Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer won't update

Malware Sluggish

  • Please log in to reply

#76
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP

Doesn't look like WMI stayed stopped:

 

WmiPrvSE.exe    17.23   

 

Avast doesn't appeared to be finished with the install and update:

 

AvastSvc.exe    13.79  

 

Interrupts are still ugly:

 

Interrupts    5.45    

 

Run minitoolbox again as before. 

 

Also go back to your PC maker's website and see if there are any drivers you haven't yet updated.


  • 0

Advertisements


#77
its_chele

its_chele

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Avast says up to date version 160826-5   Program version 12.3.2280 (build 12.3.3154.0)

 

WmiPrvSE.exe --- don't see this under services. 

 

There was an update dated 8-24-16 for network driver


  • 0

#78
its_chele

its_chele

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

I restarted then ran minitoolbox as admin

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by MWG (administrator) on 26-08-2016 at 17:47:50
Running from "C:\Users\MWG\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Satellite C655 Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/25/2016 08:20:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: bcuengine.dll, version: 12.0.0.77, time stamp: 0x57ab0828
Exception code: 0xc0000005
Fault offset: 0x00169224
Faulting process id: 0xfd0
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (08/25/2016 08:09:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.23455, time stamp: 0x573a54b7
Exception code: 0xc000000d
Fault offset: 0x00000000000ca365
Faulting process id: 0x230
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/25/2016 08:08:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/24/2016 07:41:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: bcuengine.dll, version: 12.0.0.77, time stamp: 0x57ab0828
Exception code: 0xc0000005
Fault offset: 0x00169224
Faulting process id: 0x1348
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (08/24/2016 07:25:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.23455, time stamp: 0x573a54b7
Exception code: 0xc000000d
Fault offset: 0x00000000000689e2
Faulting process id: 0xa64
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/24/2016 07:25:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/22/2016 09:14:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: bcuengine.dll, version: 12.0.0.77, time stamp: 0x57ab0828
Exception code: 0xc0000005
Fault offset: 0x00169224
Faulting process id: 0xe68
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (08/22/2016 08:46:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/25/2016 08:03:07 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (08/24/2016 10:52:42 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (08/24/2016 10:50:56 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


Microsoft Office Sessions:
=========================
Error: (08/25/2016 08:20:50 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637bcuengine.dll12.0.0.7757ab0828c000000500169224fd001d1ff2fb1cc899cC:\windows\SysWOW64\rundll32.exeC:\Program Files\AVAST Software\Avast\defs\16082505\bcuengine.dllf0a7bd83-6b22-11e6-b17f-00266c9da200

Error: (08/25/2016 08:09:00 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.23455573a54b7c000000d00000000000ca36523001d1ff2cd63621f3C:\windows\System32\svchost.exeC:\windows\SYSTEM32\ntdll.dll49821120-6b21-11e6-b17f-00266c9da200

Error: (08/25/2016 08:08:46 PM) (Source: SideBySide)(User: )
Description: Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll

Error: (08/24/2016 07:41:30 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637bcuengine.dll12.0.0.7757ab0828c000000500169224134801d1fe610931dad3C:\windows\SysWOW64\rundll32.exeC:\Program Files\AVAST Software\Avast\defs\16082400\bcuengine.dll4795afa9-6a54-11e6-91cc-00266c9da200

Error: (08/24/2016 07:25:16 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.23455573a54b7c000000d00000000000689e2a6401d1fe5dc7f8a704C:\windows\System32\svchost.exeC:\windows\SYSTEM32\ntdll.dll0354ce58-6a52-11e6-91cc-00266c9da200

Error: (08/24/2016 07:25:06 PM) (Source: SideBySide)(User: )
Description: Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll

Error: (08/22/2016 09:14:26 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637bcuengine.dll12.0.0.7757ab0828c000000500169224e6801d1fcdbafe129c3C:\windows\SysWOW64\rundll32.exeC:\Program Files\AVAST Software\Avast\defs\16082201\bcuengine.dllee538832-68ce-11e6-a2ef-00266c9da200

Error: (08/22/2016 08:46:37 PM) (Source: SideBySide)(User: )
Description: Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll


========================= Devices: ================================

Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Device ID: ROOT\MS_NDISWANIPV6\0000

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{2534720B-12A6-11E0-97AA-806E6F6E6963}#00000037ACF00000

Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C04\4&968B529&0

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&1A9008DC&0

Name: NSI proxy service driver.
Description: NSI proxy service driver.
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: nsiproxy
Device ID: ROOT\LEGACY_NSIPROXY\0000

Name: KSecPkg
Description: KSecPkg
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KSecPkg
Device ID: ROOT\LEGACY_KSECPKG\0000

Name: avast! HardwareID
Description: avast! HardwareID
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswHwid
Device ID: ROOT\LEGACY_ASWHWID\0000

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Device ID: ROOT\MS_PPPOEMINIPORT\0000

Name: Microsoft ACPI-Compliant Control Method Battery
Description: Microsoft ACPI-Compliant Control Method Battery
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt
Device ID: ACPI\PNP0C0A\1

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&1FC4837B&0

Name: Link-Layer Topology Discovery Mapper I/O Driver
Description: Link-Layer Topology Discovery Mapper I/O Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: lltdio
Device ID: ROOT\LEGACY_LLTDIO\0000

Name: ACPI Fan
Description: ACPI Fan
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C0B\0

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT3

Name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Tcpip
Device ID: ROOT\LEGACY_TCPIP\0000

Name: Intel® ICH9M LPC Interface Controller - 2919
Description: Intel® ICH9M LPC Interface Controller - 2919
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: msisadrv
Device ID: PCI\VEN_8086&DEV_2919&SUBSYS_FF1E1179&REV_03\3&21436425&0&F8

Name: Intel® ICH9 Family USB Universal Host Controller - 2939
Description: Intel® ICH9 Family USB Universal Host Controller - 2939
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
Device ID: PCI\VEN_8086&DEV_2939&SUBSYS_FF1E1179&REV_03\3&21436425&0&EB

Name: TSSTcorp CDDVDW TS-L633C
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Device ID: IDE\CDROMTSSTCORP_CDDVDW_TS-L633C________________TF20____\4&68AEA70&0&0.1.0

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
Device ID: ROOT\MS_PPTPMINIPORT\0000

Name: Mobile Intel® 4 Series Express Chipset Family
Description: Mobile Intel® 4 Series Express Chipset Family
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx
Device ID: PCI\VEN_8086&DEV_2A42&SUBSYS_FDE01179&REV_07\3&21436425&0&10

Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null
Device ID: ROOT\LEGACY_NULL\0000

Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C0C\2&DABA3FF&2

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&367A099E&0

Name: aswRdr
Description: aswRdr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRdr
Device ID: ROOT\LEGACY_ASWRDR\0000

Name: TCP/IP Registry Compatibility
Description: TCP/IP Registry Compatibility
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tcpipreg
Device ID: ROOT\LEGACY_TCPIPREG\0000

Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
Device ID: ROOT\MS_SSTPMINIPORT\0000

Name: pciide
Description: pciide
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: pciide
Device ID: ROOT\LEGACY_PCIIDE\0000

Name: Mount Point Manager
Description: Mount Point Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mountmgr
Device ID: ROOT\LEGACY_MOUNTMGR\0000

Name: ACPI Lid
Description: ACPI Lid
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C0D\2&DABA3FF&2

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&36FC266E&0

Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Device ID: ROOT\LEGACY_ASWRVRT\0000

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT4

Name: NetIO Legacy TDI Support Driver
Description: NetIO Legacy TDI Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tdx
Device ID: ROOT\LEGACY_TDX\0000

Name: Terminal Server Keyboard Driver
Description: Terminal Server Keyboard Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD
Device ID: ROOT\RDP_KBD\0000

Name: Performance Counters for Windows Driver
Description: Performance Counters for Windows Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: pcw
Device ID: ROOT\LEGACY_PCW\0000

Name: Intel® ICH9M-E/M SATA AHCI Controller
Description: Intel® ICH9M-E/M SATA AHCI Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: iaStor
Device ID: PCI\VEN_8086&DEV_2929&SUBSYS_FF1E1179&REV_03\3&21436425&0&FA

Name: Intel® ICH9 Family USB2 Enhanced Host Controller - 293A
Description: Intel® ICH9 Family USB2 Enhanced Host Controller - 293A
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci
Device ID: PCI\VEN_8086&DEV_293A&SUBSYS_FF1E1179&REV_03\3&21436425&0&EF

Name: Mobile Intel® 4 Series Express Chipset Family
Description: Mobile Intel® 4 Series Express Chipset Family
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx
Device ID: PCI\VEN_8086&DEV_2A43&SUBSYS_FDE01179&REV_07\3&21436425&0&11

Name: Windows Firewall Authorization Driver
Description: Windows Firewall Authorization Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mpsdrv
Device ID: ROOT\LEGACY_MPSDRV\0000

Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\THERMALZONE\THRM

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&393CACCC&0

Name: Microsoft AC Adapter
Description: Microsoft AC Adapter
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt
Device ID: ACPI\ACPI0003\2&DABA3FF&2

Name: Terminal Server Mouse Driver
Description: Terminal Server Mouse Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD
Device ID: ROOT\RDP_MOU\0000

Name: PEAUTH
Description: PEAUTH
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PEAUTH
Device ID: ROOT\LEGACY_PEAUTH\0000

Name: Synaptics PS/2 Port TouchPad
Description: Synaptics PS/2 Port TouchPad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: i8042prt
Device ID: ACPI\TOS0100\4&968B529&0

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1184CB9B&0&01

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&22C5158A&0

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT5

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: swenum
Device ID: ROOT\SYSTEM\0000

Name: VgaSave
Description: VgaSave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VgaSave
Device ID: ROOT\LEGACY_VGASAVE\0000

Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\FIXEDBUTTON\2&DABA3FF&2

Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
Device ID: ROOT\UMBUS\0000

Name: TOSHIBA x64 ACPI-Compliant Value Added Logical and General Purpose Device
Description: TOSHIBA x64 ACPI-Compliant Value Added Logical and General Purpose Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: TVALZ
Device ID: ACPI\TOS1900\2&DABA3FF&2

Name: aswStm
Description: aswStm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswStm
Device ID: ROOT\LEGACY_ASWSTM\0000

Name: Intel® ICH9 Family SMBus Controller - 2930
Description: Intel® ICH9 Family SMBus Controller - 2930
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service:
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_FF1E1179&REV_03\3&21436425&0&FB

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&C60B8AD&0

Name: Dynamic Volume Manager
Description: Dynamic Volume Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: volmgrx
Device ID: ROOT\LEGACY_VOLMGRX\0000

Name: Intel® ICH9 Family USB2 Enhanced Host Controller - 293C
Description: Intel® ICH9 Family USB2 Enhanced Host Controller - 293C
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci
Device ID: PCI\VEN_8086&DEV_293C&SUBSYS_FF1E1179&REV_03\3&21436425&0&D7

Name: Intel® Celeron® CPU          925  @ 2.30GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
Device ID: ACPI\GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_23_-_INTEL®_CELERON®[email protected]_2.30GHZ\_1

Name: Microsoft Virtual Drive Enumerator Driver
Description: Microsoft Virtual Drive Enumerator Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: vdrvroot
Device ID: ROOT\VDRVROOT\0000

Name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Psched
Device ID: ROOT\LEGACY_PSCHED\0000

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT6

Name: TOSHIBA Firmware Linkage Driver
Description: TOSHIBA Firmware Linkage Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: FwLnk
Device ID: ACPI\TOS1901\2&DABA3FF&2

Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Device ID: ROOT\LEGACY_ASWVMM\0000

Name: Storage volumes
Description: Storage volumes
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: volsnap
Device ID: ROOT\LEGACY_VOLSNAP\0000

Name: Volume Manager
Description: Volume Manager
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: volmgr
Device ID: ROOT\VOLMGR\0000

Name: TOSHIBA MK2565GSX
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Device ID: IDE\DISKTOSHIBA_MK2565GSX_______________________GJ003M__\4&68AEA70&0&0.0.0

Name: msahci
Description: msahci
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: msahci
Device ID: ROOT\LEGACY_MSAHCI\0000

Name: IDE Channel
Description: IDE Channel
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: atapi
Device ID: ROOT\LEGACY_ATAPI\0000

Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: ACPI
Device ID: ACPI_HAL\PNP0C08\0

Name: Virtual WiFi Filter Driver
Description: Virtual WiFi Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: vwififlt
Device ID: ROOT\LEGACY_VWIFIFLT\0000

Name: Intel® ICH9 Family USB Universal Host Controller - 2934
Description: Intel® ICH9 Family USB Universal Host Controller - 2934
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
Device ID: PCI\VEN_8086&DEV_2934&SUBSYS_FF1E1179&REV_03\3&21436425&0&E8

Name: RDPCDD
Description: RDPCDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPCDD
Device ID: ROOT\LEGACY_RDPCDD\0000

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Device ID: PCI\VEN_8086&DEV_293E&SUBSYS_FF1E1179&REV_03\3&21436425&0&D8

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT7

Name: Generic PnP Monitor
Description: Generic PnP Monitor
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard monitor types)
Service: monitor
Device ID: DISPLAY\CMO1680\4&4C46806&0&UID67568640

Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep
Device ID: ROOT\LEGACY_BEEP\0000

Name: Remote Access IPv6 ARP Driver
Description: Remote Access IPv6 ARP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wanarpv6
Device ID: ROOT\LEGACY_WANARPV6\0000

Name: RDP Encoder Mirror Driver
Description: RDP Encoder Mirror Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPENCDD
Device ID: ROOT\LEGACY_RDPENCDD\0000

Name: msisadrv
Description: msisadrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: msisadrv
Device ID: ROOT\LEGACY_MSISADRV\0000

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0000\4&968B529&0

Name: Kernel Mode Driver Frameworks service
Description: Kernel Mode Driver Frameworks service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wdf01000
Device ID: ROOT\LEGACY_WDF01000\0000

Name: Conexant CX20671 SmartAudio HD
Description: Conexant CX20671 SmartAudio HD
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Conexant
Service: CnxtHdAudService
Device ID: HDAUDIO\FUNC_01&VEN_14F1&DEV_5069&SUBSYS_1179FDE0&REV_1003\4&1BF8190D&0&0001

Name: Reflector Display Driver used to gain access to graphics data
Description: Reflector Display Driver used to gain access to graphics data
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPREFMP
Device ID: ROOT\LEGACY_RDPREFMP\0000

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT8

Name: Intel® ICH9 Family USB Universal Host Controller - 2935
Description: Intel® ICH9 Family USB Universal Host Controller - 2935
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
Device ID: PCI\VEN_8086&DEV_2935&SUBSYS_FF1E1179&REV_03\3&21436425&0&E9

Name: Intel® ICH9 Family PCI Express Root Port 1 - 2940
Description: Intel® ICH9 Family PCI Express Root Port 1 - 2940
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci
Device ID: PCI\VEN_8086&DEV_2940&SUBSYS_FF1E1179&REV_03\3&21436425&0&E0

Name: System timer
Description: System timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0100\4&968B529&0

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*ISATAP\0000

Name: WFP Lightweight Filter
Description: WFP Lightweight Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WfpLwf
Device ID: ROOT\LEGACY_WFPLWF\0000

Name: Link-Layer Topology Discovery Responder
Description: Link-Layer Topology Discovery Responder
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: rspndr
Device ID: ROOT\LEGACY_RSPNDR\0000

Name: Common Log (CLFS)
Description: Common Log (CLFS)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CLFS
Device ID: ROOT\LEGACY_CLFS\0000

Name: NativeWiFi Filter
Description: NativeWiFi Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NativeWifiP
Device ID: ROOT\LEGACY_NATIVEWIFIP\0000

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*ISATAP\0001

Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0103\4&968B529&0

Name: User Mode Driver Frameworks Platform Driver
Description: User Mode Driver Frameworks Platform Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WudfPf
Device ID: ROOT\LEGACY_WUDFPF\0000

Name: Bitlocker Drive Encryption Filter Driver
Description: Bitlocker Drive Encryption Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: fvevol
Device ID: ROOT\LEGACY_FVEVOL\0000

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT9

Name: Security Driver
Description: Security Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: secdrv
Device ID: ROOT\LEGACY_SECDRV\0000

Name: CNG
Description: CNG
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CNG
Device ID: ROOT\LEGACY_CNG\0000

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{2534720B-12A6-11E0-97AA-806E6F6E6963}#0000000000100000

Name: NDIS System Driver
Description: NDIS System Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDIS
Device ID: ROOT\LEGACY_NDIS\0000

Name: Atheros AR9285 Wireless Network Adapter
Description: Atheros AR9285 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Device ID: PCI\VEN_168C&DEV_002B&SUBSYS_661111AD&REV_01\4&3388DB6&0&00E1

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT1

Name: Intel® ICH9 Family USB Universal Host Controller - 2936
Description: Intel® ICH9 Family USB Universal Host Controller - 2936
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
Device ID: PCI\VEN_8086&DEV_2936&SUBSYS_FF1E1179&REV_03\3&21436425&0&EA

Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0200\4&968B529&0

Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: mssmbios
Device ID: ROOT\MSSMBIOS\0000

Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HTTP
Device ID: ROOT\LEGACY_HTTP\0000

Name: Intel® ICH9 Family PCI Express Root Port 2 - 2942
Description: Intel® ICH9 Family PCI Express Root Port 2 - 2942
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci
Device ID: PCI\VEN_8086&DEV_2942&SUBSYS_FF1E1179&REV_03\3&21436425&0&E1

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Device ID: ROOT\LEGACY_SPLDR\0000

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*TEREDO\0000

Name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Ndisuio
Device ID: ROOT\LEGACY_NDISUIO\0000

Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
Device ID: ROOT\MS_AGILEVPNMINIPORT\0000

Name: Hardware Policy Driver
Description: Hardware Policy Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: hwpolicy
Device ID: ROOT\LEGACY_HWPOLICY\0000

Name: ACPI x64-based PC
Description: ACPI x64-based PC
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL
Device ID: ROOT\ACPI_HAL\0000

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Device ID: ACPI\PNP0303\4&968B529&0

Name: System Attribute Cache
Description: System Attribute Cache
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: discache
Device ID: ROOT\LEGACY_DISCACHE\0000

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT2

Name: NDProxy
Description: NDProxy
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDProxy
Device ID: ROOT\LEGACY_NDPROXY\0000

Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Device ID: USB\VID_3938&PID_1031\5&171B3CE2&0&1

Name: File as Volume Driver
Description: File as Volume Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: blbdrive
Device ID: ROOT\BLBDRIVE\0000

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Device ID: ROOT\MS_L2TPMINIPORT\0000

Name: PCI bus
Description: PCI bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: ACPI\PNP0A08\2&DABA3FF&2

Name: LDDM Graphics Subsystem
Description: LDDM Graphics Subsystem
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: DXGKrnl
Device ID: ROOT\LEGACY_DXGKRNL\0000

Name: Qualcomm Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Description: Qualcomm Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros
Service: L1C
Device ID: PCI\VEN_1969&DEV_2060&SUBSYS_FF1E1179&REV_C1\4&3A5FB3D5&0&00E0

Name: Intel® ICH9 Family USB Universal Host Controller - 2937
Description: Intel® ICH9 Family USB Universal Host Controller - 2937
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
Device ID: PCI\VEN_8086&DEV_2937&SUBSYS_FF1E1179&REV_03\3&21436425&0&D0

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{2534720B-12A6-11E0-97AA-806E6F6E6963}#000000005DD00000

Name: Intel® ICH9 Family PCI Express Root Port 5 - 2948
Description: Intel® ICH9 Family PCI Express Root Port 5 - 2948
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci
Device ID: PCI\VEN_8086&DEV_2948&SUBSYS_FF1E1179&REV_03\3&21436425&0&E4

Name: Composite Bus Enumerator
Description: Composite Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: CompositeBus
Device ID: ROOT\COMPOSITEBUS\0000

Name: UMBus Enumerator
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
Device ID: UMB\UMB\1&841921D&0&PRINTERBUSENUMERATOR

Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
Device ID: HID\VID_3938&PID_1031&COL01\6&239C87BB&0&0000

Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Device ID: ROOT\MS_NDISWANBH\0000

Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0B00\4&968B529&0

Name: Microsoft Composite Battery
Description: Microsoft Composite Battery
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: Compbatt
Device ID: ROOT\COMPOSITE_BATTERY\0000

Name: NETBT
Description: NETBT
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NetBT
Device ID: ROOT\LEGACY_NETBT\0000

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Device ID: ROOT\MS_NDISWANIP\0000

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\4&968B529&0

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&17FBD5FD&0

Name: KSecDD
Description: KSecDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KSecDD
Device ID: ROOT\LEGACY_KSECDD\0000

Name: Intel® 82801 PCI Bridge - 2448
Description: Intel® 82801 PCI Bridge - 2448
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci
Device ID: PCI\VEN_8086&DEV_2448&SUBSYS_FF1E1179&REV_93\3&21436425&0&F0

Name: Ancillary Function Driver for Winsock
Description: Ancillary Function Driver for Winsock
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AFD
Device ID: ROOT\LEGACY_AFD\0000

Name: Intel® ICH9 Family USB Universal Host Controller - 2938
Description: Intel® ICH9 Family USB Universal Host Controller - 2938
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
Device ID: PCI\VEN_8086&DEV_2938&SUBSYS_FF1E1179&REV_03\3&21436425&0&D1

Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Device ID: HID\VID_3938&PID_1031&COL02\6&239C87BB&0&0001

Name: Mobile Intel® 4 Series Chipset Processor to DRAM Controller - 2A40
Description: Mobile Intel® 4 Series Chipset Processor to DRAM Controller - 2A40
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service:
Device ID: PCI\VEN_8086&DEV_2A40&SUBSYS_FF1E1179&REV_07\3&21436425&0&00


**** End of log ****
 


  • 0

#79
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP

This time we got the drivers listed.  Unfortunately I don't see any that look suspicious.  Mostly MS & intel.  

 

Open Avast, click on the gear in the upper right then on Components on the left.  Scroll drown until you see Browser Cleanup.  Turn it Off.  OK.

 

It's causing this error:

Error: (08/25/2016 08:20:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: bcuengine.dll, version: 12.0.0.77, time stamp: 0x57ab0828
Exception code: 0xc0000005

 

 
 
Browser Cleanup isn't worth much anyway.  The only way the will let you cleanup your broswer is if you accept Yahoo as you default page and search engine.
 
 
Error: (08/25/2016 08:09:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.23455, time stamp: 0x573a54b7
Exception code: 0xc000000d
Fault offset: 0x00000000000ca365
Faulting process id: 0x230
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

 

 
I don't know what is causing this error.  There are lots of different svchost.exe processes.  
 
I can try to compare yours with mine and see what's missing:
 
Copy the next 2 lines:
TASKLIST /SVC  > \junk.txt
notepad \junk.txt
 
Open an Elevated Command Prompt:
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
 
 
 
WmiPrvSE.exe --- don't see this under services. 

 

 

 
WMI is Windows Management Instrumentation.  Normally WmiPrvSE.exe runs every 10 seconds or so and uses about 10% CPU when it does.  If you stop Windows Management Instrumentation then it shouldn't be running any more.
 
Let's clear the alarms:
 
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Turn on boot logging.
 
Search for
msconfig
hit Enter.
 
Under the Boot tab check the box for Boot Log and then OK.
 
Reboot
 
The boot log will be C:\Windows\ntbtlog.txt
 
Please open it in notepad then copy and paste.  If windows hides the files in C:\windows then:
Control Panel, (View By:  Large Icons)  Folder Options, View.
 
Uncheck Hide Extensions for Known File Types
Uncheck Hide Protected System Files
Check Show Hidden Files,Folders and Drives.
OK
 
Also run VEW again as before and post both logs.
 
 
 
 

  • 0

#80
its_chele

its_chele

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       340 N/A                                         
csrss.exe                      444 N/A                                         
wininit.exe                    484 N/A                                         
csrss.exe                      492 N/A                                         
winlogon.exe                   528 N/A                                         
services.exe                   588 N/A                                         
lsass.exe                      608 KeyIso, SamSs                               
lsm.exe                        616 N/A                                         
svchost.exe                    724 DcomLaunch, PlugPlay, Power                 
svchost.exe                    800 RpcEptMapper, RpcSs                         
svchost.exe                    848 AudioSrv, Dhcp, eventlog, lmhosts, wscsvc   
svchost.exe                    956 AudioEndpointBuilder, Netman, PcaSvc,       
                                   SysMain, TrkWks, UxSms, WdiSystemHost,      
                                   Wlansvc                                     
svchost.exe                   1008 EventSystem, FontCache, netprofm, nsi,      
                                   WdiServiceHost, WinHttpAutoProxySvc         
svchost.exe                    356 Appinfo, BITS, EapHost, IKEEXT, iphlpsvc,   
                                   LanmanServer, MMCSS, ProfSvc, Schedule,     
                                   SENS, ShellHWDetection, Themes, Winmgmt,    
                                   wuauserv                                    
svchost.exe                    796 gpsvc                                       
svchost.exe                   1168 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc                                      
AvastSvc.exe                  1240 avast! Antivirus                            
spoolsv.exe                   1336 Spooler                                     
taskeng.exe                   1344 N/A                                         
svchost.exe                   1416 BFE, DPS, MpsSvc                            
BelkinService.exe             1568 AffinegyService                             
svchost.exe                   1616 DiagTrack                                   
taskhost.exe                  1740 N/A                                         
svchost.exe                   1812 stisvc                                      
dwm.exe                       1904 N/A                                         
TODDSrv.exe                   1916 TODDSrv                                     
TosCoSrv.exe                  1952 TosCoSrv                                    
WLIDSVC.EXE                   1124 wlidsvc                                     
explorer.exe                  1376 N/A                                         
WLIDSVCM.EXE                   120 N/A                                         
svchost.exe                   2228 PolicyAgent                                 
cAudioFilterAgent64.exe       2368 N/A                                         
igfxtray.exe                  2376 N/A                                         
hkcmd.exe                     2384 N/A                                         
igfxpers.exe                  2392 N/A                                         
AvastUI.exe                   2796 N/A                                         
SearchIndexer.exe             2752 WSearch                                     
unsecapp.exe                  2616 N/A                                         
WmiPrvSE.exe                  1704 N/A                                         
firefox.exe                   3804 N/A                                         
svchost.exe                   3700 SSDPSRV, upnphost                           
sppsvc.exe                    2224 sppsvc                                      
wmpnetwk.exe                  1116 WMPNetworkSvc                               
WmiPrvSE.exe                  3284 N/A                                         
audiodg.exe                   2776 N/A                                         
cmd.exe                       3464 N/A                                         
conhost.exe                   1132 N/A                                         
tasklist.exe                  3372 N/A                                         
 


  • 0

#81
its_chele

its_chele

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

 Service Pack 1 8 27 2016 09:47:55.500
Loaded driver \SystemRoot\system32\ntoskrnl.exe
Loaded driver \SystemRoot\system32\hal.dll
Loaded driver \SystemRoot\system32\kdcom.dll
Loaded driver \SystemRoot\system32\mcupdate_GenuineIntel.dll
Loaded driver \SystemRoot\system32\PSHED.dll
Loaded driver \SystemRoot\system32\CLFS.SYS
Loaded driver \SystemRoot\system32\CI.dll
Loaded driver \SystemRoot\system32\drivers\Wdf01000.sys
Loaded driver \SystemRoot\system32\drivers\WDFLDR.SYS
Loaded driver \SystemRoot\system32\drivers\ACPI.sys
Loaded driver \SystemRoot\system32\drivers\WMILIB.SYS
Loaded driver \SystemRoot\system32\drivers\msisadrv.sys
Loaded driver \SystemRoot\system32\drivers\pci.sys
Loaded driver \SystemRoot\system32\drivers\vdrvroot.sys
Loaded driver \SystemRoot\System32\drivers\partmgr.sys
Loaded driver \SystemRoot\system32\DRIVERS\compbatt.sys
Loaded driver \SystemRoot\system32\DRIVERS\BATTC.SYS
Loaded driver \SystemRoot\system32\drivers\volmgr.sys
Loaded driver \SystemRoot\System32\drivers\volmgrx.sys
Loaded driver \SystemRoot\System32\drivers\mountmgr.sys
Loaded driver \SystemRoot\system32\drivers\pciide.sys
Loaded driver \SystemRoot\system32\drivers\PCIIDEX.SYS
Loaded driver \SystemRoot\system32\DRIVERS\iaStor.sys
Loaded driver \SystemRoot\system32\drivers\atapi.sys
Loaded driver \SystemRoot\system32\drivers\ataport.SYS
Loaded driver \SystemRoot\system32\drivers\msahci.sys
Loaded driver \SystemRoot\system32\drivers\amdxata.sys
Loaded driver \SystemRoot\system32\drivers\fltmgr.sys
Loaded driver \SystemRoot\system32\drivers\fileinfo.sys
Loaded driver \SystemRoot\System32\Drivers\Ntfs.sys
Loaded driver \SystemRoot\System32\Drivers\msrpc.sys
Loaded driver \SystemRoot\System32\Drivers\ksecdd.sys
Loaded driver \SystemRoot\System32\Drivers\cng.sys
Loaded driver \SystemRoot\System32\drivers\pcw.sys
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.sys
Loaded driver \SystemRoot\system32\drivers\ndis.sys
Loaded driver \SystemRoot\system32\drivers\NETIO.SYS
Loaded driver \SystemRoot\System32\Drivers\ksecpkg.sys
Loaded driver \SystemRoot\System32\drivers\tcpip.sys
Loaded driver \SystemRoot\System32\drivers\fwpkclnt.sys
Loaded driver \SystemRoot\System32\Drivers\aswRvrt.sys
Loaded driver \SystemRoot\System32\Drivers\aswVmm.sys
Loaded driver \SystemRoot\system32\drivers\volsnap.sys
Loaded driver \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
Loaded driver \SystemRoot\System32\Drivers\spldr.sys
Loaded driver \SystemRoot\System32\drivers\rdyboost.sys
Loaded driver \SystemRoot\System32\Drivers\mup.sys
Loaded driver \SystemRoot\System32\drivers\hwpolicy.sys
Loaded driver \SystemRoot\System32\DRIVERS\fvevol.sys
Loaded driver \SystemRoot\system32\drivers\disk.sys
Loaded driver \SystemRoot\system32\drivers\CLASSPNP.SYS
Loaded driver \SystemRoot\system32\drivers\cdrom.sys
Loaded driver \SystemRoot\system32\drivers\aswSP.sys
Loaded driver \SystemRoot\system32\drivers\aswSnx.sys
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\system32\drivers\aswKbd.sys
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\system32\drivers\rdpencdd.sys
Loaded driver \SystemRoot\system32\drivers\rdprefmp.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\tdx.sys
Loaded driver \SystemRoot\system32\drivers\afd.sys
Loaded driver \SystemRoot\system32\drivers\aswRdr2.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\system32\DRIVERS\wfplwf.sys
Loaded driver \SystemRoot\system32\DRIVERS\pacer.sys
Loaded driver \SystemRoot\system32\DRIVERS\vwififlt.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\system32\drivers\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\drivers\nsiproxy.sys
Loaded driver \SystemRoot\system32\drivers\mssmbios.sys
Loaded driver \SystemRoot\System32\drivers\discache.sys
Loaded driver \SystemRoot\System32\Drivers\dfsc.sys
Loaded driver \SystemRoot\system32\DRIVERS\blbdrive.sys
Loaded driver \SystemRoot\system32\DRIVERS\tunnel.sys
Loaded driver \SystemRoot\system32\DRIVERS\FwLnk.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys
Loaded driver \SystemRoot\System32\drivers\dxgkrnl.sys
Loaded driver \SystemRoot\system32\DRIVERS\igdkmd64.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\drivers\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\L1C62x64.sys
Loaded driver \SystemRoot\system32\DRIVERS\athrx.sys
Loaded driver \SystemRoot\system32\DRIVERS\vwifibus.sys
Loaded driver \SystemRoot\system32\drivers\i8042prt.sys
Loaded driver \SystemRoot\system32\drivers\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\SynTP.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\tdcmdpst.sys
Loaded driver \SystemRoot\system32\drivers\CompositeBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\AgileVpn.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\rassstp.sys
Loaded driver \SystemRoot\system32\drivers\swenum.sys
Loaded driver \SystemRoot\system32\drivers\umbus.sys
Did not load driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\CHDRT64.sys
Loaded driver \SystemRoot\system32\drivers\ksthunk.sys
Loaded driver \SystemRoot\system32\DRIVERS\monitor.sys
Loaded driver \SystemRoot\system32\drivers\hidusb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\system32\drivers\luafv.sys
Loaded driver \SystemRoot\system32\drivers\aswMonFlt.sys
Loaded driver \SystemRoot\system32\drivers\aswStm.sys
Loaded driver \SystemRoot\system32\DRIVERS\lltdio.sys
Loaded driver \SystemRoot\system32\DRIVERS\nwifi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Loaded driver \SystemRoot\system32\DRIVERS\rspndr.sys
Loaded driver \SystemRoot\system32\DRIVERS\vwifimp.sys
Loaded driver \SystemRoot\system32\drivers\HTTP.sys
Loaded driver \SystemRoot\system32\DRIVERS\bowser.sys
Loaded driver \SystemRoot\System32\drivers\mpsdrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb10.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb20.sys
Loaded driver \SystemRoot\system32\drivers\peauth.sys
Loaded driver \SystemRoot\System32\DRIVERS\srvnet.sys
Loaded driver \SystemRoot\System32\drivers\tcpipreg.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv2.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Did not load driver \SystemRoot\System32\DRIVERS\srv.sys
 


  • 0

#82
its_chele

its_chele

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 27/08/2016 10:05:42 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/08/2016 1:47:29 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
 


  • 0

#83
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP

You have a couple of services we probably can live without.  The only thing that really appears to be missing is Windows Backup and it doesn't need to be running but let's see if it is the culprit.

 

Search for

 

services.msc

 

hit Enter.

 

Find 

 

Windows Backup

 

Right click on it and select Properties.

 

Normally it is set to Startup Type: Manual.  See if it will Start without an error.

 

While in Services.msc, find

 

 IPsec Policy Agent

Right click on it and select Properties.

It should be Startup Type: Manual

You can STOP it and then see if this has any effect on the process Explorer log.

 

Find

WinHTTP Web Proxy Auto-Discovery Service

Right click on it and select Properties.

It should be Manual.  But we don't really need it to run.  You can STOP it and then see if this has any effect on the process Explorer log.

 

In IE, hit the gear icon and then Internet options, Connections, Lan Settings then uncheck ALL boxes and OK.

 

Everything looks good in the boot log ( NDProxy.SYS and SRV.sys never load) so you can go in to msconfig, Boot tab, Uncheck Boot Log and OK.  No need to reboot.

 

I think we probably have a problem with your video driver.

 

Search for

 

device manager

 

hit Enter

 

Click on the arrow in front of Display Adapter.

 

This should show your graphics adater.  Right click on it and click on Update.  See if windows finds an update for it.  If it does then after it installs, reboot and run Process Explorer.  (Wait about 5 minute after the reboot so everything has settled down before making the log.)

 

If it doesn't  have one for you, right click on it and select Properties then Driver tab.  If the Roll Back Driver button is lit click on it and after it reverts back to the older driver,  reboot and run Process Explorer.  (Wait about 5 minute after the reboot so everything has settled down before making the log.)

 

If it can't find a new one and there is no old one, just right click on it and Uninstall. (Do not remove the old drivers if asked).  Reboot.  Windows will reinstall it. Somteimes this will fix odd problems.

 

Check with your PC maker and see if there is a new driver for it.

 

 


  • 0

#84
its_chele

its_chele

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

ok done all ... and when I uninstalled driver -- windows auto installed driver...here is new log

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
procexp64.exe    57.14    23,392 K    41,488 K    2396    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
System Idle Process    18.94    0 K    24 K    0            
dwm.exe    9.92    51,156 K    20,916 K    2164    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
Interrupts    5.77    0 K    0 K    n/a    Hardware Interrupts and DPCs        
csrss.exe    3.67    2,400 K    6,892 K    492    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
System    2.23    184 K    1,236 K    4            
AvastSvc.exe    0.90    52,028 K    41,988 K    1260    avast! Service    AVAST Software    (Verified) AVAST Software a.s.
explorer.exe    0.23    26,076 K    41,232 K    2196    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
lsass.exe    0.22    4,420 K    9,988 K    600    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.17    4,780 K    9,668 K    1560    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.13    3,752 K    8,144 K    712    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
lsm.exe    0.13    2,244 K    3,720 K    608    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
AvastUI.exe    0.13    12,568 K    21,952 K    2732    avast! Antivirus    AVAST Software    (Verified) AVAST Software a.s.
svchost.exe    0.09    25,396 K    38,668 K    360    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
wmpnetwk.exe    0.08    15,268 K    6,252 K    4068    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.08    6,744 K    10,276 K    1008    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.08    10,244 K    11,580 K    1416    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.02    13,560 K    13,704 K    1176    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe    0.02    2,300 K    6,284 K    440    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
WLIDSVC.EXE    0.02    6,204 K    10,560 K    1864    Microsoft® Windows Live ID Service    Microsoft Corp.    (Verified) Microsoft Corporation
svchost.exe    0.02    96,392 K    98,520 K    960    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
TODDSrv.exe    < 0.01    1,348 K    4,032 K    1696    TDCSrv Application    TOSHIBA Corporation    (Verified) TOSHIBA CORPORATION
WmiPrvSE.exe        5,520 K    10,184 K    3404    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        2,156 K    6,016 K    3260    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WLIDSVCM.EXE        988 K    2,732 K    1960    Microsoft® Windows Live ID Service Monitor    Microsoft Corp.    (Verified) Microsoft Corporation
winlogon.exe        2,464 K    5,652 K    528    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,316 K    3,792 K    480    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        1,424 K    5,348 K    3920    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
TrustedInstaller.exe        4,336 K    9,452 K    2156    Windows Modules Installer    Microsoft Corporation    (Verified) Microsoft Windows
TosCoSrv.exe        2,228 K    3,716 K    1724    TOSHIBA Power Saver    TOSHIBA Corporation    (Verified) TOSHIBA CORPORATION
taskhost.exe        3,484 K    7,644 K    2112    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        3,584 K    6,980 K    788    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        16,232 K    14,312 K    836    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        1,696 K    4,868 K    1664    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        4,296 K    9,188 K    3804    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,200 K    5,500 K    2280    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,260 K    4,932 K    648    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
spoolsv.exe        6,148 K    7,972 K    1360    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        420 K    1,064 K    340    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
services.exe        4,620 K    7,028 K    584    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe        19,540 K    12,888 K    3068    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
procexp.exe        2,572 K    6,960 K    1652    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
igfxtray.exe        1,916 K    6,492 K    3708    igfxTray Module    Intel Corporation    (Verified) Intel Corporation
igfxpers.exe        1,928 K    6,764 K    3860    persistence Module    Intel Corporation    (Verified) Intel Corporation
hkcmd.exe        2,700 K    10,184 K    3772    hkcmd Module    Intel Corporation    (Verified) Intel Corporation
dllhost.exe        1,776 K    5,536 K    3212    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
cAudioFilterAgent64.exe        1,816 K    5,880 K    3608    Conexant High Definition Audio Filter Agent    Conexant Systems, Inc.    (Verified) Conexant Systems
BelkinService.exe        1,976 K    5,772 K    1520    BelkinService    Affinegy, Inc.    (Verified) Affinegy
audiodg.exe        16,180 K    16,416 K    4056    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows
 


  • 0

#85
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP
Interrupts    5.77

 

didn't get any better. So no luck there.  No newer or older drivers available?  Nothing on the PC maker's website?

 

You might try doing the same to all of your other drivers.  Make windows reinstall them.

 

Let's see if we can figure out what is causing process explorer to use so much CPU.

 

In Process Explorer, click on View then check Show Lower Pane

 

Now click on procexp64.exe then save a log and post it.

 

 


  • 0

Advertisements


#86
its_chele

its_chele

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
AvastSvc.exe    32.14    67,420 K    43,476 K    1244    avast! Service    AVAST Software    (Verified) AVAST Software a.s.
procexp64.exe    29.65    25,708 K    43,628 K    1532    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
System Idle Process    26.53    0 K    24 K    0            
Interrupts    4.42    0 K    0 K    n/a    Hardware Interrupts and DPCs        
dwm.exe    3.06    43,604 K    24,848 K    2104    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
System    1.45    184 K    1,348 K    4            
csrss.exe    1.45    2,172 K    9,724 K    488    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe    0.55    193,812 K    227,612 K    3680    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
svchost.exe    0.19    16,356 K    17,860 K    832    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
explorer.exe    0.18    33,620 K    54,016 K    2152    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.08    7,044 K    11,320 K    972    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.07    13,720 K    14,740 K    1172    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
lsm.exe    0.06    2,276 K    4,056 K    604    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
wmpnetwk.exe    0.05    15,900 K    5,748 K    3004    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.05    54,452 K    54,744 K    996    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe    0.02    19,664 K    14,184 K    2484    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
AvastUI.exe    0.02    10,864 K    10,476 K    2876    avast! Antivirus    AVAST Software    (Verified) AVAST Software a.s.
svchost.exe    0.01    5,316 K    12,132 K    2336    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.01    85,596 K    94,304 K    944    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe    < 0.01    2,328 K    6,924 K    440    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
TODDSrv.exe    < 0.01    1,340 K    4,536 K    1752    TDCSrv Application    TOSHIBA Corporation    (Verified) TOSHIBA CORPORATION
WmiPrvSE.exe        5,800 K    10,828 K    2192    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        2,516 K    6,340 K    3956    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WLIDSVCM.EXE        988 K    3,188 K    2028    Microsoft® Windows Live ID Service Monitor    Microsoft Corp.    (Verified) Microsoft Corporation
WLIDSVC.EXE        4,960 K    11,348 K    1928    Microsoft® Windows Live ID Service    Microsoft Corp.    (Verified) Microsoft Corporation
winlogon.exe        2,468 K    6,852 K    524    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,304 K    4,264 K    480    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        1,448 K    5,396 K    2236    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
TrustedInstaller.exe        3,856 K    9,144 K    3936    Windows Modules Installer    Microsoft Corporation    (Verified) Microsoft Windows
TosCoSrv.exe        2,220 K    4,724 K    1820    TOSHIBA Power Saver    TOSHIBA Corporation    (Verified) TOSHIBA CORPORATION
taskhost.exe        3,512 K    8,372 K    1068    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
taskeng.exe        1,496 K    5,076 K    1332    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        3,664 K    7,460 K    784    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        3,900 K    9,216 K    708    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        9,364 K    12,724 K    1412    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        3,876 K    8,044 K    1608    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,056 K    5,344 K    812    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        1,708 K    5,376 K    1716    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,196 K    5,632 K    168    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
spoolsv.exe        6,096 K    11,000 K    1320    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        408 K    1,092 K    340    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
services.exe        4,760 K    8,684 K    580    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
procexp.exe        2,576 K    6,968 K    3704    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
lsass.exe        4,116 K    11,628 K    596    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
igfxtray.exe        1,760 K    5,952 K    2440    igfxTray Module    Intel Corporation    (Verified) Intel Corporation
igfxpers.exe        1,744 K    6,248 K    2468    persistence Module    Intel Corporation    (Verified) Intel Corporation
hkcmd.exe        2,540 K    9,644 K    2460    hkcmd Module    Intel Corporation    (Verified) Intel Corporation
cAudioFilterAgent64.exe        1,700 K    5,348 K    2428    Conexant High Definition Audio Filter Agent    Conexant Systems, Inc.    (Verified) Conexant Systems
BelkinService.exe        1,980 K    7,248 K    1496    BelkinService    Affinegy, Inc.    (Verified) Affinegy
audiodg.exe        16,208 K    16,460 K    1636    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows

Process: procexp64.exe Pid: 1532

Type    Name
ALPC Port    \RPC Control\OLE8BFC3DAE7B354A4889A4DECEBE3E
Desktop    \Default
Directory    \KnownDlls
Directory    \Sessions\1\BaseNamedObjects
Event    \BaseNamedObjects\CLR_PerfMon_DoneEnumEvent
Event    \BaseNamedObjects\CLR_PerfMon_StartEnumEvent
Event    \KernelObjects\MaximumCommitCondition
Event    \BaseNamedObjects\TermSrvReadyEvent
Event    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterEvent
Event    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterEvent
File    C:\Users\MWG\Desktop
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    C:\Windows\System32\en-US\setupapi.dll.mui
File    C:\Windows\System32\en-US\advapi32.dll.mui
File    \Device\PROCEXP152
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    \Device\KsecDD
File    C:\Windows\Fonts\StaticCache.dat
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
File    C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23508_none_145555328b95eaaa
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    C:\ProgramData\AVAST Software\Avast
File    C:\Program Files\AVAST Software\Avast\setup
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
File    C:\Windows\System32\en-US\oleaccrc.dll.mui
File    C:\Windows\System32\en-US\wshtcpip.dll.mui
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    C:\Windows\System32\en-US\crypt32.dll.mui
File    \Device\Nsi
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
File    C:\Windows\System32\en-US\explorerframe.dll.mui
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
File    C:\Windows\System32\en-US\comdlg32.dll.mui
File    \Device\KsecDD
File    C:\Windows\System32\en-US\user32.dll.mui
File    C:\Windows\System32\en-US\KernelBase.dll.mui
File    C:\Windows\System32\en-US\wship6.dll.mui
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
File    C:\Windows\System32\en-US\propsys.dll.mui
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
File    C:\Windows\System32\en-US\shell32.dll.mui
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
File    C:\Windows\System32\en-US\msxml3r.dll.mui
File    C:\Users\MWG\AppData\Roaming\Microsoft\SystemCertificates\My
Key    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Key    HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER
Key    HKLM
Key    HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
Key    HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder
Key    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PERFLIB
Key    HKCU
Key    HKLM\SYSTEM\ControlSet001\services\.NET CLR Data\Performance
Key    HKLM\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance
Key    HKLM\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0\Performance
Key    HKLM\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle\Performance
Key    HKLM\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer\Performance
Key    HKLM\SYSTEM\ControlSet001\services\.NET Memory Cache 4.0\Performance
Key    HKLM\SYSTEM\ControlSet001\services\.NETFramework\Performance
Key    HKLM\SYSTEM\ControlSet001\services\ASP.NET\Performance
Key    HKLM\SYSTEM\ControlSet001\services\ASP.NET_4.0.30319\Performance
Key    HKLM\SYSTEM\ControlSet001\services\aspnet_state\Performance
Key    HKLM\SYSTEM\ControlSet001\services\BITS\Performance
Key    HKLM\SYSTEM\ControlSet001\services\ESENT\Performance
Key    HKLM\SYSTEM\ControlSet001\services\Lsa\Performance
Key    HKLM\SYSTEM\ControlSet001\services\MSDTC\Performance
Key    HKLM\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0\Performance
Key    HKLM\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0\Performance
Key    HKLM\SYSTEM\ControlSet001\services\MSSCNTRS\Performance
Key    HKLM\SYSTEM\ControlSet001\services\PerfDisk\Performance
Key    HKLM\SYSTEM\ControlSet001\services\PerfNet\Performance
Key    HKLM\SYSTEM\ControlSet001\services\PerfOS\Performance
Key    HKLM\SYSTEM\ControlSet001\services\PerfProc\Performance
Key    HKLM\SYSTEM\ControlSet001\services\rdyboost\Performance
Key    HKLM\SYSTEM\ControlSet001\services\RemoteAccess\Performance
Key    HKLM\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0\Performance
Key    HKLM\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0\Performance
Key    HKLM\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0\Performance
Key    HKLM\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0\Performance
Key    HKLM\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0\Performance
Key    HKLM\SYSTEM\ControlSet001\services\Spooler\Performance
Key    HKLM\SYSTEM\ControlSet001\services\TapiSrv\Performance
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Performance
Key    HKLM\SYSTEM\ControlSet001\services\TermService\Performance
Key    HKLM\SYSTEM\ControlSet001\services\UGatherer\Performance
Key    HKLM\SYSTEM\ControlSet001\services\UGTHRSVC\Performance
Key    HKLM\SYSTEM\ControlSet001\services\usbhub\Performance
Key    HKLM\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0\Performance
Key    HKLM\SYSTEM\ControlSet001\services\Windows Workflow Foundation 4.0.0.0\Performance
Key    HKLM\SYSTEM\ControlSet001\services\WmiApRpl\Performance
Key    HKLM\SYSTEM\ControlSet001\services\WSearchIdxPi\Performance
Key    HKCU\Software\Sysinternals\Process Explorer
Key    HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
Key    HKLM\SYSTEM\ControlSet001\Control\Nls\Locale
Key    HKLM\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts
Key    HKLM\SYSTEM\ControlSet001\Control\Nls\Language Groups
Key    HKLM\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9
Key    HKLM\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5
Key    HKCR
Key    HKCU\Software\Classes
Key    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag
Key    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
Key    HKCU\Software\Microsoft\Windows NT\CurrentVersion
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Key    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A302545D-DEFF-464B-ABE8-61C8648D939B}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\PropertyBag
Key    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
Key    HKU
Key    HKLM\SYSTEM\ControlSet001\services\crypt32
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{4BD8D571-6D19-48D3-BE97-422220080E43}\PropertyBag
Key    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN
Key    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A990AE9F-A03B-4E80-94BC-9912D7504104}\PropertyBag
Key    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2112AB0A-C86A-4FFE-A368-0DE96E47012E}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\PropertyBag
Key    HKCU
Key    HKU\S-1-5-21-3432716916-1219727339-2741707856-501
Key    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell
Key    HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7B0DB17D-9CD2-4A93-9733-46CC89022E7C}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{491E922F-5643-4AF4-A7EB-4E7A138D8174}\PropertyBag
Key    HKCU\Software\Microsoft\SystemCertificates\My
Key    HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT
Key    HKCU\Software\Microsoft\SystemCertificates\CA
Key    HKCU
Key    HKLM\SOFTWARE\Microsoft\SystemCertificates\CA
Key    HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\CA
Key    HKCU\Software\Microsoft\SystemCertificates\Disallowed
Key    HKCU
Key    HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed
Key    HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed
Key    HKCU\Software\Microsoft\SystemCertificates\Root
Key    HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Key    HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root
Key    HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot
Key    HKCU\Software\Microsoft\SystemCertificates\TrustedPeople
Key    HKCU\Software\Microsoft\SystemCertificates\SmartCardRoot
Key    HKCU
Key    HKLM\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople
Key    HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople
Key    HKCU\Software\Microsoft\SystemCertificates\trust
Key    HKCU
Key    HKLM\SOFTWARE\Microsoft\SystemCertificates\trust
Key    HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Trust
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\PropertyBag
Key    HKCU\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2400183A-6185-49FB-A2D8-4A392A602BA3}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\Windows.organize
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{33E28130-4E1E-4676-835A-98395C3BC3BB}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PropertyBag
Key    HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52528A6B-B9E3-4ADD-B60D-588C2DBA842D}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\PropertyBag
Key    HKCU\Software\Microsoft\Internet Explorer\Main
Key    HKCU\Software\Policies\Microsoft\SystemCertificates
Mutant    \Sessions\1\BaseNamedObjects\.NET CLR Data_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\.NET CLR Networking_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\.NET CLR Networking 4.0.0.0_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\.NET Data Provider for Oracle_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\.NET Data Provider for SqlServer_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\.NET Memory Cache 4.0_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\.NETFramework_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\ASP.NET_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\ASP.NET_4.0.30319_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\aspnet_state_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\BITS_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\ESENT_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\Lsa_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\MSDTC_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\MSDTC Bridge 3.0.0.0_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\MSDTC Bridge 4.0.0.0_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\MSSCNTRS_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\PerfDisk_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\PerfNet_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\PerfOS_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\PerfProc_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\rdyboost_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\RemoteAccess_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\ServiceModelEndpoint 3.0.0.0_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\ServiceModelOperation 3.0.0.0_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\ServiceModelService 3.0.0.0_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\SMSvcHost 3.0.0.0_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\SMSvcHost 4.0.0.0_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\Spooler_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\TapiSrv_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\Tcpip_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\TermService_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\UGatherer_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\UGTHRSVC_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\usbhub_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\Windows Workflow Foundation 3.0.0.0_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\Windows Workflow Foundation 4.0.0.0_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\WmiApRpl_Perf_Library_Lock_PID_5fc
Mutant    \Sessions\1\BaseNamedObjects\WSearchIdxPi_Perf_Library_Lock_PID_5fc
Mutant    \BaseNamedObjects\LOADPERF_MUTEX
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!052c0
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1024.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1024.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer
Section    \BaseNamedObjects\__ComCatalogCache__
Section    \BaseNamedObjects\__ComCatalogCache__
Section    \Sessions\1\BaseNamedObjects\windows_shell_global_counters
Section    \BaseNamedObjects\windows_shell_global_counters
Section    \Sessions\1\BaseNamedObjects\windows_ie_global_counters
Section    \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Section    \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{EDAE6976-3F70-49D8-B65F-3D54A4FA1BC3}.2.ver0x0000000000000001.db
Section    \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000034.db
Section    \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Section    \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Section    \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db
Section    \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Thread    procexp64.exe(1532): 3024
Thread    procexp64.exe(1532): 2608
Thread    procexp64.exe(1532): 2608
Thread    procexp64.exe(1532): 1464
Thread    procexp64.exe(1532): 3024
Thread    procexp64.exe(1532): 3468
Thread    procexp64.exe(1532): 2872
Thread    procexp64.exe(1532): 2532
Thread    procexp64.exe(1532): 2116
Thread    procexp64.exe(1532): 3100
Thread    procexp64.exe(1532): 3560
Thread    procexp64.exe(1532): 3572
Thread    procexp64.exe(1532): 3548
Thread    procexp64.exe(1532): 3544
Thread    procexp64.exe(1532): 3100
Thread    procexp64.exe(1532): 3560
Thread    procexp64.exe(1532): 3484
Thread    procexp64.exe(1532): 632
Thread    procexp64.exe(1532): 1380
Thread    procexp64.exe(1532): 2872
Thread    procexp64.exe(1532): 2676
Thread    procexp64.exe(1532): 4016
Thread    procexp64.exe(1532): 4016
WindowStation    \Sessions\1\Windows\WindowStations\WinSta0
WindowStation    \Sessions\1\Windows\WindowStations\WinSta0
 


  • 0

#87
its_chele

its_chele

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

There was a battery recall on some models on the website suggested running battery check tool and I did but it says was not affected... other than that ran toshiba suggested updates said had none.


  • 0

#88
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP

ProcessExplorer seems to be looking at your thumbnails caches in:

 

C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\

 

a lot more than mine.  Perhaps they are very big.

 

Try a disk cleanup per 

 

http://www.kodyaz.co...-windows-7.aspx

 

Report the size of the thumbnails before cleanng and then create a new Process Explorer log with procexp64.exe highlighted as before.


  • 0

#89
its_chele

its_chele

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Thumbnails 4.00 mb


  • 0

#90
its_chele

its_chele

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
procexp64.exe    68.59    26,016 K    44,436 K    2976    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
System Idle Process    15.11    0 K    24 K    0            
WmiPrvSE.exe        5,664 K    10,248 K    2452    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
dwm.exe    5.66    65,484 K    30,424 K    2124    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
Interrupts    5.73    0 K    0 K    n/a    Hardware Interrupts and DPCs        
csrss.exe    1.83    2,400 K    11,508 K    488    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
System    1.47    368 K    12,560 K    4            
AvastSvc.exe    0.74    75,992 K    40,960 K    1248    avast! Service    AVAST Software    (Verified) AVAST Software a.s.
svchost.exe    0.02    26,352 K    41,420 K    1020    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe        474,892 K    524,844 K    3096    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
explorer.exe    0.42    38,668 K    52,280 K    2176    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
lsass.exe    0.07    5,752 K    12,028 K    608    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
lsm.exe        2,352 K    3,880 K    616    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
AvastUI.exe    0.03    12,748 K    26,316 K    2984    avast! Antivirus    AVAST Software    (Verified) AVAST Software a.s.
svchost.exe    0.12    3,808 K    7,936 K    720    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
services.exe        4,892 K    7,176 K    584    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
wmpnetwk.exe    0.01    16,700 K    14,500 K    1404    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        1,468 K    5,656 K    1816    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        10,244 K    12,780 K    1392    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.02    7,348 K    11,384 K    996    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.02    16,004 K    16,792 K    1176    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
taskhost.exe    0.03    12,988 K    14,336 K    1632    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.01    5,768 K    11,424 K    3064    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
SearchProtocolHost.exe    0.01    2,632 K    7,456 K    1008    Microsoft Windows Search Protocol Host    Microsoft Corporation    (Verified) Microsoft Windows
WLIDSVC.EXE    0.04    6,192 K    10,600 K    1936    Microsoft® Windows Live ID Service    Microsoft Corp.    (Verified) Microsoft Corporation
csrss.exe        2,308 K    6,360 K    440    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe    0.04    25,784 K    20,516 K    2384    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        110,860 K    115,320 K    956    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
TODDSrv.exe    < 0.01    1,348 K    3,980 K    1664    TDCSrv Application    TOSHIBA Corporation    (Verified) TOSHIBA CORPORATION
WmiPrvSE.exe        2,288 K    5,964 K    5080    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WLIDSVCM.EXE        988 K    2,768 K    2004    Microsoft® Windows Live ID Service Monitor    Microsoft Corp.    (Verified) Microsoft Corporation
winlogon.exe        2,612 K    5,668 K    524    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,332 K    3,792 K    480    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
TrustedInstaller.exe        163,056 K    162,180 K    4952    Windows Modules Installer    Microsoft Corporation    (Verified) Microsoft Windows
TosCoSrv.exe        2,228 K    3,680 K    1820    TOSHIBA Power Saver    TOSHIBA Corporation    (Verified) TOSHIBA CORPORATION
taskeng.exe        1,424 K    4,868 K    576    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        4,608 K    8,020 K    796    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        1,408 K    4,868 K    2332    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        17,748 K    16,320 K    856    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        1,696 K    4,872 K    1592    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,416 K    4,980 K    736    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        4,636 K    9,208 K    1532    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,340 K    5,500 K    2204    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
spoolsv.exe        6,688 K    7,992 K    1356    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        412 K    1,052 K    340    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
SearchFilterHost.exe        1,524 K    4,724 K    3996    Microsoft Windows Search Filter Host    Microsoft Corporation    (Verified) Microsoft Windows
procexp.exe        2,568 K    6,988 K    3456    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
igfxtray.exe        1,764 K    4,972 K    2868    igfxTray Module    Intel Corporation    (Verified) Intel Corporation
igfxpers.exe        1,800 K    5,616 K    2892    persistence Module    Intel Corporation    (Verified) Intel Corporation
hkcmd.exe        2,524 K    8,452 K    2884    hkcmd Module    Intel Corporation    (Verified) Intel Corporation
dllhost.exe        1,708 K    5,516 K    3964    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
cAudioFilterAgent64.exe        1,736 K    4,848 K    2520    Conexant High Definition Audio Filter Agent    Conexant Systems, Inc.    (Verified) Conexant Systems
BelkinService.exe        1,980 K    5,776 K    1492    BelkinService    Affinegy, Inc.    (Verified) Affinegy
audiodg.exe        16,272 K    16,500 K    1372    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows

Process: procexp64.exe Pid: 2976

Type    Name
ALPC Port    \RPC Control\OLE037DA41719954EA89F98A27E735F
Desktop    \Default
Directory    \KnownDlls
Directory    \Sessions\1\BaseNamedObjects
Event    \BaseNamedObjects\CLR_PerfMon_DoneEnumEvent
Event    \BaseNamedObjects\CLR_PerfMon_StartEnumEvent
Event    \KernelObjects\MaximumCommitCondition
Event    \BaseNamedObjects\TermSrvReadyEvent
Event    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterEvent
Event    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterEvent
Event    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterEvent
Event    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterEvent
File    C:\Users\MWG\Desktop
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    C:\Windows\System32\en-US\setupapi.dll.mui
File    C:\Windows\System32\en-US\advapi32.dll.mui
File    \Device\PROCEXP152
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    \Device\KsecDD
File    C:\Windows\Fonts\StaticCache.dat
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
File    C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23508_none_145555328b95eaaa
File    C:\ProgramData\AVAST Software\Avast
File    C:\Program Files\AVAST Software\Avast\setup
File    \Device\NamedPipe\srvsvc
File    \Device\Afd
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    \Device\Afd
File    \Device\Afd
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    C:\Windows\System32\en-US\wshtcpip.dll.mui
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    \Device\Afd
File    C:\Windows\System32\en-US\crypt32.dll.mui
File    C:\Windows\System32\en-US\comdlg32.dll.mui
File    C:\Windows\System32\en-US\wship6.dll.mui
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
File    \Device\Afd
File    C:\Windows\System32\en-US\msxml3r.dll.mui
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
File    \Device\KsecDD
File    C:\Windows\System32\en-US\KernelBase.dll.mui
File    C:\Windows\System32\en-US\user32.dll.mui
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
File    C:\Windows\System32\en-US\thumbcache.dll.mui
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
File    \Device\Nsi
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
File    \Device\Afd
File    \Device\Afd
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
File    C:\Windows\System32\en-US\shell32.dll.mui
File    C:\Windows\System32\en-US\propsys.dll.mui
File    C:\Windows\System32\en-US\explorerframe.dll.mui
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
File    C:\Windows\System32\en-US\oleaccrc.dll.mui
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
File    C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
File    C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File    C:\Users\MWG\AppData\Roaming\Microsoft\SystemCertificates\My
Key    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Key    HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER
Key    HKLM
Key    HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
Key    HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder
Key    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PERFLIB
Key    HKCU
Key    HKLM\SYSTEM\ControlSet001\services\.NET CLR Data\Performance
Key    HKLM\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance
Key    HKLM\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0\Performance
Key    HKLM\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle\Performance
Key    HKLM\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer\Performance
Key    HKLM\SYSTEM\ControlSet001\services\.NET Memory Cache 4.0\Performance
Key    HKLM\SYSTEM\ControlSet001\services\.NETFramework\Performance
Key    HKLM\SYSTEM\ControlSet001\services\ASP.NET\Performance
Key    HKLM\SYSTEM\ControlSet001\services\ASP.NET_4.0.30319\Performance
Key    HKLM\SYSTEM\ControlSet001\services\aspnet_state\Performance
Key    HKLM\SYSTEM\ControlSet001\services\BITS\Performance
Key    HKLM\SYSTEM\ControlSet001\services\ESENT\Performance
Key    HKLM\SYSTEM\ControlSet001\services\Lsa\Performance
Key    HKLM\SYSTEM\ControlSet001\services\MSDTC\Performance
Key    HKLM\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0\Performance
Key    HKLM\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0\Performance
Key    HKLM\SYSTEM\ControlSet001\services\MSSCNTRS\Performance
Key    HKLM\SYSTEM\ControlSet001\services\PerfDisk\Performance
Key    HKLM\SYSTEM\ControlSet001\services\PerfNet\Performance
Key    HKLM\SYSTEM\ControlSet001\services\PerfOS\Performance
Key    HKLM\SYSTEM\ControlSet001\services\PerfProc\Performance
Key    HKLM\SYSTEM\ControlSet001\services\rdyboost\Performance
Key    HKLM\SYSTEM\ControlSet001\services\RemoteAccess\Performance
Key    HKLM\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0\Performance
Key    HKLM\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0\Performance
Key    HKLM\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0\Performance
Key    HKLM\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0\Performance
Key    HKLM\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0\Performance
Key    HKLM\SYSTEM\ControlSet001\services\Spooler\Performance
Key    HKLM\SYSTEM\ControlSet001\services\TapiSrv\Performance
Key    HKLM\SYSTEM\ControlSet001\services\Tcpip\Performance
Key    HKLM\SYSTEM\ControlSet001\services\TermService\Performance
Key    HKLM\SYSTEM\ControlSet001\services\UGatherer\Performance
Key    HKLM\SYSTEM\ControlSet001\services\UGTHRSVC\Performance
Key    HKLM\SYSTEM\ControlSet001\services\usbhub\Performance
Key    HKLM\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0\Performance
Key    HKLM\SYSTEM\ControlSet001\services\Windows Workflow Foundation 4.0.0.0\Performance
Key    HKLM\SYSTEM\ControlSet001\services\WmiApRpl\Performance
Key    HKLM\SYSTEM\ControlSet001\services\WSearchIdxPi\Performance
Key    HKCU\Software\Sysinternals\Process Explorer
Key    HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
Key    HKLM\SYSTEM\ControlSet001\Control\Nls\Locale
Key    HKLM\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts
Key    HKLM\SYSTEM\ControlSet001\Control\Nls\Language Groups
Key    HKLM\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9
Key    HKLM\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5
Key    HKCR
Key    HKCU\Software\Classes
Key    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag
Key    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
Key    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Key    HKCU\Software\Microsoft\Windows NT\CurrentVersion
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Key    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{4BD8D571-6D19-48D3-BE97-422220080E43}\PropertyBag
Key    HKU
Key    HKLM\SYSTEM\ControlSet001\services\crypt32
Key    HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT
Key    HKCU\Software\Microsoft\SystemCertificates\My
Key    HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2112AB0A-C86A-4FFE-A368-0DE96E47012E}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7B0DB17D-9CD2-4A93-9733-46CC89022E7C}\PropertyBag
Key    HKCU\Software\Microsoft\SystemCertificates\CA
Key    HKCU
Key    HKLM\SOFTWARE\Microsoft\SystemCertificates\CA
Key    HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\CA
Key    HKCU\Software\Microsoft\SystemCertificates\Disallowed
Key    HKCU
Key    HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed
Key    HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed
Key    HKCU\Software\Microsoft\SystemCertificates\Root
Key    HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Key    HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root
Key    HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot
Key    HKCU\Software\Microsoft\SystemCertificates\TrustedPeople
Key    HKCU\Software\Microsoft\SystemCertificates\SmartCardRoot
Key    HKCU
Key    HKLM\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople
Key    HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople
Key    HKCU\Software\Microsoft\SystemCertificates\trust
Key    HKCU
Key    HKLM\SOFTWARE\Microsoft\SystemCertificates\trust
Key    HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Trust
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52528A6B-B9E3-4ADD-B60D-588C2DBA842D}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2400183A-6185-49FB-A2D8-4A392A602BA3}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A990AE9F-A03B-4E80-94BC-9912D7504104}\PropertyBag
Key    HKCU
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\Windows.organize
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PropertyBag
Key    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Key    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell
Key    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell
Key    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A302545D-DEFF-464B-ABE8-61C8648D939B}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\PropertyBag
Key    HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PropertyBag
Key    HKU\S-1-5-21-3432716916-1219727339-2741707856-501
Key    HKCU\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{33E28130-4E1E-4676-835A-98395C3BC3BB}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\PropertyBag
Key    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{491E922F-5643-4AF4-A7EB-4E7A138D8174}\PropertyBag
Key    HKCU\Software\Policies\Microsoft\SystemCertificates
Mutant    \Sessions\1\BaseNamedObjects\.NET CLR Data_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\.NET CLR Networking_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\.NET CLR Networking 4.0.0.0_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\.NET Data Provider for Oracle_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\.NET Data Provider for SqlServer_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\.NET Memory Cache 4.0_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\.NETFramework_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\ASP.NET_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\ASP.NET_4.0.30319_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\aspnet_state_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\BITS_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\ESENT_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\Lsa_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\MSDTC_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\MSDTC Bridge 3.0.0.0_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\MSDTC Bridge 4.0.0.0_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\MSSCNTRS_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\PerfDisk_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\PerfNet_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\PerfOS_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\PerfProc_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\rdyboost_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\RemoteAccess_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\ServiceModelEndpoint 3.0.0.0_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\ServiceModelOperation 3.0.0.0_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\ServiceModelService 3.0.0.0_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\SMSvcHost 3.0.0.0_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\SMSvcHost 4.0.0.0_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\Spooler_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\TapiSrv_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\Tcpip_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\TermService_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\UGatherer_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\UGTHRSVC_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\usbhub_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\Windows Workflow Foundation 3.0.0.0_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\Windows Workflow Foundation 4.0.0.0_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\WmiApRpl_Perf_Library_Lock_PID_ba0
Mutant    \Sessions\1\BaseNamedObjects\WSearchIdxPi_Perf_Library_Lock_PID_ba0
Mutant    \BaseNamedObjects\LOADPERF_MUTEX
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1024.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1024.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1024.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1024.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer
Mutant    \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex
Section    \BaseNamedObjects\__ComCatalogCache__
Section    \BaseNamedObjects\__ComCatalogCache__
Section    \Sessions\1\BaseNamedObjects\windows_shell_global_counters
Section    \BaseNamedObjects\windows_shell_global_counters
Section    \Sessions\1\BaseNamedObjects\windows_ie_global_counters
Section    \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{EDAE6976-3F70-49D8-B65F-3D54A4FA1BC3}.2.ver0x0000000000000001.db
Section    \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Section    \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000034.db
Section    \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Section    \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Section    \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db
Section    \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Thread    procexp64.exe(2976): 4100
Thread    procexp64.exe(2976): 4624
Thread    procexp64.exe(2976): 4624
Thread    procexp64.exe(2976): 3736
Thread    procexp64.exe(2976): 4100
Thread    procexp64.exe(2976): 4156
Thread    procexp64.exe(2976): 3640
Thread    procexp64.exe(2976): 2640
Thread    procexp64.exe(2976): 3060
Thread    procexp64.exe(2976): 3060
Thread    procexp64.exe(2976): 2960
Thread    procexp64.exe(2976): 2960
Thread    procexp64.exe(2976): 4832
Thread    procexp64.exe(2976): 4076
Thread    procexp64.exe(2976): 4076
Thread    procexp64.exe(2976): 4276
Thread    procexp64.exe(2976): 3916
Thread    procexp64.exe(2976): 4992
Thread    procexp64.exe(2976): 4924
Thread    procexp64.exe(2976): 1580
Thread    procexp64.exe(2976): 4276
Thread    procexp64.exe(2976): 2956
Thread    procexp64.exe(2976): 3916
Thread    procexp64.exe(2976): 2640
Thread    procexp64.exe(2976): 4324
Thread    procexp64.exe(2976): 4832
Thread    procexp64.exe(2976): 4992
Thread    procexp64.exe(2976): 4324
Thread    procexp64.exe(2976): 4740
Thread    procexp64.exe(2976): 2092
Thread    procexp64.exe(2976): 2092
WindowStation    \Sessions\1\Windows\WindowStations\WinSta0
WindowStation    \Sessions\1\Windows\WindowStations\WinSta0
 


  • 0






Similar Topics


Also tagged with one or more of these keywords: Malware, Sluggish

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP