Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

7month old HP Computer lags

HP Windows10 internet

  • Please log in to reply

#76
Lady_Rocker

Lady_Rocker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System 39.66 132 K 1,276 K 4
procexp64.exe 14.52 48,364 K 69,632 K 3196 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System Idle Process 25.15 0 K 4 K 0
chrome.exe 4.37 62,960 K 103,808 K 4044 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.75 74,080 K 120,004 K 12260 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.71 29,148 K 43,668 K 12232 Google Chrome Google Inc. (Verified) Google Inc
dwm.exe 0.43 60,256 K 36,224 K 5212 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
AvastSvc.exe 0.20 81,804 K 40,112 K 11572 avast! Service AVAST Software (Verified) AVAST Software a.s.
svchost.exe 0.32 42,620 K 46,020 K 452 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe 0.24 2,316 K 2,800 K 5644 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 13,080 K 15,644 K 1120 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
explorer.exe 0.04 78,968 K 86,712 K 5804 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 7,708 K 11,564 K 1300 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.03 6,744 K 8,820 K 904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.29 77,788 K 106,136 K 10056 Google Chrome Google Inc. (Verified) Google Inc
afwServ.exe < 0.01 12,616 K 12,416 K 1308 avast! firewall service AVAST Software (Verified) AVAST Software a.s.
chrome.exe 0.06 151,120 K 74,044 K 10868 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.02 12,972 K 18,700 K 848 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AvastUI.exe 0.01 16,388 K 16,608 K 9504 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
chrome.exe 0.06 53,880 K 39,704 K 8788 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.24 61,244 K 62,912 K 596 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
lsass.exe 0.02 7,268 K 10,140 K 780 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
plays_service.exe 0.01 13,232 K 2,824 K 2284 Plays.tv Service Plays.tv, LLC (Verified) Plays.tv
AvastUI.exe 0.01 16,580 K 17,000 K 9184 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
svchost.exe 21,776 K 41,476 K 8716 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 16,104 K 14,268 K 556 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe < 0.01 2,008 K 18,280 K 668 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
PhotoshopElementsFileAgent.exe < 0.01 2,744 K 1,332 K 2060 (Verified) Adobe Systems Incorporated
WUDFHost.exe 1,864 K 8,896 K 3732 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 11.43 6,808 K 8,052 K 9240 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 0.07 2,348 K 8,540 K 11352 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,284 K 4,964 K 7612 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 1,920 K 3,240 K 720 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,076 K 1,236 K 656 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
unsecapp.exe 1,364 K 2,900 K 1672 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,356 K 2,872 K 10704 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 6,876 K 11,392 K 2832 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 6,624 K 7,224 K 4188 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SystemSettingsBroker.exe 2,324 K 11,836 K 11116 System Settings Broker Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 7,252 K 15,428 K 2320 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 3,968 K 5,920 K 2992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 19,728 K 23,792 K 568 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,932 K 2,364 K 2068 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,972 K 7,736 K 1676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,544 K 6,076 K 1532 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,472 K 4,920 K 1616 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9,316 K 18,224 K 2124 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 10,944 K 14,104 K 4032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,556 K 7,128 K 2940 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,324 K 6,220 K 2304 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,592 K 3,160 K 1412 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 6,596 K 4,224 K 1776 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
SkypeHost.exe Suspended 41,080 K 17,840 K 11136 Microsoft Skype Preview Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
SkypeHost.exe Suspended 18,060 K 652 K 8980 Microsoft Skype Preview Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
sihost.exe 6,852 K 16,844 K 2972 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 4,896 K 12,644 K 2088 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 39,888 K 84,112 K 3468 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SettingSyncHost.exe 10,628 K 2,360 K 996 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
SettingSyncHost.exe 6,988 K 1,348 K 11804 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
services.exe 3,040 K 4,960 K 772 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchUI.exe Suspended 52,268 K 24,884 K 4404 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchUI.exe Suspended 46,500 K 3,464 K 6456 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 31,316 K 19,568 K 2312 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 24,012 K 38,860 K 10376 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 16,704 K 24,584 K 5856 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RtkAudioService64.exe 1,596 K 1,588 K 1576 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RichVideo64.exe 1,340 K 1,508 K 2268 RichVideo Module (Verified) CyberLink Corp.
RemindersServer.exe Suspended 8,608 K 5,912 K 3312 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
RAVBg64.exe 5,996 K 4,392 K 3440 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe 6,008 K 2,564 K 1600 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
procexp.exe 2,792 K 10,176 K 9648 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
opvapp.exe 2,052 K 2,464 K 4848 (No signature was present in the subject)
OPBHOBrokerDsktop.exe 2,376 K 2,372 K 2628 HP SimplePass BHO Broker Hewlett-Packard (Verified) Softex Incorporated
OPBHOBrokerDsktop.exe 2,364 K 1,832 K 4180 HP SimplePass BHO Broker Hewlett-Packard (Verified) Softex Incorporated
OneDrive.exe 4,916 K 6,908 K 6760 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
OmniServ.exe 3,328 K 2,960 K 1168 HP SimplePass Service Softex Inc. (No signature was present in the subject) Softex Inc.
mDNSResponder.exe 1,640 K 3,056 K 2092 Bonjour Service Apple Inc. (Verified) Apple Inc.
ijplmsvc.exe 1,200 K 1,488 K 2160 Inkjet Printer/Scanner/Fax Extended Survey Program Service (Verified) Canon Inc.
HPSupportSolutionsFrameworkService.exe 40,476 K 5,052 K 5616 HP Support Solutions Framework Service HP Inc. (Verified) Hewlett-Packard Company
GoogleUpdate.exe 1,740 K 292 K 9640 Google Installer Google Inc. (Verified) Google Inc
GoogleCrashHandler64.exe 1,516 K 200 K 4264 Google Crash Handler Google Inc. (Verified) Google Inc
GoogleCrashHandler.exe 1,636 K 260 K 4880 Google Crash Handler Google Inc. (Verified) Google Inc
fontdrvhost.exe 840 K 1,076 K 11040 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 852 K 1,236 K 8340 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 74,684 K 62,168 K 4680 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 22,380 K 7,664 K 1000 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
DropboxUpdate.exe 1,996 K 3,492 K 5204 Dropbox Update Dropbox, Inc. (Verified) Dropbox
dllhost.exe 1,924 K 3,508 K 4216 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 4,208 K 7,480 K 2212 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1,556 K 2,052 K 552 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe < 0.01 31,272 K 7,564 K 1912 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,020 K 9,384 K 11164 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 1,992 K 2,912 K 6696 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 30,808 K 65,640 K 3476 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 24,532 K 57,420 K 9096 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 69,500 K 65,376 K 9708 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,152 K 8,200 K 6408 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,112 K 2,444 K 9200 Google Chrome Google Inc. (Verified) Google Inc
atiesrxx.exe 1,264 K 1,912 K 1240 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 2,188 K 3,852 K 5008 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 2,188 K 2,900 K 1288 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
ApplicationFrameHost.exe 3,744 K 14,044 K 5472 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
 
Process: procexp64.exe Pid: 3196
 
Type Name
ALPC Port \RPC Control\OLE7E5DFF6A1DAB29487B58A44C5E96
Desktop \Default
Directory \KnownDlls
Directory \Sessions\2\BaseNamedObjects
Event \BaseNamedObjects\CLR_PerfMon_DoneEnumEvent
Event \BaseNamedObjects\CLR_PerfMon_StartEnumEvent
Event \KernelObjects\MaximumCommitCondition
Event \BaseNamedObjects\TermSrvReadyEvent
Event \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwWriterEvent
Event \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwWriterEvent
Event \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterEvent
File C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8
File \Device\CNG
File \Device\DeviceApi
File C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8
File C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8
File \Device\PROCEXP152
File C:\Windows\Fonts\StaticCache.dat
File C:\Windows\Registration\R00000000000d.clb
File C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db
File C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_88e0de612fadfb38
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db
File C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8
File C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8
File C:\Windows\System32\en-US\comdlg32.dll.mui
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db
File C:\Windows\System32\en-US\winnlsres.dll.mui
File \Device\KsecDD
File C:\Windows\System32\en-US\explorerframe.dll.mui
File \Device\Nsi
File C:\Users\NiTa\AppData\Roaming\Microsoft\SystemCertificates\My
File C:\Windows\System32
File C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8
File C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
File C:\Windows\System32\en-US\windows.storage.dll.mui
File C:\Users\NiTa\Desktop
File C:\Windows\System32\en-US\wpdshext.dll.mui
File C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8
File C:\Users\NiTa\Desktop
File \Device\NamedPipe\DropboxDataPipe
File C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.51_none_7bd61ed3ff8affee
File C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db
Key HKLM\SYSTEM\ControlSet001\Control\Session Manager
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
Key HKLM
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Key HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
Key HKCU
Key HKLM\SYSTEM\ControlSet001\Services\.NET CLR Data\Performance
Key HKLM\SYSTEM\ControlSet001\Services\.NET CLR Networking\Performance
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids
Key HKLM\SYSTEM\ControlSet001\Services\.NET CLR Networking 4.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\Services\.NET Data Provider for Oracle\Performance
Key HKLM\SYSTEM\ControlSet001\Services\.NET Data Provider for SqlServer\Performance
Key HKLM\SYSTEM\ControlSet001\Services\.NET Memory Cache 4.0\Performance
Key HKLM\SYSTEM\ControlSet001\Services\.NETFramework\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ASP.NET\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ASP.NET_2.0.50727\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ASP.NET_4.0.30319\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ASP.NET_64_2.0.50727\Performance
Key HKLM\SYSTEM\ControlSet001\Services\aspnet_state\Performance
Key HKLM\SYSTEM\ControlSet001\Services\BITS\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ESENT\Performance
Key HKLM\SYSTEM\ControlSet001\Services\Lsa\Performance
Key HKLM\SYSTEM\ControlSet001\Services\MSDTC\Performance
Key HKLM\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\Services\MSDTC Bridge 4.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\Services\MSSCNTRS\Performance
Key HKLM\SYSTEM\ControlSet001\Services\Outlook\Performance
Key HKLM\SYSTEM\ControlSet001\Services\PerfDisk\Performance
Key HKLM\SYSTEM\ControlSet001\Services\PerfNet\Performance
Key HKLM\SYSTEM\ControlSet001\Services\PerfOS\Performance
Key HKLM\SYSTEM\ControlSet001\Services\PerfProc\Performance
Key HKLM\SYSTEM\ControlSet001\Services\rdyboost\Performance
Key HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ServiceModelOperation 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\Services\ServiceModelService 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\Services\SMSvcHost 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\Services\SMSvcHost 4.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\Services\Spooler\Performance
Key HKLM\SYSTEM\ControlSet001\Services\TapiSrv\Performance
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Performance
Key HKLM\SYSTEM\ControlSet001\Services\TermService\Performance
Key HKLM\SYSTEM\ControlSet001\Services\UGatherer\Performance
Key HKLM\SYSTEM\ControlSet001\Services\UGTHRSVC\Performance
Key HKLM\SYSTEM\ControlSet001\Services\usbhub\Performance
Key HKLM\SYSTEM\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\Services\Windows Workflow Foundation 4.0.0.0\Performance
Key HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance
Key HKLM\SYSTEM\ControlSet001\Services\WSearchIdxPi\Performance
Key HKCU\SOFTWARE\Sysinternals\Process Explorer
Key HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Locale
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Language Groups
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5
Key HKCR
Key HKCR
Key HKCU\Software\Classes
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{a0c69a99-21c8-4671-8703-7934162fcf1d}\PropertyBag
Key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0ddd015d-b06c-45d5-8c4c-f59713854639}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Key HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Key HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Key HKCU\SOFTWARE\Microsoft\Internet Explorer\Main
Key HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
Key HKCU\SOFTWARE\Microsoft\Internet Explorer\Security
Key HKLM\SOFTWARE\Microsoft\Internet Explorer\Security
Key HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
Key HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
Key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
Key HKCR\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\Instance
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PropertyBag
Key HKCR\CLSID\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Instance
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{767E6811-49CB-4273-87C2-20F355E1085B}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{33E28130-4E1E-4676-835A-98395C3BC3BB}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{491E922F-5643-4af4-A7EB-4E7A138D8174}\PropertyBag
Key HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\149\Shell
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{339719B5-8C47-4894-94C2-D8F77ADD44A6}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A302545D-DEFF-464b-ABE8-61C8648D939B}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A990AE9F-A03B-4e80-94BC-9912D7504104}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\PropertyBag
Key HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\149\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PropertyBag
Key HKCR\CLSID\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Instance
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{374DE290-123F-4565-9164-39C4925E467B}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\WindowsRuntime
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\PropertyBag
Key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\PropertyBag
Key HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\149\Shell
Key HKLM\SOFTWARE\Microsoft\Windows\Shell
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\PropertyBag
Key HKU
Key HKU\S-1-5-21-1902031893-292081950-2695458047-1005
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B20DF75-1EDA-4039-8097-38798227D5B7}\PropertyBag
Key HKLM\SYSTEM\ControlSet001\Services\crypt32
Key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
Key HKCU\SOFTWARE\Microsoft\SystemCertificates\Disallowed
Key HKCU
Key HKCU\SOFTWARE\Microsoft\SystemCertificates\CA
Key HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT
Key HKLM\SOFTWARE\Microsoft\SystemCertificates\CA
Key HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\CA
Key HKCU
Key HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed
Key HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed
Key HKCU\SOFTWARE\Microsoft\SystemCertificates\Root
Key HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Key HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root
Key HKCU\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot
Key HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot
Key HKCU\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople
Key HKCU
Key HKLM\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople
Key HKCU\SOFTWARE\Microsoft\SystemCertificates\trust
Key HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople
Key HKCU
Key HKLM\SOFTWARE\Microsoft\SystemCertificates\trust
Key HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Trust
Key HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates
Key HKCU\SOFTWARE\Policies\Microsoft\SystemCertificates
Key HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2400183A-6185-49FB-A2D8-4A392A602BA3}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\PropertyBag
Key HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell
Key HKCU\SOFTWARE\Microsoft\SystemCertificates\MY
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{4BD8D571-6D19-48D3-BE97-422220080E43}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SyncRootManager
Key HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PropertyBag
Key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Key HKCR\CLSID\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}\Instance
Key HKCU\Software\Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance
Key HKCU\Software\Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance
Key HKCR\CLSID\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}\Instance
Key HKCR\CLSID\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}\Instance
Key HKCR\CLSID\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}\Instance
Key HKCR\CLSID\{d3162b92-9365-467a-956b-92703aca08af}\Instance
Key HKCR\CLSID\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}\Instance
Key HKCR\CLSID\{374DE290-123F-4565-9164-39C4925E467B}\Instance
Key HKCR\CLSID\{088e3905-0323-4b02-9826-5d99428e115f}\Instance
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\Windows.organize
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\Windows.organize
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore
Mutant \Sessions\2\BaseNamedObjects\.NET CLR Data_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\.NET CLR Networking_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\.NET CLR Networking 4.0.0.0_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\.NET Data Provider for Oracle_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\.NET Data Provider for SqlServer_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\.NET Memory Cache 4.0_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\.NETFramework_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\ASP.NET_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\ASP.NET_2.0.50727_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\ASP.NET_4.0.30319_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\ASP.NET_64_2.0.50727_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\aspnet_state_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\BITS_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\ESENT_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\Lsa_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\MSDTC_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\MSDTC Bridge 3.0.0.0_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\MSDTC Bridge 4.0.0.0_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\MSSCNTRS_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\Outlook_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\PerfDisk_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\PerfNet_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\PerfOS_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\PerfProc_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\rdyboost_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\RemoteAccess_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\ServiceModelEndpoint 3.0.0.0_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\ServiceModelOperation 3.0.0.0_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\ServiceModelService 3.0.0.0_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\SMSvcHost 3.0.0.0_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\SMSvcHost 4.0.0.0_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\Spooler_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\TapiSrv_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\Tcpip_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\TermService_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\UGatherer_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\UGTHRSVC_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\usbhub_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\Windows Workflow Foundation 3.0.0.0_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\Windows Workflow Foundation 4.0.0.0_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\WmiApRpl_Perf_Library_Lock_PID_c7c
Mutant \Sessions\2\BaseNamedObjects\WSearchIdxPi_Perf_Library_Lock_PID_c7c
Mutant \BaseNamedObjects\LOADPERF_MUTEX
Mutant \Sessions\2\BaseNamedObjects\MSCTF.Asm.MutexDefault2S-1-5-21-1902031893-292081950-2695458047-1001
Mutant \Sessions\2\BaseNamedObjects\SessionImmersiveColorMutex
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwWriterMutex
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_16.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_32.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_48.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_96.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_256.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_768.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_1280.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_1920.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_2560.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_sr.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_exif.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide_alternate.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_custom_stream.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!IconCacheInit
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwWriterMutex
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_768.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_exif.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_96.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!IconCacheInit
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_sr.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_16.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_1920.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_custom_stream.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_2560.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_48.db!dfMaintainer
Mutant \Sessions\2\BaseNamedObjects\SM0:3196:120:WilError_01
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide_alternate.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_256.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_1280.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_32.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:thumbcache_16.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex
Mutant \Sessions\2\BaseNamedObjects\DBWinMutex
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:thumbcache_48.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:thumbcache_768.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1280.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1920.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:thumbcache_2560.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:thumbcache_wide.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:thumbcache_exif.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:thumbcache_wide_alternate.db!dfMaintainer
Mutant \BaseNamedObjects\C::Users:NiTa:AppData:Local:Microsoft:Windows:Explorer:thumbcache_custom_stream.db!dfMaintainer
Mutant \Sessions\2\BaseNamedObjects\SM0:3196:232:WilStaging_01
Section \Windows\Theme102080915
Section \Sessions\2\Windows\Theme187829234
Section \Sessions\2\BaseNamedObjects\SessionImmersiveColorPreference
Section \BaseNamedObjects\__ComCatalogCache__
Section \BaseNamedObjects\__ComCatalogCache__
Section \Sessions\2\BaseNamedObjects\windows_shell_global_counters
Section \BaseNamedObjects\windows_shell_global_counters
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db
Section \Sessions\2\BaseNamedObjects\HWNDInterface:204a8
Section \Sessions\2\BaseNamedObjects\HWNDInterface:2040e
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Section \Sessions\2\BaseNamedObjects\HWNDInterface:30470
Section \Sessions\2\BaseNamedObjects\HWNDInterface:2040e
Section \Sessions\2\BaseNamedObjects\HWNDInterface:204a8
Section \Sessions\2\BaseNamedObjects\HWNDInterface:30470
Section \Sessions\2\BaseNamedObjects\HWNDInterface:12042e
Section \Sessions\2\BaseNamedObjects\HWNDInterface:12042e
Section \BaseNamedObjects\Cor_Public_IPCBlock_5616
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{71500014-6910-43FA-838F-01BF544FE4D4}.2.ver0x0000000000000001.db
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{3A553296-C22B-4945-BF4A-FD4EDDAD2855}.2.ver0x0000000000000002.db
Semaphore \Sessions\2\BaseNamedObjects\SM0:3196:120:WilError_01_p0h
Semaphore \Sessions\2\BaseNamedObjects\SM0:3196:120:WilError_01_p0
Semaphore \Sessions\2\BaseNamedObjects\SM0:3196:232:WilStaging_01_p0
Semaphore \Sessions\2\BaseNamedObjects\SM0:3196:232:WilStaging_01_p0h
Thread procexp64.exe(3196): 10988
Thread procexp64.exe(3196): 8920
Thread procexp64.exe(3196): 10988
Thread procexp64.exe(3196): 524
Thread procexp64.exe(3196): 9892
Thread procexp64.exe(3196): 11612
Thread procexp64.exe(3196): 7964
Thread procexp64.exe(3196): 11740
Thread procexp64.exe(3196): 10936
Thread procexp64.exe(3196): 12220
Thread procexp64.exe(3196): 9892
Thread procexp64.exe(3196): 5536
Thread procexp64.exe(3196): 10936
Thread procexp64.exe(3196): 7964
Thread procexp64.exe(3196): 12220
Thread procexp64.exe(3196): 976
Thread procexp64.exe(3196): 9704
Thread procexp64.exe(3196): 1564
Thread procexp64.exe(3196): 10208
Thread procexp64.exe(3196): 3780
WindowStation \Sessions\2\Windows\WindowStations\WinSta0
WindowStation \Sessions\2\Windows\WindowStations\WinSta0

  • 0

Advertisements


#77
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP

I think you clicked on

procexp64.exe 14.52 48,364 K 69,632 K 3196 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

 

instead of 

 

System 39.66 132 K 1,276 K 4

 

Try again - Remember you can click on Space Bar to stop it jumping.


  • 0

#78
Lady_Rocker

Lady_Rocker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System 41.97 128 K 1,336 K 4
PlacesServer.exe 27.73 7,308 K 26,360 K 7500 Maps Microsoft Corporation (Verified) Microsoft Windows
procexp64.exe 14.58 45,116 K 66,932 K 5788 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
RuntimeBroker.exe 4.48 20,040 K 40,920 K 5084 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
Interrupts 2.49 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 2.35 42,352 K 41,852 K 1016 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
System Idle Process 2.00 0 K 4 K 0
svchost.exe 1.30 49,108 K 63,112 K 576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
backgroundTaskHost.exe 1.29 20,040 K 21,084 K 5948 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.74 2,260 K 6,364 K 668 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
AvastSvc.exe 0.38 71,664 K 39,808 K 1696 avast! Service AVAST Software (Verified) AVAST Software a.s.
svchost.exe 0.24 5,224 K 10,700 K 908 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
explorer.exe 0.12 74,124 K 111,700 K 4572 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.08 12,000 K 27,744 K 1148 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchIndexer.exe 0.08 26,272 K 27,200 K 5536 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.06 41,696 K 71,500 K 440 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
lsass.exe 0.05 5,840 K 15,000 K 784 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 18,808 K 30,600 K 600 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
plays_service.exe 0.02 13,380 K 24,368 K 2276 Plays.tv Service Plays.tv, LLC (Verified) Plays.tv
AvastUI.exe 0.01 13,464 K 11,780 K 5732 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
svchost.exe < 0.01 17,624 K 46,428 K 4132 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 10,808 K 24,724 K 852 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 4,864 K 11,728 K 3564 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
afwServ.exe < 0.01 7,628 K 10,188 K 1568 avast! firewall service AVAST Software (Verified) AVAST Software a.s.
PhotoshopElementsFileAgent.exe < 0.01 2,836 K 1,416 K 1548 (Verified) Adobe Systems Incorporated
TrustedInstaller.exe < 0.01 1,752 K 6,672 K 6832 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 2,076 K 9,164 K 620 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 5,164 K 12,848 K 6076 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,568 K 8,396 K 5056 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,148 K 9,672 K 724 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,200 K 5,224 K 660 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
unsecapp.exe 1,336 K 6,716 K 5960 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
TiWorker.exe 2,124 K 8,540 K 6872 Windows Modules Installer Worker Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 5,748 K 17,544 K 4268 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 7,784 K 17,916 K 1232 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9,164 K 21,220 K 2284 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,408 K 9,720 K 2248 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,600 K 11,984 K 1612 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,008 K 10,572 K 2056 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,784 K 27,540 K 2112 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 15,504 K 26,872 K 1464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,544 K 10,676 K 6300 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,396 K 9,492 K 1536 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,688 K 15,056 K 1684 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,696 K 6,816 K 2968 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 6,772 K 16,760 K 1796 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 476 K 1,036 K 400 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
smartscreen.exe 8,160 K 13,512 K 7088 SmartScreen Microsoft Corporation (Verified) Microsoft Windows
SkypeHost.exe Suspended 19,700 K 15,068 K 4844 Microsoft Skype Preview Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
sihost.exe 5,596 K 20,948 K 4100 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe 37,932 K 77,968 K 5072 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SettingSyncHost.exe 4,708 K 8,808 K 6844 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
services.exe 3,976 K 8,200 K 776 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchUI.exe Suspended 42,704 K 87,956 K 1804 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchProtocolHost.exe 2,064 K 6,636 K 6224 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe 1,224 K 5,880 K 6920 Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
RtkAudioService64.exe 1,668 K 7,292 K 1556 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RichVideo64.exe 1,396 K 6,636 K 2256 RichVideo Module (Verified) CyberLink Corp.
RemindersServer.exe Suspended 8,812 K 18,848 K 244 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
RAVBg64.exe 6,044 K 13,720 K 1676 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
procexp.exe 2,800 K 10,200 K 6664 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PlacesServer.exe Suspended 5,812 K 20,872 K 6360 Maps Microsoft Corporation (Verified) Microsoft Windows
opvapp.exe 2,008 K 8,164 K 4296 (No signature was present in the subject)
OPBHOBrokerDsktop.exe 2,424 K 1,768 K 4224 HP SimplePass BHO Broker Hewlett-Packard (Verified) Softex Incorporated
OmniServ.exe 4,420 K 13,060 K 1320 HP SimplePass Service Softex Inc. (No signature was present in the subject) Softex Inc.
Memory Compression 44 K 12,008 K 2604
mDNSResponder.exe 1,672 K 6,332 K 2064 Bonjour Service Apple Inc. (Verified) Apple Inc.
ijplmsvc.exe 1,212 K 5,844 K 2084 Inkjet Printer/Scanner/Fax Extended Survey Program Service (Verified) Canon Inc.
HPSupportSolutionsFrameworkService.exe 42,180 K 44,352 K 3288 HP Support Solutions Framework Service HP Inc. (Verified) Hewlett-Packard Company
GoogleUpdate.exe 2,092 K 496 K 4260 Google Installer Google Inc. (Verified) Google Inc
GoogleCrashHandler64.exe 1,516 K 256 K 4944 Google Crash Handler Google Inc. (Verified) Google Inc
GoogleCrashHandler.exe 1,652 K 224 K 4804 Google Crash Handler Google Inc. (Verified) Google Inc
fontdrvhost.exe 816 K 3,200 K 5656 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
DropboxUpdate.exe 2,060 K 2,092 K 4776 Dropbox Update Dropbox, Inc. (Verified) Dropbox
dasHost.exe 3,904 K 12,948 K 2632 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1,544 K 4,480 K 556 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
backgroundTaskHost.exe Suspended 21,804 K 42,212 K 5292 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
backgroundTaskHost.exe Suspended 10,592 K 27,332 K 5388 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
backgroundTaskHost.exe Suspended 27,412 K 40,900 K 6248 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
audiodg.exe 13,680 K 18,780 K 4000 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
atiesrxx.exe 1,312 K 5,524 K 1380 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 2,224 K 9,508 K 1412 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
 
Process: System Pid: 4
 
Type Name
ALPC Port \PowerPort
ALPC Port \PowerMonitorPort
ALPC Port \PdcPort
ALPC Port \SeRmCommandPort
Desktop \Disconnect
Desktop \Disconnect
Directory \GLOBAL??
Directory \Device\Harddisk0
Directory \Device\ClVtDrv
Directory \Windows\WindowStations
Directory \Sessions\1\Windows\WindowStations
Directory \Sessions\0\DosDevices\00000000-000003e4
Directory \Sessions\0\DosDevices\00000000-0000f186
Directory \Sessions\0\DosDevices\00000000-000003e5
Directory \Device\Http
Directory \Sessions\0\DosDevices\00000000-0005aeda
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\RPC Control
Directory \Sessions\0\DosDevices\00000000-0005af04
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734\RPC Control
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\RPC Control
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\RPC Control
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523\RPC Control
Event \EFSInitEvent
Event \EFSInitEvent
Event \UniqueSessionIdEvent
Event \UniqueInteractiveSessionIdEvent
Event \Sessions\1\BaseNamedObjects\EventShutDownCSRSS
Event \BaseNamedObjects\aswstmbfeevnt
Event \BaseNamedObjects\aswstmbferefresh
Event \LanmanServerAnnounceEvent
Event \Sessions\1\BaseNamedObjects\DwmComposedEvent_1
File C:\Windows\System32\config\RegBack\SOFTWARE
File \Device\HarddiskVolume2\EFI\Microsoft\Boot\BCD.LOG
File C:\Windows\System32\config\DEFAULT.LOG1
File \Device\HarddiskVolume2\EFI\Microsoft\Boot\BCD
File C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001
File C:\Windows\System32\drivers\en-US\USBXHCI.SYS.mui
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
File C:\Windows\System32\config\RegBack\SYSTEM
File C:\Windows\System32\config\DEFAULT
File C:\Program Files (x86)\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF
File \Device\HarddiskVolume5\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File \clfs
File \clfs
File \clfs
File D:\$Extend\$RmMetadata\$Txf
File \clfs
File \clfs
File D:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File D:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File \Device\HarddiskVolume5\$Extend\$RmMetadata\$Txf
File C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File \clfs
File \clfs
File C:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
File C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000003
File C:\$Extend\$RmMetadata\$Txf
File \clfs
File \clfs
File \clfs
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
File C:\System Volume Information\{98d35562-645a-11e6-82e7-0071c20b7792}{3808876b-c176-4e48-b7ae-04046e6cc752}
File D:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
File D:\System Volume Information\{98d35563-645a-11e6-82e7-0071c20b7792}{3808876b-c176-4e48-b7ae-04046e6cc752}
File \clfs
File \Device\HarddiskVolume5\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File C:\Windows\System32\config\SOFTWARE.LOG1
File C:\Windows\System32\config\SOFTWARE.LOG2
File \Device\HarddiskVolume5\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File C:\Windows\System32\config\RegBack\DEFAULT
File C:\Windows\System32\config\SYSTEM.LOG1
File \clfs
File \clfs
File \clfs
File \clfs
File C:\Windows\System32\config\SYSTEM.LOG2
File C:\Windows\System32\config\TxR\{f5b13570-4b48-11e6-80cb-e41d2d012050}.TM.blf
File \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File \clfs
File \clfs
File \Device\HarddiskVolume1\$Extend\$RmMetadata\$Txf
File \clfs
File \clfs
File \clfs
File C:\Windows\System32\config\SYSTEM
File C:\Windows\System32\config\SOFTWARE
File C:\Windows\System32\config\TxR\{f5b13570-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
File C:\Windows\System32\config\TxR\{f5b13570-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
File \clfs
File \clfs
File C:\hiberfil.sys
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
File C:\Windows\System32\config\DEFAULT.LOG2
File \Device\KsecDD
File C:\Windows\bootstat.dat
File \Device\KsecDD
File C:\pagefile.sys
File C:\swapfile.sys
File C:\Windows\System32\en-US\win32kbase.sys.mui
File C:\Program Files (x86)\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF
File C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\Required\ADMUI3.fon
File \Device\0000003b
File C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\Required\ADMUI3.fon
File C:\Windows\System32\config\RegBack\SECURITY
File C:\Windows\System32\config\SECURITY
File C:\Windows\System32\config\SECURITY.LOG1
File C:\Windows\System32\config\SECURITY.LOG2
File C:\Windows\System32\config\RegBack\SAM
File C:\Windows\System32\config\SAM
File C:\Windows\System32\config\SAM.LOG1
File C:\Windows\System32\config\SAM.LOG2
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{f5b13604-4b48-11e6-80cb-e41d2d012050}.TM.blf
File C:\Windows\System32\SleepStudy\UserNotPresentSession.etl
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{f5b13604-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{f5b13604-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
File \clfs
File \clfs
File \Device\00000040
File C:\Users\NiTa\NTUSER.DAT{dd434f3b-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000001.regtrans-ms
File C:\Windows\System32\config\BBI
File C:\Windows\System32\config\BBI.LOG2
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{dd434f19-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000002.regtrans-ms
File C:\Windows\System32\config\BBI.LOG1
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{dd434f19-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000001.regtrans-ms
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{dd434f19-625f-11e6-b28a-f3afb8f9ba47}.TM.blf
File \clfs
File \clfs
File C:\Windows\System32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\UsrClass.dat{dd435084-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000001.regtrans-ms
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
File \Device\Ndis
File C:\
File \Device\HarddiskVolume4
File \Device\Tcp
File \Device\Tcp
File \Device\Mup
File \Device\Mup
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagtrack-Listener.etl
File \Device\NamedPipe\
File C:\ProgramData\Microsoft\Windows\wfp\wfpdiag.etl
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTWFP-IPsec Diagnostics.etl
File \Device\Tcp
File \Device\NamedPipe\afwCallbackPipe2
File \Device\NamedPipe\afwCallbackPipe3
File \Device\NamedPipe\
File C:\Windows\System32\config\TxR\{f5b1356f-4b48-11e6-80cb-e41d2d012050}.TxR.0.regtrans-ms
File C:\Windows\System32\config\TxR\{f5b1356f-4b48-11e6-80cb-e41d2d012050}.TxR.blf
File C:\Windows\System32\config\TxR\{f5b1356f-4b48-11e6-80cb-e41d2d012050}.TxR.2.regtrans-ms
File C:\Windows\System32\config\TxR\{f5b1356f-4b48-11e6-80cb-e41d2d012050}.TxR.1.regtrans-ms
File \clfs
File \clfs
File \clfs
File C:\Users\NiTa\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1
File C:\Users\NiTa\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat.LOG1
File \Device\00000041
File C:\Windows\Logs\WindowsUpdate\WindowsUpdate.20160820.081903.631.1.etl
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File C:\Windows\appcompat\Programs\Amcache.hve.LOG2
File C:\Windows\appcompat\Programs\Amcache.hve.LOG1
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\UsrClass.dat
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\UsrClass.dat{dd435084-625f-11e6-b28a-f3afb8f9ba47}.TM.blf
File \clfs
File \clfs
File C:\Users\NiTa\NTUSER.DAT{dd434f3b-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000002.regtrans-ms
File C:\Users\NiTa\NTUSER.DAT{dd434f3b-625f-11e6-b28a-f3afb8f9ba47}.TM.blf
File \Device\NamedPipe
File C:\Users\NiTa\ntuser.dat.LOG1
File C:\Users\NiTa\NTUSER.DAT
File C:\Users\NiTa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat
File C:\Windows\System32\LogFiles\WMI\LwtNetLog.etl
File C:\ProgramData\AVAST Software\Avast\Fonts\OpenSans-Bold.ttf
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\UsrClass.dat{dd435084-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000002.regtrans-ms
File \Device\aswSnx
File C:\Windows\appcompat\Programs\Amcache.hve
File \Device\Udp
File \Device\Udp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File C:\Windows\System32\LogFiles\WMI\Wifi.etl
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\Tcp
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File \Device\NetBT_Tcpip_{469B8358-7C69-4CC4-8B82-AF4310768011}
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\ActivationStore.dat
File C:\Users\NiTa\ntuser.dat.LOG2
File C:\Windows\Logs\dosvc\dosvc.20160819_221922_912.etl
File C:\Users\NiTa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2
File C:\Users\NiTa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1
File C:\Windows\System32\config\DRIVERS.LOG2
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\ActivationStore.dat.LOG1
File C:\Windows\System32\config\DRIVERS.LOG1
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat
File \Device\NamedPipe
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\ActivationStore.dat.LOG2
File C:\Windows\System32\config\DRIVERS
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2
File C:\ProgramData\AVAST Software\Avast\Fonts\RobotoCondensed-Regular.ttf
File \Device\NamedPipe
File C:\Windows\System32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
File C:\Users\NiTa\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2
File C:\Users\NiTa\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1
File C:\ProgramData\AVAST Software\Avast\Fonts\RobotoCondensed-Bold.ttf
File \Device\NamedPipe
File \clfs
File C:\Users\NiTa\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat
File C:\Users\NiTa\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat.LOG2
File C:\ProgramData\AVAST Software\Avast\Fonts\OpenSans-Regular.ttf
File \Device\NamedPipe
File C:\ProgramData\AVAST Software\Avast\Fonts\OpenSans-Italic.ttf
File C:\ProgramData\AVAST Software\Avast\Fonts\OpenSans-Light.ttf
File \Device\HarddiskVolume4
File C:\Windows\System32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TM.blf
File \clfs
File \clfs
File \clfs
File C:\Users\HeatherAnnique\NTUSER.DAT{dd434f3a-625f-11e6-b28a-f3afb8f9ba47}.TxR.0.regtrans-ms
File C:\Users\HeatherAnnique\NTUSER.DAT{dd434f3a-625f-11e6-b28a-f3afb8f9ba47}.TxR.2.regtrans-ms
File C:\Users\HeatherAnnique\NTUSER.DAT{dd434f3a-625f-11e6-b28a-f3afb8f9ba47}.TxR.1.regtrans-ms
File C:\Users\HeatherAnnique\NTUSER.DAT{dd434f3a-625f-11e6-b28a-f3afb8f9ba47}.TxR.blf
File C:\Users\HeatherAnnique\NTUSER.DAT{dd434f3b-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000002.regtrans-ms
File C:\Users\HeatherAnnique\NTUSER.DAT{dd434f3b-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000001.regtrans-ms
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTPROCEXP TRACE.etl
File C:\Users\HeatherAnnique\ntuser.dat.LOG2
File C:\Users\HeatherAnnique\ntuser.dat.LOG1
File C:\Users\HeatherAnnique\NTUSER.DAT
File C:\Users\HeatherAnnique\NTUSER.DAT{dd434f3b-625f-11e6-b28a-f3afb8f9ba47}.TM.blf
File \clfs
FilterConnectionPort \SnxVlabCommPort
FilterConnectionPort \SnxCommPort
FilterConnectionPort \aswFsBlkPort
FilterConnectionPort \WcnfsPort
FilterConnectionPort \aswPort
FilterConnectionPort \WcifsPort
FilterConnectionPort \storqosfltport
Key \REGISTRY
Key HKLM\SYSTEM\ControlSet001\Control\hivelist
Key HKLM\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\PrefetchParameters
Key HKLM\SYSTEM\ControlSet001\Control\Notifications
Key HKLM\SYSTEM\Setup
Key HKLM\SYSTEM
Key HKLM\SYSTEM\ControlSet001
Key HKLM\SYSTEM\DriverDatabase
Key HKU
Key HKLM\SYSTEM\ControlSet001\Control\DeviceClasses
Key HKLM\SYSTEM\ControlSet001\Enum
Key HKLM\SYSTEM\ControlSet001\Control\DeviceContainers
Key HKLM\SYSTEM\ControlSet001\Control\Class
Key HKLM\SYSTEM\ControlSet001\Services
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Key HKLM\SYSTEM\RNG
Key HKLM\SYSTEM\ControlSet001\Control\WMI\Security
Key HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0
Key HKLM\SYSTEM\ControlSet001\Services\NDIS\IfTypes\131
Key HKLM\SYSTEM\ControlSet001\Services\NDIS\IfTypes\23
Key HKLM\SYSTEM\ControlSet001\Control\Lsa
Key HKLM\SYSTEM\ControlSet001\Services\aswSnx
Key HKLM\SYSTEM\ControlSet001\Services\aswSP
Key HKLM\SYSTEM\ControlSet001\Control\hiveredirectionlist
Key HKLM\SYSTEM\ControlSet001\Control\FileSystem
Key HKLM\SYSTEM\ControlSet001\Control\Power\Profile\Events\{54533251-82be-4824-96c1-47b60b740d00}\{0DA965DC-8FCF-4c0b-8EFE-8DD5E7BC959A}\{7E01ADEF-81E6-4e1b-8075-56F373584694}
Key HKLM\SYSTEM\ControlSet001\Control\Power\Profile\Events\{54533251-82be-4824-96c1-47b60b740d00}\{EE1E4F72-E368-46b1-B3C6-5048B11C2DBD}\{9C1F0DBA-33E9-43af-9EDA-A607AA5139DA}
Key HKLM\SYSTEM\ControlSet001\Control\FileSystem
Key HKLM\SYSTEM\ControlSet001\Policies
Key HKLM\SYSTEM\ControlSet001\Services\NDIS\IfTypes\24
Key HKLM\SYSTEM\ControlSet001\Services\NDIS\IfTypes\6
Key HKLM\SYSTEM\ControlSet001\Services\NDIS\IfTypes\71
Key HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 1
Key HKLM\SYSTEM\ControlSet001\Services\Mup
Key HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\Order
Key HKLM\SOFTWARE\Policies\Microsoft\Windows
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{221601AB-48C7-4970-B0EC-96E66F578407}
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}
Key HKLM\SYSTEM\ControlSet001\Control\Lsa
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{498B1B9F-8618-4E6C-9AD1-6A759BFBFB23}
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{59AEE675-B203-4D61-9A1F-04518A20F359}
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{D73E01AC-F5A0-4D80-928B-33C1920C38BA}
Key HKLM\SYSTEM\ControlSet001\Services\Dfsc\Parameters
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}
Key HKLM\SYSTEM\ControlSet001\Control\FileSystem
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render
Key HKLM\SYSTEM\ControlSet001\Enum\USB\VID_04E8&PID_6860\c6ecdaa2\Device Parameters
Key HKLM\SYSTEM\ControlSet001\Enum\USB\VID_04E8&PID_6860\c6ecdaa2\Device Parameters
Key HKLM\SYSTEM\ControlSet001\Enum\USB\VID_04E8&PID_6860\c6ecdaa2\Device Parameters
Key HKLM\SYSTEM\ControlSet001\Enum\USB\VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_Android\6&fab1280&1&0000\Device Parameters\WUDFDiagnosticInfo
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications\Data
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications
Key HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}\0042
Key HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}\0001
Key HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}\0001
Key HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}\0001
Key HKLM\SYSTEM\ControlSet001\Control\Session Manager\Quota System
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\VolatileNotifications
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine
Key HKLM\SYSTEM\ControlSet001\Services\NativeWifiP
Key HKLM\SYSTEM\ControlSet001\Services\NativeWifiP\Parameters\Adapters
Key HKLM\SYSTEM\ControlSet001\Services\NativeWifiP\Parameters
Key HKLM\SYSTEM\ControlSet001\Services\NativeWifiP\Parameters\Adapters\{469b8358-7c69-4cc4-8b82-af4310768011}\ExtSTA
Key HKLM\SYSTEM\ControlSet001\Services\HTTP\Parameters\UrlAclInfo
Key HKLM\SYSTEM\ControlSet001\Services\NativeWifiP\Parameters\Adapters\{10fdea08-1168-4f59-b05d-e7c23af3e1b4}\WFD
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{10fdea08-1168-4f59-b05d-e7c23af3e1b4}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{469b8358-7c69-4cc4-8b82-af4310768011}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e630b5b7-d1e5-4d84-ba7f-5965f9e1f034}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7e979084-3c51-496d-8a2c-f361b4e39318}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{256469c7-09ae-428e-ae11-1c7360cf89b6}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8332e81f-a923-431a-8ebc-b3e311f671e5}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{eeb093a2-d0b2-4795-aeda-bf16a4ecdede}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{dd434edb-625f-11e6-b28a-806e6f6e6963}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\PersistentRoutes
Key HKLM\SYSTEM\ControlSet001\Services\NativeWifiP\Parameters\Adapters\{10fdea08-1168-4f59-b05d-e7c23af3e1b4}\WFDMib
Key HKLM\SYSTEM\ControlSet001\Services\NativeWifiP\Parameters\Adapters\{469b8358-7c69-4cc4-8b82-af4310768011}\ExtSTAMib
Key HKLM\SYSTEM\ControlSet001\Control\CoDeviceInstallers
Key HKLM\SYSTEM\DriverDatabase\DeviceIds
Key HKLM\SYSTEM\ControlSet001\Control\ProductOptions
Key HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Key HKLM\SYSTEM\ControlSet001\Enum\USB\VID_04E8&PID_6860\c6ecdaa2\Device Parameters
Key HKLM\SYSTEM\DriverDatabase\DriverInfFiles
Key HKLM\SYSTEM\DriverDatabase\DriverPackages
Key HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths
Key HKLM\DRIVERS\DriverDatabase
Mutant \KernelObjects\BcdSyncMutant
Partition \KernelObjects\MemoryPartition0
Process System(4)
Process svchost.exe(4132)
Process System(4)
Process smss.exe(400)
Process smss.exe(400)
Process PlacesServer.exe(7500)
Process csrss.exe(556)
Process HPSupportSolutionsFrameworkService.exe(3288)
Process csrss.exe(556)
Process csrss.exe(556)
Process wininit.exe(660)
Process wininit.exe(660)
Process winlogon.exe(724)
Process csrss.exe(668)
Process explorer.exe(4572)
Process winlogon.exe(724)
Process lsass.exe(784)
Process services.exe(776)
Process lsass.exe(784)
Process services.exe(776)
Process lsass.exe(784)
Process lsass.exe(784)
Process lsass.exe(784)
Process backgroundTaskHost.exe(5292)
Process svchost.exe(852)
Process services.exe(776)
Process svchost.exe(852)
Process svchost.exe(852)
Process svchost.exe(908)
Process svchost.exe(908)
Process wininit.exe(660)
Process svchost.exe(852)
Process winlogon.exe(724)
Process svchost.exe(852)
Process SearchUI.exe(1804)
Process dwm.exe(1016)
Process svchost.exe(852)
Process svchost.exe(576)
Process svchost.exe(440)
Process svchost.exe(600)
Process svchost.exe(576)
Process svchost.exe(600)
Process svchost.exe(440)
Process WUDFHost.exe(620)
Process WUDFHost.exe(620)
Process WUDFHost.exe(620)
Process WUDFHost.exe(620)
Process WUDFHost.exe(620)
Process WUDFHost.exe(620)
Process spoolsv.exe(1796)
Process atiesrxx.exe(1380)
Process svchost.exe(440)
Process svchost.exe(440)
Process svchost.exe(600)
Process OmniServ.exe(1320)
Process svchost.exe(1148)
Process PlacesServer.exe(7500)
Process svchost.exe(600)
Process svchost.exe(1232)
Process OmniServ.exe(1320)
Process OmniServ.exe(1320)
Process OmniServ.exe(1320)
Process atiesrxx.exe(1380)
Process atiesrxx.exe(1380)
Process atieclxx.exe(1412)
Process atieclxx.exe(1412)
Process svchost.exe(1464)
Process svchost.exe(1148)
Process svchost.exe(1536)
Process svchost.exe(576)
Process RtkAudioService64.exe(1556)
Process svchost.exe(1536)
Process RtkAudioService64.exe(1556)
Process RtkAudioService64.exe(1556)
Process svchost.exe(1612)
Process svchost.exe(1612)
Process svchost.exe(1612)
Process svchost.exe(1612)
Process svchost.exe(1612)
Process svchost.exe(1612)
Process svchost.exe(1612)
Process AvastSvc.exe(1696)
Process AvastSvc.exe(1696)
Process RAVBg64.exe(1676)
Process AvastSvc.exe(1696)
Process svchost.exe(1684)
Process AvastSvc.exe(1696)
Process spoolsv.exe(1796)
Process spoolsv.exe(1796)
Process spoolsv.exe(1796)
Process SearchFilterHost.exe(6920)
Process svchost.exe(1232)
Process RAVBg64.exe(1676)
Process RAVBg64.exe(1676)
Process svchost.exe(3564)
Process afwServ.exe(1568)
Process afwServ.exe(1568)
Process afwServ.exe(1568)
Process afwServ.exe(1568)
Process svchost.exe(2112)
Process ijplmsvc.exe(2084)
Process PhotoshopElementsFileAgent.exe(1548)
Process svchost.exe(2056)
Process mDNSResponder.exe(2064)
Process svchost.exe(1464)
Process mDNSResponder.exe(2064)
Process svchost.exe(1464)
Process PhotoshopElementsFileAgent.exe(1548)
Process PhotoshopElementsFileAgent.exe(1548)
Process ijplmsvc.exe(2084)
Process ijplmsvc.exe(2084)
Process svchost.exe(2248)
Process PhotoshopElementsFileAgent.exe(1548)
Process RichVideo64.exe(2256)
Process svchost.exe(440)
Process svchost.exe(440)
Process svchost.exe(440)
Process ijplmsvc.exe(2084)
Process RichVideo64.exe(2256)
Process mDNSResponder.exe(2064)
Process svchost.exe(2284)
Process plays_service.exe(2276)
Process plays_service.exe(2276)
Process plays_service.exe(2276)
Process svchost.exe(2056)
Process RichVideo64.exe(2256)
Process svchost.exe(1464)
Process Memory Compression(2604)
Process dasHost.exe(2632)
Process svchost.exe(576)
Process dasHost.exe(2632)
Process plays_service.exe(2276)
Process spoolsv.exe(1796)
Process svchost.exe(440)
Process spoolsv.exe(1796)
Process GoogleUpdate.exe(4260)
Process svchost.exe(2112)
Process svchost.exe(2112)
Process taskhostw.exe(4268)
Process svchost.exe(852)
Process svchost.exe(2968)
Process svchost.exe(2968)
Process dasHost.exe(2632)
Process svchost.exe(3564)
Process SearchUI.exe(1804)
Process svchost.exe(4132)
Process GoogleCrashHandler.exe(4804)
Process svchost.exe(4132)
Process GoogleCrashHandler64.exe(4944)
Process GoogleCrashHandler64.exe(4944)
Process svchost.exe(440)
Process GoogleCrashHandler.exe(4804)
Process svchost.exe(852)
Process GoogleCrashHandler64.exe(4944)
Process backgroundTaskHost.exe(6248)
Process GoogleCrashHandler.exe(4804)
Process ShellExperienceHost.exe(5072)
Process SearchUI.exe(1804)
Process explorer.exe(4572)
Process opvapp.exe(4296)
Process SkypeHost.exe(4844)
Process smartscreen.exe(7088)
Process OPBHOBrokerDsktop.exe(4224)
Process opvapp.exe(4296)
Process GoogleUpdate.exe(4260)
Process svchost.exe(3564)
Process svchost.exe(3564)
Process svchost.exe(3564)
Process svchost.exe(440)
Process svchost.exe(600)
Process svchost.exe(2112)
Process services.exe(776)
Process svchost.exe(1148)
Process dasHost.exe(2632)
Process svchost.exe(1148)
Process svchost.exe(3564)
Process dasHost.exe(2632)
Process dasHost.exe(2632)
Process dasHost.exe(2632)
Process dasHost.exe(2632)
Process dasHost.exe(2632)
Process dasHost.exe(2632)
Process dasHost.exe(2632)
Process dasHost.exe(2632)
Process dasHost.exe(2632)
Process svchost.exe(1148)
Process svchost.exe(1148)
Process svchost.exe(1148)
Process RemindersServer.exe(244)
Process svchost.exe(1148)
Process svchost.exe(1148)
Process svchost.exe(1148)
Process svchost.exe(1148)
Process svchost.exe(1148)
Process svchost.exe(1148)
Process dasHost.exe(2632)
Process svchost.exe(1148)
Process dasHost.exe(2632)
Process dasHost.exe(2632)
Process dasHost.exe(2632)
Process dasHost.exe(2632)
Process dasHost.exe(2632)
Process dasHost.exe(2632)
Process svchost.exe(1148)
Process dasHost.exe(2632)
Process svchost.exe(1148)
Process svchost.exe(1148)
Process svchost.exe(1148)
Process svchost.exe(1148)
Process svchost.exe(3564)
Process smartscreen.exe(7088)
Process SearchProtocolHost.exe(6224)
Process svchost.exe(3564)
Process svchost.exe(3564)
Process svchost.exe(3564)
Process svchost.exe(3564)
Process svchost.exe(3564)
Process GoogleUpdate.exe(4260)
Process GoogleCrashHandler.exe(4804)
Process taskhostw.exe(4268)
Process sihost.exe(4100)
Process OPBHOBrokerDsktop.exe(4224)
Process AvastUI.exe(5732)
Process svchost.exe(4132)
Process sihost.exe(4100)
Process svchost.exe(852)
Process spoolsv.exe(1796)
Process OPBHOBrokerDsktop.exe(4224)
Process backgroundTaskHost.exe(5948)
Process SearchIndexer.exe(5536)
Process spoolsv.exe(1796)
Process backgroundTaskHost.exe(5292)
Process explorer.exe(4572)
Process backgroundTaskHost.exe(5292)
Process RuntimeBroker.exe(5084)
Process spoolsv.exe(1796)
Process svchost.exe(852)
Process ShellExperienceHost.exe(5072)
Process RuntimeBroker.exe(5084)
Process DropboxUpdate.exe(4776)
Process backgroundTaskHost.exe(5388)
Process DropboxUpdate.exe(4776)
Process SearchUI.exe(1804)
Process ShellExperienceHost.exe(5072)
Process RemindersServer.exe(244)
Process AvastUI.exe(5732)
Process audiodg.exe(4000)
Process svchost.exe(440)
Process svchost.exe(440)
Process backgroundTaskHost.exe(5388)
Process DropboxUpdate.exe(4776)
Process svchost.exe(440)
Process svchost.exe(4132)
Process svchost.exe(440)
Process SearchFilterHost.exe(6920)
Process svchost.exe(440)
Process SearchUI.exe(1804)
Process HPSupportSolutionsFrameworkService.exe(3288)
Process unsecapp.exe(5960)
Process AvastUI.exe(5732)
Process fontdrvhost.exe(5656)
Process SkypeHost.exe(4844)
Process svchost.exe(440)
Process svchost.exe(4132)
Process unsecapp.exe(5960)
Process HPSupportSolutionsFrameworkService.exe(3288)
Process backgroundTaskHost.exe(5948)
Process SkypeHost.exe(4844)
Process SettingSyncHost.exe(6844)
Process PlacesServer.exe(6360)
Process PlacesServer.exe(6360)
Process WmiPrvSE.exe(6076)
Process SkypeHost.exe(4844)
Process SearchIndexer.exe(5536)
Process svchost.exe(4132)
Process SettingSyncHost.exe(6844)
Process TrustedInstaller.exe(6832)
Process procexp.exe(6664)
Process SkypeHost.exe(4844)
Process smartscreen.exe(7088)
Process AvastUI.exe(5732)
Process PlacesServer.exe(6360)
Process WmiPrvSE.exe(5056)
Process fontdrvhost.exe(5656)
Process SkypeHost.exe(4844)
Process backgroundTaskHost.exe(6248)
Process SkypeHost.exe(4844)
Process audiodg.exe(4000)
Process SkypeHost.exe(4844)
Process svchost.exe(4132)
Process svchost.exe(6300)
Process backgroundTaskHost.exe(6248)
Process audiodg.exe(4000)
Process SkypeHost.exe(4844)
Process procexp.exe(6664)
Process SearchProtocolHost.exe(6224)
Process TiWorker.exe(6872)
Process TiWorker.exe(6872)
Process backgroundTaskHost.exe(5388)
Process TrustedInstaller.exe(6832)
Process backgroundTaskHost.exe(5292)
Process backgroundTaskHost.exe(5388)
Process PlacesServer.exe(7500)
Process procexp64.exe(5788)
Process procexp.exe(6664)
Process backgroundTaskHost.exe(6248)
Process PlacesServer.exe(7500)
Process procexp64.exe(5788)
Process procexp64.exe(5788)
Process procexp64.exe(5788)
Section \Win32kCrossSessionGlobals
Section \Device\PhysicalMemory
Section \Device\PhysicalMemory
Session \KernelObjects\Session0
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
SymbolicLink \GLOBAL??\ACPI#FixedButton#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857}
SymbolicLink \GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}
SymbolicLink \GLOBAL??\PCI#VEN_1022&DEV_7808&SUBSYS_2B56103C&REV_39#3&11583659&0&92#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}
SymbolicLink \GLOBAL??\ROOT#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}
SymbolicLink \GLOBAL??\ROOT#spaceport#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\ROOT#spaceport#0000#{ef66a56f-88d1-4cd8-98c4-49faf57ad8af}
SymbolicLink \GLOBAL??\ROOT#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\PCI#VEN_1022&DEV_7801&SUBSYS_2B56103C&REV_40#3&11583659&0&88#{2accfe60-c130-11d2-b082-00a0c91efb8b}
SymbolicLink \GLOBAL??\STORAGE#Volume#{f99d45b9-fb89-11e4-8251-806e6f6e6963}#0000000040000000#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}
SymbolicLink \GLOBAL??\STORAGE#Volume#{f99d45b9-fb89-11e4-8251-806e6f6e6963}#000000E415200000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\STORAGE#Volume#{f99d45b9-fb89-11e4-8251-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\STORAGE#Volume#{f99d45b9-fb89-11e4-8251-806e6f6e6963}#0000000056800000#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}
SymbolicLink \GLOBAL??\STORAGE#Volume#{f99d45b9-fb89-11e4-8251-806e6f6e6963}#000000005E800000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\STORAGE#Volume#{f99d45b9-fb89-11e4-8251-806e6f6e6963}#000000E431400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\SCSI#Disk&Ven_&Prod_ST1000DM003-1ER1#4&35dce77&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\PCI#VEN_1022&DEV_7807&SUBSYS_2B56103C&REV_39#3&11583659&0&90#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}
SymbolicLink \GLOBAL??\PCI#VEN_1022&DEV_7808&SUBSYS_2B56103C&REV_39#3&11583659&0&9A#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}
SymbolicLink \GLOBAL??\PCI#VEN_1022&DEV_7807&SUBSYS_2B56103C&REV_39#3&11583659&0&98#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}
SymbolicLink \GLOBAL??\ROOT#MEDIA#0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\USB#ROOT_HUB20#4&3334158d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\ROOT#MEDIA#0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}
SymbolicLink \GLOBAL??\ACPI#AuthenticAMD_-_AMD64_Family_22_Model_0_-_AMD_E1-6015_APU_with_Radeon™_HD_Graphics____#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}
SymbolicLink \GLOBAL??\SCSI#CdRom&Ven_hp&Prod_DVDRAM_GUB0N#4&35dce77&0&010000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\SCSI#CdRom&Ven_hp&Prod_DVDRAM_GUB0N#4&35dce77&0&010000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\USB#ROOT_HUB#4&751fc8a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_2B56103C&REV_10#01000000684CE00000#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \GLOBAL??\ROOT#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}
SymbolicLink \GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_2B56103C&REV_10#01000000684CE00000#{cac88484-7515-4c03-82e6-71a87abac361}
SymbolicLink \GLOBAL??\PCI#VEN_1022&DEV_7814&SUBSYS_2B56103C&REV_01#3&11583659&0&80#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}
SymbolicLink \GLOBAL??\ACPI#AuthenticAMD_-_AMD64_Family_22_Model_0_-_AMD_E1-6015_APU_with_Radeon™_HD_Graphics____#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}
SymbolicLink \GLOBAL??\ACPI#AuthenticAMD_-_AMD64_Family_22_Model_0_-_AMD_E1-6015_APU_with_Radeon™_HD_Graphics____#_1#{dbe4373d-3c81-40cb-ace4-e0e5d05f0c9f}
SymbolicLink \GLOBAL??\ACPI#AuthenticAMD_-_AMD64_Family_22_Model_0_-_AMD_E1-6015_APU_with_Radeon™_HD_Graphics____#_2#{dbe4373d-3c81-40cb-ace4-e0e5d05f0c9f}
SymbolicLink \GLOBAL??\USB#ROOT_HUB#4&1745f490&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}
SymbolicLink \GLOBAL??\USB#ROOT_HUB20#4&11a32b3&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_Android#6&fab1280&1&0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}
SymbolicLink \GLOBAL??\USB#ROOT_HUB30#4&1512d71&0&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\PCI#VEN_1022&DEV_7813&SUBSYS_2B56103C&REV_01#3&11583659&0&A7#{79626149-04a0-4353-be16-4b341b1107a9}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}
SymbolicLink \GLOBAL??\PCI#VEN_10EC&DEV_8179&SUBSYS_804B103C&REV_01#00E04CFFFE81910100#{cac88484-7515-4c03-82e6-71a87abac361}
SymbolicLink \GLOBAL??\PCI#VEN_10EC&DEV_8179&SUBSYS_804B103C&REV_01#00E04CFFFE81910100#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \GLOBAL??\PCI#VEN_10EC&DEV_8179&SUBSYS_804B103C&REV_01#00E04CFFFE81910100#{435b6226-1dcc-43b3-887e-217dbaa27ba3}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1005#4&a0ef172&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1005#4&a0ef172&0&0001#{a17579f0-4fec-4936-9364-249460863be5}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1005#4&a0ef172&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}
SymbolicLink \GLOBAL??\HID#VID_04CA&PID_004B&MI_00#7&aa66c92&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\HID#VID_04CA&PID_004B&MI_01&Col02#7&889afac&0&0001#{4afa3d53-74a7-11d0-be5e-00a0c9062857}
SymbolicLink \GLOBAL??\HID#VID_04CA&PID_004B&MI_00#7&aa66c92&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}
SymbolicLink \GLOBAL??\HID#VID_192F&PID_0916#6&2ca5b386&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}
SymbolicLink \GLOBAL??\HID#VID_04CA&PID_004B&MI_01&Col01#7&889afac&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\HID#VID_04CA&PID_004B&MI_01&Col02#7&889afac&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\USB#VID_064E&PID_9324&MI_00#6&17f53ea7&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HID#VID_192F&PID_0916#6&2ca5b386&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\USB#VID_064E&PID_9324#HF032B-T803-SE01-6-REV0101#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
SymbolicLink \GLOBAL??\USB#VID_192F&PID_0916#5&5788de0&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
SymbolicLink \GLOBAL??\USB#VID_04CA&PID_004B#5&5788de0&0&4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
SymbolicLink \GLOBAL??\USB#VID_064E&PID_9324&MI_00#6&17f53ea7&0&0000#{e5323777-f976-4f5b-9b55-b94699c46e44}
SymbolicLink \GLOBAL??\USB#VID_064E&PID_9324&MI_00#6&17f53ea7&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}
SymbolicLink \GLOBAL??\PCI#VEN_1002&DEV_9838&SUBSYS_2B56103C&REV_00#3&11583659&0&08#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}
SymbolicLink \GLOBAL??\PCI#VEN_1002&DEV_9838&SUBSYS_2B56103C&REV_00#3&11583659&0&08#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}
SymbolicLink \GLOBAL??\DISPLAY#HWP424E#4&8e79149&0&UID256#{dbe4373d-3c81-40cb-ace4-e0e5d05f0c9f}
SymbolicLink \GLOBAL??\ROOT#BasicDisplay#0000#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}
SymbolicLink \GLOBAL??\ROOT#BasicRender#0000#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}
SymbolicLink \GLOBAL??\DISPLAY#HWP424E#4&8e79149&0&UID256#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}
SymbolicLink \GLOBAL??\DISPLAY#HWP424E#4&8e79149&0&UID256#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}
SymbolicLink \GLOBAL??\SWD#RADIO#{469B8358-7C69-4CC4-8B82-AF4310768011}#{a8804298-2d5f-42e3-9531-9c8c39eb29ce}
SymbolicLink \GLOBAL??\SWD#MMDEVAPI#MicrosoftGSWavetableSynth#{6dc23320-ab33-4ce4-80d4-bbb3ebbf2814}
SymbolicLink \GLOBAL??\SWD#MMDEVAPI#{0.0.0.00000000}.{faa09b11-fd03-4992-ad57-feafd580ceb7}#{e6327cad-dcec-4949-ae8a-991e976a79d2}
SymbolicLink \GLOBAL??\SWD#MMDEVAPI#{0.0.1.00000000}.{3449dc77-9b0f-4ac0-853f-20f6f1439e5b}#{2eef81be-33fa-4800-9670-1cd474972c3f}
SymbolicLink \GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp_wfd#5&27915378&3&13#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp_wfd#5&27915378&3&13#{cac88484-7515-4c03-82e6-71a87abac361}
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\Local
SymbolicLink \GLOBAL??\SWD#PRINTENUM#{D943D8D8-F7EB-4400-8EEE-A8CFF8C894B5}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\Global
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734\Global
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\Local
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\Session
SymbolicLink \GLOBAL??\SWD#IP_TUNNEL_VBUS#ISATAP_0#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \GLOBAL??\SWD#IP_TUNNEL_VBUS#ISATAP_0#{cac88484-7515-4c03-82e6-71a87abac361}
SymbolicLink \GLOBAL??\SWD#IP_TUNNEL_VBUS#Teredo_Tunnel_Device#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \GLOBAL??\SWD#IP_TUNNEL_VBUS#Teredo_Tunnel_Device#{cac88484-7515-4c03-82e6-71a87abac361}
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734\Session
SymbolicLink \GLOBAL??\USB#VID_04E8&PID_6860#c6ecdaa2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523\Global
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\Session
SymbolicLink \GLOBAL??\USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_Android#6&fab1280&1&0000#{6ac27878-a6fa-4155-ba85-f98f491d4f33}
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\Local
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\Global
SymbolicLink \GLOBAL??\SWD#PRINTENUM#{9D7DBACD-D102-4149-B2DB-FFEC94371EAB}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}
SymbolicLink \GLOBAL??\SWD#PRINTENUM#{CE1CC774-39C5-4CBC-A690-0C933B6371A8}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}
SymbolicLink \GLOBAL??\SWD#PRINTENUM#{FB6B87BC-B5BA-4020-AB9F-E9493D9FB1D5}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}
SymbolicLink \GLOBAL??\SWD#PRINTENUM#{A0EAEC79-B4F1-47E1-9596-F87656B185C6}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734\Local
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523\Local
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\Global
SymbolicLink \GLOBAL??\USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_Android#6&fab1280&1&0000#{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\Session
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523\Session
Thread System(4): 296
Thread System(4): 624
Thread System(4): 628
Thread System(4): 696
Thread System(4): 1608
Thread System(4): 1788
Thread System(4): 1784
Thread System(4): 1792
Thread System(4): 1868
Thread System(4): 2180
Thread System(4): 3576
Thread System(4): 3572
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\NETWORK SERVICE:3e4
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\NETWORK SERVICE:3e4
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\ANONYMOUS LOGON:242fd
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\NETWORK SERVICE:3e4
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NARCISMAIN\NiTa:5af04
Token NT AUTHORITY\SYSTEM:3e7
Token NARCISMAIN\NiTa:5af04
Token NARCISMAIN\NiTa:5af04
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NARCISMAIN\NiTa:5af04
Token NARCISMAIN\NiTa:5af04
Token NT AUTHORITY\SYSTEM:3e7
Token NARCISMAIN\NiTa:5af04
Token NARCISMAIN\NiTa:5af04
Token NARCISMAIN\NiTa:5af04
Token NARCISMAIN\NiTa:5af04

  • 0

#79
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP

I don't know if it will make any difference but let's disable NetBios over TCP.

 

disable NetBIOS over TCP/IP on Windows 10. 

To disable NetBIOS over TCP/IP, open Control Panel > Network and Sharing Center. In the left pane, select Change adapter settings. 

Select Local Area Connection and  click on Properties.  (if using WiFi then instead of Local Area Network do this to your wireless.)

Select Internet Protocol Version 4 (TCP/IPv4).

Next, click the Advanced button and then in the new settings box which opens, select the WINS tab. 

Select Disable NetBIOS over TCP/IP.

Click Apply and exit.

 

 

 

Reboot

 

Right click on Skype and quit Skype.

 

and try a new Process Explroer log.


  • 0

#80
Lady_Rocker

Lady_Rocker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts

Am sorry, but I cannot seem to find "Control Panel" in the updated WIndows 10.. I got Settings > Network & Internet > "no Change adapter settings".. ???.. nevermind.. found it.. LOL


Edited by Lady_Rocker, 19 August 2016 - 05:58 PM.

  • 0

#81
Lady_Rocker

Lady_Rocker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts

System still lags in intervals for about 8-10 seconds every 20-30 seconds after a re-boot..  not sure what's happening.. shows a lot with a frozen mouse

 

+++++++++++++++++++++++++++++++++++++++++++++++++

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System 47.66 136 K 1,288 K 4
System Idle Process 45.57 0 K 4 K 0
procexp64.exe 4.11 38,272 K 56,188 K 5708 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
dwm.exe 0.99 52,548 K 42,856 K 428
Interrupts 0.71 0 K 0 K n/a Hardware Interrupts and DPCs
csrss.exe 0.70 3,364 K 2,252 K 680
AvastSvc.exe 0.10 67,876 K 40,764 K 2164 avast! Service AVAST Software (Verified) AVAST Software a.s.
explorer.exe 0.05 72,416 K 86,860 K 4192 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.04 12,992 K 24,808 K 1136 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.03 7,512 K 13,116 K 1188 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AvastUI.exe 0.01 16,288 K 21,048 K 5928 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
svchost.exe 0.01 54,268 K 62,180 K 868 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
plays_service.exe 0.01 13,244 K 12,548 K 2500 Plays.tv Service Plays.tv, LLC (Verified) Plays.tv
svchost.exe 0.01 10,396 K 16,516 K 824 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 15,196 K 19,072 K 924 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchIndexer.exe < 0.01 29,304 K 15,848 K 2520 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
afwServ.exe < 0.01 10,412 K 10,220 K 1924 avast! firewall service AVAST Software (Verified) AVAST Software a.s.
PhotoshopElementsFileAgent.exe < 0.01 2,748 K 716 K 2144 (Verified) Adobe Systems Incorporated
svchost.exe < 0.01 4,644 K 7,620 K 3252 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 19,068 K 37,996 K 1452 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 42,800 K 65,556 K 804 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
WmiPrvSE.exe 5,156 K 8,796 K 3644
winlogon.exe 2,092 K 5,144 K 992
wininit.exe 1,120 K 1,300 K 672
unsecapp.exe 1,200 K 3,016 K 6232 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 6,260 K 7,656 K 744 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,432 K 7,936 K 884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,628 K 15,412 K 2552 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 16,672 K 20,336 K 904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9,208 K 19,692 K 2208 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,040 K 3,336 K 1536 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,844 K 10,704 K 1720 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,480 K 6,076 K 1616 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,896 K 4,704 K 2156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,116 K 4,600 K 2560 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,668 K 3,920 K 2052 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 6,524 K 7,040 K 1824 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 460 K 536 K 400
smartscreen.exe 8,112 K 13,276 K 6360 SmartScreen Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 5,828 K 14,632 K 1584 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe 35,768 K 47,028 K 4516 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SettingSyncHost.exe 6,744 K 2,016 K 8036 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
services.exe 3,096 K 5,632 K 732
SearchUI.exe Suspended 43,184 K 36,812 K 4644 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 11,740 K 26,472 K 3608 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RtkAudioService64.exe 1,644 K 2,012 K 1576 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RichVideo64.exe 1,364 K 2,216 K 2524 RichVideo Module (Verified) CyberLink Corp.
RemindersServer.exe Suspended 8,812 K 10,180 K 5360 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
RAVBg64.exe 6,004 K 5,792 K 1600
procexp.exe 2,804 K 9,620 K 5620 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
opvapp.exe 2,008 K 2,444 K 4844
OPBHOBrokerDsktop.exe 2,356 K 3,180 K 1424 HP SimplePass BHO Broker Hewlett-Packard (Verified) Softex Incorporated
OmniServ.exe 3,308 K 4,584 K 1332 HP SimplePass Service Softex Inc. (No signature was present in the subject) Softex Inc.
Memory Compression 68 K 13,020 K 2588
mDNSResponder.exe 1,640 K 3,688 K 2216 Bonjour Service Apple Inc. (Verified) Apple Inc.
lsass.exe 5,740 K 11,660 K 752 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
ijplmsvc.exe 1,212 K 1,652 K 2232 Inkjet Printer/Scanner/Fax Extended Survey Program Service (Verified) Canon Inc.
HPSupportSolutionsFrameworkService.exe 40,984 K 24,920 K 4780 HP Support Solutions Framework Service HP Inc. (Verified) Hewlett-Packard Company
GoogleUpdate.exe 2,032 K 200 K 3232
GoogleCrashHandler64.exe 1,488 K 164 K 4444
GoogleCrashHandler.exe 1,580 K 164 K 4392
fontdrvhost.exe 836 K 1,032 K 6040
DropboxUpdate.exe 2,012 K 1,436 K 4612
dasHost.exe 4,032 K 10,000 K 2240
csrss.exe 1,476 K 2,228 K 568
atiesrxx.exe 1,260 K 2,172 K 1356 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 2,288 K 4,456 K 1396
 
Process: System Pid: 4
 
Name Description Company Name Path Verified Signer
ACPI.sys ACPI Driver for NT Microsoft Corporation C:\WINDOWS\System32\drivers\ACPI.sys (Verified) Microsoft Windows
acpiex.sys ACPIEx Driver Microsoft Corporation C:\WINDOWS\System32\Drivers\acpiex.sys (Verified) Microsoft Windows
afd.sys Ancillary Function Driver for WinSock Microsoft Corporation C:\WINDOWS\system32\drivers\afd.sys (Verified) Microsoft Windows
ahcache.sys Application Compatibility Cache Microsoft Corporation C:\WINDOWS\system32\DRIVERS\ahcache.sys (Verified) Microsoft Windows
amdkmpfd.sys AMD PCI Root Bus Lower Filter Advanced Micro Devices, Inc. C:\WINDOWS\System32\drivers\amdkmpfd.sys (Verified) Advanced Micro Devices
amdppm.sys Processor Device Driver Microsoft Corporation C:\WINDOWS\System32\drivers\amdppm.sys (Verified) Microsoft Windows
appexDrv.sys AppEx Accelerator LWF/WFP Driver L.E. AppEx Networks Corporation C:\WINDOWS\system32\DRIVERS\appexDrv.sys (Verified) AppEx Networks Corporation
aswHwid.sys avast! HWID AVAST Software C:\WINDOWS\system32\drivers\aswHwid.sys (Verified) AVAST Software a.s.
aswKbd.sys avast! Keyboard Filter Driver AVAST Software C:\WINDOWS\system32\drivers\aswKbd.sys (Verified) AVAST Software a.s.
aswMonFlt.sys avast! File System Minifilter for Windows 2003/Vista AVAST Software C:\WINDOWS\system32\drivers\aswMonFlt.sys (Verified) AVAST Software a.s.
aswNetSec.sys avast! Firewall Driver AVAST Software C:\WINDOWS\system32\drivers\aswNetSec.sys (Verified) AVAST Software a.s.
aswRdr2.sys avast! WFP Redirect Driver AVAST Software C:\WINDOWS\system32\drivers\aswRdr2.sys (Verified) AVAST Software a.s.
aswRvrt.sys avast! Revert AVAST Software C:\WINDOWS\System32\Drivers\aswRvrt.sys (Verified) AVAST Software a.s.
aswSnx.sys avast! Virtualization Driver AVAST Software C:\WINDOWS\system32\drivers\aswSnx.sys (Verified) AVAST Software a.s.
aswSP.sys avast! self protection module AVAST Software C:\WINDOWS\system32\drivers\aswSP.sys (Verified) AVAST Software a.s.
aswStm.sys Stream Filter AVAST Software C:\WINDOWS\system32\drivers\aswStm.sys (Verified) AVAST Software a.s.
aswVmm.sys avast! VM Monitor AVAST Software C:\WINDOWS\System32\Drivers\aswVmm.sys (Verified) AVAST Software a.s.
AtihdWT6.sys AMD High Definition Audio Function Driver Advanced Micro Devices C:\WINDOWS\system32\drivers\AtihdWT6.sys (Verified) Microsoft Windows Hardware Compatibility Publisher
atikmdag.sys ATI Radeon Kernel Mode Driver Advanced Micro Devices, Inc. C:\WINDOWS\system32\DRIVERS\atikmdag.sys (Verified) Microsoft Windows Hardware Compatibility Publisher
atikmpag.sys AMD multi-vendor Miniport Driver Advanced Micro Devices, Inc. C:\WINDOWS\system32\DRIVERS\atikmpag.sys (Verified) Microsoft Windows Hardware Compatibility Publisher
ATMFD.DLL Windows NT OpenType/Type 1 Font Driver Adobe Systems Incorporated C:\WINDOWS\System32\ATMFD.DLL (Verified) Microsoft Windows
BasicDisplay.sys Microsoft Basic Display Driver Microsoft Corporation C:\WINDOWS\System32\drivers\BasicDisplay.sys (Verified) Microsoft Windows
BasicRender.sys Microsoft Basic Render Driver Microsoft Corporation C:\WINDOWS\System32\drivers\BasicRender.sys (Verified) Microsoft Windows
Beep.SYS BEEP Driver Microsoft Corporation C:\WINDOWS\System32\Drivers\Beep.SYS (Verified) Microsoft Windows
BOOTVID.dll VGA Boot Driver Microsoft Corporation C:\WINDOWS\system32\BOOTVID.dll (Verified) Microsoft Windows
bowser.sys NT Lan Manager Datagram Receiver Driver Microsoft Corporation C:\WINDOWS\system32\DRIVERS\bowser.sys (Verified) Microsoft Windows
cdd.dll Canonical Display Driver Microsoft Corporation C:\WINDOWS\System32\cdd.dll (Verified) Microsoft Windows
cdrom.sys SCSI CD-ROM Driver Microsoft Corporation C:\WINDOWS\System32\drivers\cdrom.sys (Verified) Microsoft Windows
CEA.sys Event Aggregation Kernel Mode Library Microsoft Corporation C:\WINDOWS\system32\drivers\CEA.sys (Verified) Microsoft Windows
CI.dll Code Integrity Module Microsoft Corporation C:\WINDOWS\system32\CI.dll (Verified) Microsoft Windows
CLASSPNP.SYS SCSI Class System Dll Microsoft Corporation C:\WINDOWS\System32\drivers\CLASSPNP.SYS (Verified) Microsoft Windows
CLFS.SYS Common Log File System Driver Microsoft Corporation C:\WINDOWS\System32\drivers\CLFS.SYS (Verified) Microsoft Windows
clipsp.sys CLIP Service Microsoft Corporation C:\WINDOWS\System32\drivers\clipsp.sys (Verified) Microsoft Windows
CLVirtualDrive.sys It is a virtual device driver which could create multiple virtual devices and mount image files. CyberLink C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys (Verified) CyberLink Corp.
clwvd.sys CyberLink WebCam Virtual Driver CyberLink Corporation C:\WINDOWS\system32\DRIVERS\clwvd.sys (Verified) CyberLink Corp.
cmimcext.sys Kernel Configuration Manager Initial Configuration Extension Host Export Driver Microsoft Corporation C:\WINDOWS\System32\drivers\cmimcext.sys (Verified) Microsoft Windows
cng.sys Kernel Cryptography, Next Generation Microsoft Corporation C:\WINDOWS\System32\Drivers\cng.sys (Verified) Microsoft Windows
CompositeBus.sys Multi-Transport Composite Bus Enumerator Microsoft Corporation C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys (Verified) Microsoft Windows
condrv.sys Console Driver Microsoft Corporation C:\WINDOWS\System32\drivers\condrv.sys (Verified) Microsoft Windows
crashdmp.sys Crash Dump Driver Microsoft Corporation C:\WINDOWS\System32\Drivers\crashdmp.sys (Verified) Microsoft Windows
dfsc.sys DFS Namespace Client Driver Microsoft Corporation C:\WINDOWS\System32\Drivers\dfsc.sys (Verified) Microsoft Windows
disk.sys PnP Disk Driver Microsoft Corporation C:\WINDOWS\System32\drivers\disk.sys (Verified) Microsoft Windows
drmk.sys Microsoft Trusted Audio Drivers Microsoft Corporation C:\WINDOWS\System32\drivers\drmk.sys (Verified) Microsoft Windows
dump_diskdump.sys C:\WINDOWS\System32\Drivers\dump_diskdump.sys (An error occurred while reading or writing to a file)
dump_dumpfve.sys C:\WINDOWS\System32\Drivers\dump_dumpfve.sys (An error occurred while reading or writing to a file)
dump_storahci.sys C:\WINDOWS\System32\Drivers\dump_storahci.sys (An error occurred while reading or writing to a file)
dxgkrnl.sys DirectX Graphics Kernel Microsoft Corporation C:\WINDOWS\System32\drivers\dxgkrnl.sys (Verified) Microsoft Windows
dxgmms2.sys DirectX Graphics MMS Microsoft Corporation C:\WINDOWS\System32\drivers\dxgmms2.sys (Verified) Microsoft Windows
EhStorClass.sys Enhanced Storage Class driver for IEEE 1667 devices Microsoft Corporation C:\WINDOWS\System32\drivers\EhStorClass.sys (Verified) Microsoft Windows
fastfat.SYS Fast FAT File System Driver Microsoft Corporation C:\WINDOWS\System32\Drivers\fastfat.SYS (Verified) Microsoft Windows
filecrypt.sys Windows sandboxing and encryption filter Microsoft Corporation C:\WINDOWS\system32\drivers\filecrypt.sys (Verified) Microsoft Windows
fileinfo.sys FileInfo Filter Driver Microsoft Corporation C:\WINDOWS\System32\drivers\fileinfo.sys (Verified) Microsoft Windows
FLTMGR.SYS Microsoft Filesystem Filter Manager Microsoft Corporation C:\WINDOWS\System32\drivers\FLTMGR.SYS (Verified) Microsoft Windows
Fs_Rec.sys File System Recognizer Driver Microsoft Corporation C:\WINDOWS\System32\Drivers\Fs_Rec.sys (Verified) Microsoft Windows
fvevol.sys BitLocker Drive Encryption Driver Microsoft Corporation C:\WINDOWS\System32\DRIVERS\fvevol.sys (Verified) Microsoft Windows
fwpkclnt.sys FWP/IPsec Kernel-Mode API Microsoft Corporation C:\WINDOWS\System32\drivers\fwpkclnt.sys (Verified) Microsoft Windows
gpuenergydrv.sys GPU Energy Kernel Driver Microsoft Corporation C:\WINDOWS\System32\drivers\gpuenergydrv.sys (Verified) Microsoft Windows
hal.dll Hardware Abstraction Layer DLL Microsoft Corporation C:\WINDOWS\system32\hal.dll (Verified) Microsoft Windows
HDAudBus.sys High Definition Audio Bus Driver Microsoft Corporation C:\WINDOWS\System32\drivers\HDAudBus.sys (Verified) Microsoft Windows
HIDCLASS.SYS Hid Class Library Microsoft Corporation C:\WINDOWS\System32\drivers\HIDCLASS.SYS (Verified) Microsoft Windows
HIDPARSE.SYS Hid Parsing Library Microsoft Corporation C:\WINDOWS\System32\drivers\HIDPARSE.SYS (Verified) Microsoft Windows
hidusb.sys USB Miniport Driver for Input Devices Microsoft Corporation C:\WINDOWS\System32\drivers\hidusb.sys (Verified) Microsoft Windows
HTTP.sys HTTP Protocol Stack Microsoft Corporation C:\WINDOWS\system32\drivers\HTTP.sys (Verified) Microsoft Windows
intelpep.sys Intel Power Engine Plugin Microsoft Corporation C:\WINDOWS\System32\drivers\intelpep.sys (Verified) Microsoft Windows Hardware Abstraction Layer Publisher
iorate.sys I/O rate control Filter Microsoft Corporation C:\WINDOWS\system32\drivers\iorate.sys (Verified) Microsoft Windows
kbdclass.sys Keyboard Class Driver Microsoft Corporation C:\WINDOWS\System32\drivers\kbdclass.sys (Verified) Microsoft Windows
kbdhid.sys HID Keyboard Filter Driver Microsoft Corporation C:\WINDOWS\System32\drivers\kbdhid.sys (Verified) Microsoft Windows
kd.dll Local Kernel Debugger Microsoft Corporation C:\WINDOWS\system32\kd.dll (Verified) Microsoft Windows
kdnic.sys Microsoft Kernel Debugger Network Miniport Microsoft Corporation C:\WINDOWS\System32\drivers\kdnic.sys (Verified) Microsoft Windows
ks.sys Kernel CSA Library Microsoft Corporation C:\WINDOWS\System32\drivers\ks.sys (Verified) Microsoft Windows
ksecdd.sys Kernel Security Support Provider Interface Microsoft Corporation C:\WINDOWS\System32\drivers\ksecdd.sys (Verified) Microsoft Windows
ksecpkg.sys Kernel Security Support Provider Interface Packages Microsoft Corporation C:\WINDOWS\System32\Drivers\ksecpkg.sys (Verified) Microsoft Windows
ksthunk.sys Kernel Streaming WOW Thunk Service Microsoft Corporation C:\WINDOWS\system32\drivers\ksthunk.sys (Verified) Microsoft Windows
lltdio.sys Link-Layer Topology Mapper I/O Driver Microsoft Corporation C:\WINDOWS\system32\drivers\lltdio.sys (Verified) Microsoft Windows
luafv.sys LUA File Virtualization Filter Driver Microsoft Corporation C:\WINDOWS\system32\drivers\luafv.sys (Verified) Microsoft Windows
mcupdate_AuthenticAMD.dll AMD Microcode Update Library Microsoft Corporation C:\WINDOWS\system32\mcupdate_AuthenticAMD.dll (Verified) Microsoft Windows
mmcss.sys MMCSS Driver Microsoft Corporation C:\WINDOWS\system32\drivers\mmcss.sys (Verified) Microsoft Windows
monitor.sys Monitor Driver Microsoft Corporation C:\WINDOWS\System32\drivers\monitor.sys (Verified) Microsoft Windows
mouclass.sys Mouse Class Driver Microsoft Corporation C:\WINDOWS\System32\drivers\mouclass.sys (Verified) Microsoft Windows
mouhid.sys HID Mouse Filter Driver Microsoft Corporation C:\WINDOWS\System32\drivers\mouhid.sys (Verified) Microsoft Windows
mountmgr.sys Mount Point Manager Microsoft Corporation C:\WINDOWS\System32\drivers\mountmgr.sys (Verified) Microsoft Windows
mpsdrv.sys Microsoft Protection Service Driver Microsoft Corporation C:\WINDOWS\System32\drivers\mpsdrv.sys (Verified) Microsoft Windows
mrxsmb.sys Windows NT SMB Minirdr Microsoft Corporation C:\WINDOWS\system32\DRIVERS\mrxsmb.sys (Verified) Microsoft Windows
mrxsmb10.sys Longhorn SMB Downlevel SubRdr Microsoft Corporation C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys (Verified) Microsoft Windows
mrxsmb20.sys Longhorn SMB 2.0 Redirector Microsoft Corporation C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys (Verified) Microsoft Windows
Msfs.SYS Mailslot driver Microsoft Corporation C:\WINDOWS\System32\Drivers\Msfs.SYS (Verified) Microsoft Windows
msisadrv.sys ISA Driver Microsoft Corporation C:\WINDOWS\System32\drivers\msisadrv.sys (Verified) Microsoft Windows
mslldp.sys Microsoft Link-Layer Discovery Protocol Driver Microsoft Corporation C:\WINDOWS\system32\drivers\mslldp.sys (Verified) Microsoft Windows
msrpc.sys Kernel Remote Procedure Call Provider Microsoft Corporation C:\WINDOWS\System32\drivers\msrpc.sys (Verified) Microsoft Windows
mssmbios.sys System Management BIOS Driver Microsoft Corporation C:\WINDOWS\System32\drivers\mssmbios.sys (Verified) Microsoft Windows
mup.sys Multiple UNC Provider Driver Microsoft Corporation C:\WINDOWS\System32\Drivers\mup.sys (Verified) Microsoft Windows
ndis.sys Network Driver Interface Specification (NDIS) Microsoft Corporation C:\WINDOWS\system32\drivers\ndis.sys (Verified) Microsoft Windows
ndisuio.sys NDIS User mode I/O driver Microsoft Corporation C:\WINDOWS\system32\drivers\ndisuio.sys (Verified) Microsoft Windows
NdisVirtualBus.sys Microsoft Virtual Network Adapter Enumerator Microsoft Corporation C:\WINDOWS\System32\drivers\NdisVirtualBus.sys (Verified) Microsoft Windows
Ndu.sys Windows Network Data Usage Monitoring Driver Microsoft Corporation C:\WINDOWS\system32\drivers\Ndu.sys (Verified) Microsoft Windows
netbios.sys NetBIOS interface driver Microsoft Corporation C:\WINDOWS\system32\drivers\netbios.sys (Verified) Microsoft Windows
netbt.sys MBT Transport driver Microsoft Corporation C:\WINDOWS\System32\DRIVERS\netbt.sys (Verified) Microsoft Windows
NETIO.SYS Network I/O Subsystem Microsoft Corporation C:\WINDOWS\system32\drivers\NETIO.SYS (Verified) Microsoft Windows
Npfs.SYS NPFS Driver Microsoft Corporation C:\WINDOWS\System32\Drivers\Npfs.SYS (Verified) Microsoft Windows
npsvctrig.sys Named pipe service triggers Microsoft Corporation C:\WINDOWS\System32\drivers\npsvctrig.sys (Verified) Microsoft Windows
nsiproxy.sys NSI Proxy Microsoft Corporation C:\WINDOWS\system32\drivers\nsiproxy.sys (Verified) Microsoft Windows
NTFS.sys NT File System Driver Microsoft Corporation C:\WINDOWS\System32\Drivers\NTFS.sys (Verified) Microsoft Windows
ntosext.sys NTOS extension host driver Microsoft Corporation C:\WINDOWS\System32\drivers\ntosext.sys (Verified) Microsoft Windows
ntoskrnl.exe NT Kernel & System Microsoft Corporation C:\WINDOWS\system32\ntoskrnl.exe (Verified) Microsoft Windows
Null.SYS NULL Driver Microsoft Corporation C:\WINDOWS\System32\Drivers\Null.SYS (Verified) Microsoft Windows
nwifi.sys NativeWiFi Miniport Driver Microsoft Corporation C:\WINDOWS\system32\DRIVERS\nwifi.sys (Verified) Microsoft Windows
pacer.sys QoS Packet Scheduler Microsoft Corporation C:\WINDOWS\System32\drivers\pacer.sys (Verified) Microsoft Windows
partmgr.sys Partition driver Microsoft Corporation C:\WINDOWS\System32\drivers\partmgr.sys (Verified) Microsoft Windows
pci.sys NT Plug and Play PCI Enumerator Microsoft Corporation C:\WINDOWS\System32\drivers\pci.sys (Verified) Microsoft Windows
pcw.sys Performance Counters for Windows Driver Microsoft Corporation C:\WINDOWS\System32\drivers\pcw.sys (Verified) Microsoft Windows
pdc.sys Power Dependency Coordinator Driver Microsoft Corporation C:\WINDOWS\system32\drivers\pdc.sys (Verified) Microsoft Windows
peauth.sys Protected Environment Authentication and Authorization Export Driver Microsoft Corporation C:\WINDOWS\system32\drivers\peauth.sys (Verified) Microsoft Windows
portcls.sys Port Class (Class Driver for Port/Miniport Devices) Microsoft Corporation C:\WINDOWS\System32\drivers\portcls.sys (Verified) Microsoft Windows
PSHED.dll Platform Specific Hardware Error Driver Microsoft Corporation C:\WINDOWS\system32\PSHED.dll (Verified) Microsoft Windows
PxHlpa64.sys Px Engine Device Driver for 64-bit Windows Sonic Solutions C:\WINDOWS\System32\Drivers\PxHlpa64.sys (Verified) Sonic Solutions
rdbss.sys Redirected Drive Buffering SubSystem Driver Microsoft Corporation C:\WINDOWS\system32\DRIVERS\rdbss.sys (Verified) Microsoft Windows
rdpbus.sys Microsoft RDP Bus Device driver Microsoft Corporation C:\WINDOWS\System32\drivers\rdpbus.sys (Verified) Microsoft Windows
rdyboost.sys ReadyBoost Driver Microsoft Corporation C:\WINDOWS\System32\drivers\rdyboost.sys (Verified) Microsoft Windows
registry.sys Registry Containment Driver Microsoft Corporation C:\WINDOWS\System32\drivers\registry.sys (Verified) Microsoft Windows
rspndr.sys Link-Layer Topology Responder Driver for NDIS 6 Microsoft Corporation C:\WINDOWS\system32\drivers\rspndr.sys (Verified) Microsoft Windows
rt640x64.sys Realtek 8101E/8168/8169 NDIS 6.40 64-bit Driver                 Realtek                                             C:\WINDOWS\System32\drivers\rt640x64.sys (Verified) Realtek Semiconductor Corp
RTKVHD64.sys Realtek® High Definition Audio Function Driver Realtek Semiconductor Corp. C:\WINDOWS\system32\drivers\RTKVHD64.sys (Verified) Realtek Semiconductor Corp
rtwlane.sys Realtek PCIE NDIS Driver 42654 Realtek Semiconductor Corporation                           C:\WINDOWS\System32\drivers\rtwlane.sys (Verified) Microsoft Windows
sdbus.sys SecureDigital Bus Driver Microsoft Corporation C:\WINDOWS\System32\drivers\sdbus.sys (Verified) Microsoft Windows
spaceport.sys Storage Spaces Driver Microsoft Corporation C:\WINDOWS\System32\drivers\spaceport.sys (Verified) Microsoft Windows
srv.sys Server driver Microsoft Corporation C:\WINDOWS\System32\DRIVERS\srv.sys (Verified) Microsoft Windows
srv2.sys Smb 2.0 Server driver Microsoft Corporation C:\WINDOWS\System32\DRIVERS\srv2.sys (Verified) Microsoft Windows
srvnet.sys Server Network driver Microsoft Corporation C:\WINDOWS\System32\DRIVERS\srvnet.sys (Verified) Microsoft Windows
storahci.sys MS AHCI Storport Miniport Driver Microsoft Corporation C:\WINDOWS\System32\drivers\storahci.sys (Verified) Microsoft Windows
storport.sys Microsoft Storage Port Driver Microsoft Corporation C:\WINDOWS\System32\drivers\storport.sys (Verified) Microsoft Windows
storqosflt.sys Storage QoS Filter Microsoft Corporation C:\WINDOWS\system32\drivers\storqosflt.sys (Verified) Microsoft Windows
swenum.sys Plug and Play Software Device Enumerator Microsoft Corporation C:\WINDOWS\System32\drivers\swenum.sys (Verified) Microsoft Windows
tbs.sys Export driver for kernel mode TPM API Microsoft Corporation C:\WINDOWS\system32\drivers\tbs.sys (Verified) Microsoft Windows
tcpip.sys TCP/IP Driver Microsoft Corporation C:\WINDOWS\System32\drivers\tcpip.sys (Verified) Microsoft Windows
tcpipreg.sys TCP/IP Registry Compatibility Driver Microsoft Corporation C:\WINDOWS\System32\drivers\tcpipreg.sys (Verified) Microsoft Windows
TDI.SYS TDI Wrapper Microsoft Corporation C:\WINDOWS\system32\DRIVERS\TDI.SYS (Verified) Microsoft Windows
tdx.sys TDI Translation Driver Microsoft Corporation C:\WINDOWS\system32\DRIVERS\tdx.sys (Verified) Microsoft Windows
tm.sys Kernel Transaction Manager Driver Microsoft Corporation C:\WINDOWS\System32\drivers\tm.sys (Verified) Microsoft Windows
TSDDD.dll Framebuffer Display Driver Microsoft Corporation C:\WINDOWS\System32\TSDDD.dll (Verified) Microsoft Windows
tunnel.sys Microsoft Tunnel Interface Driver Microsoft Corporation C:\WINDOWS\System32\drivers\tunnel.sys (Verified) Microsoft Windows
ucx01000.sys USB Controller Extension Microsoft Corporation C:\WINDOWS\system32\drivers\ucx01000.sys (Verified) Microsoft Windows
UEFI.sys UEFI Driver for NT Microsoft Corporation C:\WINDOWS\System32\drivers\UEFI.sys (Verified) Microsoft Windows
umbus.sys User-Mode Bus Enumerator Microsoft Corporation C:\WINDOWS\System32\drivers\umbus.sys (Verified) Microsoft Windows
usbccgp.sys USB Common Class Generic Parent Driver Microsoft Corporation C:\WINDOWS\System32\drivers\usbccgp.sys (Verified) Microsoft Windows
USBD.SYS Universal Serial Bus Driver Microsoft Corporation C:\WINDOWS\System32\drivers\USBD.SYS (Verified) Microsoft Windows
usbehci.sys EHCI eUSB Miniport Driver Microsoft Corporation C:\WINDOWS\System32\drivers\usbehci.sys (Verified) Microsoft Windows
usbhub.sys Default Hub Driver for USB Microsoft Corporation C:\WINDOWS\System32\drivers\usbhub.sys (Verified) Microsoft Windows
UsbHub3.sys USB3 HUB Driver Microsoft Corporation C:\WINDOWS\System32\drivers\UsbHub3.sys (Verified) Microsoft Windows
usbohci.sys OHCI USB Miniport Driver Microsoft Corporation C:\WINDOWS\System32\drivers\usbohci.sys (Verified) Microsoft Windows
USBPORT.SYS USB 1.1 & 2.0 Port Driver Microsoft Corporation C:\WINDOWS\System32\drivers\USBPORT.SYS (Verified) Microsoft Windows
usbvideo.sys USB Video Class Driver Microsoft Corporation C:\WINDOWS\System32\Drivers\usbvideo.sys (Verified) Microsoft Windows
USBXHCI.SYS USB XHCI Driver Microsoft Corporation C:\WINDOWS\System32\drivers\USBXHCI.SYS (Verified) Microsoft Windows
vdrvroot.sys Virtual Drive Root Enumerator Microsoft Corporation C:\WINDOWS\System32\drivers\vdrvroot.sys (Verified) Microsoft Windows
volmgr.sys Volume Manager Driver Microsoft Corporation C:\WINDOWS\System32\drivers\volmgr.sys (Verified) Microsoft Windows
volmgrx.sys Volume Manager Extension Driver Microsoft Corporation C:\WINDOWS\System32\drivers\volmgrx.sys (Verified) Microsoft Windows
volsnap.sys Volume Shadow Copy driver Microsoft Corporation C:\WINDOWS\System32\drivers\volsnap.sys (Verified) Microsoft Windows
volume.sys Volume driver Microsoft Corporation C:\WINDOWS\System32\drivers\volume.sys (Verified) Microsoft Windows
vwifibus.sys Virtual Wireless Bus Driver Microsoft Corporation C:\WINDOWS\System32\drivers\vwifibus.sys (Verified) Microsoft Windows
vwififlt.sys Virtual WiFi Filter Driver Microsoft Corporation C:\WINDOWS\System32\drivers\vwififlt.sys (Verified) Microsoft Windows
vwifimp.sys Virtual WiFi Miniport Driver Microsoft Corporation C:\WINDOWS\System32\drivers\vwifimp.sys (Verified) Microsoft Windows
wanarp.sys MS Remote Access and Routing ARP Driver Microsoft Corporation C:\WINDOWS\System32\DRIVERS\wanarp.sys (Verified) Microsoft Windows
watchdog.sys Watchdog Driver Microsoft Corporation C:\WINDOWS\System32\drivers\watchdog.sys (Verified) Microsoft Windows
wcifs.sys Windows Container Isolation FS Filter Driver Microsoft Corporation C:\WINDOWS\system32\drivers\wcifs.sys (Verified) Microsoft Windows
wcnfs.sys Windows Container Name Virtualization FS Filter Driver Microsoft Corporation C:\WINDOWS\system32\drivers\wcnfs.sys (Verified) Microsoft Windows
Wdf01000.sys Kernel Mode Driver Framework Runtime Microsoft Corporation C:\WINDOWS\system32\drivers\Wdf01000.sys (Verified) Microsoft Windows
WDFLDR.SYS Kernel Mode Driver Framework Loader Microsoft Corporation C:\WINDOWS\system32\drivers\WDFLDR.SYS (Verified) Microsoft Windows
wdiwifi.sys WDI Driver Framework Driver Microsoft Corporation C:\WINDOWS\system32\DRIVERS\wdiwifi.sys (Verified) Microsoft Windows
werkernel.sys Windows Error Reporting Kernel Driver Microsoft Corporation C:\WINDOWS\System32\drivers\werkernel.sys (Verified) Microsoft Windows
wfplwfs.sys WFP NDIS 6.30 Lightweight Filter Driver Microsoft Corporation C:\WINDOWS\System32\drivers\wfplwfs.sys (Verified) Microsoft Windows
win32k.sys Full/Desktop Multi-User Win32 Driver Microsoft Corporation C:\WINDOWS\System32\win32k.sys (Verified) Microsoft Windows
win32kbase.sys Base Win32k Kernel Driver Microsoft Corporation C:\WINDOWS\System32\win32kbase.sys (Verified) Microsoft Windows
win32kfull.sys Full/Desktop Win32k Kernel Driver Microsoft Corporation C:\WINDOWS\System32\win32kfull.sys (Verified) Microsoft Windows
WindowsTrustedRT.sys Windows Trusted Runtime Interface Driver Microsoft Corporation C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys (Verified) Microsoft Windows Hardware Abstraction Layer Publisher
WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy Driver Microsoft Corporation C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys (Verified) Microsoft Windows Hardware Abstraction Layer Publisher
wmiacpi.sys Windows Management Interface for ACPI Microsoft Corporation C:\WINDOWS\System32\drivers\wmiacpi.sys (Verified) Microsoft Windows
WMILIB.SYS WMILIB WMI support library Dll Microsoft Corporation C:\WINDOWS\System32\drivers\WMILIB.SYS (Verified) Microsoft Windows
Wof.sys Windows Overlay Filter Microsoft Corporation C:\WINDOWS\System32\Drivers\Wof.sys (Verified) Microsoft Windows
WppRecorder.sys WPP Trace Recorder Microsoft Corporation C:\WINDOWS\System32\Drivers\WppRecorder.sys (Verified) Microsoft Windows
WudfPf.sys Windows Driver Foundation - User-mode Driver Framework Platform Driver Microsoft Corporation C:\WINDOWS\system32\drivers\WudfPf.sys (Verified) Microsoft Windows

  • 0

#82
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP

Go back into Device Manager

(Search for

device manager

and hit Enter)

and click on the arrow in front of Display Adapters then right click on the AMD entry and select Properties then Driver.  Click on Rollback Driver.  Yes.  Reboot and make a new process explorer log.


  • 0

#83
Lady_Rocker

Lady_Rocker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts

Ok.. will do that.. BTW this is what keeps popping up 

20160821_134246_zpsqbvygicc.jpg
 


  • 0

#84
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP

This is the new BSOD (Blue Screen of Death)

 

Let's see if BlueScreenView will work:
 
Download BlueScreenView
 
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.
 
Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

  • 0

#85
Lady_Rocker

Lady_Rocker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 27.31 0 K 4 K 0
SrTasks.exe 20.91 123,628 K 81,268 K 6296 Microsoft® Windows System Protection background tasks. Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 15.67 5,940 K 12,932 K 7500 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
procexp64.exe 15.61 46,324 K 66,612 K 10216 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System 11.24 136 K 4,568 K 4
dwm.exe 2.05 40,604 K 37,676 K 8456 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1.32 3,240 K 4,648 K 7204 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.12 58,396 K 65,896 K 516 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AvastSvc.exe 0.69 77,620 K 40,084 K 1972 avast! Service AVAST Software (Verified) AVAST Software a.s.
svchost.exe 0.47 48,268 K 70,936 K 8 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
explorer.exe 0.12 69,336 K 118,088 K 6956 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.08 62,680 K 100,640 K 4304 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.07 68,424 K 106,204 K 6312 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.05 12,920 K 22,432 K 1140 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.05 73,768 K 98,996 K 7336 Google Chrome Google Inc. (Verified) Google Inc
OmniServ.exe 0.05 3,336 K 2,868 K 1312 HP SimplePass Service Softex Inc. (No signature was present in the subject) Softex Inc.
afwServ.exe 0.04 7,728 K 9,432 K 2108 avast! firewall service AVAST Software (Verified) AVAST Software a.s.
svchost.exe 0.04 17,272 K 22,700 K 772 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.03 39,520 K 49,088 K 2956 Google Chrome Google Inc. (Verified) Google Inc
lsass.exe 0.03 6,420 K 11,772 K 792 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
plays_service.exe 0.01 13,240 K 2,584 K 2424 Plays.tv Service Plays.tv, LLC (Verified) Plays.tv
AvastUI.exe 0.01 14,644 K 22,104 K 6060 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
services.exe < 0.01 3,496 K 5,912 K 776 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 6,776 K 11,608 K 912 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 4,788 K 6,520 K 3192 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
PhotoshopElementsFileAgent.exe < 0.01 2,760 K 1,068 K 2188 (Verified) Adobe Systems Incorporated
WmiPrvSE.exe 2,200 K 8,208 K 10672 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,400 K 9,484 K 8472 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,252 K 3,108 K 664 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
unsecapp.exe 1,348 K 6,516 K 5624 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 6,800 K 16,668 K 9208 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 20,872 K 48,916 K 2828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 11,772 K 21,884 K 860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,844 K 9,528 K 1940 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9,848 K 16,696 K 1200 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 17,152 K 23,400 K 572 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,456 K 6,880 K 1596 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,476 K 6,084 K 1864 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 10,336 K 21,828 K 2484 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9,168 K 19,516 K 2260 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,772 K 7,272 K 8208 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,996 K 3,084 K 2196 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,640 K 3,668 K 3216 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,136 K 3,948 K 2452 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 6,680 K 5,896 K 2032 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smartscreen.exe 8,140 K 13,556 K 9056 SmartScreen Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 6,096 K 21,956 K 6336 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 45,920 K 83,384 K 2864 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SettingSyncHost.exe 6,516 K 7,804 K 8900 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
SearchUI.exe Suspended 52,676 K 89,824 K 3844 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchProtocolHost.exe 2,056 K 8,132 K 5560 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 30,280 K 22,300 K 2748 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe 1,300 K 6,036 K 11064 Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 26,744 K 43,528 K 9068 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RtkAudioService64.exe 1,680 K 2,940 K 1672 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RichVideo64.exe 1,392 K 1,396 K 2408 RichVideo Module (Verified) CyberLink Corp.
RemindersServer.exe Suspended 8,248 K 18,624 K 4196 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
RemindersServer.exe Suspended 1,856 K 10,012 K 8540 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
RAVBg64.exe 6,024 K 13,340 K 5312 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
procexp.exe 2,828 K 9,844 K 10124 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
OSPPSVC.EXE 2,616 K 11,932 K 2928 Microsoft Office Software Protection Platform Service Microsoft Corporation (Verified) Microsoft Corporation
opvapp.exe 2,024 K 7,996 K 5292 (No signature was present in the subject)
OPBHOBrokerDsktop.exe 2,436 K 2,604 K 3288 HP SimplePass BHO Broker Hewlett-Packard (Verified) Softex Incorporated
mDNSResponder.exe 1,720 K 3,068 K 2208 Bonjour Service Apple Inc. (Verified) Apple Inc.
ijplmsvc.exe 1,200 K 1,508 K 2232 Inkjet Printer/Scanner/Fax Extended Survey Program Service (Verified) Canon Inc.
HPSupportSolutionsFrameworkService.exe 39,028 K 7,712 K 4088 HP Support Solutions Framework Service HP Inc. (Verified) Hewlett-Packard Company
GoogleUpdate.exe 2,016 K 444 K 3880 Google Installer Google Inc. (Verified) Google Inc
GoogleCrashHandler64.exe 1,500 K 252 K 2224 Google Crash Handler Google Inc. (Verified) Google Inc
GoogleCrashHandler.exe 1,656 K 452 K 1632 Google Crash Handler Google Inc. (Verified) Google Inc
fontdrvhost.exe 816 K 2,920 K 8092 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
DropboxUpdate.exe 1,980 K 1,932 K 1324 Dropbox Update Dropbox, Inc. (Verified) Dropbox
dllhost.exe 3,932 K 9,984 K 6824 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 4,604 K 9,480 K 2732 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1,540 K 3,204 K 560 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
conhost.exe 1,100 K 5,088 K 5780 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 29,424 K 61,368 K 5324 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 1,936 K 8,980 K 4940 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 24,412 K 54,396 K 6624 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 36,808 K 63,872 K 6808 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,188 K 7,824 K 8492 Google Chrome Google Inc. (Verified) Google Inc
audiodg.exe 13,360 K 18,836 K 7636 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
atiesrxx.exe 1,236 K 2,128 K 1368 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 2,224 K 8,676 K 8856 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
ApplicationFrameHost.exe 4,316 K 18,156 K 8044 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
 
Process: System Pid: 4
 
Type Name
ALPC Port \PowerPort
ALPC Port \PowerMonitorPort
ALPC Port \PdcPort
ALPC Port \SeRmCommandPort
Desktop \Disconnect
Desktop \Disconnect
Directory \GLOBAL??
Directory \Device\ClVtDrv
Directory \Device\Harddisk0
Directory \Windows\WindowStations
Directory \Sessions\0\DosDevices\00000000-000003e4
Directory \Sessions\0\DosDevices\00000000-000003e5
Directory \Device\Http
Directory \Sessions\0\DosDevices\00000000-001d7d56
Directory \Sessions\2\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\RPC Control
Directory \Sessions\0\DosDevices\00000000-001d7da1
Directory \Sessions\2\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708
Directory \Sessions\0\DosDevices\00000000-002feb26
Directory \Sessions\2\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523\RPC Control
Directory \...\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
Directory \...\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433
Directory \Sessions\2\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
Directory \...\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\RPC Control
Directory \...\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\RPC Control
Directory \Sessions\2\AppContainerNamedObjects\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\RPC Control
Directory \Sessions\2\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523
Directory \Sessions\0\DosDevices\00000000-002dbdb1
Directory \Sessions\2\Windows\WindowStations
Directory \Sessions\2\AppContainerNamedObjects\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723
Directory \Sessions\0\DosDevices\00000000-002feb50
Directory \Sessions\2\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\RPC Control
Event \UniqueSessionIdEvent
Event \EFSInitEvent
Event \EFSInitEvent
Event \UniqueInteractiveSessionIdEvent
Event \...\DwmComposedEvent_1
Event \BaseNamedObjects\aswstmbfeevnt
Event \BaseNamedObjects\aswstmbferefresh
Event \LanmanServerAnnounceEvent
Event \Sessions\2\BaseNamedObjects\DwmComposedEvent_1
Event \Sessions\2\BaseNamedObjects\EventShutDownCSRSS
File C:\Windows\System32\config\SYSTEM.LOG2
File \clfs
File D:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File C:\Windows\System32\config\SYSTEM
File \Device\HarddiskVolume5\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File \Device\HarddiskVolume5\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File C:\Windows\System32\config\SYSTEM.LOG1
File \Device\HarddiskVolume5\$Extend\$RmMetadata\$Txf
File \Device\HarddiskVolume5\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File \clfs
File \clfs
File \clfs
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
File \clfs
File \clfs
File C:\System Volume Information\{98d35562-645a-11e6-82e7-0071c20b7792}{3808876b-c176-4e48-b7ae-04046e6cc752}
File \clfs
File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
File C:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000003
File \clfs
File \clfs
File C:\$Extend\$RmMetadata\$Txf
File \clfs
File \clfs
File \clfs
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
File \clfs
File D:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File D:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File \clfs
File D:\$Extend\$RmMetadata\$Txf
File D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
File D:\System Volume Information\{98d35563-645a-11e6-82e7-0071c20b7792}{3808876b-c176-4e48-b7ae-04046e6cc752}
File \clfs
File C:\Windows\System32\drivers\en-US\USBXHCI.SYS.mui
File \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File \clfs
File \Device\HarddiskVolume1\$Extend\$RmMetadata\$Txf
File \clfs
File \clfs
File \clfs
File \clfs
File C:\Windows\System32\config\SOFTWARE
File C:\Windows\System32\config\SOFTWARE.LOG1
File C:\Windows\System32\config\SOFTWARE.LOG2
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
File C:\Windows\System32\config\TxR\{f5b13570-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
File C:\Windows\System32\config\TxR\{f5b13570-4b48-11e6-80cb-e41d2d012050}.TM.blf
File C:\Windows\System32\config\RegBack\SYSTEM
File C:\Windows\System32\config\TxR\{f5b13570-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
File \clfs
File \clfs
File C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.003
File C:\Windows\System32\config\RegBack\SOFTWARE
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
File C:\hiberfil.sys
File \Device\HarddiskVolume2\EFI\Microsoft\Boot\BCD.LOG
File C:\Windows\bootstat.dat
File \Device\KsecDD
File \Device\KsecDD
File C:\pagefile.sys
File C:\Windows\System32\config\DEFAULT
File C:\swapfile.sys
File C:\Windows\System32\config\DEFAULT.LOG1
File C:\Windows\System32\config\DEFAULT.LOG2
File C:\Windows\System32\config\RegBack\DEFAULT
File C:\Windows\System32\en-US\win32kbase.sys.mui
File C:\Program Files (x86)\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF
File C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\Required\ADMUI3.fon
File C:\Users\HeatherAnnique\ntuser.dat.LOG1
File \clfs
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
File C:\Windows\System32\config\SAM
File C:\Windows\System32\config\SECURITY.LOG2
File C:\Windows\System32\config\SAM.LOG2
File C:\Windows\System32\config\SECURITY
File C:\Windows\System32\config\SECURITY.LOG1
File C:\Windows\System32\config\RegBack\SECURITY
File C:\Windows\System32\config\RegBack\SAM
File C:\Windows\System32\config\SAM.LOG1
File C:\Windows\System32\SleepStudy\UserNotPresentSession.etl
File C:\Windows\System32\config\BBI
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{f5b13604-4b48-11e6-80cb-e41d2d012050}.TM.blf
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{f5b13604-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{f5b13604-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
File \clfs
File \clfs
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
File C:\Windows\System32\config\BBI.LOG1
File C:\Windows\System32\config\BBI.LOG2
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{dd434f19-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000001.regtrans-ms
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{dd434f19-625f-11e6-b28a-f3afb8f9ba47}.TM.blf
File \clfs
File \clfs
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{dd434f19-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000002.regtrans-ms
File \Device\00000039
File \Device\HarddiskVolume2\EFI\Microsoft\Boot\BCD
File \Device\Ndis
File \Device\HarddiskVolume4
File \Device\Tcp
File \Device\Tcp
File \Device\Mup
File \Device\Mup
File C:\ProgramData\Microsoft\Windows\wfp\wfpdiag.etl
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTWFP-IPsec Diagnostics.etl
File \Device\NamedPipe\afwCallbackPipe2
File \Device\NamedPipe\afwCallbackPipe3
File \Device\Tcp
File C:\Windows\System32\config\TxR\{f5b1356f-4b48-11e6-80cb-e41d2d012050}.TxR.0.regtrans-ms
File C:\Windows\System32\config\TxR\{f5b1356f-4b48-11e6-80cb-e41d2d012050}.TxR.blf
File \Device\NamedPipe\
File \Device\NamedPipe\
File \Device\Tcp
File C:\Windows\System32\config\TxR\{f5b1356f-4b48-11e6-80cb-e41d2d012050}.TxR.1.regtrans-ms
File C:\Windows\System32\config\TxR\{f5b1356f-4b48-11e6-80cb-e41d2d012050}.TxR.2.regtrans-ms
File \clfs
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagtrack-Listener.etl
File C:\Windows\appcompat\Programs\Amcache.hve
File C:\Windows\appcompat\Programs\Amcache.hve.LOG1
File C:\Windows\appcompat\Programs\Amcache.hve.LOG2
File C:\Windows\System32\LogFiles\WMI\LwtNetLog.etl
File C:\Windows\Logs\WindowsUpdate\WindowsUpdate.20160822.055034.599.3.etl
File \clfs
File \Device\aswSnx
File C:\Windows\System32\LogFiles\WMI\Wifi.etl
File C:\Windows\Logs\dosvc\dosvc.20160821_194849_265.etl
File \clfs
File \clfs
File C:\Users\NiTa\NTUSER.DAT
File D:\System Volume Information\{e856424e-67d7-11e6-82fb-0071c20b7792}{3808876b-c176-4e48-b7ae-04046e6cc752}
File C:\Users\NiTa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\UsrClass.dat{dd435084-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000001.regtrans-ms
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1
File C:\Users\NiTa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1
File \Device\NamedPipe
File \clfs
File C:\ProgramData\AVAST Software\Avast\Fonts\RobotoCondensed-Regular.ttf
File C:\Users\HeatherAnnique\ntuser.dat.LOG2
File C:\Windows\System32\winevt\Logs\DebugChannel.etl
File \Device\0000003c
File C:\Users\HeatherAnnique\NTUSER.DAT
File C:\Users\HeatherAnnique\NTUSER.DAT{dd434f3b-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000002.regtrans-ms
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat
File \Device\NamedPipe
File \Device\NamedPipe
File \Device\0000003d
File \Device\NamedPipe
File C:\ProgramData\AVAST Software\Avast\Fonts\RobotoCondensed-Bold.ttf
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1
File \Device\NamedPipe
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
File C:\Users\NiTa\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\UsrClass.dat{dd435084-625f-11e6-b28a-f3afb8f9ba47}.TM.blf
File C:\Users\HeatherAnnique\NTUSER.DAT{dd434f3b-625f-11e6-b28a-f3afb8f9ba47}.TM.blf
File C:\Users\NiTa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat
File C:\ProgramData\AVAST Software\Avast\Fonts\OpenSans-Italic.ttf
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTPROCEXP TRACE.etl
File C:\Users\HeatherAnnique\NTUSER.DAT{dd434f3b-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000001.regtrans-ms
File C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\Required\ADMUI3.fon
File C:\Program Files (x86)\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\UsrClass.dat{dd435084-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000002.regtrans-ms
File C:\Users\NiTa\ntuser.dat.LOG1
File C:\ProgramData\AVAST Software\Avast\Fonts\OpenSans-Light.ttf
File C:\ProgramData\AVAST Software\Avast\Fonts\OpenSans-Bold.ttf
File \clfs
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2
File C:\Users\NiTa\ntuser.dat.LOG2
File C:\ProgramData\AVAST Software\Avast\Fonts\OpenSans-Regular.ttf
File C:\Users\NiTa\NTUSER.DAT{dd434f3b-625f-11e6-b28a-f3afb8f9ba47}.TM.blf
File C:\Users\NiTa\NTUSER.DAT{dd434f3b-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000001.regtrans-ms
File C:\Users\NiTa\NTUSER.DAT{dd434f3b-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000002.regtrans-ms
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\UsrClass.dat
File C:\System Volume Information\{e856424b-67d7-11e6-82fb-0071c20b7792}{3808876b-c176-4e48-b7ae-04046e6cc752}
File \Device\NamedPipe
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2
File C:\Users\NiTa\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2
File C:\Users\NiTa\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1
FilterConnectionPort \aswFsBlkPort
FilterConnectionPort \SnxCommPort
FilterConnectionPort \SnxVlabCommPort
FilterConnectionPort \storqosfltport
FilterConnectionPort \WcifsPort
FilterConnectionPort \WcnfsPort
FilterConnectionPort \aswPort
Key \REGISTRY
Key HKLM\SYSTEM\ControlSet001\Control\hivelist
Key HKLM\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\PrefetchParameters
Key HKLM\SYSTEM\ControlSet001\Control\Notifications
Key HKLM\SYSTEM\Setup
Key HKLM\SYSTEM
Key HKLM\SYSTEM\ControlSet001
Key HKLM\SYSTEM\DriverDatabase
Key HKU
Key HKLM\SYSTEM\ControlSet001\Control\DeviceClasses
Key HKLM\SYSTEM\ControlSet001\Enum
Key HKLM\SYSTEM\ControlSet001\Control\DeviceContainers
Key HKLM\SYSTEM\ControlSet001\Control\Class
Key HKLM\SYSTEM\ControlSet001\Services
Key HKLM\SYSTEM\RNG
Key HKLM\SYSTEM\ControlSet001\Control\WMI\Security
Key HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0
Key HKLM\SYSTEM\ControlSet001\Services\NDIS\IfTypes\131
Key HKLM\SYSTEM\ControlSet001\Services\NDIS\IfTypes\23
Key HKLM\SYSTEM\ControlSet001\Services\NDIS\IfTypes\24
Key HKLM\SYSTEM\ControlSet001\Services\NDIS\IfTypes\6
Key HKLM\SYSTEM\ControlSet001\Services\aswSP
Key HKLM\SYSTEM\ControlSet001\Control\FileSystem
Key HKLM\SYSTEM\ControlSet001\Services\Dfsc\Parameters
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}
Key HKLM\SYSTEM\ControlSet001\Control\Lsa
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{498B1B9F-8618-4E6C-9AD1-6A759BFBFB23}
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{221601AB-48C7-4970-B0EC-96E66F578407}
Key HKLM\SYSTEM\ControlSet001\Control\FileSystem
Key HKLM\SYSTEM\ControlSet001\Control\Power\Profile\Events\{54533251-82be-4824-96c1-47b60b740d00}\{0DA965DC-8FCF-4c0b-8EFE-8DD5E7BC959A}\{7E01ADEF-81E6-4e1b-8075-56F373584694}
Key HKLM\SYSTEM\ControlSet001\Control\Power\Profile\Events\{54533251-82be-4824-96c1-47b60b740d00}\{EE1E4F72-E368-46b1-B3C6-5048B11C2DBD}\{9C1F0DBA-33E9-43af-9EDA-A607AA5139DA}
Key HKLM\SYSTEM\ControlSet001\Control\FileSystem
Key HKLM\SYSTEM\ControlSet001\Policies
Key HKLM\SYSTEM\ControlSet001\Services\NDIS\IfTypes\71
Key HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 1
Key HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\Order
Key HKLM\SYSTEM\ControlSet001\Services\Mup
Key HKLM\SYSTEM\ControlSet001\Control\hiveredirectionlist
Key HKLM\SYSTEM\ControlSet001\Services\aswSnx
Key HKLM\SYSTEM\ControlSet001\Control\Lsa
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{D73E01AC-F5A0-4D80-928B-33C1920C38BA}
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{59AEE675-B203-4D61-9A1F-04518A20F359}
Key HKLM\SOFTWARE\Policies\Microsoft\Windows
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications\Data
Key HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}\0042
Key HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}\0001
Key HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}\0001
Key HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}\0001
Key HKLM\SYSTEM\ControlSet001\Control\Session Manager\Quota System
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\VolatileNotifications
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine
Key HKLM\SYSTEM\ControlSet001\Services\NativeWifiP\Parameters
Key HKLM\SYSTEM\ControlSet001\Services\NativeWifiP\Parameters\Adapters
Key HKLM\SYSTEM\ControlSet001\Services\NativeWifiP
Key HKLM\SYSTEM\ControlSet001\Services\HTTP\Parameters\UrlAclInfo
Key HKLM\SYSTEM\ControlSet001\Services\NativeWifiP\Parameters\Adapters\{469b8358-7c69-4cc4-8b82-af4310768011}\ExtSTAMib
Key HKLM\SYSTEM\ControlSet001\Services\NativeWifiP\Parameters\Adapters\{10fdea08-1168-4f59-b05d-e7c23af3e1b4}\WFD
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7e979084-3c51-496d-8a2c-f361b4e39318}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{dd434edb-625f-11e6-b28a-806e6f6e6963}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{256469c7-09ae-428e-ae11-1c7360cf89b6}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e630b5b7-d1e5-4d84-ba7f-5965f9e1f034}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{469b8358-7c69-4cc4-8b82-af4310768011}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8332e81f-a923-431a-8ebc-b3e311f671e5}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{10fdea08-1168-4f59-b05d-e7c23af3e1b4}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{eeb093a2-d0b2-4795-aeda-bf16a4ecdede}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\PersistentRoutes
Key HKLM\SYSTEM\ControlSet001\Services\NativeWifiP\Parameters\Adapters\{10fdea08-1168-4f59-b05d-e7c23af3e1b4}\WFDMib
Key HKLM\SYSTEM\ControlSet001\Services\NativeWifiP\Parameters\Adapters\{469b8358-7c69-4cc4-8b82-af4310768011}\ExtSTA
Key HKLM\SYSTEM\DriverDatabase\DriverInfFiles
Key HKLM\SYSTEM\DriverDatabase\DriverPackages
Key HKLM\SYSTEM\ControlSet001\Control\CoDeviceInstallers
Key HKLM\SYSTEM\DriverDatabase\DeviceIds
Key HKLM\SYSTEM\ControlSet001\Control\ProductOptions
Key HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths
Key HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Mutant \KernelObjects\BcdSyncMutant
Partition \KernelObjects\MemoryPartition0
Process System(4)
Process smss.exe(400)
Process System(4)
Process smss.exe(400)
Process svchost.exe(1140)
Process svchost.exe(1140)
Process csrss.exe(560)
Process csrss.exe(560)
Process csrss.exe(560)
Process wininit.exe(664)
Process wininit.exe(664)
Process dasHost.exe(2732)
Process dasHost.exe(2732)
Process svchost.exe(516)
Process svchost.exe(772)
Process svchost.exe(8)
Process svchost.exe(516)
Process svchost.exe(8)
Process spoolsv.exe(2032)
Process svchost.exe(3192)
Process svchost.exe(8)
Process svchost.exe(8)
Process services.exe(776)
Process services.exe(776)
Process svchost.exe(860)
Process lsass.exe(792)
Process lsass.exe(792)
Process lsass.exe(792)
Process lsass.exe(792)
Process lsass.exe(792)
Process svchost.exe(860)
Process services.exe(776)
Process svchost.exe(860)
Process svchost.exe(860)
Process svchost.exe(860)
Process svchost.exe(912)
Process svchost.exe(912)
Process wininit.exe(664)
Process svchost.exe(860)
Process svchost.exe(8)
Process svchost.exe(572)
Process WmiPrvSE.exe(10672)
Process svchost.exe(8)
Process procexp64.exe(10216)
Process svchost.exe(772)
Process svchost.exe(772)
Process svchost.exe(772)
Process svchost.exe(1140)
Process svchost.exe(1200)
Process OmniServ.exe(1312)
Process atiesrxx.exe(1368)
Process OmniServ.exe(1312)
Process atiesrxx.exe(1368)
Process OmniServ.exe(1312)
Process OmniServ.exe(1312)
Process atiesrxx.exe(1368)
Process svchost.exe(516)
Process svchost.exe(516)
Process svchost.exe(1140)
Process svchost.exe(1596)
Process svchost.exe(1596)
Process RtkAudioService64.exe(1672)
Process RtkAudioService64.exe(1672)
Process RtkAudioService64.exe(1672)
Process svchost.exe(1864)
Process AvastSvc.exe(1972)
Process spoolsv.exe(2032)
Process svchost.exe(3192)
Process svchost.exe(1864)
Process AvastSvc.exe(1972)
Process svchost.exe(1940)
Process svchost.exe(1864)
Process svchost.exe(1864)
Process svchost.exe(1864)
Process svchost.exe(1864)
Process svchost.exe(1864)
Process AvastSvc.exe(1972)
Process AvastSvc.exe(1972)
Process spoolsv.exe(2032)
Process spoolsv.exe(2032)
Process spoolsv.exe(2032)
Process svchost.exe(1200)
Process svchost.exe(516)
Process afwServ.exe(2108)
Process afwServ.exe(2108)
Process afwServ.exe(2108)
Process svchost.exe(572)
Process svchost.exe(572)
Process PhotoshopElementsFileAgent.exe(2188)
Process afwServ.exe(2108)
Process PhotoshopElementsFileAgent.exe(2188)
Process mDNSResponder.exe(2208)
Process svchost.exe(2196)
Process ijplmsvc.exe(2232)
Process mDNSResponder.exe(2208)
Process PhotoshopElementsFileAgent.exe(2188)
Process ijplmsvc.exe(2232)
Process plays_service.exe(2424)
Process ijplmsvc.exe(2232)
Process svchost.exe(2260)
Process plays_service.exe(2424)
Process svchost.exe(8)
Process plays_service.exe(2424)
Process RichVideo64.exe(2408)
Process RichVideo64.exe(2408)
Process svchost.exe(8)
Process svchost.exe(8)
Process svchost.exe(2196)
Process svchost.exe(2452)
Process svchost.exe(572)
Process svchost.exe(2484)
Process mDNSResponder.exe(2208)
Process ijplmsvc.exe(2232)
Process RichVideo64.exe(2408)
Process PhotoshopElementsFileAgent.exe(2188)
Process Memory Compression(2692)
Process services.exe(776)
Process dasHost.exe(2732)
Process dasHost.exe(2732)
Process svchost.exe(3192)
Process svchost.exe(3192)
Process svchost.exe(8)
Process plays_service.exe(2424)
Process svchost.exe(2260)
Process svchost.exe(2260)
Process svchost.exe(3192)
Process svchost.exe(772)
Process svchost.exe(3192)
Process svchost.exe(3192)
Process svchost.exe(3216)
Process dasHost.exe(2732)
Process svchost.exe(3216)
Process dasHost.exe(2732)
Process svchost.exe(2260)
Process svchost.exe(3192)
Process svchost.exe(8)
Process svchost.exe(3192)
Process svchost.exe(3192)
Process svchost.exe(3192)
Process svchost.exe(3192)
Process svchost.exe(1140)
Process svchost.exe(1140)
Process SearchProtocolHost.exe(5560)
Process svchost.exe(1140)
Process chrome.exe(6808)
Process svchost.exe(1140)
Process dasHost.exe(2732)
Process svchost.exe(1140)
Process GoogleUpdate.exe(3880)
Process dasHost.exe(2732)
Process svchost.exe(1140)
Process svchost.exe(8)
Process dasHost.exe(2732)
Process dasHost.exe(2732)
Process svchost.exe(860)
Process OSPPSVC.EXE(2928)
Process svchost.exe(1140)
Process svchost.exe(1140)
Process svchost.exe(8)
Process spoolsv.exe(2032)
Process spoolsv.exe(2032)
Process svchost.exe(8)
Process svchost.exe(8)
Process chrome.exe(8492)
Process GoogleCrashHandler.exe(1632)
Process DropboxUpdate.exe(1324)
Process spoolsv.exe(2032)
Process spoolsv.exe(2032)
Process GoogleCrashHandler.exe(1632)
Process SearchIndexer.exe(2748)
Process DropboxUpdate.exe(1324)
Process DropboxUpdate.exe(1324)
Process SearchIndexer.exe(2748)
Process HPSupportSolutionsFrameworkService.exe(4088)
Process HPSupportSolutionsFrameworkService.exe(4088)
Process GoogleCrashHandler.exe(1632)
Process GoogleUpdate.exe(3880)
Process GoogleUpdate.exe(3880)
Process dasHost.exe(2732)
Process GoogleCrashHandler64.exe(2224)
Process GoogleCrashHandler64.exe(2224)
Process GoogleCrashHandler64.exe(2224)
Process GoogleCrashHandler.exe(1632)
Process HPSupportSolutionsFrameworkService.exe(4088)
Process ApplicationFrameHost.exe(8044)
Process RemindersServer.exe(4196)
Process ApplicationFrameHost.exe(8044)
Process dllhost.exe(6824)
Process SettingSyncHost.exe(8900)
Process chrome.exe(6312)
Process conhost.exe(5780)
Process smartscreen.exe(9056)
Process chrome.exe(6624)
Process svchost.exe(1140)
Process svchost.exe(1140)
Process svchost.exe(1140)
Process dasHost.exe(2732)
Process dasHost.exe(2732)
Process svchost.exe(1140)
Process dasHost.exe(2732)
Process dasHost.exe(2732)
Process fontdrvhost.exe(8092)
Process chrome.exe(2956)
Process svchost.exe(860)
Process SearchUI.exe(3844)
Process sihost.exe(6336)
Process svchost.exe(2828)
Process procexp.exe(10124)
Process explorer.exe(6956)
Process AvastUI.exe(6060)
Process atieclxx.exe(8856)
Process svchost.exe(860)
Process chrome.exe(6312)
Process SearchUI.exe(3844)
Process SearchUI.exe(3844)
Process atieclxx.exe(8856)
Process SearchFilterHost.exe(11064)
Process SearchUI.exe(3844)
Process procexp.exe(10124)
Process svchost.exe(860)
Process svchost.exe(2828)
Process svchost.exe(2828)
Process explorer.exe(6956)
Process winlogon.exe(8472)
Process chrome.exe(7336)
Process chrome.exe(4304)
Process ShellExperienceHost.exe(2864)
Process chrome.exe(6312)
Process AvastUI.exe(6060)
Process OSPPSVC.EXE(2928)
Process ShellExperienceHost.exe(2864)
Process SearchUI.exe(3844)
Process chrome.exe(7336)
Process OSPPSVC.EXE(2928)
Process audiodg.exe(7636)
Process svchost.exe(2828)
Process chrome.exe(6624)
Process svchost.exe(2828)
Process SrTasks.exe(6296)
Process opvapp.exe(5292)
Process svchost.exe(2828)
Process dasHost.exe(2732)
Process svchost.exe(1140)
Process svchost.exe(1140)
Process svchost.exe(2828)
Process dasHost.exe(2732)
Process chrome.exe(6808)
Process audiodg.exe(7636)
Process chrome.exe(2956)
Process audiodg.exe(7636)
Process svchost.exe(8208)
Process chrome.exe(4304)
Process smartscreen.exe(9056)
Process chrome.exe(2956)
Process chrome.exe(5324)
Process chrome.exe(4940)
Process chrome.exe(8492)
Process SettingSyncHost.exe(8900)
Process chrome.exe(7336)
Process chrome.exe(6808)
Process chrome.exe(5324)
Process procexp64.exe(10216)
Process chrome.exe(6312)
Process chrome.exe(5324)
Process procexp64.exe(10216)
Process winlogon.exe(8472)
Process dwm.exe(8456)
Process dasHost.exe(2732)
Process dasHost.exe(2732)
Process RAVBg64.exe(5312)
Process svchost.exe(8)
Process winlogon.exe(8472)
Process unsecapp.exe(5624)
Process explorer.exe(6956)
Process svchost.exe(1140)
Process csrss.exe(7204)
Process AvastUI.exe(6060)
Process SearchFilterHost.exe(11064)
Process taskhostw.exe(9208)
Process OPBHOBrokerDsktop.exe(3288)
Process RuntimeBroker.exe(9068)
Process taskhostw.exe(9208)
Process RuntimeBroker.exe(9068)
Process OPBHOBrokerDsktop.exe(3288)
Process svchost.exe(2828)
Process chrome.exe(6624)
Process sihost.exe(6336)
Process RAVBg64.exe(5312)
Process RAVBg64.exe(5312)
Process dasHost.exe(2732)
Process dasHost.exe(2732)
Process chrome.exe(6312)
Process svchost.exe(8)
Process SearchProtocolHost.exe(5560)
Process OPBHOBrokerDsktop.exe(3288)
Process conhost.exe(5780)
Process procexp.exe(10124)
Process fontdrvhost.exe(8092)
Process RemindersServer.exe(8540)
Process WmiPrvSE.exe(7500)
Process chrome.exe(4940)
Process opvapp.exe(5292)
Process AvastUI.exe(6060)
Process RemindersServer.exe(4196)
Process ShellExperienceHost.exe(2864)
Process smartscreen.exe(9056)
Process RemindersServer.exe(8540)
Process chrome.exe(4304)
Process unsecapp.exe(5624)
Process SrTasks.exe(6296)
Process procexp64.exe(10216)
Section \Win32kCrossSessionGlobals
Section \Device\PhysicalMemory
Section \Device\PhysicalMemory
Session \KernelObjects\Session0
Session \KernelObjects\Session2
Session \KernelObjects\Session2
Session \KernelObjects\Session2
Session \KernelObjects\Session2
Session \KernelObjects\Session2
Session \KernelObjects\Session2
Session \KernelObjects\Session2
Session \KernelObjects\Session2
Session \KernelObjects\Session2
SymbolicLink \GLOBAL??\ACPI#FixedButton#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857}
SymbolicLink \GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}
SymbolicLink \GLOBAL??\PCI#VEN_1022&DEV_7807&SUBSYS_2B56103C&REV_39#3&11583659&0&98#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}
SymbolicLink \GLOBAL??\PCI#VEN_1022&DEV_7808&SUBSYS_2B56103C&REV_39#3&11583659&0&92#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}
SymbolicLink \GLOBAL??\PCI#VEN_1022&DEV_7808&SUBSYS_2B56103C&REV_39#3&11583659&0&9A#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}
SymbolicLink \GLOBAL??\ROOT#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}
SymbolicLink \GLOBAL??\ROOT#spaceport#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\ROOT#spaceport#0000#{ef66a56f-88d1-4cd8-98c4-49faf57ad8af}
SymbolicLink \GLOBAL??\ROOT#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\STORAGE#Volume#{f99d45b9-fb89-11e4-8251-806e6f6e6963}#0000000040000000#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}
SymbolicLink \GLOBAL??\PCI#VEN_1022&DEV_7801&SUBSYS_2B56103C&REV_40#3&11583659&0&88#{2accfe60-c130-11d2-b082-00a0c91efb8b}
SymbolicLink \GLOBAL??\STORAGE#Volume#{f99d45b9-fb89-11e4-8251-806e6f6e6963}#000000E415200000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\STORAGE#Volume#{f99d45b9-fb89-11e4-8251-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\STORAGE#Volume#{f99d45b9-fb89-11e4-8251-806e6f6e6963}#0000000056800000#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}
SymbolicLink \GLOBAL??\STORAGE#Volume#{f99d45b9-fb89-11e4-8251-806e6f6e6963}#000000005E800000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\STORAGE#Volume#{f99d45b9-fb89-11e4-8251-806e6f6e6963}#000000E431400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\SCSI#Disk&Ven_&Prod_ST1000DM003-1ER1#4&35dce77&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}
SymbolicLink \GLOBAL??\PCI#VEN_1022&DEV_7807&SUBSYS_2B56103C&REV_39#3&11583659&0&90#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}
SymbolicLink \GLOBAL??\ROOT#MEDIA#0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}
SymbolicLink \GLOBAL??\ROOT#MEDIA#0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}
SymbolicLink \GLOBAL??\ROOT#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}
SymbolicLink \GLOBAL??\ACPI#AuthenticAMD_-_AMD64_Family_22_Model_0_-_AMD_E1-6015_APU_with_Radeon™_HD_Graphics____#_2#{dbe4373d-3c81-40cb-ace4-e0e5d05f0c9f}
SymbolicLink \GLOBAL??\ACPI#AuthenticAMD_-_AMD64_Family_22_Model_0_-_AMD_E1-6015_APU_with_Radeon™_HD_Graphics____#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}
SymbolicLink \GLOBAL??\PCI#VEN_1022&DEV_7814&SUBSYS_2B56103C&REV_01#3&11583659&0&80#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}
SymbolicLink \GLOBAL??\ACPI#AuthenticAMD_-_AMD64_Family_22_Model_0_-_AMD_E1-6015_APU_with_Radeon™_HD_Graphics____#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}
SymbolicLink \GLOBAL??\ACPI#AuthenticAMD_-_AMD64_Family_22_Model_0_-_AMD_E1-6015_APU_with_Radeon™_HD_Graphics____#_1#{dbe4373d-3c81-40cb-ace4-e0e5d05f0c9f}
SymbolicLink \GLOBAL??\SCSI#CdRom&Ven_hp&Prod_DVDRAM_GUB0N#4&35dce77&0&010000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\SCSI#CdRom&Ven_hp&Prod_DVDRAM_GUB0N#4&35dce77&0&010000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\USB#ROOT_HUB20#4&11a32b3&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\USB#ROOT_HUB#4&751fc8a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\USB#ROOT_HUB#4&1745f490&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\USB#ROOT_HUB20#4&3334158d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\USB#ROOT_HUB30#4&1512d71&0&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1005#4&a0ef172&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\PCI#VEN_1022&DEV_7813&SUBSYS_2B56103C&REV_01#3&11583659&0&A7#{79626149-04a0-4353-be16-4b341b1107a9}
SymbolicLink \GLOBAL??\PCI#VEN_10EC&DEV_8179&SUBSYS_804B103C&REV_01#00E04CFFFE81910100#{435b6226-1dcc-43b3-887e-217dbaa27ba3}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1005#4&a0ef172&0&0001#{a17579f0-4fec-4936-9364-249460863be5}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1005#4&a0ef172&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}
SymbolicLink \GLOBAL??\USB#VID_192F&PID_0916#5&5788de0&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
SymbolicLink \GLOBAL??\HID#VID_192F&PID_0916#6&2ca5b386&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}
SymbolicLink \GLOBAL??\USB#VID_064E&PID_9324#HF032B-T803-SE01-6-REV0101#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
SymbolicLink \GLOBAL??\HID#VID_04CA&PID_004B&MI_01&Col02#7&889afac&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\USB#VID_04CA&PID_004B#5&5788de0&0&4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
SymbolicLink \GLOBAL??\HID#VID_04CA&PID_004B&MI_01&Col01#7&889afac&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\USB#VID_064E&PID_9324&MI_00#6&17f53ea7&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}
SymbolicLink \GLOBAL??\USB#VID_064E&PID_9324&MI_00#6&17f53ea7&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HID#VID_192F&PID_0916#6&2ca5b386&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\USB#VID_064E&PID_9324&MI_00#6&17f53ea7&0&0000#{e5323777-f976-4f5b-9b55-b94699c46e44}
SymbolicLink \GLOBAL??\HID#VID_04CA&PID_004B&MI_01&Col02#7&889afac&0&0001#{4afa3d53-74a7-11d0-be5e-00a0c9062857}
SymbolicLink \GLOBAL??\HID#VID_04CA&PID_004B&MI_00#7&aa66c92&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\HID#VID_04CA&PID_004B&MI_00#7&aa66c92&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}
SymbolicLink \GLOBAL??\DISPLAY#HWP424E#4&8e79149&0&UID256#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}
SymbolicLink \GLOBAL??\ROOT#BasicDisplay#0000#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}
SymbolicLink \GLOBAL??\DISPLAY#HWP424E#4&8e79149&0&UID256#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}
SymbolicLink \GLOBAL??\DISPLAY#HWP424E#4&8e79149&0&UID256#{dbe4373d-3c81-40cb-ace4-e0e5d05f0c9f}
SymbolicLink \GLOBAL??\PCI#VEN_1002&DEV_9838&SUBSYS_2B56103C&REV_00#3&11583659&0&08#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}
SymbolicLink \GLOBAL??\PCI#VEN_1002&DEV_9838&SUBSYS_2B56103C&REV_00#3&11583659&0&08#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}
SymbolicLink \GLOBAL??\ROOT#BasicRender#0000#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}
SymbolicLink \GLOBAL??\SWD#MMDEVAPI#{0.0.0.00000000}.{faa09b11-fd03-4992-ad57-feafd580ceb7}#{e6327cad-dcec-4949-ae8a-991e976a79d2}
SymbolicLink \GLOBAL??\SWD#MMDEVAPI#MicrosoftGSWavetableSynth#{6dc23320-ab33-4ce4-80d4-bbb3ebbf2814}
SymbolicLink \GLOBAL??\SWD#MMDEVAPI#{0.0.1.00000000}.{3449dc77-9b0f-4ac0-853f-20f6f1439e5b}#{2eef81be-33fa-4800-9670-1cd474972c3f}
SymbolicLink \...\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\Session
SymbolicLink \GLOBAL??\SWD#IP_TUNNEL_VBUS#ISATAP_1#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \...\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\Global
SymbolicLink \GLOBAL??\SWD#IP_TUNNEL_VBUS#Teredo_Tunnel_Device#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \GLOBAL??\SWD#RADIO#{469B8358-7C69-4CC4-8B82-AF4310768011}#{a8804298-2d5f-42e3-9531-9c8c39eb29ce}
SymbolicLink \GLOBAL??\SWD#IP_TUNNEL_VBUS#Teredo_Tunnel_Device#{cac88484-7515-4c03-82e6-71a87abac361}
SymbolicLink \GLOBAL??\SWD#IP_TUNNEL_VBUS#ISATAP_1#{cac88484-7515-4c03-82e6-71a87abac361}
SymbolicLink \GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_2B56103C&REV_10#01000000684CE00000#{cac88484-7515-4c03-82e6-71a87abac361}
SymbolicLink \GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_2B56103C&REV_10#01000000684CE00000#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \GLOBAL??\SWD#PRINTENUM#{9D7DBACD-D102-4149-B2DB-FFEC94371EAB}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}
SymbolicLink \GLOBAL??\SWD#PRINTENUM#{CE1CC774-39C5-4CBC-A690-0C933B6371A8}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}
SymbolicLink \GLOBAL??\SWD#PRINTENUM#{D943D8D8-F7EB-4400-8EEE-A8CFF8C894B5}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}
SymbolicLink \GLOBAL??\SWD#PRINTENUM#{A0EAEC79-B4F1-47E1-9596-F87656B185C6}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}
SymbolicLink \GLOBAL??\SWD#PRINTENUM#{FB6B87BC-B5BA-4020-AB9F-E9493D9FB1D5}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}
SymbolicLink \GLOBAL??\PCI#VEN_10EC&DEV_8179&SUBSYS_804B103C&REV_01#00E04CFFFE81910100#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \Sessions\2\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\Local
SymbolicLink \Sessions\2\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\Global
SymbolicLink \Sessions\2\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\Session
SymbolicLink \GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp_wfd#5&27915378&3&13#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp_wfd#5&27915378&3&13#{cac88484-7515-4c03-82e6-71a87abac361}
SymbolicLink \GLOBAL??\PCI#VEN_10EC&DEV_8179&SUBSYS_804B103C&REV_01#00E04CFFFE81910100#{cac88484-7515-4c03-82e6-71a87abac361}
SymbolicLink \Sessions\2\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523\Session
SymbolicLink \Sessions\2\AppContainerNamedObjects\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\Global
SymbolicLink \Sessions\2\AppContainerNamedObjects\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\Session
SymbolicLink \Sessions\2\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\Session
SymbolicLink \...\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\Local
SymbolicLink \...\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\Session
SymbolicLink \...\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\Global
SymbolicLink \...\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\Local
SymbolicLink \Sessions\2\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523\Global
SymbolicLink \Sessions\2\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523\Local
SymbolicLink \Sessions\2\AppContainerNamedObjects\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\Local
SymbolicLink \Sessions\2\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\Local
SymbolicLink \Sessions\2\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\Global
Thread System(4): 304
Thread System(4): 3360
Thread System(4): 632
Thread System(4): 628
Thread System(4): 704
Thread System(4): 5996
Thread System(4): 1760
Thread System(4): 2024
Thread System(4): 2028
Thread System(4): 2020
Thread System(4): 1520
Thread System(4): 2388
Thread System(4): 10768
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\NETWORK SERVICE:3e4
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\ANONYMOUS LOGON:2a2ee
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\NETWORK SERVICE:3e4
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\NETWORK SERVICE:3e4
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NARCISMAIN\NiTa:2feb50
Token NARCISMAIN\NiTa:1d7da1
Token NARCISMAIN\NiTa:1d7da1
Token NARCISMAIN\NiTa:2feb50
Token NARCISMAIN\NiTa:2feb50
Token NARCISMAIN\NiTa:2feb50
Token NARCISMAIN\NiTa:2feb50
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\LOCAL SERVICE:3e5

  • 0

Advertisements


#86
Lady_Rocker

Lady_Rocker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts

 

This is the new BSOD (Blue Screen of Death)

 

Let's see if BlueScreenView will work:
 
Download BlueScreenView
 
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.
 
Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

 

 

 

Got an error message... twice... 
 

bluescreenview_zpsul8ihn76.png


Edited by Lady_Rocker, 22 August 2016 - 05:08 AM.

  • 0

#87
Lady_Rocker

Lady_Rocker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
==================================================
Dump File         : 082116-30234-01.dmp
Crash Time        : 8/21/2016 1:42:21 PM
Bug Check String  : THREAD_STUCK_IN_DEVICE_DRIVER
Bug Check Code    : 0x100000ea
Parameter 1       : ffffbc87`bb7a0040
Parameter 2       : 00000000`00000000
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+22e0f
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+149f90
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\082116-30234-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 14393
Dump File Size    : 412,204
Dump File Time    : 8/21/2016 1:43:34 PM
==================================================
 
==================================================
Dump File         : 082116-31593-01.dmp
Crash Time        : 8/21/2016 12:54:18 PM
Bug Check String  : THREAD_STUCK_IN_DEVICE_DRIVER
Bug Check Code    : 0x100000ea
Parameter 1       : ffffe181`601753c0
Parameter 2       : 00000000`00000000
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+22e0f
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+149f90
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\082116-31593-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 14393
Dump File Size    : 412,172
Dump File Time    : 8/21/2016 12:55:37 PM
==================================================
 
==================================================
Dump File         : 082016-28046-01.dmp
Crash Time        : 8/20/2016 8:21:10 PM
Bug Check String  : THREAD_STUCK_IN_DEVICE_DRIVER
Bug Check Code    : 0x100000ea
Parameter 1       : ffff8d0d`9b4fa040
Parameter 2       : 00000000`00000000
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+22e0f
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+149f90
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\082016-28046-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 14393
Dump File Size    : 412,396
Dump File Time    : 8/20/2016 8:22:19 PM
==================================================
 
==================================================
Dump File         : 082016-29218-01.dmp
Crash Time        : 8/20/2016 5:27:38 PM
Bug Check String  : THREAD_STUCK_IN_DEVICE_DRIVER
Bug Check Code    : 0x100000ea
Parameter 1       : ffffa102`41b53600
Parameter 2       : 00000000`00000000
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+22e0f
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+149f90
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\082016-29218-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 14393
Dump File Size    : 412,380
Dump File Time    : 8/20/2016 5:28:42 PM
==================================================
 
==================================================
Dump File         : 081816-27328-01.dmp
Crash Time        : 8/18/2016 11:51:58 PM
Bug Check String  : MEMORY_MANAGEMENT
Bug Check Code    : 0x0000001a
Parameter 1       : 00000000`0000003f
Parameter 2       : 00000000`000073ce
Parameter 3       : 00000000`52b39340
Parameter 4       : 00000000`40746818
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+149f90
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+149f90
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\081816-27328-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 14393
Dump File Size    : 420,428
Dump File Time    : 8/18/2016 11:53:06 PM
==================================================

  • 0

#88
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP

Are you still getting the BSOD's since you rolled back the driver?

 

Your Process Explorer log shows

 

SrTasks.exe 20.91 123,628 K 81,268 K 6296 Microsoft® Windows System Protection background tasks. Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 15.67 5,940 K 12,932 K 7500 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows

 

 

as the major CPU eaters now.  SrTasks is known to raise the System CPU level.  
 
Try this:
 
 Settings, Update & security, Windows Update, Advanced options, 
Choose how updates are delivered, Updates from more than one place.

Turn the switch OFF.
 
Reboot
 
Wait about 5 minutes after boot before making the Process Explorer log.

  • 0

#89
Lady_Rocker

Lady_Rocker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 66.10 0 K 4 K 0
procexp64.exe 18.30 44,680 K 64,108 K 7124 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
dwm.exe 3.41 55,752 K 34,204 K 1004 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 1.23 0 K 0 K n/a Hardware Interrupts and DPCs
csrss.exe 1.03 2,192 K 3,996 K 676 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
System 8.00 176 K 24,284 K 4
svchost.exe < 0.01 72,840 K 72,508 K 564 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AvastSvc.exe 0.04 68,344 K 40,164 K 1996 avast! Service AVAST Software (Verified) AVAST Software a.s.
explorer.exe 1.55 63,376 K 73,272 K 4332 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 0.12 29,400 K 17,088 K 1388 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
OmniServ.exe 3,336 K 4,316 K 1244 HP SimplePass Service Softex Inc. (No signature was present in the subject) Softex Inc.
svchost.exe 0.05 5,420 K 7,740 K 908 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.05 11,592 K 18,168 K 1108 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe 1,528 K 2,292 K 560 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
afwServ.exe < 0.01 7,580 K 6,800 K 2180 avast! firewall service AVAST Software (Verified) AVAST Software a.s.
AvastUI.exe 0.01 15,832 K 17,344 K 5784 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
plays_service.exe 0.02 13,180 K 12,372 K 2456 Plays.tv Service Plays.tv, LLC (Verified) Plays.tv
svchost.exe 9,804 K 15,196 K 848 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
HPSupportSolutionsFrameworkService.exe < 0.01 42,024 K 19,340 K 3796 HP Support Solutions Framework Service HP Inc. (Verified) Hewlett-Packard Company
svchost.exe 18,316 K 38,076 K 5060 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 39,108 K 58,044 K 572 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
PhotoshopElementsFileAgent.exe < 0.01 2,704 K 596 K 2256 (Verified) Adobe Systems Incorporated
WUDFHost.exe 1,884 K 2,948 K 1360 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 4,948 K 7,172 K 68 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,404 K 8,536 K 1612 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,372 K 5,448 K 728 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,104 K 1,252 K 664 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
unsecapp.exe 1,256 K 2,532 K 5492 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 0.03 6,204 K 7,904 K 4172 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SystemSettings.exe Suspended 18,292 K 17,092 K 7912 Settings Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 16,268 K 21,072 K 584 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,272 K 14,692 K 2468 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,924 K 10,136 K 1948 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,496 K 5,560 K 1808 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,328 K 12,132 K 1172 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 18,504 K 26,872 K 580 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,416 K 6,780 K 1600 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,540 K 3,956 K 5748 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,932 K 16,680 K 2292 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,064 K 8,876 K 4376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,972 K 4,384 K 2264 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,988 K 6,480 K 3448 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,724 K 3,952 K 3776 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,116 K 4,604 K 2480 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 6,580 K 7,324 K 1432 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 424 K 428 K 384 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
smartscreen.exe 8,104 K 13,584 K 7500 SmartScreen Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 5,596 K 14,128 K 4988 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 36,992 K 62,312 K 4808 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SettingSyncHost.exe 9,136 K 11,068 K 5460 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
services.exe 3,208 K 6,008 K 772 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchUI.exe Suspended 55,780 K 40,516 K 4952 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 11,292 K 24,760 K 4212 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RtkAudioService64.exe 1,624 K 1,960 K 1720 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RichVideo64.exe 1,368 K 2,028 K 2448 RichVideo Module (Verified) CyberLink Corp.
RemindersServer.exe Suspended 8,740 K 4,172 K 5216 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
RAVBg64.exe 5,984 K 5,792 K 1764 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
procexp.exe 2,884 K 10,264 K 6996 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
opvapp.exe 1,996 K 2,200 K 5348 (No signature was present in the subject)
OPBHOBrokerDsktop.exe 0.04 2,336 K 2,044 K 240 HP SimplePass BHO Broker Hewlett-Packard (Verified) Softex Incorporated
Memory Compression 104 K 23,196 K 2772
mDNSResponder.exe 1,716 K 3,672 K 2272 Bonjour Service Apple Inc. (Verified) Apple Inc.
lsass.exe 5,796 K 10,312 K 788 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
ijplmsvc.exe 1,140 K 1,800 K 2300 Inkjet Printer/Scanner/Fax Extended Survey Program Service (Verified) Canon Inc.
HxTsr.exe Suspended 9,592 K 16,356 K 5956 Microsoft Outlook Communications Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
HxMail.exe Suspended 39,740 K 3,600 K 6472 Microsoft Outlook Mail Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
GoogleUpdate.exe 1,960 K 468 K 2696 Google Installer Google Inc. (Verified) Google Inc
GoogleCrashHandler64.exe 1,472 K 224 K 3472 Google Crash Handler Google Inc. (Verified) Google Inc
GoogleCrashHandler.exe 1,504 K 252 K 4080 Google Crash Handler Google Inc. (Verified) Google Inc
fontdrvhost.exe 812 K 868 K 5328 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
DropboxUpdate.exe 1,936 K 1,260 K 740 Dropbox Update Dropbox, Inc. (Verified) Dropbox
dasHost.exe 4,416 K 10,200 K 2860 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
audiodg.exe 13,248 K 18,408 K 6288 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
atiesrxx.exe 1,148 K 1,720 K 1300 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 2,140 K 4,280 K 1332 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
ApplicationFrameHost.exe 9,764 K 13,396 K 1656 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
 
Process: System Pid: 4
 
Type Name
ALPC Port \PowerPort
ALPC Port \PowerMonitorPort
ALPC Port \SeRmCommandPort
ALPC Port \PdcPort
Desktop \Disconnect
Desktop \Disconnect
Directory \GLOBAL??
Directory \Device\Harddisk0
Directory \Device\ClVtDrv
Directory \Device\Harddisk1
Directory \Windows\WindowStations
Directory \Sessions\1\Windows\WindowStations
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708
Directory \Sessions\0\DosDevices\00000000-000003e4
Directory \Sessions\0\DosDevices\00000000-0000f28a
Directory \Sessions\0\DosDevices\00000000-000003e5
Directory \Device\Http
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\RPC Control
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\RPC Control
Directory \Sessions\0\DosDevices\00000000-000fa8c0
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523\RPC Control
Directory \Sessions\0\DosDevices\00000000-000fa8f0
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\RPC Control
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\RPC Control
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723
Event \EFSInitEvent
Event \EFSInitEvent
Event \UniqueSessionIdEvent
Event \UniqueInteractiveSessionIdEvent
Event \Sessions\1\BaseNamedObjects\EventShutDownCSRSS
Event \Sessions\1\BaseNamedObjects\DwmComposedEvent_1
Event \BaseNamedObjects\aswstmbfeevnt
Event \BaseNamedObjects\aswstmbferefresh
Event \LanmanServerAnnounceEvent
File C:\Windows\System32\config\RegBack\SYSTEM
File C:\Windows\System32\config\SYSTEM
File \clfs
File \clfs
File \clfs
File D:\$Extend\$RmMetadata\$Txf
File \clfs
File \clfs
File D:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File D:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File D:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File C:\System Volume Information\{e856424b-67d7-11e6-82fb-0071c20b7792}{3808876b-c176-4e48-b7ae-04046e6cc752}
File C:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000003
File \clfs
File \clfs
File C:\$Extend\$RmMetadata\$Txf
File \clfs
File \clfs
File \clfs
File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
File C:\System Volume Information\{98d35562-645a-11e6-82e7-0071c20b7792}{3808876b-c176-4e48-b7ae-04046e6cc752}
File D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
File D:\System Volume Information\{98d35563-645a-11e6-82e7-0071c20b7792}{3808876b-c176-4e48-b7ae-04046e6cc752}
File D:\System Volume Information\{e856424e-67d7-11e6-82fb-0071c20b7792}{3808876b-c176-4e48-b7ae-04046e6cc752}
File C:\Windows\System32\drivers\en-US\USBXHCI.SYS.mui
File \Device\HarddiskVolume5\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File \Device\HarddiskVolume5\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File \Device\HarddiskVolume5\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File C:\Windows\System32\config\SOFTWARE.LOG2
File \clfs
File \clfs
File \clfs
File \Device\HarddiskVolume5\$Extend\$RmMetadata\$Txf
File \clfs
File \clfs
File \clfs
File \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File C:\Windows\System32\config\SOFTWARE.LOG1
File \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File \clfs
File \clfs
File \Device\HarddiskVolume1\$Extend\$RmMetadata\$Txf
File \clfs
File \clfs
File \clfs
File \clfs
File C:\Windows\System32\config\SOFTWARE
File C:\Windows\System32\config\SYSTEM.LOG1
File C:\Windows\System32\config\SYSTEM.LOG2
File C:\Windows\System32\config\TxR\{f5b13570-4b48-11e6-80cb-e41d2d012050}.TM.blf
File C:\Windows\System32\config\TxR\{f5b13570-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
File C:\Windows\System32\config\TxR\{f5b13570-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
File C:\hiberfil.sys
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
File C:\Windows\System32\config\RegBack\SOFTWARE
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
File C:\Windows\System32\config\DEFAULT
File C:\Windows\System32\config\RegBack\DEFAULT
File C:\Windows\System32\config\DEFAULT.LOG1
File C:\Windows\System32\config\DEFAULT.LOG2
File C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001
File C:\Windows\bootstat.dat
File \Device\KsecDD
File \Device\KsecDD
File C:\swapfile.sys
File C:\pagefile.sys
File C:\Windows\System32\en-US\win32kbase.sys.mui
File C:\Program Files (x86)\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF
File \Device\00000039
File C:\Program Files (x86)\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF
File C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\Required\ADMUI3.fon
File \Device\NamedPipe
File C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\Required\ADMUI3.fon
File C:\Users\NiTa\ntuser.dat.LOG2
File \Device\0000003e
File \Device\Ndis
File C:\Windows\System32\config\RegBack\SECURITY
File C:\Windows\System32\config\SECURITY
File C:\Windows\System32\config\SECURITY.LOG1
File C:\Windows\System32\config\SECURITY.LOG2
File C:\Windows\System32\config\RegBack\SAM
File C:\Windows\System32\config\SAM
File C:\Windows\System32\config\SAM.LOG1
File C:\Windows\System32\config\SAM.LOG2
File \clfs
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{f5b13604-4b48-11e6-80cb-e41d2d012050}.TM.blf
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2
File C:\Windows\System32\SleepStudy\UserNotPresentSession.etl
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{f5b13604-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{f5b13604-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
File \clfs
File C:\Windows\System32\config\BBI.LOG1
File C:\Windows\System32\config\BBI
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{dd434f19-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000002.regtrans-ms
File C:\Windows\System32\config\BBI.LOG2
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{dd434f19-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000001.regtrans-ms
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{dd434f19-625f-11e6-b28a-f3afb8f9ba47}.TM.blf
File \clfs
File \clfs
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
File \Device\HarddiskVolume4
File \Device\Tcp
File \Device\Tcp
File C:\Users\NiTa\ntuser.dat.LOG1
File C:\Users\NiTa\NTUSER.DAT{dd434f3b-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000002.regtrans-ms
File \Device\Mup
File \Device\Mup
File C:\ProgramData\Microsoft\Windows\wfp\wfpdiag.etl
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTWFP-IPsec Diagnostics.etl
File \Device\Tcp
File \Device\NamedPipe\afwCallbackPipe2
File \Device\NamedPipe\afwCallbackPipe3
File \Device\NamedPipe\
File \clfs
File \Device\NamedPipe\
File \Device\Tcp
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagtrack-Listener.etl
File C:\Windows\appcompat\Programs\Amcache.hve
File C:\Windows\appcompat\Programs\Amcache.hve.LOG1
File C:\Windows\appcompat\Programs\Amcache.hve.LOG2
File C:\Windows\System32\config\TxR\{f5b1356f-4b48-11e6-80cb-e41d2d012050}.TxR.blf
File C:\Windows\System32\config\TxR\{f5b1356f-4b48-11e6-80cb-e41d2d012050}.TxR.0.regtrans-ms
File C:\Windows\System32\config\TxR\{f5b1356f-4b48-11e6-80cb-e41d2d012050}.TxR.2.regtrans-ms
File C:\Windows\System32\config\TxR\{f5b1356f-4b48-11e6-80cb-e41d2d012050}.TxR.1.regtrans-ms
File \Device\aswSnx
File \Device\HarddiskVolume2\EFI\Microsoft\Boot\BCD.LOG
File \Device\HarddiskVolume2\EFI\Microsoft\Boot\BCD
File \clfs
File C:\Users\NiTa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG2
File C:\Windows\Logs\dosvc\dosvc.20160822_215845_684.etl
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\UsrClass.dat{dd435084-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000001.regtrans-ms
File \clfs
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\UsrClass.dat
File \clfs
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\UsrClass.dat{dd435084-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000002.regtrans-ms
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1
File \clfs
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\UsrClass.dat{dd435084-625f-11e6-b28a-f3afb8f9ba47}.TM.blf
File C:\Users\NiTa\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
File C:\Windows\System32\LogFiles\WMI\Wifi.etl
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2
File C:\Users\NiTa\NTUSER.DAT{dd434f3b-625f-11e6-b28a-f3afb8f9ba47}.TM.blf
File C:\Users\NiTa\NTUSER.DAT{dd434f3b-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000001.regtrans-ms
File C:\Users\NiTa\NTUSER.DAT
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2
File C:\ProgramData\AVAST Software\Avast\Fonts\OpenSans-Bold.ttf
File \Device\NamedPipe
File \Device\NamedPipe
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2
File C:\Users\NiTa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG1
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1
File \Device\0000003f
File \Device\NamedPipe
File C:\ProgramData\AVAST Software\Avast\Fonts\OpenSans-Regular.ttf
File C:\ProgramData\AVAST Software\Avast\Fonts\OpenSans-Light.ttf
File C:\Users\NiTa\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat
File C:\Users\NiTa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2
File C:\Users\NiTa\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2
File C:\Users\NiTa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat
File C:\Users\NiTa\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1
File C:\Users\NiTa\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1
File C:\Users\NiTa\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1
File C:\ProgramData\AVAST Software\Avast\Fonts\RobotoCondensed-Bold.ttf
File C:\ProgramData\AVAST Software\Avast\Fonts\OpenSans-Italic.ttf
File C:\Windows\System32\LogFiles\WMI\LwtNetLog.etl
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe\ActivationStore.dat
File \Device\NamedPipe
File C:\ProgramData\AVAST Software\Avast\Fonts\RobotoCondensed-Regular.ttf
File C:\Users\HeatherAnnique\ntuser.dat.LOG1
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTPROCEXP TRACE.etl
File C:\Users\HeatherAnnique\ntuser.dat.LOG2
File C:\Users\HeatherAnnique\NTUSER.DAT{dd434f3b-625f-11e6-b28a-f3afb8f9ba47}.TM.blf
File C:\Users\HeatherAnnique\NTUSER.DAT
File \clfs
File C:\Users\HeatherAnnique\NTUSER.DAT{dd434f3b-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000002.regtrans-ms
File \clfs
File C:\Windows\Logs\WindowsUpdate\WindowsUpdate.20160823.092133.493.1.etl
File C:\Users\HeatherAnnique\NTUSER.DAT{dd434f3b-625f-11e6-b28a-f3afb8f9ba47}.TMContainer00000000000000000001.regtrans-ms
FilterConnectionPort \aswFsBlkPort
FilterConnectionPort \SnxCommPort
FilterConnectionPort \SnxVlabCommPort
FilterConnectionPort \WcifsPort
FilterConnectionPort \aswPort
FilterConnectionPort \WcnfsPort
FilterConnectionPort \storqosfltport
Key \REGISTRY
Key HKLM\SYSTEM\ControlSet001\Control\hivelist
Key HKLM\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\PrefetchParameters
Key HKLM\SYSTEM\ControlSet001\Control\Notifications
Key HKLM\SYSTEM\Setup
Key HKLM\SYSTEM
Key HKLM\SYSTEM\ControlSet001
Key HKLM\SYSTEM\DriverDatabase
Key HKU
Key HKLM\SYSTEM\ControlSet001\Control\DeviceClasses
Key HKLM\SYSTEM\ControlSet001\Enum
Key HKLM\SYSTEM\ControlSet001\Control\DeviceContainers
Key HKLM\SYSTEM\ControlSet001\Control\Class
Key HKLM\SYSTEM\ControlSet001\Services
Key HKLM\SYSTEM\RNG
Key HKLM\SYSTEM\ControlSet001\Control\WMI\Security
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{D73E01AC-F5A0-4D80-928B-33C1920C38BA}
Key HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0
Key HKLM\SYSTEM\ControlSet001\Services\NDIS\IfTypes\131
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{59AEE675-B203-4D61-9A1F-04518A20F359}
Key HKLM\SYSTEM\ControlSet001\Services\NDIS\IfTypes\23
Key HKLM\SYSTEM\ControlSet001\Services\NDIS\IfTypes\24
Key HKLM\SYSTEM\ControlSet001\Services\NDIS\IfTypes\6
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{498B1B9F-8618-4E6C-9AD1-6A759BFBFB23}
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}
Key HKLM\SYSTEM\ControlSet001\Control\Lsa
Key HKLM\SYSTEM\ControlSet001\Services\aswSnx
Key HKLM\SYSTEM\ControlSet001\Control\FileSystem
Key HKLM\SYSTEM\ControlSet001\Control\Power\Profile\Events\{54533251-82be-4824-96c1-47b60b740d00}\{0DA965DC-8FCF-4c0b-8EFE-8DD5E7BC959A}\{7E01ADEF-81E6-4e1b-8075-56F373584694}
Key HKLM\SYSTEM\ControlSet001\Control\Power\Profile\Events\{54533251-82be-4824-96c1-47b60b740d00}\{EE1E4F72-E368-46b1-B3C6-5048B11C2DBD}\{9C1F0DBA-33E9-43af-9EDA-A607AA5139DA}
Key HKLM\SYSTEM\ControlSet001\Control\FileSystem
Key HKLM\SYSTEM\ControlSet001\Policies
Key HKLM\SYSTEM\ControlSet001\Services\NDIS\IfTypes\71
Key HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 1
Key HKLM\SYSTEM\ControlSet001\Services\Mup
Key HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\Order
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}
Key HKLM\SYSTEM\ControlSet001\Control\FileSystem
Key HKLM\SYSTEM\ControlSet001\Services\aswSP
Key HKLM\SYSTEM\ControlSet001\Services\Dfsc\Parameters
Key HKLM\SYSTEM\ControlSet001\Control\Lsa
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{221601AB-48C7-4970-B0EC-96E66F578407}
Key HKLM\SYSTEM\ControlSet001\Control\hiveredirectionlist
Key HKLM\SOFTWARE\Policies\Microsoft\Windows
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Key HKLM\SYSTEM\ControlSet001\Enum\USB\VID_0781&PID_5575\20043513600A80711B01\Device Parameters
Key HKLM\SYSTEM\ControlSet001\Enum\USB\VID_0781&PID_5575\20043513600A80711B01\Device Parameters
Key HKLM\SYSTEM\ControlSet001\Enum\USBSTOR\Disk&Ven_SanDisk&Prod_Cruzer_Glide&Rev_1.27\20043513600A80711B01&0\Device Parameters
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications\Data
Key HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}\0042
Key HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}\0001
Key HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}\0001
Key HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}\0001
Key HKLM\SYSTEM\DriverDatabase\DriverInfFiles
Key HKLM\SYSTEM\ControlSet001\Control\Session Manager\Quota System
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\VolatileNotifications
Key HKLM\SYSTEM\ControlSet001\Enum\SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_SanDisk&Prod_Cruzer_Glide&Rev_1.27#20043513600A80711B01&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\Device Parameters\WUDFDiagnosticInfo
Key HKLM\SYSTEM\ControlSet001\Services\NativeWifiP\Parameters\Adapters
Key HKLM\SYSTEM\ControlSet001\Services\NativeWifiP\Parameters
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine
Key HKLM\SYSTEM\ControlSet001\Services\NativeWifiP
Key HKLM\SYSTEM\ControlSet001\Services\NativeWifiP\Parameters\Adapters\{469b8358-7c69-4cc4-8b82-af4310768011}\ExtSTA
Key HKLM\SYSTEM\ControlSet001\Services\HTTP\Parameters\UrlAclInfo
Key HKLM\SYSTEM\ControlSet001\Services\NativeWifiP\Parameters\Adapters\{10fdea08-1168-4f59-b05d-e7c23af3e1b4}\WFD
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7e979084-3c51-496d-8a2c-f361b4e39318}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{10fdea08-1168-4f59-b05d-e7c23af3e1b4}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{256469c7-09ae-428e-ae11-1c7360cf89b6}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{dd434edb-625f-11e6-b28a-806e6f6e6963}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\PersistentRoutes
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{469b8358-7c69-4cc4-8b82-af4310768011}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{eeb093a2-d0b2-4795-aeda-bf16a4ecdede}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e630b5b7-d1e5-4d84-ba7f-5965f9e1f034}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8332e81f-a923-431a-8ebc-b3e311f671e5}
Key HKLM\SYSTEM\ControlSet001\Services\NativeWifiP\Parameters\Adapters\{10fdea08-1168-4f59-b05d-e7c23af3e1b4}\WFDMib
Key HKLM\SYSTEM\ControlSet001\Services\NativeWifiP\Parameters\Adapters\{469b8358-7c69-4cc4-8b82-af4310768011}\ExtSTAMib
Key HKLM\SYSTEM\ControlSet001\Control\ProductOptions
Key HKLM\SYSTEM\DriverDatabase\DriverPackages
Key HKLM\SYSTEM\DriverDatabase\DeviceIds
Key HKLM\SYSTEM\ControlSet001\Control\CoDeviceInstallers
Key HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Key HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths
Mutant \KernelObjects\BcdSyncMutant
Partition \KernelObjects\MemoryPartition0
Process System(4)
Process HxMail.exe(6472)
Process svchost.exe(1108)
Process smss.exe(384)
Process System(4)
Process smss.exe(384)
Process svchost.exe(1108)
Process csrss.exe(560)
Process svchost.exe(5748)
Process csrss.exe(560)
Process csrss.exe(560)
Process wininit.exe(664)
Process wininit.exe(664)
Process winlogon.exe(728)
Process csrss.exe(676)
Process winlogon.exe(728)
Process svchost.exe(572)
Process svchost.exe(572)
Process atiesrxx.exe(1300)
Process atiesrxx.exe(1300)
Process atiesrxx.exe(1300)
Process services.exe(772)
Process lsass.exe(788)
Process lsass.exe(788)
Process lsass.exe(788)
Process lsass.exe(788)
Process services.exe(772)
Process lsass.exe(788)
Process svchost.exe(848)
Process svchost.exe(848)
Process services.exe(772)
Process svchost.exe(848)
Process svchost.exe(908)
Process svchost.exe(908)
Process wininit.exe(664)
Process svchost.exe(848)
Process svchost.exe(848)
Process winlogon.exe(728)
Process dwm.exe(1004)
Process SettingSyncHost.exe(5460)
Process svchost.exe(848)
Process svchost.exe(584)
Process svchost.exe(580)
Process svchost.exe(572)
Process svchost.exe(564)
Process OmniServ.exe(1244)
Process svchost.exe(572)
Process svchost.exe(584)
Process svchost.exe(584)
Process svchost.exe(1108)
Process svchost.exe(584)
Process SearchUI.exe(4952)
Process svchost.exe(1172)
Process OmniServ.exe(1244)
Process OmniServ.exe(1244)
Process svchost.exe(564)
Process RtkAudioService64.exe(1720)
Process svchost.exe(564)
Process OmniServ.exe(1244)
Process atieclxx.exe(1332)
Process svchost.exe(1600)
Process atieclxx.exe(1332)
Process WUDFHost.exe(1360)
Process WUDFHost.exe(1360)
Process WUDFHost.exe(1360)
Process WUDFHost.exe(1360)
Process WUDFHost.exe(1360)
Process WUDFHost.exe(1360)
Process svchost.exe(1108)
Process SettingSyncHost.exe(5460)
Process RAVBg64.exe(1764)
Process RAVBg64.exe(1764)
Process RtkAudioService64.exe(1720)
Process RtkAudioService64.exe(1720)
Process svchost.exe(1600)
Process svchost.exe(1808)
Process svchost.exe(584)
Process RAVBg64.exe(1764)
Process svchost.exe(1808)
Process svchost.exe(1808)
Process svchost.exe(1808)
Process svchost.exe(1808)
Process svchost.exe(1808)
Process svchost.exe(1808)
Process svchost.exe(1948)
Process AvastSvc.exe(1996)
Process AvastSvc.exe(1996)
Process AvastSvc.exe(1996)
Process AvastSvc.exe(1996)
Process spoolsv.exe(1432)
Process spoolsv.exe(1432)
Process spoolsv.exe(1432)
Process svchost.exe(2292)
Process PhotoshopElementsFileAgent.exe(2256)
Process mDNSResponder.exe(2272)
Process svchost.exe(2264)
Process PhotoshopElementsFileAgent.exe(2256)
Process svchost.exe(580)
Process svchost.exe(1172)
Process svchost.exe(1108)
Process svchost.exe(1108)
Process mDNSResponder.exe(2272)
Process PhotoshopElementsFileAgent.exe(2256)
Process afwServ.exe(2180)
Process afwServ.exe(2180)
Process afwServ.exe(2180)
Process svchost.exe(580)
Process ijplmsvc.exe(2300)
Process afwServ.exe(2180)
Process ijplmsvc.exe(2300)
Process ijplmsvc.exe(2300)
Process plays_service.exe(2456)
Process mDNSResponder.exe(2272)
Process svchost.exe(572)
Process plays_service.exe(2456)
Process svchost.exe(2468)
Process svchost.exe(572)
Process plays_service.exe(2456)
Process ijplmsvc.exe(2300)
Process PhotoshopElementsFileAgent.exe(2256)
Process RichVideo64.exe(2448)
Process RichVideo64.exe(2448)
Process svchost.exe(572)
Process svchost.exe(2480)
Process RichVideo64.exe(2448)
Process svchost.exe(564)
Process svchost.exe(1108)
Process svchost.exe(580)
Process svchost.exe(2264)
Process Memory Compression(2772)
Process dasHost.exe(2860)
Process spoolsv.exe(1432)
Process dasHost.exe(2860)
Process svchost.exe(572)
Process svchost.exe(2292)
Process plays_service.exe(2456)
Process svchost.exe(2292)
Process svchost.exe(1108)
Process svchost.exe(1108)
Process svchost.exe(2292)
Process svchost.exe(3448)
Process svchost.exe(1108)
Process svchost.exe(3448)
Process svchost.exe(1108)
Process svchost.exe(1108)
Process svchost.exe(1108)
Process dasHost.exe(2860)
Process svchost.exe(3448)
Process services.exe(772)
Process svchost.exe(3448)
Process svchost.exe(3448)
Process DropboxUpdate.exe(740)
Process svchost.exe(3776)
Process HPSupportSolutionsFrameworkService.exe(3796)
Process svchost.exe(3448)
Process svchost.exe(3448)
Process svchost.exe(3448)
Process svchost.exe(3448)
Process svchost.exe(3448)
Process svchost.exe(1108)
Process svchost.exe(3448)
Process dasHost.exe(2860)
Process dasHost.exe(2860)
Process dasHost.exe(2860)
Process dasHost.exe(2860)
Process dasHost.exe(2860)
Process dasHost.exe(2860)
Process dasHost.exe(2860)
Process dasHost.exe(2860)
Process dasHost.exe(2860)
Process dasHost.exe(2860)
Process svchost.exe(1108)
Process dasHost.exe(2860)
Process dasHost.exe(2860)
Process dasHost.exe(2860)
Process dasHost.exe(2860)
Process svchost.exe(3776)
Process sihost.exe(4988)
Process spoolsv.exe(1432)
Process explorer.exe(4332)
Process spoolsv.exe(1432)
Process GoogleCrashHandler.exe(4080)
Process svchost.exe(848)
Process spoolsv.exe(1432)
Process DropboxUpdate.exe(740)
Process spoolsv.exe(1432)
Process svchost.exe(848)
Process spoolsv.exe(1432)
Process svchost.exe(5060)
Process unsecapp.exe(5492)
Process svchost.exe(572)
Process svchost.exe(572)
Process svchost.exe(572)
Process sihost.exe(4988)
Process WmiPrvSE.exe(68)
Process dasHost.exe(2860)
Process HxTsr.exe(5956)
Process svchost.exe(572)
Process SearchIndexer.exe(1388)
Process DropboxUpdate.exe(740)
Process RuntimeBroker.exe(4212)
Process GoogleUpdate.exe(2696)
Process GoogleUpdate.exe(2696)
Process HPSupportSolutionsFrameworkService.exe(3796)
Process GoogleUpdate.exe(2696)
Process GoogleCrashHandler.exe(4080)
Process taskhostw.exe(4172)
Process opvapp.exe(5348)
Process GoogleCrashHandler.exe(4080)
Process HPSupportSolutionsFrameworkService.exe(3796)
Process SearchIndexer.exe(1388)
Process taskhostw.exe(4172)
Process svchost.exe(1108)
Process svchost.exe(5060)
Process SearchUI.exe(4952)
Process OPBHOBrokerDsktop.exe(240)
Process RemindersServer.exe(5216)
Process RemindersServer.exe(5216)
Process explorer.exe(4332)
Process OPBHOBrokerDsktop.exe(240)
Process GoogleCrashHandler.exe(4080)
Process GoogleCrashHandler64.exe(3472)
Process GoogleCrashHandler64.exe(3472)
Process GoogleCrashHandler64.exe(3472)
Process ApplicationFrameHost.exe(1656)
Process AvastUI.exe(5784)
Process svchost.exe(5748)
Process svchost.exe(572)
Process explorer.exe(4332)
Process svchost.exe(5060)
Process ShellExperienceHost.exe(4808)
Process svchost.exe(848)
Process OPBHOBrokerDsktop.exe(240)
Process RuntimeBroker.exe(4212)
Process svchost.exe(848)
Process ShellExperienceHost.exe(4808)
Process HxMail.exe(6472)
Process opvapp.exe(5348)
Process SearchUI.exe(4952)
Process AvastUI.exe(5784)
Process SearchUI.exe(4952)
Process HxMail.exe(6472)
Process SearchUI.exe(4952)
Process svchost.exe(5060)
Process fontdrvhost.exe(5328)
Process ShellExperienceHost.exe(4808)
Process AvastUI.exe(5784)
Process ApplicationFrameHost.exe(1656)
Process HxMail.exe(6472)
Process AvastUI.exe(5784)
Process svchost.exe(5060)
Process SettingSyncHost.exe(5460)
Process procexp64.exe(7124)
Process svchost.exe(5060)
Process svchost.exe(5060)
Process fontdrvhost.exe(5328)
Process unsecapp.exe(5492)
Process dwm.exe(1004)
Process SystemSettings.exe(7912)
Process svchost.exe(5060)
Process SystemSettings.exe(7912)
Process RuntimeBroker.exe(4212)
Process HxTsr.exe(5956)
Process HxTsr.exe(5956)
Process dwm.exe(1004)
Process ApplicationFrameHost.exe(1656)
Process ApplicationFrameHost.exe(1656)
Process SystemSettings.exe(7912)
Process SystemSettings.exe(7912)
Process smartscreen.exe(7500)
Process smartscreen.exe(7500)
Process WmiPrvSE.exe(1612)
Process svchost.exe(4376)
Process audiodg.exe(6288)
Process svchost.exe(1108)
Process svchost.exe(1108)
Process dasHost.exe(2860)
Process svchost.exe(1108)
Process dasHost.exe(2860)
Process procexp.exe(6996)
Process audiodg.exe(6288)
Process procexp64.exe(7124)
Process procexp.exe(6996)
Process svchost.exe(3448)
Process dasHost.exe(2860)
Process procexp64.exe(7124)
Process audiodg.exe(6288)
Process svchost.exe(4376)
Process procexp.exe(6996)
Process smartscreen.exe(7500)
Process procexp64.exe(7124)
Section \Win32kCrossSessionGlobals
Section \Device\PhysicalMemory
Section \Device\PhysicalMemory
Session \KernelObjects\Session0
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
SymbolicLink \GLOBAL??\ACPI#FixedButton#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}
SymbolicLink \GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}
SymbolicLink \GLOBAL??\ROOT#MEDIA#0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}
SymbolicLink \GLOBAL??\ROOT#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}
SymbolicLink \GLOBAL??\PCI#VEN_1022&DEV_7808&SUBSYS_2B56103C&REV_39#3&11583659&0&9A#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}
SymbolicLink \GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_2B56103C&REV_10#01000000684CE00000#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \GLOBAL??\PCI#VEN_1022&DEV_7808&SUBSYS_2B56103C&REV_39#3&11583659&0&92#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}
SymbolicLink \GLOBAL??\ROOT#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}
SymbolicLink \GLOBAL??\ROOT#spaceport#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\ROOT#spaceport#0000#{ef66a56f-88d1-4cd8-98c4-49faf57ad8af}
SymbolicLink \GLOBAL??\ROOT#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\PCI#VEN_1022&DEV_7801&SUBSYS_2B56103C&REV_40#3&11583659&0&88#{2accfe60-c130-11d2-b082-00a0c91efb8b}
SymbolicLink \GLOBAL??\STORAGE#Volume#{f99d45b9-fb89-11e4-8251-806e6f6e6963}#0000000040000000#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}
SymbolicLink \GLOBAL??\STORAGE#Volume#{f99d45b9-fb89-11e4-8251-806e6f6e6963}#0000000056800000#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}
SymbolicLink \GLOBAL??\STORAGE#Volume#{f99d45b9-fb89-11e4-8251-806e6f6e6963}#000000E415200000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\STORAGE#Volume#{f99d45b9-fb89-11e4-8251-806e6f6e6963}#000000005E800000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\STORAGE#Volume#{f99d45b9-fb89-11e4-8251-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\STORAGE#Volume#{f99d45b9-fb89-11e4-8251-806e6f6e6963}#000000E431400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\SCSI#Disk&Ven_&Prod_ST1000DM003-1ER1#4&35dce77&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}
SymbolicLink \GLOBAL??\ROOT#MEDIA#0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}
SymbolicLink \GLOBAL??\SCSI#CdRom&Ven_hp&Prod_DVDRAM_GUB0N#4&35dce77&0&010000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}
SymbolicLink \GLOBAL??\PCI#VEN_1022&DEV_7807&SUBSYS_2B56103C&REV_39#3&11583659&0&98#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}
SymbolicLink \GLOBAL??\PCI#VEN_1022&DEV_7807&SUBSYS_2B56103C&REV_39#3&11583659&0&90#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}
SymbolicLink \GLOBAL??\SCSI#CdRom&Ven_hp&Prod_DVDRAM_GUB0N#4&35dce77&0&010000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\ACPI#AuthenticAMD_-_AMD64_Family_22_Model_0_-_AMD_E1-6015_APU_with_Radeon™_HD_Graphics____#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}
SymbolicLink \GLOBAL??\ACPI#AuthenticAMD_-_AMD64_Family_22_Model_0_-_AMD_E1-6015_APU_with_Radeon™_HD_Graphics____#_1#{dbe4373d-3c81-40cb-ace4-e0e5d05f0c9f}
SymbolicLink \GLOBAL??\ACPI#AuthenticAMD_-_AMD64_Family_22_Model_0_-_AMD_E1-6015_APU_with_Radeon™_HD_Graphics____#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}
SymbolicLink \GLOBAL??\USB#ROOT_HUB20#4&3334158d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\USB#ROOT_HUB20#4&11a32b3&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\ACPI#AuthenticAMD_-_AMD64_Family_22_Model_0_-_AMD_E1-6015_APU_with_Radeon™_HD_Graphics____#_2#{dbe4373d-3c81-40cb-ace4-e0e5d05f0c9f}
SymbolicLink \GLOBAL??\PCI#VEN_1022&DEV_7814&SUBSYS_2B56103C&REV_01#3&11583659&0&80#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}
SymbolicLink \GLOBAL??\USB#ROOT_HUB#4&751fc8a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\USB#ROOT_HUB#4&1745f490&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\PCI#VEN_1022&DEV_7813&SUBSYS_2B56103C&REV_01#3&11583659&0&A7#{79626149-04a0-4353-be16-4b341b1107a9}
SymbolicLink \GLOBAL??\USB#ROOT_HUB30#4&1512d71&0&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\PCI#VEN_10EC&DEV_8179&SUBSYS_804B103C&REV_01#00E04CFFFE81910100#{435b6226-1dcc-43b3-887e-217dbaa27ba3}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}
SymbolicLink \GLOBAL??\USB#VID_04CA&PID_004B#5&5788de0&0&4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0280&SUBSYS_103C2B56&REV_1000#4&3405719f&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}
SymbolicLink \GLOBAL??\USB#VID_0781&PID_5575#20043513600A80711B01#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1005#4&a0ef172&0&0001#{a17579f0-4fec-4936-9364-249460863be5}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1005#4&a0ef172&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1005#4&a0ef172&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}
SymbolicLink \GLOBAL??\USB#VID_064E&PID_9324#HF032B-T803-SE01-6-REV0101#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
SymbolicLink \GLOBAL??\USB#VID_192F&PID_0916#5&5788de0&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
SymbolicLink \GLOBAL??\HID#VID_04CA&PID_004B&MI_01&Col01#7&889afac&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\HID#VID_192F&PID_0916#6&2ca5b386&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\HID#VID_192F&PID_0916#6&2ca5b386&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}
SymbolicLink \GLOBAL??\USB#VID_064E&PID_9324&MI_00#6&17f53ea7&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\USBSTOR#Disk&Ven_SanDisk&Prod_Cruzer_Glide&Rev_1.27#20043513600A80711B01&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\HID#VID_04CA&PID_004B&MI_01&Col02#7&889afac&0&0001#{4afa3d53-74a7-11d0-be5e-00a0c9062857}
SymbolicLink \GLOBAL??\USB#VID_064E&PID_9324&MI_00#6&17f53ea7&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}
SymbolicLink \GLOBAL??\USB#VID_064E&PID_9324&MI_00#6&17f53ea7&0&0000#{e5323777-f976-4f5b-9b55-b94699c46e44}
SymbolicLink \GLOBAL??\HID#VID_04CA&PID_004B&MI_01&Col02#7&889afac&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\HID#VID_04CA&PID_004B&MI_00#7&aa66c92&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}
SymbolicLink \GLOBAL??\HID#VID_04CA&PID_004B&MI_00#7&aa66c92&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_SanDisk&Prod_Cruzer_Glide&Rev_1.27#20043513600A80711B01&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\DISPLAY#HWP424E#4&8e79149&0&UID256#{dbe4373d-3c81-40cb-ace4-e0e5d05f0c9f}
SymbolicLink \GLOBAL??\DISPLAY#HWP424E#4&8e79149&0&UID256#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}
SymbolicLink \GLOBAL??\PCI#VEN_1002&DEV_9838&SUBSYS_2B56103C&REV_00#3&11583659&0&08#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}
SymbolicLink \GLOBAL??\PCI#VEN_1002&DEV_9838&SUBSYS_2B56103C&REV_00#3&11583659&0&08#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}
SymbolicLink \GLOBAL??\ROOT#BasicDisplay#0000#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}
SymbolicLink \GLOBAL??\ROOT#BasicRender#0000#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}
SymbolicLink \GLOBAL??\DISPLAY#HWP424E#4&8e79149&0&UID256#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}
SymbolicLink \GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_2B56103C&REV_10#01000000684CE00000#{cac88484-7515-4c03-82e6-71a87abac361}
SymbolicLink \GLOBAL??\SWD#WPDBUSENUM#_??_USBSTOR#Disk&Ven_SanDisk&Prod_Cruzer_Glide&Rev_1.27#20043513600A80711B01&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{6ac27878-a6fa-4155-ba85-f98f491d4f33}
SymbolicLink \GLOBAL??\SWD#WPDBUSENUM#_??_USBSTOR#Disk&Ven_SanDisk&Prod_Cruzer_Glide&Rev_1.27#20043513600A80711B01&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}
SymbolicLink \GLOBAL??\SWD#MMDEVAPI#MicrosoftGSWavetableSynth#{6dc23320-ab33-4ce4-80d4-bbb3ebbf2814}
SymbolicLink \GLOBAL??\SWD#MMDEVAPI#{0.0.0.00000000}.{faa09b11-fd03-4992-ad57-feafd580ceb7}#{e6327cad-dcec-4949-ae8a-991e976a79d2}
SymbolicLink \GLOBAL??\SWD#MMDEVAPI#{0.0.1.00000000}.{3449dc77-9b0f-4ac0-853f-20f6f1439e5b}#{2eef81be-33fa-4800-9670-1cd474972c3f}
SymbolicLink \GLOBAL??\SWD#RADIO#{469B8358-7C69-4CC4-8B82-AF4310768011}#{a8804298-2d5f-42e3-9531-9c8c39eb29ce}
SymbolicLink \GLOBAL??\PCI#VEN_10EC&DEV_8179&SUBSYS_804B103C&REV_01#00E04CFFFE81910100#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \GLOBAL??\SWD#IP_TUNNEL_VBUS#Teredo_Tunnel_Device#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp_wfd#5&27915378&3&13#{cac88484-7515-4c03-82e6-71a87abac361}
SymbolicLink \GLOBAL??\SWD#IP_TUNNEL_VBUS#ISATAP_1#{cac88484-7515-4c03-82e6-71a87abac361}
SymbolicLink \GLOBAL??\SWD#IP_TUNNEL_VBUS#ISATAP_1#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \GLOBAL??\SWD#PRINTENUM#{CE1CC774-39C5-4CBC-A690-0C933B6371A8}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}
SymbolicLink \GLOBAL??\SWD#PRINTENUM#{A0EAEC79-B4F1-47E1-9596-F87656B185C6}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523\Local
SymbolicLink \GLOBAL??\SWD#PRINTENUM#{FB6B87BC-B5BA-4020-AB9F-E9493D9FB1D5}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}
SymbolicLink \GLOBAL??\SWD#PRINTENUM#{D943D8D8-F7EB-4400-8EEE-A8CFF8C894B5}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}
SymbolicLink \GLOBAL??\SWD#PRINTENUM#{9D7DBACD-D102-4149-B2DB-FFEC94371EAB}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}
SymbolicLink \GLOBAL??\SWD#IP_TUNNEL_VBUS#Teredo_Tunnel_Device#{cac88484-7515-4c03-82e6-71a87abac361}
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\Local
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\Global
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\Session
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\Local
SymbolicLink \GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp_wfd#5&27915378&3&13#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523\Global
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\Global
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\Session
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\Local
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\Global
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523\Session
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\Session
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\Global
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\Session
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\Local
SymbolicLink \GLOBAL??\PCI#VEN_10EC&DEV_8179&SUBSYS_804B103C&REV_01#00E04CFFFE81910100#{cac88484-7515-4c03-82e6-71a87abac361}
Thread System(4): 292
Thread System(4): 632
Thread System(4): 628
Thread System(4): 700
Thread System(4): 1792
Thread System(4): 1440
Thread System(4): 1424
Thread System(4): 1352
Thread System(4): 1816
Thread System(4): 2408
Thread System(4): 6980
Thread System(4): 7832
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NARCISMAIN\NiTa:fa8f0
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\NETWORK SERVICE:3e4
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\NETWORK SERVICE:3e4
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\ANONYMOUS LOGON:2a3df
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\NETWORK SERVICE:3e4
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NARCISMAIN\NiTa:fa8f0
Token NT AUTHORITY\SYSTEM:3e7
Token NARCISMAIN\NiTa:fa8f0
Token NARCISMAIN\NiTa:fa8f0
Token NARCISMAIN\NiTa:fa8f0
Token NARCISMAIN\NiTa:fa8f0
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7

  • 0

#90
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP

We are getting closer.  This one isn't that bad.  In Process Explorer, right click on System and select Properties then click on Threads.  Scroll down and look for entries in the CPU column.  There should be at least one and possibly more.  Report which .exe or .sys file is mentioned in the Start Address column.  I don't need the stuff that comes after the .exe or .sys


  • 0






Similar Topics


Also tagged with one or more of these keywords: HP, Windows10, internet

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP