-11e5-9ee8-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    \clfs
File    C:\System Volume Information\{ffd77e2e-407a-11e5-920d-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{ffd77c8a-407a-11e5-920d-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{ffd77e33-407a-11e5-920d-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
File    \clfs
File    \clfs
File    \clfs
File    C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File    \clfs
File    C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File    C:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File    C:\$Extend\$RmMetadata\$Txf
File    \clfs
File    D:\$Extend\$RmMetadata\$Txf
File    C:\System Volume Information\{eab429b6-411e-11e5-bfa4-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{eab429ba-411e-11e5-bfa4-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\System Volume Information\{eab429d0-411e-11e5-bfa4-60d819db7858}{3808876b-c176-4e48-b7ae-04046e6cc752}
File    C:\Windows\System32\config\SOFTWARE
File    \clfs
File    \clfs
File    \clfs
File    \Device\KsecDD
File    \Device\Tcp
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
File    C:\Windows\bootstat.dat
File    F:\$Extend\$RmMetadata\$Txf
File    C:\Windows\System32\drivers\en-US\bthenum.sys.mui
File    \clfs
File    F:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File    \Device\00000085
File    \Device\Tcp
File    F:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File    \clfs
File    C:\Windows\System32\config\SYSTEM.LOG2
File    F:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File    \clfs
File    \clfs
File    \clfs
File    \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File    \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File    \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File    \clfs
File    \clfs
File    \Device\HarddiskVolume1\$Extend\$RmMetadata\$Txf
File    \clfs
File    \clfs
File    \clfs
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
File    C:\Windows\System32\config\RegBack\SYSTEM
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
File    \Device\HarddiskVolume1\Boot\BCD
File    \Device\HarddiskVolume1\Boot\BCD.LOG
File    C:\pagefile.sys
File    C:\Windows\System32\config\SOFTWARE.LOG1
File    C:\Windows\System32\config\SYSTEM
File    C:\Windows\System32\config\SOFTWARE.LOG2
File    C:\Windows\System32\config\SYSTEM.LOG1
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
File    C:\Windows\System32\config\TxR\{febd23ee-0389-11e4-ba7a-60d819db7858}.TMContainer00000000000000000001.regtrans-ms
File    C:\Windows\System32\config\TxR\{febd23ee-0389-11e4-ba7a-60d819db7858}.TMContainer00000000000000000002.regtrans-ms
File    C:\Windows\System32\config\TxR\{febd23ee-0389-11e4-ba7a-60d819db7858}.TM.blf
File    \clfs
File    \clfs
File    C:\Windows\System32\config\RegBack\SOFTWARE
File    C:\Windows\System32\config\DEFAULT.LOG2
File    C:\Windows\System32\config\RegBack\DEFAULT
File    C:\Windows\System32\config\DEFAULT.LOG1
File    C:\Windows\ehome\malgunmc.ttf
File    C:\Windows\ehome\WTVGOTHIC-S.ttc
File    C:\Windows\System32\en-US\win32k.sys.mui
File    C:\Windows\ehome\WTVGOTHIC-S.ttc
File    C:\Windows\ehome\malgunmc.ttf
File    C:\Windows\System32\config\RegBack\SECURITY
File    C:\Windows\System32\config\SECURITY
File    C:\Windows\System32\config\SECURITY.LOG1
File    C:\Windows\System32\config\SECURITY.LOG2
File    C:\Program Files\Common Files\microsoft shared\EQUATION\MTEXTRA.TTF
File    C:\Windows\System32\config\RegBack\SAM
File    C:\Windows\System32\config\SAM
File    C:\Windows\System32\config\SAM.LOG1
File    C:\Windows\System32\config\SAM.LOG2
File    \Device\HarddiskVolume2
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{8a213784-2af9-11e5-ba09-806e6f6e6963}.TM.blf
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{8a213784-2af9-11e5-ba09-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
File    \clfs
File    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{8a213784-2af9-11e5-ba09-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
File    \clfs
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{8a213788-2af9-11e5-ba09-60d819db7858}.TM.blf
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{8a213788-2af9-11e5-ba09-60d819db7858}.TMContainer00000000000000000001.regtrans-ms
File    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{8a213788-2af9-11e5-ba09-60d819db7858}.TMContainer00000000000000000002.regtrans-ms
File    \clfs
File    \clfs
File    C:\Program Files\Common Files\microsoft shared\EQUATION\MTEXTRA.TTF
File    C:\Windows\System32\wdi\LogFiles\WdiContextLog.etl.003
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Mup
File    \Device\Mup
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagtrack-Listener.etl
File    \Device\NamedPipe\
File    \Device\NamedPipe\
File    \Device\Tcp
File    \Device\Udp
File    \Device\Udp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \Device\Tcp
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
File    C:\Windows\System32\wfp\wfpdiag.etl
File    C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTNT Kernel Logger.etl
File    \clfs
File    \clfs
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat{f9bbcfbb-2846-11e5-b980-60d819db7858}.TMContainer00000000000000000002.regtrans-ms
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat{f9bbcfbb-2846-11e5-b980-60d819db7858}.TMContainer00000000000000000001.regtrans-ms
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat
File    C:\Users\inFidel\AppData\Local\Microsoft\Windows\UsrClass.dat{f9bbcfbb-2846-11e5-b980-60d819db7858}.TM.blf
File    \clfs
File    \clfs
File    C:\Users\inFidel\ntuser.dat{febd240b-0389-11e4-ba7a-60d819db7858}.TMContainer00000000000000000002.regtrans-ms
File    C:\Users\inFidel\ntuser.dat{febd240b-0389-11e4-ba7a-60d819db7858}.TMContainer00000000000000000001.regtrans-ms
File    C:\Users\inFidel\ntuser.dat
File    C:\Users\inFidel\ntuser.dat.LOG1
File    C:\Users\inFidel\ntuser.dat{febd240b-0389-11e4-ba7a-60d819db7858}.TM.blf
File    C:\Users\inFidel\ntuser.dat.LOG2
File    \Device\NetBT_Tcpip_{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
File    \clfs
File    C:\Windows\System32\config\TxR\{febd23ed-0389-11e4-ba7a-60d819db7858}.TxR.2.regtrans-ms
File    C:\Windows\System32\config\TxR\{febd23ed-0389-11e4-ba7a-60d819db7858}.TxR.blf
File    C:\Windows\System32\config\TxR\{febd23ed-0389-11e4-ba7a-60d819db7858}.TxR.0.regtrans-ms
File    C:\Windows\System32\config\TxR\{febd23ed-0389-11e4-ba7a-60d819db7858}.TxR.1.regtrans-ms
Key    HKLM\SYSTEM\ControlSet001\Control\hivelist
Key    \REGISTRY
Key    HKLM\HARDWARE\DESCRIPTION\System\MultifunctionAdapter
Key    HKLM\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\PrefetchParameters
Key    HKLM\SYSTEM\ControlSet001\Control\ProductOptions
Key    HKLM\SYSTEM\Setup
Key    HKLM\SYSTEM\ControlSet001
Key    HKLM\SYSTEM\ControlSet001\Enum
Key    HKLM\SYSTEM\ControlSet001\Control\Class
Key    HKLM\SYSTEM\ControlSet001\services
Key    HKLM\SYSTEM\ControlSet001\Control\WMI\Security
Key    HKLM\SYSTEM\ControlSet001\Control\Lsa
Key    HKLM\SYSTEM\ControlSet001\Control\Lsa
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000110a-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&1200\7&319823d8&0&AC220BA10E66_C00000000\Device Parameters
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 1
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 2
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\1
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 3
Key    HKLM\SYSTEM\ControlSet001
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 4
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0
Key    HKLM\SYSTEM\ControlSet001\services\Disk
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 5
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 6
Key    HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 7
Key    HKLM\SYSTEM\ControlSet001\Control\PCW\Security
Key    HKLM\SYSTEM\ControlSet001\Policies
Key    HKLM\SYSTEM\ControlSet001\Control\FileSystem
Key    HKLM\SYSTEM\RNG
Key    HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\Order
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\131
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\23
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\24
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\6
Key    HKLM\SYSTEM\ControlSet001\services\NDIS\IfTypes\71
Key    HKLM\SYSTEM\ControlSet001\services\Mup
Key    HKLM\SYSTEM\ControlSet001\services\NDProxy
Key    HKLM\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Enum\SCSI\Disk&Ven_ST950032&Prod_5AS\4&36a3793&0&000000
Key    HKLM\SYSTEM\ControlSet001\Control\FileSystem
Key    HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0001
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000110c-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000\7&319823d8&0&188796EC54C9_C00000001\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0000
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{00001112-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000\7&319823d8&0&188796EC54C9_C00000001\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\60d819db7858
Key    HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000111f-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000\7&319823d8&0&188796EC54C9_C00000001\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000110a-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000\7&319823d8&0&188796EC54C9_C00000001\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000110e-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&1200\7&319823d8&0&AC220BA10E66_C00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{0000110c-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&1200\7&319823d8&0&AC220BA10E66_C00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{00001112-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&1200\7&319823d8&0&AC220BA10E66_C00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{24df01a9-3e4f-4c9f-9f66-5aa8ab14f8f4}_LOCALMFG&0000\7&319823d8&0&000000000000_00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{6e0c8f4c-d928-4852-b6b2-f0f0e0d126fa}_LOCALMFG&0000\7&319823d8&0&000000000000_00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{7788fa25-dfe4-4ea4-b838-4771e26ccf82}_LOCALMFG&0000\7&319823d8&0&000000000000_00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{24df01a9-3e4f-4c9f-9f66-5aa8ab14f8f4}_LOCALMFG&0000\7&319823d8&0&000000000000_00000000\Device Parameters
Key    HKLM\SYSTEM\ControlSet001\Enum\BTHENUM\{84a1e9b8-12ba-4a9c-8ab0-a43784e0d149}_LOCALMFG&0000\7&319823d8&0&000000000000_00000000\Device Parameters
Key    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Key    HKLM\SOFTWARE\Policies\Microsoft\Windows
Key    HKLM\SYSTEM\ControlSet001\Control\Session Manager\Quota System
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters\Adapters
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters\Adapters\{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}\ExtSTA
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine
Key    HKLM\SYSTEM\ControlSet001\services\HTTP\Parameters\UrlAclInfo
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{105A5B5F-4AF5-4AF1-ABB2-C5304DF513A9}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{179481F9-0A44-409D-9AD9-2FE55069DD52}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{19F818F0-E665-49E7-84BF-E215C05C41AA}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33663898-4FD8-499E-9E16-5ABCA8084DA8}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{4459446D-3659-49AA-8470-2B38E8147E19}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{7F94628A-6998-49B9-AA7D-0153527815E8}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{CDDE74BD-9F9E-4285-AA4E-78167B3EBFB0}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\PersistentRoutes
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters\Adapters\{33663898-4FD8-499E-9E16-5ABCA8084DA8}\ExtAP
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters\Adapters\{A17A0D3A-9613-4F2B-A3D1-28C472C7F6A8}\ExtSTAMib
Key    HKLM\SYSTEM\ControlSet001\services\NativeWifiP\Parameters\Adapters\{33663898-4FD8-499E-9E16-5ABCA8084DA8}\ExtAPMib
Key    HKLM\SYSTEM\WPA\8DEC0AF1-0341-4b93-85CD-72606C2DF94C-5P-31
Process    System(4)
Process    System(4)
Process    smss.exe(260)
Process    wininit.exe(484)
Process    lsass.exe(548)
Process    SearchIndexer.exe(2932)
Process    lsass.exe(548)
Process    lsass.exe(548)
Process    lsass.exe(548)
Process    winlogon.exe(636)
Process    services.exe(532)
Process    lsm.exe(556)
Process    services.exe(532)
Process    svchost.exe(708)
Process    services.exe(532)
Process    svchost.exe(708)
Process    svchost.exe(708)
Process    svchost.exe(780)
Process    svchost.exe(780)
Process    atiesrxx.exe(828)
Process    atiesrxx.exe(828)
Process    svchost.exe(900)
Process    svchost.exe(944)
Process    svchost.exe(984)
Process    svchost.exe(900)
Process    svchost.exe(1056)
Process    svchost.exe(900)
Process    svchost.exe(900)
Process    svchost.exe(944)
Process    svchost.exe(984)
Process    svchost.exe(900)
Process    svchost.exe(2052)
Process    svchost.exe(1056)
Process    atieclxx.exe(1252)
Process    svchost.exe(1244)
Process    wlanext.exe(1400)
Process    atieclxx.exe(1252)
Process    spoolsv.exe(1532)
Process    svchost.exe(1592)
Process    spoolsv.exe(1532)
Process    svchost.exe(1244)
Process    svchost.exe(1592)
Process    svchost.exe(1676)
Process    svchost.exe(1676)
Process    svchost.exe(1676)
Process    svchost.exe(1720)
Process    svchost.exe(1592)
Process    svchost.exe(1720)
Process    svchost.exe(1812)
Process    svchost.exe(1056)
Process    svchost.exe(984)
Process    svchost.exe(1056)
Process    svchost.exe(1056)
Process    svchost.exe(1720)
Process    svchost.exe(1720)
Process    svchost.exe(1056)
Process    svchost.exe(1720)
Process    svchost.exe(1720)
Process    svchost.exe(1720)
Process    svchost.exe(1720)
Process    svchost.exe(1720)
Process    svchost.exe(1720)
Process    svchost.exe(1720)
Process    svchost.exe(1720)
Process    svchost.exe(1056)
Process    svchost.exe(1380)
Process    alg.exe(132)
Process    svchost.exe(2052)
Process    services.exe(532)
Process    svchost.exe(3992)
Process    svchost.exe(3992)
Process    svchost.exe(944)
Process    firefox.exe(2172)
Process    svchost.exe(3992)
Process    wmpnetwk.exe(3024)
Process    procexp.exe(3936)
Process    SynTPEnh.exe(2636)
Process    svchost.exe(1720)
Process    wmpnetwk.exe(3024)
Process    explorer.exe(2496)
Process    SynTPEnh.exe(2636)
Process    dwm.exe(2416)
Process    spoolsv.exe(1532)
Process    taskhost.exe(2340)
Process    spoolsv.exe(1532)
Process    spoolsv.exe(1532)
Process    explorer.exe(2496)
Process    svchost.exe(3992)
Process    svchost.exe(1720)
Process    svchost.exe(1720)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(3252)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    WmiPrvSE.exe(2740)
Process    svchost.exe(984)
Process    svchost.exe(984)
Process    HPSupportSolutionsFrameworkService.exe(3812)
Process    procexp.exe(3936)
Process    svchost.exe(1056)
Process    svchost.exe(1676)
Process    svchost.exe(1244)
Process    svchost.exe(944)
Section    \Win32kCrossSessionGlobals
Section    \Device\PhysicalMemory
Session    \KernelObjects\Session0
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Session    \KernelObjects\Session1
Thread    System(4): 164
Thread    System(4): 292
Thread    System(4): 296
Thread    System(4): 308
Thread    System(4): 300
Thread    System(4): 304
Thread    System(4): 352
Thread    System(4): 512
Thread    System(4): 1524
Thread    System(4): 1520
Thread    System(4): 1528
Thread    System(4): 1628
Thread    System(4): 1184
Thread    System(4): 3768
Thread    System(4): 3772
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\NETWORK SERVICE:3e4
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\NETWORK SERVICE:3e4
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\ANONYMOUS LOGON:22ccf
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\NETWORK SERVICE:3e4
Token    inFidel-1337\inFidel:4d702
Token    NT AUTHORITY\SYSTEM:3e7
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\NETWORK SERVICE:3e4
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    NT AUTHORITY\LOCAL SERVICE:3e5
Token    inFidel-1337\inFidel:4d702

#75
RKinner

Posted 12 August 2015 - 03:31 PM

Malware Expert

Expert
24,625 posts

In process Explorer. Right click on System and select Properties then click on the Threads Tab. It should show you what CPU % each thread uses. Which one is the highest?

Page 5 of 10
3
4
5
6
7

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: slow, windows 10, hp pavilion dm1, help, problem

Security → Virus, Spyware, Malware Removal → Having Powersheel.exe Issues ... Need fixlist.txt Started by raj0171 , 19 Mar 2024 Virus, HELP, Malwarebytes	5 replies 2,674 views	DR M 06 Apr 2024
Hardware → Hardware, Components and Peripherals → Recover the hard drive Started by Andrew Board , 16 Jan 2024 data recovery, hard drive, help and 1 more...	2 replies 673 views	phillpower2 16 Jan 2024
Answered Operating Systems → Windows 11 → System Crash, Sluggish Performance Afterwards Started by Solice93 , 29 Oct 2023 crash, software, game, slow and 4 more...	6 replies 1,213 views	Solice93 29 Oct 2023
Security → Virus, Spyware, Malware Removal → Help getting started checking laptop for malware [Solved] Started by triedeverything , 12 Apr 2023 help, malware, spyware 1 2	Hot 19 replies 5,808 views	DR M 16 Apr 2023
Hardware → Networking → Weird recurring disconnect issue - Windows 10 Started by Rickie , 27 Dec 2022 windows 10, wireless, ethernet and 2 more...	12 replies 4,175 views	Rickie 11 Jan 2023