Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
Malware Expert
PE log is showing multiple \Device\Afd which is not present at all on mine. Go into device manager
(Search for
device manager
hit Enter)
and click on the arrow in front of Network Adapters. Right click on each network adapter that shows up and Disable.
Run DPC again and see if it still shows red. Create a new PE log then go back into device manager and enable the network adapter that you are using and post the PE log.
Member
disable all adapters no red showed up....here is new log
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
procexp64.exe 61.17 24,900 K 42,096 K 3736 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System Idle Process 12.09 0 K 24 K 0
dwm.exe 6.34 47,764 K 24,160 K 2084 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 6.06 5,128 K 9,944 K 3488 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 3.91 1,760 K 5,504 K 3088 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 2.89 33,124 K 51,752 K 1888 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
Interrupts 2.43 0 K 0 K n/a Hardware Interrupts and DPCs
csrss.exe 1.13 2,180 K 9,648 K 488 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
System 0.94 200 K 2,280 K 4
AvastSvc.exe 0.91 59,420 K 40,140 K 1300 avast! Service AVAST Software (Verified) AVAST Software a.s.
svchost.exe 0.53 3,736 K 7,600 K 792 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 0.47 5,276 K 13,116 K 600 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.40 23,672 K 41,308 K 1016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.30 3,684 K 8,988 K 720 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AvastUI.exe 0.17 12,272 K 20,852 K 2920 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
svchost.exe 0.06 7,104 K 11,360 K 992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.03 9,816 K 13,276 K 1444 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 0.03 1,444 K 5,448 K 3408 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.03 2,464 K 6,996 K 440 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 0.02 3,516 K 8,436 K 2664 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 111,804 K 52,628 K 1228 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 0.02 16,808 K 15,312 K 3000 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 15,120 K 16,904 K 856 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
services.exe 0.01 5,092 K 8,828 K 580 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 0.01 23,248 K 14,724 K 3040 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 108,288 K 114,420 K 952 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE 0.01 6,200 K 14,628 K 1852 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
svchost.exe 0.01 4,964 K 10,252 K 2828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
TODDSrv.exe < 0.01 1,348 K 4,540 K 1716 TDCSrv Application TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
WLIDSVCM.EXE 1,000 K 3,200 K 1960 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
winlogon.exe 2,492 K 6,920 K 520 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,316 K 4,264 K 480 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
TosCoSrv.exe 2,228 K 4,736 K 1744 TOSHIBA Power Saver TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
svchost.exe 2,176 K 5,644 K 2076 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,368 K 5,696 K 604 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,440 K 10,252 K 1576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 6,088 K 11,080 K 1396 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 416 K 1,096 K 340 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 2,568 K 6,952 K 3416 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
mmc.exe 11,472 K 13,920 K 3320 Microsoft Management Console Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 2,276 K 4,052 K 608 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
igfxtray.exe 1,756 K 6,004 K 1244 igfxTray Module Intel Corporation (Verified) Intel Corporation
igfxpers.exe 1,740 K 6,248 K 2012 persistence Module Intel Corporation (Verified) Intel Corporation
hkcmd.exe 2,560 K 9,712 K 2540 hkcmd Module Intel Corporation (Verified) Intel Corporation
cAudioFilterAgent64.exe 1,680 K 5,356 K 2592 Conexant High Definition Audio Filter Agent Conexant Systems, Inc. (Verified) Conexant Systems
BelkinService.exe 1,972 K 7,228 K 1536 BelkinService Affinegy, Inc. (Verified) Affinegy
Process: procexp64.exe Pid: 3736
Type Name
ALPC Port \RPC Control\OLEA9F799CDF10E428CB1A78C3689B1
Desktop \Default
Directory \KnownDlls
Directory \Sessions\1\BaseNamedObjects
Event \BaseNamedObjects\CLR_PerfMon_DoneEnumEvent
Event \BaseNamedObjects\CLR_PerfMon_StartEnumEvent
Event \KernelObjects\MaximumCommitCondition
Event \BaseNamedObjects\TermSrvReadyEvent
Event \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterEvent
Event \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterEvent
Event \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterEvent
Event \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterEvent
File C:\Users\MWG\Desktop
File C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File C:\Windows\System32\en-US\setupapi.dll.mui
File C:\Windows\System32\en-US\advapi32.dll.mui
File \Device\PROCEXP152
File C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File \Device\KsecDD
File C:\Windows\Fonts\StaticCache.dat
File C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
File C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
File C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23508_none_145555328b95eaaa
File C:\Windows\System32\en-US\comdlg32.dll.mui
File C:\Windows\System32\en-US\user32.dll.mui
File C:\ProgramData\AVAST Software\Avast
File C:\Program Files\AVAST Software\Avast\setup
File C:\Windows\System32\en-US\shell32.dll.mui
File C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
File C:\Windows\System32\en-US\thumbcache.dll.mui
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
File C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File C:\Windows\System32\en-US\crypt32.dll.mui
File C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File C:\Windows\System32\en-US\propsys.dll.mui
File C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File C:\Windows\System32\en-US\explorerframe.dll.mui
File C:\Windows\System32\en-US\oleaccrc.dll.mui
File C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File C:\Windows\System32\en-US\userenv.dll.mui
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
File \Device\KsecDD
File C:\Windows\System32\en-US\KernelBase.dll.mui
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
File C:\Windows\System32\en-US\msxml3r.dll.mui
File C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
File C:\Users\MWG\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
File C:\Users\MWG\AppData\Roaming\Microsoft\SystemCertificates\My
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Key HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER
Key HKLM
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
Key HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PERFLIB
Key HKCU
Key HKLM\SYSTEM\ControlSet001\services\.NET CLR Data\Performance
Key HKLM\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance
Key HKLM\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle\Performance
Key HKLM\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer\Performance
Key HKLM\SYSTEM\ControlSet001\services\.NET Memory Cache 4.0\Performance
Key HKLM\SYSTEM\ControlSet001\services\.NETFramework\Performance
Key HKLM\SYSTEM\ControlSet001\services\ASP.NET\Performance
Key HKLM\SYSTEM\ControlSet001\services\ASP.NET_4.0.30319\Performance
Key HKLM\SYSTEM\ControlSet001\services\aspnet_state\Performance
Key HKLM\SYSTEM\ControlSet001\services\BITS\Performance
Key HKLM\SYSTEM\ControlSet001\services\ESENT\Performance
Key HKLM\SYSTEM\ControlSet001\services\Lsa\Performance
Key HKLM\SYSTEM\ControlSet001\services\MSDTC\Performance
Key HKLM\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\services\MSSCNTRS\Performance
Key HKLM\SYSTEM\ControlSet001\services\PerfDisk\Performance
Key HKLM\SYSTEM\ControlSet001\services\PerfNet\Performance
Key HKLM\SYSTEM\ControlSet001\services\PerfOS\Performance
Key HKLM\SYSTEM\ControlSet001\services\PerfProc\Performance
Key HKLM\SYSTEM\ControlSet001\services\rdyboost\Performance
Key HKLM\SYSTEM\ControlSet001\services\RemoteAccess\Performance
Key HKLM\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\services\Spooler\Performance
Key HKLM\SYSTEM\ControlSet001\services\TapiSrv\Performance
Key HKLM\SYSTEM\ControlSet001\services\Tcpip\Performance
Key HKLM\SYSTEM\ControlSet001\services\TermService\Performance
Key HKLM\SYSTEM\ControlSet001\services\UGatherer\Performance
Key HKLM\SYSTEM\ControlSet001\services\UGTHRSVC\Performance
Key HKLM\SYSTEM\ControlSet001\services\usbhub\Performance
Key HKLM\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\services\Windows Workflow Foundation 4.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\services\WmiApRpl\Performance
Key HKLM\SYSTEM\ControlSet001\services\WSearchIdxPi\Performance
Key HKCU\Software\Sysinternals\Process Explorer
Key HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Locale
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Language Groups
Key HKLM\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9
Key HKLM\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5
Key HKCR
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
Key HKCU\Software\Classes
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Key HKCU\Software\Microsoft\Windows NT\CurrentVersion
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2400183A-6185-49FB-A2D8-4A392A602BA3}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52528A6B-B9E3-4ADD-B60D-588C2DBA842D}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2112AB0A-C86A-4FFE-A368-0DE96E47012E}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7B0DB17D-9CD2-4A93-9733-46CC89022E7C}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A302545D-DEFF-464B-ABE8-61C8648D939B}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{33E28130-4E1E-4676-835A-98395C3BC3BB}\PropertyBag
Key HKU
Key HKLM\SYSTEM\ControlSet001\services\crypt32
Key HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Key HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Key HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN
Key HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell
Key HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{491E922F-5643-4AF4-A7EB-4E7A138D8174}\PropertyBag
Key HKCU\Software\Microsoft\Internet Explorer\Main
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PropertyBag
Key HKU\S-1-5-21-3432716916-1219727339-2741707856-501
Key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
Key HKCU\Software\Microsoft\SystemCertificates\My
Key HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT
Key HKCU\Software\Microsoft\SystemCertificates\CA
Key HKCU
Key HKLM\SOFTWARE\Microsoft\SystemCertificates\CA
Key HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\CA
Key HKCU\Software\Microsoft\SystemCertificates\Disallowed
Key HKCU
Key HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed
Key HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed
Key HKCU\Software\Microsoft\SystemCertificates\Root
Key HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Key HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root
Key HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot
Key HKCU\Software\Microsoft\SystemCertificates\TrustedPeople
Key HKCU\Software\Microsoft\SystemCertificates\SmartCardRoot
Key HKCU
Key HKLM\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople
Key HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople
Key HKCU\Software\Microsoft\SystemCertificates\trust
Key HKCU
Key HKLM\SOFTWARE\Microsoft\SystemCertificates\trust
Key HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Trust
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\PropertyBag
Key HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates
Key HKCU\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{4BD8D571-6D19-48D3-BE97-422220080E43}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A990AE9F-A03B-4E80-94BC-9912D7504104}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\Windows.organize
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\PropertyBag
Key HKCU\Software\Policies\Microsoft\SystemCertificates
Mutant \Sessions\1\BaseNamedObjects\.NET CLR Data_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\.NET CLR Networking_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\.NET CLR Networking 4.0.0.0_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\.NET Data Provider for Oracle_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\.NET Data Provider for SqlServer_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\.NET Memory Cache 4.0_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\.NETFramework_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\ASP.NET_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\ASP.NET_4.0.30319_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\aspnet_state_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\BITS_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\ESENT_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\Lsa_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\MSDTC_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\MSDTC Bridge 3.0.0.0_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\MSDTC Bridge 4.0.0.0_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\MSSCNTRS_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\PerfDisk_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\PerfNet_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\PerfOS_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\PerfProc_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\rdyboost_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\RemoteAccess_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\ServiceModelEndpoint 3.0.0.0_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\ServiceModelOperation 3.0.0.0_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\ServiceModelService 3.0.0.0_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\SMSvcHost 3.0.0.0_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\SMSvcHost 4.0.0.0_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\Spooler_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\TapiSrv_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\Tcpip_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\TermService_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\UGatherer_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\UGTHRSVC_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\usbhub_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\Windows Workflow Foundation 3.0.0.0_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\Windows Workflow Foundation 4.0.0.0_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\WmiApRpl_Perf_Library_Lock_PID_e98
Mutant \Sessions\1\BaseNamedObjects\WSearchIdxPi_Perf_Library_Lock_PID_e98
Mutant \BaseNamedObjects\LOADPERF_MUTEX
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1024.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1024.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1024.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1024.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:MWG:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit
Section \BaseNamedObjects\__ComCatalogCache__
Section \BaseNamedObjects\__ComCatalogCache__
Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
Section \BaseNamedObjects\windows_shell_global_counters
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{EDAE6976-3F70-49D8-B65F-3D54A4FA1BC3}.2.ver0x0000000000000001.db
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000034.db
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db
Section \Sessions\1\BaseNamedObjects\windows_ie_global_counters
Thread procexp64.exe(3736): 3712
Thread procexp64.exe(3736): 2584
Thread procexp64.exe(3736): 2584
Thread procexp64.exe(3736): 4052
Thread procexp64.exe(3736): 3712
Thread procexp64.exe(3736): 2616
Thread procexp64.exe(3736): 2896
Thread procexp64.exe(3736): 2868
Thread procexp64.exe(3736): 2412
Thread procexp64.exe(3736): 1792
Thread procexp64.exe(3736): 620
Thread procexp64.exe(3736): 888
Thread procexp64.exe(3736): 1692
Thread procexp64.exe(3736): 2036
Thread procexp64.exe(3736): 2952
Thread procexp64.exe(3736): 3892
Thread procexp64.exe(3736): 692
Thread procexp64.exe(3736): 1212
Thread procexp64.exe(3736): 888
Thread procexp64.exe(3736): 1792
Thread procexp64.exe(3736): 4024
Thread procexp64.exe(3736): 4024
WindowStation \Sessions\1\Windows\WindowStations\WinSta0
WindowStation \Sessions\1\Windows\WindowStations\WinSta0
Edited by its_chele, 29 August 2016 - 08:23 PM.
Malware Expert
With the network adapters disabled, DPC is happy. Interrupts is about half what it was so one or both of your network adapters are a big part of the problem. First thing to do is to just right click on them and uninstall then reboot. Windows will reinstall them. Disable the one you are not using. See if DPC is green. If not then see if you can update or roll back the driver.
It may also help to reset winsock & tcp:
Open an elevated Command Prompt:
Start, All Programs, Accessories then right click on Command Prompt and Run as Admin.
Type (with an Enter after each line)
netsh winsock reset catalog
(I use two spaces so you can see where one goes.)
netsh int ipv4 reset reset4.log
netsh int ipv6 reset reset6.log
You will need to reboot after this.
Check DPC again and see if it's green or red.
Member
I reset & disabled adapters ran DPC all green ...left 2 disabled and only one enabled and dpc is red with only one enabled more red if I enable another!
Malware Expert
Which adapter do you have enabled? Right click on it and select properties then click on the Details tab. Change Property to Hardware IDs. Click on the top one then right click and copy. Paste that into a reply.
Member
Atheros AR9285 Wireless Network Adapter enabled
PCI\VEN_168C&DEV_002B&SUBSYS_661111AD&REV_01
Malware Expert
Which version of the Atheros AR9285 driver do you have?
Recommended version is supposed to be: 10.0.0.260
Malware Expert
See if you can get this one to install:
http://www.dell.com/...riverId=R299167
It's Version 9.1.0.328, A01
If it doesn't work you can roll it back.
Member
I installed driver went device manager and it would let me choose it said I already had best driver 
Malware Expert
Not sure what you mean by it let you choose?
Did it change the driver. Even if that's the newest driver an older one might be better.
Member
Under device manager gives you option to search automatically or browse computer so when I download what you sent I picked browse and the file but it still says best driver already installed.
Malware Expert
Try the new one anyway even if it's older it might be better.
Member
Ok I think I finally got it installed 
Malware Expert
Reboot if you haven't already and run a Process Explorer log
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.
![Possible Malware infection - help request [Solved] - last post by DR M](https://www.geekstogo.com/forum/uploads/profile/photo-418842.gif?_r=1578338641)
Sign In
Create Account
