Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer was compromised by friend "checking email"

Started by shorthaul99 , Feb 21 2016 04:05 PM

  • Please log in to reply

#1
shorthaul99
Posted 21 February 2016 - 04:05 PM

shorthaul99

    Member

  • Member
  • PipPipPip
  • 133 posts

My mom's friend was spending the night and he was attempting to "check his email" while she was asleep and he clicked on "something that looked like a gmail login" and now the computer has been compromised. When I got to the computer, there were several abandoned remote access login boxes on the screen as well as a fake Microsoft Security Essentials window up stating that the system was infected with 36 viruses and to call toll free 1-717-401-3166. Last time I checked, all toll free numbers began with an 800, 855, 866, 877 etc. but he called the number anyway and got scammed into trying to purchase a 1 year for $249.99 or a 3 year package for $449.99 to "fix" the computer. Since he allowed this person from India remote access into the computer, I have absolutely no idea what he installed onto this HDD. I had all of the safeguards in place to keep this from happening but obviously a human being sitting in front of the computer can override this. This is all I have to go on. Please help!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Susan (administrator) on SUSAN-PC (16-02-2016 19:07:41)
Running from C:\Users\Susan\Desktop
Loaded Profiles: Susan (Available Profiles: Susan)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files\Acer\Acer Office Manager Agent\AgSvc.exe
() C:\Program Files\Acer\Acer Office Manager Console\ConSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe
() C:\Program Files\Acer\Acer Office Manager Agent\AgStdAlo.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(LG Electronics) C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe
(TODO: <Company name>) C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\SmartHookTestApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.16901.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.16901.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [402344 2015-12-19] ()
HKLM\...\Run: [Acer PowerSaver] => C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe [547728 2011-12-09] (Acer Incorporated)
HKLM\...\Run: [Acer SmartBoot] => C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe [454800 2012-05-22] (Acer Incorporated)
HKLM\...\Run: [AgStdAlo] => C:\Program Files\Acer\Acer Office Manager Agent\AgStdAlo.exe [109800 2013-10-25] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm.exe [7473880 2015-07-18] (AO Kaspersky Lab)
HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\...\Run: [Bomgar_Cleanup_ZD38793746819060] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x56c336a3" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD38793746819060 /f
HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\...\RunOnce: [Uninstall C:\Users\Susan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Susan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dual Smart Solution.lnk [2015-10-01]
ShortcutTarget: Dual Smart Solution.lnk -> C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe (LG Electronics)
Startup: C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8610.lnk [2016-01-19]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8610.lnk -> C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{541450d4-8fb1-4cff-b280-6bcaecd31d2d}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-3551703168-3638828205-1618650259-1000 -> DefaultScope {FC3BC0B0-8B9F-4CBD-A9C9-40D183B606E7} URL =
SearchScopes: HKU\S-1-5-21-3551703168-3638828205-1618650259-1000 -> {FC3BC0B0-8B9F-4CBD-A9C9-40D183B606E7} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-01-18] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-18] (AO Kaspersky Lab)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-17] (Microsoft Corporation)
BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\x64\ie_engine.dll [2015-07-18] (AO Kaspersky Lab)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-19] (Oracle Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-11-18] (AO Kaspersky Lab)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-19] (Oracle Corporation)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\ie_engine.dll [2015-07-18] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-18] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-11-18] (AO Kaspersky Lab)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\2bc0dslk.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Web Search
FF SelectedSearchEngine: Google
FF Homepage: hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3551703168-3638828205-1618650259-1000: kaspersky.com/KPMPlugin -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\npKPMPlugin.dll [2015-07-18] (Kaspersky Lab)
FF Plugin HKU\S-1-5-21-3551703168-3638828205-1618650259-1000: kpm_add_on@kaspersky -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm_add_on@kaspersky [2015-12-29] ()
FF user.js: detected! => C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\2bc0dslk.default\user.js [2015-12-29]
FF Extension: iCloud Bookmarks - C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\2bc0dslk.default\Extensions\[email protected] [2015-12-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2015-12-02]
FF HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\...\Firefox\Extensions: [kpm_add_on@kaspersky] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm_add_on@kaspersky
FF Extension: Kaspersky Password Manager - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm_add_on@kaspersky [2015-12-29]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgSvc; C:\Program Files\Acer\Acer Office Manager Agent\AgSvc.exe [142056 2013-10-25] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ASLSvc; C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe [509584 2012-05-22] (Acer Incorporated)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-11-18] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation)
R2 ConSvc; C:\Program Files\Acer\Acer Office Manager Console\ConSvc.exe [281832 2013-10-25] ()
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [30080 2011-06-13] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-11-18] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-11-18] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2015-12-02] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-11-18] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-11-18] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-16] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-16 19:07 - 2016-02-16 19:08 - 00021266 _____ C:\Users\Susan\Desktop\FRST.txt
2016-02-16 19:03 - 2016-02-16 19:07 - 00000000 ____D C:\FRST
2016-02-16 19:00 - 2016-02-16 19:03 - 02370560 _____ (Farbar) C:\Users\Susan\Desktop\FRST64.exe
2016-02-16 08:55 - 2016-02-16 08:55 - 00001132 _____ C:\Users\Public\Desktop\SmartPCFixer.lnk
2016-02-16 08:55 - 2016-02-16 08:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer
2016-02-16 08:55 - 2014-05-10 09:24 - 00000229 _____ C:\Users\Public\Desktop\LionSea Software.url
2016-02-16 08:54 - 2016-02-16 08:55 - 00000000 ____D C:\Program Files (x86)\SmartPCFixer
2016-02-16 08:54 - 2016-02-16 08:54 - 04759456 _____ (LionSea Software co., ltd ) C:\Users\Susan\Downloads\setup.exe
2016-02-16 08:48 - 2016-02-16 15:18 - 00000000 ____D C:\ProgramData\bomgar-scc-0x56c336a3
2016-02-16 08:48 - 2016-02-08 11:16 - 00023920 _____ C:\ProgramData\Z@!-0569b890-695a-47af-9c1d-81918bf123f8.tmp
2016-02-16 08:48 - 2016-02-08 11:16 - 00022896 _____ C:\ProgramData\Z@S!-d02993d1-0222-4931-9d7e-9a54ed8000cb.tmp
2016-02-15 21:59 - 2016-02-15 21:59 - 00000000 ___HD C:\OneDriveTemp
2016-02-12 18:16 - 2016-02-12 18:16 - 00047189 _____ C:\Users\Susan\Downloads\Invoice #149(2).pdf
2016-02-12 18:15 - 2016-02-12 18:15 - 00865384 _____ C:\Users\Susan\Downloads\AT&T Lease Email.pdf
2016-02-12 18:15 - 2016-02-12 18:15 - 00865384 _____ C:\Users\Susan\Downloads\AT&T Lease Email(1).pdf
2016-02-12 18:08 - 2016-02-12 18:08 - 00865384 _____ C:\Users\Susan\Documents\AT&T Lease Email.pdf
2016-02-09 15:16 - 2016-01-26 23:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-09 15:16 - 2016-01-26 23:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-09 15:16 - 2016-01-26 22:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-09 15:15 - 2016-01-29 00:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-09 15:15 - 2016-01-29 00:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-09 15:15 - 2016-01-27 00:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-09 15:15 - 2016-01-27 00:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-09 15:15 - 2016-01-27 00:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-09 15:15 - 2016-01-27 00:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-09 15:15 - 2016-01-27 00:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-09 15:15 - 2016-01-26 23:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-09 15:15 - 2016-01-26 23:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-09 15:15 - 2016-01-26 23:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-09 15:15 - 2016-01-26 23:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-09 15:15 - 2016-01-26 23:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-09 15:15 - 2016-01-26 23:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-09 15:15 - 2016-01-26 23:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-09 15:15 - 2016-01-26 23:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-09 15:15 - 2016-01-26 23:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-09 15:15 - 2016-01-26 23:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-09 15:15 - 2016-01-26 23:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-09 15:15 - 2016-01-26 23:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-09 15:15 - 2016-01-26 23:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-09 15:15 - 2016-01-26 23:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-09 15:15 - 2016-01-26 23:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-09 15:15 - 2016-01-26 23:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-09 15:15 - 2016-01-26 23:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-09 15:15 - 2016-01-26 23:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-09 15:15 - 2016-01-26 23:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-09 15:15 - 2016-01-26 23:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-09 15:15 - 2016-01-26 23:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-09 15:15 - 2016-01-26 23:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-09 15:15 - 2016-01-26 23:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-09 15:15 - 2016-01-26 23:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-09 15:15 - 2016-01-26 23:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-09 15:15 - 2016-01-26 23:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-09 15:15 - 2016-01-26 23:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-09 15:15 - 2016-01-26 23:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-09 15:15 - 2016-01-26 23:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-09 15:15 - 2016-01-26 23:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-09 15:15 - 2016-01-26 23:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-09 15:15 - 2016-01-26 23:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-09 15:15 - 2016-01-26 23:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-09 15:15 - 2016-01-26 23:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-09 15:15 - 2016-01-26 22:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-09 15:15 - 2016-01-26 22:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-09 15:15 - 2016-01-26 22:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-09 15:15 - 2016-01-26 22:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-09 15:15 - 2016-01-26 22:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-09 15:15 - 2016-01-26 22:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-09 15:15 - 2016-01-26 22:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-09 15:15 - 2016-01-26 22:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-09 15:15 - 2016-01-26 22:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-09 15:15 - 2016-01-26 22:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-09 15:15 - 2016-01-26 22:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-09 15:15 - 2016-01-26 22:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-09 15:15 - 2016-01-26 22:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-09 15:15 - 2016-01-26 22:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-09 15:15 - 2016-01-26 22:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-09 15:15 - 2016-01-26 22:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-09 15:15 - 2016-01-26 22:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-09 15:15 - 2016-01-26 22:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-09 15:15 - 2016-01-26 22:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-09 15:15 - 2016-01-26 22:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-09 15:15 - 2016-01-26 22:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-08 17:16 - 2016-02-08 17:16 - 00801057 _____ C:\Users\Susan\Downloads\NewRx.pdf
2016-02-07 12:37 - 2016-02-07 12:37 - 00047189 _____ C:\Users\Susan\Downloads\Invoice #149.pdf
2016-02-07 12:37 - 2016-02-07 12:37 - 00047189 _____ C:\Users\Susan\Downloads\Invoice #149(1).pdf
2016-02-05 14:01 - 2016-02-05 14:01 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\679C0F08.sys
2016-02-04 10:00 - 2016-02-04 10:00 - 00052438 _____ C:\Users\Susan\Downloads\Invoice #148(8).pdf
2016-02-04 10:00 - 2016-02-04 10:00 - 00052438 _____ C:\Users\Susan\Downloads\Invoice #148(7).pdf
2016-02-02 19:00 - 2016-02-02 19:00 - 00052438 _____ C:\Users\Susan\Downloads\Invoice #148(6).pdf
2016-02-02 18:59 - 2016-02-02 18:59 - 00052438 _____ C:\Users\Susan\Downloads\Invoice #148(5).pdf
2016-02-02 18:57 - 2016-02-02 18:57 - 00052438 _____ C:\Users\Susan\Downloads\Invoice #148.pdf
2016-02-02 18:57 - 2016-02-02 18:57 - 00052438 _____ C:\Users\Susan\Downloads\Invoice #148(4).pdf
2016-02-02 18:57 - 2016-02-02 18:57 - 00052438 _____ C:\Users\Susan\Downloads\Invoice #148(3).pdf
2016-02-02 18:57 - 2016-02-02 18:57 - 00052438 _____ C:\Users\Susan\Downloads\Invoice #148(2).pdf
2016-02-02 18:57 - 2016-02-02 18:57 - 00052438 _____ C:\Users\Susan\Downloads\Invoice #148(1).pdf
2016-02-02 17:44 - 2016-02-02 17:44 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-02-01 13:59 - 2016-02-01 13:59 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\733F5472.sys
2016-01-31 18:33 - 2016-01-31 18:33 - 00002524 _____ C:\Users\Susan\Downloads\WorkOrder(9).pdf
2016-01-31 18:33 - 2016-01-31 18:33 - 00002524 _____ C:\Users\Susan\Downloads\WorkOrder(8).pdf
2016-01-31 18:33 - 2016-01-31 18:33 - 00002524 _____ C:\Users\Susan\Downloads\WorkOrder(7).pdf
2016-01-31 18:33 - 2016-01-31 18:33 - 00002524 _____ C:\Users\Susan\Downloads\WorkOrder(6).pdf
2016-01-31 18:33 - 2016-01-31 18:33 - 00002524 _____ C:\Users\Susan\Downloads\WorkOrder(5).pdf
2016-01-31 18:33 - 2016-01-31 18:33 - 00002524 _____ C:\Users\Susan\Downloads\WorkOrder(11).pdf
2016-01-31 18:33 - 2016-01-31 18:33 - 00002524 _____ C:\Users\Susan\Downloads\WorkOrder(10).pdf
2016-01-31 18:32 - 2016-01-31 18:32 - 00007046 _____ C:\Users\Susan\Downloads\WorkOrder.pdf
2016-01-31 18:32 - 2016-01-31 18:32 - 00007046 _____ C:\Users\Susan\Downloads\WorkOrder(4).pdf
2016-01-31 18:32 - 2016-01-31 18:32 - 00007046 _____ C:\Users\Susan\Downloads\WorkOrder(3).pdf
2016-01-31 18:32 - 2016-01-31 18:32 - 00007046 _____ C:\Users\Susan\Downloads\WorkOrder(2).pdf
2016-01-31 18:32 - 2016-01-31 18:32 - 00007046 _____ C:\Users\Susan\Downloads\WorkOrder(1).pdf
2016-01-28 11:44 - 2016-01-28 11:45 - 01340755 _____ C:\Users\Susan\Downloads\1745216.Other Lease Agreements. .zip
2016-01-27 13:36 - 2016-01-16 00:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-27 13:36 - 2016-01-16 00:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-27 13:36 - 2016-01-16 00:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-27 13:36 - 2016-01-16 00:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-27 13:36 - 2016-01-16 00:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-27 13:36 - 2016-01-16 00:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-27 13:36 - 2016-01-16 00:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-27 13:36 - 2016-01-16 00:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-27 13:36 - 2016-01-16 00:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-27 13:36 - 2016-01-16 00:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-27 13:36 - 2016-01-16 00:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-27 13:36 - 2016-01-16 00:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-27 13:36 - 2016-01-16 00:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-27 13:36 - 2016-01-16 00:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-27 13:36 - 2016-01-16 00:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-27 13:36 - 2016-01-16 00:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-27 13:36 - 2016-01-16 00:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-27 13:36 - 2016-01-16 00:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-27 13:36 - 2016-01-16 00:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-27 13:36 - 2016-01-16 00:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-27 13:36 - 2016-01-16 00:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-27 13:36 - 2016-01-16 00:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-27 13:36 - 2016-01-15 23:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-27 13:36 - 2016-01-15 23:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-27 13:36 - 2016-01-15 23:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-27 13:36 - 2016-01-15 23:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-27 13:36 - 2016-01-15 23:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-27 13:36 - 2016-01-15 23:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-27 13:36 - 2016-01-15 23:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-27 13:36 - 2016-01-15 23:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-27 13:36 - 2016-01-15 23:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-27 13:36 - 2016-01-15 23:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-27 13:36 - 2016-01-15 23:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-27 13:36 - 2016-01-15 23:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-27 13:36 - 2016-01-15 23:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-27 13:36 - 2016-01-15 23:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-27 13:36 - 2016-01-15 23:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-27 13:36 - 2016-01-15 23:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-27 13:36 - 2016-01-15 23:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-27 13:36 - 2016-01-15 23:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-27 13:36 - 2016-01-15 23:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-27 13:36 - 2016-01-15 23:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-27 13:36 - 2016-01-15 23:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-27 13:36 - 2016-01-15 23:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-27 13:36 - 2016-01-15 23:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-27 13:36 - 2016-01-15 23:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-27 13:36 - 2016-01-15 23:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-27 13:36 - 2016-01-15 23:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-27 13:36 - 2016-01-15 23:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-27 13:36 - 2016-01-15 23:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-27 13:36 - 2016-01-15 23:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-27 13:36 - 2016-01-15 23:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-27 13:36 - 2016-01-15 23:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-27 13:36 - 2016-01-15 23:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-27 13:36 - 2016-01-15 23:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-27 13:36 - 2016-01-15 23:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-27 13:36 - 2016-01-15 23:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-27 13:36 - 2016-01-15 23:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-27 13:36 - 2016-01-15 23:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-27 13:36 - 2016-01-15 23:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-27 13:36 - 2016-01-15 23:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-27 13:36 - 2016-01-15 23:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-27 13:36 - 2016-01-15 23:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-27 13:36 - 2016-01-15 23:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-27 13:36 - 2016-01-15 23:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-27 13:36 - 2016-01-15 23:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-27 13:36 - 2016-01-15 23:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-27 13:36 - 2016-01-15 23:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-27 13:36 - 2016-01-15 23:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-27 13:36 - 2016-01-15 23:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-27 13:36 - 2016-01-15 23:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-27 13:36 - 2016-01-15 23:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-27 13:36 - 2016-01-15 23:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-27 13:36 - 2016-01-15 23:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-27 13:36 - 2016-01-15 23:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-27 13:36 - 2016-01-15 23:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-27 13:36 - 2016-01-15 23:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-27 13:36 - 2016-01-15 23:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-27 13:36 - 2016-01-15 23:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-27 13:36 - 2016-01-15 23:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-27 13:36 - 2016-01-15 23:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-27 13:36 - 2016-01-15 23:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-27 13:36 - 2016-01-15 23:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-27 13:36 - 2016-01-15 23:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-27 13:36 - 2016-01-15 23:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-27 13:36 - 2016-01-15 23:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-27 13:36 - 2016-01-15 23:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-27 13:36 - 2016-01-15 23:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-27 13:36 - 2016-01-15 23:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-27 13:36 - 2016-01-15 23:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-27 13:36 - 2016-01-15 23:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-27 13:36 - 2016-01-15 23:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-27 13:36 - 2016-01-15 23:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-27 13:36 - 2016-01-15 23:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-27 13:36 - 2016-01-15 23:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-27 13:36 - 2016-01-15 23:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-27 13:36 - 2016-01-15 23:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-27 13:36 - 2016-01-15 23:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-27 13:36 - 2016-01-15 23:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-27 13:36 - 2016-01-15 23:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-27 13:36 - 2016-01-15 23:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-27 13:36 - 2016-01-15 23:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-27 13:36 - 2016-01-15 23:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-27 13:36 - 2016-01-15 23:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-27 13:36 - 2016-01-15 23:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-27 13:36 - 2016-01-15 23:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-27 13:36 - 2016-01-15 23:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-27 13:36 - 2016-01-15 23:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-23 14:04 - 2016-01-23 14:04 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4898191E.sys
2016-01-20 11:04 - 2016-01-20 11:04 - 00095218 _____ C:\Users\Susan\Downloads\7912 Country meadow comps 1-18-16(1).pdf
2016-01-20 11:03 - 2016-01-20 11:03 - 00095218 _____ C:\Users\Susan\Downloads\7912 Country meadow comps 1-18-16.pdf
2016-01-20 10:36 - 2016-01-20 10:37 - 01625942 _____ C:\Users\Susan\Downloads\Report6125Jan20.pdf
2016-01-20 10:34 - 2016-01-20 10:34 - 00097542 _____ C:\Users\Susan\Downloads\CMA 1 Line7286
2016-01-20 10:34 - 2016-01-20 10:34 - 00097542 _____ C:\Users\Susan\Downloads\CMA 1 Line4728
2016-01-20 10:34 - 2016-01-20 10:34 - 00097542 _____ C:\Users\Susan\Downloads\CMA 1 Line3748
2016-01-19 20:19 - 2016-01-19 20:19 - 00000000 ____D C:\Users\Susan\AppData\Roaming\Sun
2016-01-19 20:19 - 2016-01-19 20:19 - 00000000 ____D C:\Users\Susan\.oracle_jre_usage
2016-01-19 20:18 - 2016-01-19 20:18 - 00000000 ____D C:\Users\Susan\AppData\LocalLow\Oracle
2016-01-19 20:16 - 2016-01-19 20:16 - 00001774 _____ C:\Users\Susan\Desktop\Adobe Reader X.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-16 18:37 - 2013-12-06 06:09 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-16 18:23 - 2015-11-18 20:52 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-02-16 18:09 - 2015-05-21 13:11 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-16 15:53 - 2015-12-29 15:03 - 00000000 ___RD C:\Backup
2016-02-15 21:59 - 2015-12-29 15:50 - 00000000 ___RD C:\Users\Susan\iCloudDrive
2016-02-15 21:59 - 2015-08-10 11:09 - 00000000 __SHD C:\Users\Susan\IntelGraphicsProfiles
2016-02-15 21:59 - 2015-06-29 11:30 - 00000000 ___RD C:\Users\Susan\OneDrive
2016-02-15 21:58 - 2015-11-14 04:41 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-15 18:52 - 2015-11-14 04:45 - 00000000 ____D C:\Users\Susan
2016-02-15 14:51 - 2015-09-14 19:28 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7812CDFD-0A97-496B-8C93-B6EDBB4F07CB}
2016-02-14 09:49 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-13 13:25 - 2015-04-13 17:40 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-13 13:23 - 2015-04-13 17:40 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-12 18:09 - 2015-12-29 15:50 - 00000000 ____D C:\Users\Susan\AppData\Local\AA86540E-1C80-41E8-912F-FCD8B8B6F857.aplzod
2016-02-12 18:05 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-12 18:05 - 2015-08-10 11:09 - 00000000 ____D C:\Users\Susan\AppData\Local\Packages
2016-02-12 12:21 - 2015-12-29 15:49 - 00003490 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2016-02-12 11:44 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-12 11:10 - 2015-08-10 11:09 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-12 03:37 - 2015-11-14 04:44 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-12 03:37 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-12 03:33 - 2015-11-14 04:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-12 03:32 - 2015-10-30 00:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-12 03:32 - 2015-04-13 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-12 03:31 - 2015-10-30 03:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-11 19:18 - 2015-08-27 14:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-11 13:19 - 2015-08-10 11:13 - 00002409 _____ C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-10 18:07 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-02-10 11:17 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-03 13:01 - 2015-10-30 01:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 13:01 - 2015-10-30 01:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-31 13:25 - 2015-11-14 04:41 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-01-29 13:37 - 2015-10-30 01:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-29 13:35 - 2014-05-08 19:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-01-28 03:31 - 2015-10-30 01:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-28 03:31 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-28 03:31 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-28 03:31 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-28 03:31 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-28 03:31 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-28 03:31 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-19 20:30 - 2016-01-15 17:57 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-01-19 20:30 - 2015-11-14 04:38 - 00370136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-19 20:20 - 2015-04-13 19:23 - 00000000 ____D C:\ProgramData\Oracle
2016-01-19 20:19 - 2015-04-13 19:24 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-01-19 20:19 - 2015-04-13 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-19 20:19 - 2015-04-13 19:23 - 00000000 ____D C:\Program Files (x86)\Java

==================== Files in the root of some directories =======

2015-05-21 11:45 - 2015-05-21 11:45 - 0007605 _____ () C:\Users\Susan\AppData\Local\Resmon.ResmonCfg
2015-04-13 19:02 - 2015-04-13 19:02 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-11-14 04:41 - 2015-11-14 04:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-02-16 08:48 - 2016-02-08 11:16 - 0023920 _____ () C:\ProgramData\Z@!-0569b890-695a-47af-9c1d-81918bf123f8.tmp
2016-02-16 08:48 - 2016-02-08 11:16 - 0022896 _____ () C:\ProgramData\Z@S!-d02993d1-0222-4931-9d7e-9a54ed8000cb.tmp

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-11 13:23

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Susan (2016-02-16 19:08:30)
Running from C:\Users\Susan\Desktop
Windows 10 Home (X64) (2015-11-14 11:00:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3551703168-3638828205-1618650259-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3551703168-3638828205-1618650259-503 - Limited - Disabled)
Guest (S-1-5-21-3551703168-3638828205-1618650259-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3551703168-3638828205-1618650259-1002 - Limited - Enabled)
Susan (S-1-5-21-3551703168-3638828205-1618650259-1000 - Administrator - Enabled) => C:\Users\Susan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Total Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Total Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3508 - Acer Incorporated)
Acer eSettings Management (HKLM-x32\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.00.5500 - Acer Incorporated)
Acer Framework (HKLM-x32\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.00.5500 - Acer Incorporated)
Acer Office Manager Agent (HKLM\...\{3F3EDE05-BE5A-4492-AE55-E823880A207B}) (Version: 1.00.8103 - Acer Incorporated)
Acer Office Manager Console (HKLM\...\{89054479-B94C-41F2-9749-22DB9F9209D0}) (Version: 1.00.8102 - Acer Incorporated)
Acer PowerSaver (HKLM-x32\...\{A1FFD720-0806-40E9-9554-DB22D593FDEF}) (Version: 1.00.3504 - Acer Incorporated)
Acer SmartBoot (HKLM-x32\...\{9E65215B-9DE9-401A-8541-C82FE2D2BC66}) (Version: 1.00.8001 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Dual Smart Solution (HKLM-x32\...\{E61F7C73-277C-44CE-87C4-B574BF0F3803}) (Version: 2.5 - LG Soft India Pvt Ltd)
Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3503 - Acer Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.10.1372 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{C706D102-D77E-4D45-B631-2A43C55F0F01}) (Version: 8.0.3.287 - Kaspersky Lab)
Kaspersky Password Manager (x32 Version: 8.0.3.287 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6366.2062 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30166 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
SmartPCFixer 5.2 (HKLM-x32\...\{2C5927BD-3F65-4207-8FB5-8EDF638A3511}_is1) (Version: 5.2 - LionSea Software co., ltd) <==== ATTENTION
UV Realtime (HKLM-x32\...\{5A4B3F22-A5DF-43D7-89A7-6121F5431F32}) (Version: 1.9.1 - Dan Wilson)
Veriton ControlCenter (HKLM-x32\...\{A78190D6-A513-4C5D-BC20-CFE14F1CD5E3}) (Version: 1.00.3500 - Acer Incorporated)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3551703168-3638828205-1618650259-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Susan\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {000147C5-DA03-4833-8C58-FEAC58D83486} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {007DB50D-263A-4E45-B37F-037BCF060993} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {0DD5ED54-D46B-4043-8F98-D9E716CAB544} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1027813B-0AD5-4C4C-AFFF-304157D44284} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {14107FE0-DF48-4865-878A-12592D3800F9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {25ABCA8E-66EA-4837-8BB1-22DA329578DD} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {2CFD2FC6-DBB2-4FFC-AE4B-2F498071846C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-01-19] (Microsoft Corporation)
Task: {30202AAF-F616-4645-B103-9E520A7E6D3E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {308AA495-2F8A-470A-85D5-2919419CB44B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {32AA001E-7747-4524-9A0A-AFC2CBA2AB23} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {34B0EAD9-FE5C-4652-9346-3798380FEA38} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
Task: {3571F80D-326F-419D-861F-D9057D1D725A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {383950DB-BA33-4353-8F59-E00B5679AD8F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {530F7E45-A958-4E0F-9FE0-EA3EC11F2FD8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-13] (Microsoft Corporation)
Task: {5CDA4EA8-6138-45B8-AFA3-7EC4301AA363} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {5D2840DB-8CAA-43EE-88AD-39742C7B0081} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {61EF5426-8D79-4A1D-9D11-9A9432781017} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {67CAA856-4D2A-40D3-82AB-673B7073A880} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {68B3FABE-3164-40FA-B91E-D108EAB3BEB2} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {74F656E8-F925-4B94-A809-55DF2AAE1576} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {8A251B4B-652C-4D1E-A160-3B17760DA6BF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8BFBEF72-C362-45A9-A332-EA0970D3AE6C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {94E4D1B8-1104-4880-A21D-889D94310B31} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {96F5D623-98BA-4EB7-B24F-E3AED5A70B2E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
Task: {98B0B4CC-5A1B-4A1B-82A7-8CB75CCE9169} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9BF46398-32DD-4E7E-BD48-3C42C6CF2F68} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A386F321-D44F-473B-BBA8-936396920D71} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {A8CD3FAE-4EFA-4AE1-B669-53459614312F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AC422E33-04A2-4665-B199-0C137221337E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {B71D3A54-B18C-4560-9C42-F4065CFC9D70} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C1BC3C32-8A2E-49DC-A93D-6EB79E97CECE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C2591CCC-D971-4272-B5D6-1CCDACA5E845} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {CCA2D5F0-3E5B-4466-B10C-B4D7840268E1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {D53881F7-0D30-4705-8384-A3F621B567FF} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {DCEB5B10-34A7-49BA-A27F-2C262A8607CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
Task: {E7898195-08EE-41B3-A0C3-2BEA8711C537} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {EBBDEBFC-3A6D-4690-8470-DBC4AC31AA38} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {EDA9F9F1-95F3-402B-8ABB-3CE1F06CF683} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {EE95E42E-FB9A-4DB2-B90C-8789C8564766} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {EF5E1074-EC5A-4C46-8EC4-F5961A702410} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
Task: {F2172150-4FDE-413A-9957-566BBFB24DD8} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {F2DAA845-48E5-4579-AA88-CCC96D6B8C74} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-12-01] (Apple Inc.)
Task: {F6D4A90D-5484-4B15-A12A-74A891236619} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {F792A3AD-21E9-4F39-92AE-0BEB786924E3} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F9DAFFFB-9CEE-495B-BF8E-AC06ECE2BC97} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FA63F0A9-4BFA-4CF3-9401-59FEAF5E002D} - System32\Tasks\HP AR Program Upload - d432f310de654d39a1c21d7f21d93dd605c40597a78b43ffa4369f811e27cac8 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {FC293357-BA5E-4348-8812-175CF6803929} - System32\Tasks\{84AF3C37-D543-41D9-A4AD-ADB914921203} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-04 03:43 - 2016-01-17 14:46 - 00171712 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-06 06:05 - 2011-06-13 19:59 - 00030080 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2015-11-14 04:46 - 2015-11-14 04:46 - 00038312 _____ () C:\WINDOWS\assembly\GAC_MSIL\Framework.Model.Controller\3.0.5500.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2015-11-14 04:46 - 2015-11-14 04:46 - 00026040 _____ () C:\WINDOWS\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.5500.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2015-11-14 04:46 - 2015-11-14 04:46 - 00066960 _____ () C:\WINDOWS\assembly\GAC_MSIL\Framework.Library\3.0.5500.0__3036420f80dd6947\Framework.Library.dll
2015-11-14 04:46 - 2015-11-14 04:46 - 00034192 _____ () C:\WINDOWS\assembly\GAC_MSIL\Framework.Host\3.0.5500.0__672b450de5a7e94a\Framework.Host.dll
2015-11-14 04:46 - 2015-11-14 04:46 - 00021920 _____ () C:\WINDOWS\assembly\GAC_MSIL\Framework.PluginInterface\3.0.5500.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2015-04-13 15:28 - 2011-06-14 11:35 - 00021920 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2013-10-25 14:12 - 2013-10-25 14:12 - 00142056 _____ () C:\Program Files\Acer\Acer Office Manager Agent\AgSvc.exe
2013-10-25 14:12 - 2013-10-25 14:12 - 00027368 _____ () C:\Program Files\Acer\Acer Office Manager Agent\MaDis.dll
2013-10-25 14:12 - 2013-10-25 14:12 - 00015080 _____ () C:\Program Files\Acer\Acer Office Manager Agent\LogMgr.dll
2013-10-25 14:12 - 2013-10-25 14:12 - 00137448 _____ () C:\Program Files\Acer\Acer Office Manager Agent\CommLib.dll
2013-10-25 14:12 - 2013-10-25 14:12 - 00067816 _____ () C:\Program Files\Acer\Acer Office Manager Agent\CAComm.dll
2013-10-25 14:12 - 2013-10-25 14:12 - 00014568 _____ () C:\Program Files\Acer\Acer Office Manager Agent\AgRemotObj.dll
2013-10-25 14:12 - 2013-10-25 14:12 - 00123112 _____ () C:\Program Files\Acer\Acer Office Manager Agent\dBAccess.dll
2012-02-22 11:01 - 2012-02-22 11:01 - 01109096 _____ () C:\Program Files\Acer\Acer Office Manager Agent\System.Data.SQLite.dll
2013-10-25 14:13 - 2013-10-25 14:13 - 00074472 _____ () C:\Program Files\Acer\Acer Office Manager Agent\XMLParser.dll
2013-10-25 16:51 - 2013-10-25 16:51 - 00281832 _____ () C:\Program Files\Acer\Acer Office Manager Console\ConSvc.exe
2013-10-25 16:51 - 2013-10-25 16:51 - 00137448 _____ () C:\Program Files\Acer\Acer Office Manager Console\CommLib.dll
2013-10-25 16:51 - 2013-10-25 16:51 - 00015080 _____ () C:\Program Files\Acer\Acer Office Manager Console\LogMgr.dll
2013-10-25 16:51 - 2013-10-25 16:51 - 00074472 _____ () C:\Program Files\Acer\Acer Office Manager Console\XMLParser.dll
2013-10-25 16:51 - 2013-10-25 16:51 - 00123112 _____ () C:\Program Files\Acer\Acer Office Manager Console\dBAccess.dll
2012-02-22 11:01 - 2012-02-22 11:01 - 01102336 _____ () C:\Program Files\Acer\Acer Office Manager Console\System.Data.SQLite.dll
2013-10-25 16:51 - 2013-10-25 16:51 - 00027368 _____ () C:\Program Files\Acer\Acer Office Manager Console\MaDis.dll
2013-10-25 16:51 - 2013-10-25 16:51 - 00015080 _____ () C:\Program Files\Acer\Acer Office Manager Console\ConRemotObj.dll
2013-10-25 16:51 - 2013-10-25 16:51 - 00067816 _____ () C:\Program Files\Acer\Acer Office Manager Console\CAComm.dll
2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-03 11:40 - 2015-11-22 04:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-03 11:40 - 2015-11-22 04:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-29 13:33 - 2016-01-17 17:07 - 08913088 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-12-18 13:26 - 2015-12-06 22:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 13:26 - 2015-12-06 22:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 13:48 - 2016-01-04 19:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 13:48 - 2016-01-04 19:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-27 13:36 - 2016-01-15 23:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-27 13:36 - 2016-01-15 23:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-10-25 14:12 - 2013-10-25 14:12 - 00109800 _____ () C:\Program Files\Acer\Acer Office Manager Agent\AgStdAlo.exe
2013-10-25 14:13 - 2013-10-25 14:13 - 00021736 _____ () C:\Program Files\Acer\Acer Office Manager Agent\ProMgr.dll
2016-02-16 08:48 - 2016-02-08 11:16 - 00023920 _____ () C:\ProgramData\Z@!-0569b890-695a-47af-9c1d-81918bf123f8.tmp
2015-10-01 16:25 - 2012-10-23 14:25 - 00064512 _____ () C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\MouseHook.dll
2015-10-01 16:25 - 2012-10-17 17:52 - 00004608 _____ () C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\EngRes.dll
2015-10-01 16:25 - 2012-12-14 19:10 - 00036864 _____ () C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe
2016-01-21 13:27 - 2016-01-21 13:27 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-10-30 01:18 - 2015-10-30 01:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll
2014-05-08 19:30 - 2013-05-16 17:06 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-02-16 08:48 - 2016-02-08 11:16 - 00022896 _____ () C:\ProgramData\Z@S!-d02993d1-0222-4931-9d7e-9a54ed8000cb.tmp
2015-03-20 17:12 - 2015-03-20 17:12 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-01 16:25 - 2012-10-17 17:52 - 00061952 _____ () C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Proxy32dll.dll
2016-01-21 13:27 - 2016-01-21 13:27 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-21 13:27 - 2016-01-21 13:28 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{B82C4DD6-87C4-4D76-9440-37358DF6A0BD}] => (Allow) C:\Users\Susan\AppData\Local\Temp\7zS1227\HPDiagnosticCoreUI.exe
FirewallRules: [{22335203-718C-42D0-8FA4-D9504547F9E1}] => (Allow) C:\Users\Susan\AppData\Local\Temp\7zS1227\HPDiagnosticCoreUI.exe
FirewallRules: [{8E6325CF-E64F-4572-9211-1C3C643FA1FA}] => (Allow) C:\Users\Susan\AppData\Local\Temp\7zS04B0\HPDiagnosticCoreUI.exe
FirewallRules: [{81B26784-FD64-4AEB-9E53-A0EE3269D965}] => (Allow) C:\Users\Susan\AppData\Local\Temp\7zS04B0\HPDiagnosticCoreUI.exe
FirewallRules: [{8D521E7F-77C9-4335-BD2A-AC55081BEB06}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C733EDDC-1FE4-4F13-8CDE-9226A1B3EFC2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7969EEF4-6A5F-4477-A280-3D18D574DEE7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{108903BF-9B1D-46B4-ACCC-A88D609E19BF}] => (Allow) LPort=5357
FirewallRules: [{09A04195-5DAF-4841-911D-59A4EB2D938E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{AB5DD5F0-F1F3-48C6-9F90-1412776D412C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{CA6E8982-E5B8-4FF8-B6E8-9602FDB9C1A2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{03517077-41E6-4B93-AACB-FBC93980B93A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{C1C482CB-83FD-45EF-992A-546FD4AF679A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{981D95DA-B0CF-45E1-B3FA-1C1386886FFE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0D1A454A-078C-4820-B6D2-84B97C091D8E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F3A8BC5A-9CE1-4346-A2B6-47B4876D398C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9D23846C-4B82-4B98-81C8-464B41762418}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ECDD9C48-095A-4B60-A016-FF4F0CDD6AD4}] => (Allow) C:\Program Files\Acer\Acer Office Manager Agent\AgSvc.exe
FirewallRules: [{D51A68D5-CC64-4786-9111-34BB21DA9B1B}] => (Allow) C:\Program Files\Acer\Acer Office Manager Agent\AgSvc.exe
FirewallRules: [{90A2396A-3325-44F0-827B-F6C72ACB4CEA}] => (Allow) C:\Program Files\Acer\Acer Office Manager Console\ConSvc.exe
FirewallRules: [{7E3E7A8D-DEF0-4A5B-B1EE-CEB61B34B63E}] => (Allow) C:\Program Files\Acer\Acer Office Manager Console\ConSvc.exe
FirewallRules: [{91FB0435-699E-4972-B5AC-E4C497C6B3F8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B441AF70-2B48-4E54-9108-BA2DEFB96FEB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BD42B135-52A0-4FCA-AC50-7DA8A9D20406}] => (Allow) C:\Users\Susan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{467FB7C5-C80E-493D-8D97-5961487DD542}] => (Allow) LPort=1025
FirewallRules: [{A81913C4-EB28-4025-8934-3ADDDD9CF57D}] => (Allow) C:\Users\Susan\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{E0652189-7D4F-4E79-AF7F-78AE58B4B6F9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D2B5ABF2-4531-45C4-9FAE-BD38B07B70EC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

==================== Restore Points =========================

31-01-2016 13:23:14 Windows Update
10-02-2016 11:15:39 Windows Update
13-02-2016 13:23:08 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/16/2016 03:53:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.


Operation:
   Instantiating VSS server

Error: (02/16/2016 03:53:29 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name IVssCoordinatorEx2 is [0x80040154, Class not registered
].


Operation:
   Instantiating VSS server

Error: (02/16/2016 08:26:10 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (02/16/2016 08:16:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SUSAN-PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/16/2016 06:16:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SUSAN-PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/16/2016 04:16:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2344

Error: (02/16/2016 04:16:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2344

Error: (02/16/2016 04:16:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/16/2016 04:16:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156

Error: (02/16/2016 04:16:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1156


System errors:
=============
Error: (02/15/2016 06:52:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_feeb262 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/15/2016 06:52:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_feeb262 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/15/2016 06:52:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_feeb262 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/15/2016 06:52:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_feeb262 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/14/2016 09:56:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_1a5f96f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/14/2016 09:56:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_1a5f96f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/14/2016 09:56:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_1a5f96f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/14/2016 09:56:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_1a5f96f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/12/2016 11:38:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - February 2016 (KB890830).

Error: (02/12/2016 11:12:30 AM) (Source: DCOM) (EventID: 10016) (User: SUSAN-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Susan-PCSusanS-1-5-21-3551703168-3638828205-1618650259-1000LocalHost (Using LRPC)Microsoft.WindowsStore_2016.27.2.0_x64__8wekyb3d8bbweS-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157


CodeIntegrity:
===================================
  Date: 2016-02-12 18:10:42.989
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-12 18:10:15.491
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-12 03:34:14.452
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-10 15:43:23.694
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-29 13:36:27.118
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-28 03:36:40.674
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-15 17:25:44.691
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-15 16:58:06.898
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-14 03:41:14.157
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-09 13:29:20.962
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 72%
Total physical RAM: 3967.73 MB
Available physical RAM: 1097.61 MB
Total Virtual: 7935.73 MB
Available Virtual: 3781.48 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:459.08 GB) (Free:385.05 GB) NTFS
Drive d: (DATA) (Fixed) (Total:459.08 GB) (Free:458.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: BC71EC6D)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=356 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=459.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=459.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 


  • 0

Advertisements

#2
RKinner
Posted 21 February 2016 - 09:54 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

If we look at your log it appears that there was a 7 minute flurry of activity:

 

2016-02-16 08:55 - 2016-02-16 08:55 - 00001132 _____ C:\Users\Public\Desktop\SmartPCFixer.lnk
2016-02-16 08:55 - 2016-02-16 08:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer
2016-02-16 08:55 - 2014-05-10 09:24 - 00000229 _____ C:\Users\Public\Desktop\LionSea Software.url
2016-02-16 08:54 - 2016-02-16 08:55 - 00000000 ____D C:\Program Files (x86)\SmartPCFixer
2016-02-16 08:54 - 2016-02-16 08:54 - 04759456 _____ (LionSea Software co., ltd ) C:\Users\Susan\Downloads\setup.exe
2016-02-16 08:48 - 2016-02-16 15:18 - 00000000 ____D C:\ProgramData\bomgar-scc-0x56c336a3
2016-02-16 08:48 - 2016-02-08 11:16 - 00023920 _____ C:\ProgramData\Z@!-0569b890-695a-47af-9c1d-81918bf123f8.tmp
2016-02-16 08:48 - 2016-02-08 11:16 - 00022896 _____ C:\ProgramData\Z@S!-d02993d1-0222-4931-9d7e-9a54ed8000cb.tmp

 

 

SmartPCFixer (from LionSea Software) is snake oil.  Registry cleaner and such.  Worthless but not totally evil.  It appears in your uninstall list so see if it will uninstall.

 

Bomgar is the remote login software they used.  It shows up in the active list

 

HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\...\Run: [Bomgar_Cleanup_ZD38793746819060] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x56c336a3" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD38793746819060 /f

 

 

but it may be their uninstall tool.  Can't tell for sure.

 

 No telling what the two .tmp files are for. 

 

We can remove the visible stuff with a FRST fixlist (and clean up after Windows 10 while we are at it.  All of the GWX No File tasks are leftover from the nagging Windows 7 or 8 did to get you to upgrade to 10.

 

 
Download the attached fixlist.txt to the same location as FRST
 
[attachment=80408:fixlist.txt]
 
Run FRST and press Fix
A fix log will be generated please post that 

 

You might also want to uninstall Bonjour or perhaps make sure that the firewall lets it through.  It's causing a lot of errors.

 

Also did you install WinPcap 4.1.2?  IF you did that's fine but if not uninstall it.  It's a program that can be used to monitor your Internet traffic.

 

Just to make sure there is nothing we missed, it would be a good idea to run DSIM as in Step 5 of http://www.tenforums...s-10-image.html

 

then run 

sfc  /scannow 

in the same elevated command prompt.  Does it complain that it can't fix everything?


  • 0

#3
shorthaul99
Posted 22 February 2016 - 11:22 AM

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 133 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:21-02-2016 01
Ran by Susan (2016-02-22 10:59:27) Run:1
Running from C:\Users\Susan\Desktop
Loaded Profiles: Susan &  (Available Profiles: Susan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\...\Run: [Bomgar_Cleanup_ZD38793746819060] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x56c336a3" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD38793746819060 /f
SearchScopes: HKU\S-1-5-21-3551703168-3638828205-1618650259-1000 -> DefaultScope {FC3BC0B0-8B9F-4CBD-A9C9-40D183B606E7} URL =
SearchScopes: HKU\S-1-5-21-3551703168-3638828205-1618650259-1000 -> {FC3BC0B0-8B9F-4CBD-A9C9-40D183B606E7} URL =
U3 idsvc; no ImagePath
2016-02-16 08:55 - 2016-02-16 08:55 - 00001132 _____ C:\Users\Public\Desktop\SmartPCFixer.lnk
2016-02-16 08:55 - 2016-02-16 08:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer
2016-02-16 08:55 - 2014-05-10 09:24 - 00000229 _____ C:\Users\Public\Desktop\LionSea Software.url
2016-02-16 08:54 - 2016-02-16 08:55 - 00000000 ____D C:\Program Files (x86)\SmartPCFixer
2016-02-16 08:54 - 2016-02-16 08:54 - 04759456 _____ (LionSea Software co., ltd ) C:\Users\Susan\Downloads\setup.exe
2016-02-16 08:48 - 2016-02-16 15:18 - 00000000 ____D C:\ProgramData\bomgar-scc-0x56c336a3
2016-02-16 08:48 - 2016-02-08 11:16 - 00023920 _____ C:\ProgramData\Z@!-0569b890-695a-47af-9c1d-81918bf123f8.tmp
2016-02-16 08:48 - 2016-02-08 11:16 - 00022896 _____ C:\ProgramData\Z@S!-d02993d1-0222-4931-9d7e-9a54ed8000cb.tmp
Task: {000147C5-DA03-4833-8C58-FEAC58D83486} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {0DD5ED54-D46B-4043-8F98-D9E716CAB544} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {14107FE0-DF48-4865-878A-12592D3800F9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {32AA001E-7747-4524-9A0A-AFC2CBA2AB23} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {94E4D1B8-1104-4880-A21D-889D94310B31} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {98B0B4CC-5A1B-4A1B-82A7-8CB75CCE9169} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9BF46398-32DD-4E7E-BD48-3C42C6CF2F68} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A8CD3FAE-4EFA-4AE1-B669-53459614312F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B71D3A54-B18C-4560-9C42-F4065CFC9D70} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C1BC3C32-8A2E-49DC-A93D-6EB79E97CECE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F9DAFFFB-9CEE-495B-BF8E-AC06ECE2BC97} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
EmptyTemp:
 

 

Bonjour and WinPcap 4.1.2 are both uninstalled and deleted.

 

That's what I have so far. I could only buzz by here on my lunch break and run the first ones and I'm familiar with sfc scan and know it takes awhile so I will come back by when I get done at work.


  • 0

#4
shorthaul99
Posted 23 February 2016 - 03:44 PM

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 133 posts

Both scans only took 10-15 mins each which was a pleasant surprise. Windows Resource Partition didn't find any integrity violations on the sfc scan. I think I have completed all that was requested.


  • 0

#5
RKinner
Posted 23 February 2016 - 03:47 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

You posted the fixlist.txt which I gave you.  See if you can find the fixlog.txt file which should be generated when you hit the Fix button on FRST.


  • 0

#6
shorthaul99
Posted 23 February 2016 - 04:31 PM

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 133 posts
Ok I may have not done that correctly. Do you copy and paste and input that info in the open log box inside of FRST and then hit fix? I think I posted the fix to the desktop and then opened up FRST and then hit fix. It ran like it was going thru all the motions but I'm pretty sure now that I did it wrong.
  • 0

#7
RKinner
Posted 23 February 2016 - 05:18 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I think you did it correctly just posted the wrong log.  Look for fixlog.txt in the same folder where FRST lives


  • 0

#8
shorthaul99
Posted 23 February 2016 - 08:52 PM

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 133 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:21-02-2016 01
Ran by Susan (2016-02-22 10:59:27) Run:1
Running from C:\Users\Susan\Desktop
Loaded Profiles: Susan &  (Available Profiles: Susan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\...\Run: [Bomgar_Cleanup_ZD38793746819060] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x56c336a3" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD38793746819060 /f
SearchScopes: HKU\S-1-5-21-3551703168-3638828205-1618650259-1000 -> DefaultScope {FC3BC0B0-8B9F-4CBD-A9C9-40D183B606E7} URL =
SearchScopes: HKU\S-1-5-21-3551703168-3638828205-1618650259-1000 -> {FC3BC0B0-8B9F-4CBD-A9C9-40D183B606E7} URL =
U3 idsvc; no ImagePath
2016-02-16 08:55 - 2016-02-16 08:55 - 00001132 _____ C:\Users\Public\Desktop\SmartPCFixer.lnk
2016-02-16 08:55 - 2016-02-16 08:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer
2016-02-16 08:55 - 2014-05-10 09:24 - 00000229 _____ C:\Users\Public\Desktop\LionSea Software.url
2016-02-16 08:54 - 2016-02-16 08:55 - 00000000 ____D C:\Program Files (x86)\SmartPCFixer
2016-02-16 08:54 - 2016-02-16 08:54 - 04759456 _____ (LionSea Software co., ltd ) C:\Users\Susan\Downloads\setup.exe
2016-02-16 08:48 - 2016-02-16 15:18 - 00000000 ____D C:\ProgramData\bomgar-scc-0x56c336a3
2016-02-16 08:48 - 2016-02-08 11:16 - 00023920 _____ C:\ProgramData\Z@!-0569b890-695a-47af-9c1d-81918bf123f8.tmp
2016-02-16 08:48 - 2016-02-08 11:16 - 00022896 _____ C:\ProgramData\Z@S!-d02993d1-0222-4931-9d7e-9a54ed8000cb.tmp
Task: {000147C5-DA03-4833-8C58-FEAC58D83486} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {0DD5ED54-D46B-4043-8F98-D9E716CAB544} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {14107FE0-DF48-4865-878A-12592D3800F9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {32AA001E-7747-4524-9A0A-AFC2CBA2AB23} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {94E4D1B8-1104-4880-A21D-889D94310B31} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {98B0B4CC-5A1B-4A1B-82A7-8CB75CCE9169} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9BF46398-32DD-4E7E-BD48-3C42C6CF2F68} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A8CD3FAE-4EFA-4AE1-B669-53459614312F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B71D3A54-B18C-4560-9C42-F4065CFC9D70} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C1BC3C32-8A2E-49DC-A93D-6EB79E97CECE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F9DAFFFB-9CEE-495B-BF8E-AC06ECE2BC97} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
EmptyTemp:













*****************

HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Bomgar_Cleanup_ZD38793746819060 => value not found.
HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3551703168-3638828205-1618650259-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FC3BC0B0-8B9F-4CBD-A9C9-40D183B606E7}" => key removed successfully
HKCR\CLSID\{FC3BC0B0-8B9F-4CBD-A9C9-40D183B606E7} => key not found.
idsvc => service removed successfully
C:\Users\Public\Desktop\SmartPCFixer.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer => moved successfully
C:\Users\Public\Desktop\LionSea Software.url => moved successfully
C:\Program Files (x86)\SmartPCFixer => moved successfully
C:\Users\Susan\Downloads\setup.exe => moved successfully
"C:\ProgramData\bomgar-scc-0x56c336a3" => not found.
C:\ProgramData\Z@!-0569b890-695a-47af-9c1d-81918bf123f8.tmp => moved successfully
C:\ProgramData\Z@S!-d02993d1-0222-4931-9d7e-9a54ed8000cb.tmp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{000147C5-DA03-4833-8C58-FEAC58D83486}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{000147C5-DA03-4833-8C58-FEAC58D83486}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0DD5ED54-D46B-4043-8F98-D9E716CAB544}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DD5ED54-D46B-4043-8F98-D9E716CAB544}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14107FE0-DF48-4865-878A-12592D3800F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14107FE0-DF48-4865-878A-12592D3800F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32AA001E-7747-4524-9A0A-AFC2CBA2AB23}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32AA001E-7747-4524-9A0A-AFC2CBA2AB23}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{94E4D1B8-1104-4880-A21D-889D94310B31}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94E4D1B8-1104-4880-A21D-889D94310B31}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98B0B4CC-5A1B-4A1B-82A7-8CB75CCE9169}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98B0B4CC-5A1B-4A1B-82A7-8CB75CCE9169}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BF46398-32DD-4E7E-BD48-3C42C6CF2F68}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BF46398-32DD-4E7E-BD48-3C42C6CF2F68}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8CD3FAE-4EFA-4AE1-B669-53459614312F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8CD3FAE-4EFA-4AE1-B669-53459614312F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B71D3A54-B18C-4560-9C42-F4065CFC9D70}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B71D3A54-B18C-4560-9C42-F4065CFC9D70}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1BC3C32-8A2E-49DC-A93D-6EB79E97CECE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1BC3C32-8A2E-49DC-A93D-6EB79E97CECE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9DAFFFB-9CEE-495B-BF8E-AC06ECE2BC97}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9DAFFFB-9CEE-495B-BF8E-AC06ECE2BC97}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
EmptyTemp: => 3.5 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:00:40 ====


  • 0

#9
RKinner
Posted 23 February 2016 - 09:05 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

That looks like it worked OK.  I think if DSIM and SFC worked OK then there is nothing evil hiding.  Wouldn't hurt to change any passwords for sites that the computer is used to access just in case they stole them while they were on it but I think their main job was to dupe you out of money.

 

ESET has a really good online scan that you can try if you want to make sure we haven't missed something.

 

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  
 
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

  • 0

#10
shorthaul99
Posted 29 February 2016 - 01:22 PM

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 133 posts

Scan completed and there wasn't an option to push LIST OF THREATS FOUND. I closed the box because there were no threats found. Did I do something wrong? I can attempt to re-run it if you would like me to.


  • 0

Advertisements

#11
RKinner
Posted 29 February 2016 - 01:38 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

No, it's good that it didn't find anything.  No need to run it again.

 

How is it running now?  Any problems?


  • 0

#12
shorthaul99
Posted 29 February 2016 - 02:22 PM

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 133 posts

It appears to be running just fine just a tad slow but that just maybe this computer. I may upgrade the ram to pick up the speed. I have always been worried that once infected like this, that even a complete wipe will not get rid of a backdoor Trojan and ultimately steal her data. I guess since no programs found anything, I'm guessing we are good.


  • 0

#13
RKinner
Posted 29 February 2016 - 02:26 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Let's see if we can see why it is slow.

 

Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post.
 
 

  • 0

#14
shorthaul99
Posted 01 March 2016 - 02:33 PM

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 133 posts

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    91.92    0 K    4 K    0            
WmiPrvSE.exe    2.31    10,252 K    15,712 K    3588    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
procexp64.exe    2.19    26,388 K    62,004 K    13404    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
dwm.exe    0.81    57,828 K    40,156 K    5492    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe    0.68    250,832 K    248,000 K    11884    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
System    0.46    1,596 K    429,696 K    4            
Interrupts    0.41    0 K    0 K    n/a    Hardware Interrupts and DPCs        
TestDDCCI.exe    0.35    2,648 K    8,516 K    18496    TestDDCCI MFC Application        (No signature was present in the subject)
mbam.exe    0.27    32,824 K    48,116 K    5128    Malwarebytes Anti-Malware    Malwarebytes    (Verified) Malwarebytes Corporation
csrss.exe    0.15    2,052 K    6,780 K    16296    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.12    31,492 K    47,736 K    548    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
WmiPrvSE.exe    0.10    2,116 K    7,632 K    15536    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
avp.exe    0.07    378,000 K    59,880 K    2868    Kaspersky Anti-Virus    Kaspersky Lab ZAO    (Verified) Kaspersky Lab
explorer.exe    0.04    47,120 K    98,612 K    10084    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
kpm.exe    0.03    73,152 K    82,296 K    16664    Kaspersky Password Manager    AO Kaspersky Lab    (Verified) Kaspersky Lab
iPodService.exe    0.02    2,240 K    4,496 K    7860    iPodService Module (64-bit)    Apple Inc.    (Verified) Apple Inc.
AppleMobileDeviceService.exe    0.02    4,008 K    4,232 K    2848    MobileDeviceService    Apple Inc.    (Verified) Apple Inc.
HPNetworkCommunicatorCom.exe    0.01    2,776 K    11,156 K    19016    HPNetworkCommunicatorCom    Hewlett-Packard Development Company, LP    (Verified) Hewlett Packard
lsass.exe    0.01    7,876 K    11,460 K    956    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
iusb3mon.exe    0.01    2,092 K    6,420 K    12916    iusb3mon    Intel Corporation    (Verified) Intel Corporation - Software and Firmware Products
Dual Smart Solution.exe    0.01    2,124 K    8,644 K    7200    Dual Smart Solution    LG Electronics    (No signature was present in the subject) LG Electronics
svchost.exe    < 0.01    8,140 K    13,960 K    380    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
RuntimeBroker.exe    < 0.01    19,972 K    57,976 K    2108    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
iCloudServices.exe    < 0.01    145,708 K    129,428 K    17808    iCloud Services    Apple Inc.    (Verified) Apple Inc.
ETService.exe    < 0.01    30,444 K    7,612 K    2780    Acer Empowering Technology Framework Service        (Verified) Acer Incorporated
ScanToPCActivationApp.exe    < 0.01    4,448 K    14,316 K    11932    ScanToPCActivationApp    Hewlett-Packard Development Company, LP    (Verified) Hewlett Packard
ConSvc.exe    < 0.01    39,648 K    17,656 K    3500    ConSvc        (Verified) Acer Incorporated
AgSvc.exe    < 0.01    45,992 K    15,688 K    9084    AgSvc        (Verified) Acer Incorporated
iCloudPhotos.exe    < 0.01    20,092 K    25,472 K    17860    iCloud Photo Library    Apple Inc.    (Verified) Apple Inc.
MSOSYNC.EXE    < 0.01    19,080 K    32,776 K    7040    Microsoft Office Document Cache    Microsoft Corporation    (Verified) Microsoft Corporation
CSISYNCCLIENT.EXE    < 0.01    18,548 K    30,088 K    14584    Microsoft Office Document Cache Sync Client Interface    Microsoft Corporation    (Verified) Microsoft Corporation
OfficeClickToRun.exe    < 0.01    41,440 K    21,172 K    13260    Microsoft Office Click-to-Run    Microsoft Corporation    (Verified) Microsoft Corporation
csrss.exe    < 0.01    1,648 K    2,128 K    692    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SearchProtocolHost.exe    < 0.01    1,912 K    8,496 K    14656    Microsoft Windows Search Protocol Host    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    6,312 K    8,400 K    492    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
iTunesHelper.exe    < 0.01    4,080 K    14,936 K    6380    iTunesHelper    Apple Inc.    (Verified) Apple Inc.
svchost.exe    < 0.01    96,884 K    91,908 K    1084    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
WmiPrvSE.exe        2,164 K    7,780 K    19440    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        1,712 K    6,768 K    11332    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,172 K    2,724 K    816    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows Publisher
unsecapp.exe        1,320 K    2,892 K    3060    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
taskhostw.exe        5,408 K    14,800 K    13048    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
SystemSettings.exe    Suspended    15,544 K    35,020 K    13020    Settings    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        3,856 K    4,112 K    2528    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        17,920 K    18,840 K    1244    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        15,624 K    19,304 K    1392    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        13,032 K    21,484 K    1168    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        14,708 K    43,860 K    10576    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        10,808 K    16,852 K    1596    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,296 K    16,188 K    2572    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,096 K    2,712 K    2452    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        9,360 K    19,600 K    2236    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,780 K    6,548 K    1204    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,808 K    2,952 K    2228    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,484 K    3,552 K    2072    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
spoolsv.exe        12,412 K    14,260 K    1972    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
SMSvcHost.exe        23,132 K    2,644 K    3308    SMSvcHost.exe    Microsoft Corporation    (Verified) Microsoft Corporation
SMSvcHost.exe        21,144 K    2,368 K    3444    SMSvcHost.exe    Microsoft Corporation    (Verified) Microsoft Corporation
smss.exe        412 K    528 K    480    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SmartHookTestApp.exe        1,980 K    7,672 K    18356    TODO: <File description>    TODO: <Company name>    (No signature was present in the subject) TODO: <Company name>
SkypeHost.exe    Suspended    16,404 K    5,624 K    1900    Microsoft Skype    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
sihost.exe        5,528 K    20,992 K    17440    Shell Infrastructure Host    Microsoft Corporation    (Verified) Microsoft Windows
ShellExperienceHost.exe    Suspended    36,580 K    49,728 K    16952    Windows Shell Experience Host    Microsoft Corporation    (Verified) Microsoft Windows
SettingSyncHost.exe        5,496 K    4,244 K    11124    Host Process for Setting Synchronization    Microsoft Corporation    (Verified) Microsoft Windows
services.exe        3,544 K    5,104 K    940    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SearchUI.exe    Suspended    46,444 K    54,804 K    9800    Search and Cortana application    Microsoft Corporation    (Verified) Microsoft Windows
SearchProtocolHost.exe        1,440 K    6,340 K    3548    Microsoft Windows Search Protocol Host    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe        36,768 K    35,448 K    1184    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
SearchFilterHost.exe        1,164 K    5,584 K    13840    Microsoft Windows Search Filter Host    Microsoft Corporation    (Verified) Microsoft Windows
RAVCpl64.exe        3,952 K    12,168 K    12952    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
procexp.exe        3,372 K    10,356 K    7280    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
PresentationFontCache.exe        27,204 K    6,632 K    4996    PresentationFontCache.exe    Microsoft Corporation    (Verified) Microsoft Corporation
PowerSaverTray.exe        2,956 K    8,404 K    12232    Acer PowerSaver Tray    Acer Incorporated    (Verified) Acer Incorporated
OneDrive.exe        10,956 K    28,364 K    10912    Microsoft OneDrive    Microsoft Corporation    (Verified) Microsoft Corporation
mqsvc.exe        4,312 K    3,856 K    2476    Message Queuing Service    Microsoft Corporation    (Verified) Microsoft Windows
Microsoft.Photos.exe    Suspended    236,516 K    63,068 K    5160    Microsoft Photos        (No signature was present in the subject)
mbamservice.exe        547,784 K    178,892 K    2816    Malwarebytes Anti-Malware    Malwarebytes    (Verified) Malwarebytes Corporation
mbamscheduler.exe        5,096 K    6,188 K    2824    Malwarebytes Anti-Malware    Malwarebytes    (Verified) Malwarebytes Corporation
LMS.exe        2,624 K    2,848 K    2880    Intel® Local Management Service    Intel Corporation    (Verified) Intel Corporation - Software and Firmware Products
jusched.exe        1,660 K    6,280 K    13604    Java Update Scheduler    Oracle Corporation    (Verified) Oracle America
Jhi_service.exe        1,176 K    1,516 K    9176    Intel® Dynamic Application Loader Host Interface    Intel Corporation    (Verified) Intel Corporation - Intel® Management Engine Firmware
IntelMeFWService.exe        956 K    1,232 K    8500    Intel® ME Service    Intel Corporation    (Verified) Intel Corporation - Intel® Management Engine Firmware
igfxHK.exe        2,264 K    8,752 K    1124    igfxHK Module    Intel Corporation    (Verified) Intel Corporation - pGFX
igfxEM.exe        3,740 K    11,656 K    5220    igfxEM Module    Intel Corporation    (Verified) Intel Corporation - pGFX
igfxCUIService.exe        1,796 K    4,460 K    1472    igfxCUIService Module    Intel Corporation    (Verified) Intel Corporation - pGFX
iCloudDrive.exe        13,648 K    24,592 K    3128    iCloud Drive    Apple Inc.    (Verified) Apple Inc.
HxTsr.exe    Suspended    7,360 K    23,236 K    5336    Microsoft Outlook Communications    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
HxMail.exe    Suspended    28,880 K    54,880 K    10364    Microsoft Outlook Mail    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
hpwuschd2.exe        1,432 K    5,136 K    17276    hpwuSchd Application    Hewlett-Packard    (Verified) Hewlett-Packard Company
HPSupportSolutionsFrameworkService.exe        37,624 K    8,208 K    9060    HP Support Solutions Framework Service    Hewlett-Packard Company    (Verified) Hewlett-Packard Company
HeciServer.exe        1,308 K    1,704 K    2756    Intel® Capability Licensing Service Interface    Intel® Corporation    (No signature was present in the subject) Intel® Corporation
dllhost.exe        3,184 K    18,600 K    9764    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dasHost.exe        4,288 K    9,144 K    2288    Device Association Framework Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
avpui.exe        72,728 K    3,608 K    17884    Kaspersky Anti-Virus    Kaspersky Lab ZAO    (Verified) Kaspersky Lab
audiodg.exe        9,276 K    13,320 K    16300    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows
ASLSvc.exe        72,168 K    27,904 K    2788    Acer SmartBoot Service    Acer Incorporated    (Verified) Acer Incorporated
APSDaemon.exe        5,880 K    15,832 K    11432    Apple Push    Apple Inc.    (Verified) Apple Inc.
ApplicationFrameHost.exe        13,920 K    29,244 K    17788    Application Frame Host    Microsoft Corporation    (Verified) Microsoft Windows
AgStdAlo.exe        36,240 K    29,376 K    15312    AgStdAlo        (Verified) Acer Incorporated
 


  • 0

#15
shorthaul99
Posted 01 March 2016 - 02:34 PM

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 133 posts

Summary
        Operating System
            Windows 10 Home 64-bit
        CPU
            Intel Core i3 4130 @ 3.40GHz    31 °C
            Haswell 22nm Technology
        RAM
            4.00GB Single-Channel DDR3 @ 798MHz (11-11-11-28)
        Motherboard
            Acer Veriton M2631 (SOCKET 0)    28 °C
        Graphics
            LG FULL HD (1920x1080@60Hz)
            Intel HD Graphics 4400 (Acer Incorporated [ALI])
        Storage
            931GB Western Digital WDC WD10EZEX-21M2NA0 SCSI Disk Device (SATA)    32 °C
        Optical Drives
            HL-DT-ST DVDRAM GHB0N SCSI CdRom Device
        Audio
            Realtek High Definition Audio
Operating System
    Windows 10 Home 64-bit
    Computer type: Desktop
    Installation Date: 11/14/2015 5:00:41 AM
    Serial Number:
        Windows Security Center
            User Account Control (UAC)    Enabled
            Notify level    0 - Never Notify
        Windows Update
            AutoUpdate    Download Automatically and Install at Set Scheduled time
            Schedule Frequency    Every Day
            Schedule Time
        Windows Defender
            Windows Defender    Disabled
        Firewall
            Firewall    Enabled
            Display Name    Kaspersky Total Security
        Antivirus
                Windows Defender
                    Antivirus    Disabled
                    Virus Signature Database    Up to date
                Kaspersky Total Security
                    Antivirus    Enabled
                    Virus Signature Database    Up to date
        .NET Frameworks installed
            v4.6 Full
            v4.6 Client
            v3.5 SP1
            v3.0 SP2
            v2.0 SP2
        Internet Explorer
            Version    11.103.10586.0
        PowerShell
            Version    5.0.10586.0
        Java
                Java Runtime Environment
                    Path    C:\Program Files (x86)\Java\jre1.8.0_73\bin\java.exe
                    Version    8.0
                    Update    73
                    Build    02
        Environment Variables
            USERPROFILE    C:\Users\Susan
            SystemRoot    C:\WINDOWS
                User Variables
                    TEMP    C:\Users\Susan\AppData\Local\Temp
                    TMP    C:\Users\Susan\AppData\Local\Temp
                Machine Variables
                    asl.log    Destination=file
                    ComSpec    C:\WINDOWS\system32\cmd.exe
                    FP_NO_HOST_CHECK    NO
                    NUMBER_OF_PROCESSORS    4
                    OS    Windows_NT
                    Path    C:\ProgramData\Oracle\Java\javapath
                    C:\Program Files (x86)\Intel\iCLS Client\
                    C:\Program Files\Intel\iCLS Client\
                    C:\WINDOWS\system32
                    C:\WINDOWS
                    C:\WINDOWS\System32\Wbem
                    C:\WINDOWS\System32\WindowsPowerShell\v1.0\
                    C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86
                    C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64
                    C:\Program Files\Intel\Intel Management Engine Components\DAL
                    C:\Program Files\Intel\Intel Management Engine Components\IPT
                    C:\Program Files (x86)\Intel\Intel Management Engine Components\DAL
                    C:\Program Files (x86)\Intel\Intel Management Engine Components\IPT
                    C:\Program Files (x86)\Skype\Phone\
                    C:\Program Files (x86)\QuickTime\QTSystem\
                    PATHEXT    .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
                    PROCESSOR_ARCHITECTURE    AMD64
                    PROCESSOR_IDENTIFIER    Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
                    PROCESSOR_LEVEL    6
                    PROCESSOR_REVISION    3c03
                    PSModulePath    C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
                    TEMP    C:\WINDOWS\TEMP
                    TMP    C:\WINDOWS\TEMP
                    USERNAME    SYSTEM
                    windir    C:\WINDOWS
                    windows_tracing_flags    3
                    windows_tracing_logfile    C:\BVTBin\Tests\installpackage\csilogfile.log
        Power Profile
            Active power scheme    Power on Demand
            Hibernation    Enabled
            Turn Off Monitor after: (On AC Power)    30 min
            Turn Off Hard Disk after: (On AC Power)    20 min
            Suspend after: (On AC Power)    300 min
            Screen saver    Disabled
        Uptime
                Current Session
                    Current Time    3/1/2016 2:31:05 PM
                    Current Uptime    703,757 sec (8 d, 03 h, 29 m, 17 s)
                    Last Boot Time    2/22/2016 11:01:48 AM
        Services
            Running    Acer SmartBoot Service
            Running    Apple Mobile Device Service
            Running    Application Host Helper Service
            Running    Application Information
            Running    Background Intelligent Transfer Service
            Running    Background Tasks Infrastructure Service
            Running    Base Filtering Engine
            Running    CNG Key Isolation
            Running    COM+ Event System
            Running    Computer Browser
            Running    Connected User Experiences and Telemetry
            Running    CoreMessaging
            Running    Credential Manager
            Running    Cryptographic Services
            Running    Data Sharing Service
            Running    DCOM Server Process Launcher
            Running    Device Association Service
            Running    DHCP Client
            Running    Diagnostic Policy Service
            Running    Diagnostic Service Host
            Running    Diagnostic System Host
            Running    Distributed Link Tracking Client
            Running    DNS Client
            Running    Empowering Technology Service
            Running    Function Discovery Provider Host
            Running    Function Discovery Resource Publication
            Running    Geolocation Service
            Running    Group Policy Client
            Running    HomeGroup Provider
            Running    HP Support Solutions Framework Service
            Running    Human Interface Device Service
            Running    IKE and AuthIP IPsec Keying Modules
            Running    Intel Capability Licensing Service Interface
            Running    Intel Dynamic Application Loader Host Interface Service
            Running    Intel HD Graphics Control Panel Service
            Running    Intel Management and Security Application Local Management Service
            Running    Intel ME Service
            Running    IP Helper
            Running    iPod Service
            Running    IPsec Policy Agent
            Running    Kaspersky Anti-Virus Service 16.0.0
            Running    Local Session Manager
            Running    MBAMScheduler
            Running    MBAMService
            Running    Message Queuing
            Running    Microsoft Account Sign-in Assistant
            Running    Microsoft Office ClickToRun Service
            Running    Net.Msmq Listener Adapter
            Running    Net.Pipe Listener Adapter
            Running    Network Connected Devices Auto-Setup
            Running    Network Connection Broker
            Running    Network List Service
            Running    Network Location Awareness
            Running    Network Setup Service
            Running    Network Store Interface Service
            Running    Office Manager Agent Service
            Running    Office Manager Console Service
            Running    Peer Name Resolution Protocol
            Running    Peer Networking Identity Manager
            Running    Plug and Play
            Running    Power
            Running    Print Spooler
            Running    Program Compatibility Assistant Service
            Running    Remote Procedure Call (RPC)
            Running    RPC Endpoint Mapper
            Running    Security Accounts Manager
            Running    Security Center
            Running    Server
            Running    Shell Hardware Detection
            Running    SSDP Discovery
            Running    State Repository Service
            Running    Storage Service
            Running    Superfetch
            Running    System Event Notification Service
            Running    System Events Broker
            Running    Task Scheduler
            Running    TCP/IP NetBIOS Helper
            Running    Themes
            Running    Tile Data model server
            Running    Time Broker
            Running    User Manager
            Running    User Profile Service
            Running    Windows Audio
            Running    Windows Audio Endpoint Builder
            Running    Windows Connection Manager
            Running    Windows Driver Foundation - User-mode Driver Framework
            Running    Windows Event Log
            Running    Windows Firewall
            Running    Windows Font Cache Service
            Running    Windows License Manager Service
            Running    Windows Management Instrumentation
            Running    Windows Presentation Foundation Font Cache 3.0.0.0
            Running    Windows Process Activation Service
            Running    Windows Search
            Running    Windows Time
            Running    WinHTTP Web Proxy Auto-Discovery Service
            Running    Workstation
            Running    World Wide Web Publishing Service
            Running    Xbox Live Auth Manager
            Stopped    ActiveX Installer (AxInstSV)
            Stopped    Adobe Acrobat Update Service
            Stopped    Adobe Flash Player Update Service
            Stopped    AllJoyn Router Service
            Stopped    App Readiness
            Stopped    Application Identity
            Stopped    Application Layer Gateway Service
            Stopped    AppX Deployment Service (AppXSVC)
            Stopped    ASP.NET State Service
            Stopped    Auto Time Zone Updater
            Stopped    BitLocker Drive Encryption Service
            Stopped    Block Level Backup Engine Service
            Stopped    Bluetooth Handsfree Service
            Stopped    Bluetooth Support Service
            Stopped    Certificate Propagation
            Stopped    Client License Service (ClipSVC)
            Stopped    COM+ System Application
            Stopped    Connected Device Platform Service
            Stopped    DataCollectionPublishingService
            Stopped    Delivery Optimization
            Stopped    Device Install Service
            Stopped    Device Management Enrollment Service
            Stopped    Device Setup Manager
            Stopped    DevQuery Background Discovery Broker
            Stopped    Distributed Transaction Coordinator
            Stopped    dmwappushsvc
            Stopped    Downloaded Maps Manager
            Stopped    embeddedmode
            Stopped    Encrypting File System (EFS)
            Stopped    Enterprise App Management Service
            Stopped    Extensible Authentication Protocol
            Stopped    Fax
            Stopped    File History Service
            Stopped    HomeGroup Listener
            Stopped    Hyper-V Data Exchange Service
            Stopped    Hyper-V Guest Service Interface
            Stopped    Hyper-V Guest Shutdown Service
            Stopped    Hyper-V Heartbeat Service
            Stopped    Hyper-V Remote Desktop Virtualization Service
            Stopped    Hyper-V Time Synchronization Service
            Stopped    Hyper-V VM Session Service
            Stopped    Hyper-V Volume Shadow Copy Requestor
            Stopped    Intel Capability Licensing Service TCP IP Interface
            Stopped    Intel Content Protection HECI Service
            Stopped    Interactive Services Detection
            Stopped    Internet Connection Sharing (ICS)
            Stopped    Internet Explorer ETW Collector Service
            Stopped    KtmRm for Distributed Transaction Coordinator
            Stopped    Link-Layer Topology Discovery Mapper
            Stopped    Live Updater Service
            Stopped    Microsoft Diagnostics Hub Standard Collector Service
            Stopped    Microsoft iSCSI Initiator Service
            Stopped    Microsoft Passport
            Stopped    Microsoft Passport Container
            Stopped    Microsoft Software Shadow Copy Provider
            Stopped    Microsoft Storage Spaces SMP
            Stopped    Microsoft Windows SMS Router Service.
            Stopped    Mozilla Maintenance Service
            Stopped    Net.Tcp Listener Adapter
            Stopped    Net.Tcp Port Sharing Service
            Stopped    Netlogon
            Stopped    Network Connections
            Stopped    Network Connectivity Assistant
            Stopped    Office Source Engine
            Stopped    Optimize drives
            Stopped    Peer Networking Grouping
            Stopped    Performance Counter DLL Host
            Stopped    Performance Logs & Alerts
            Stopped    Phone Service
            Stopped    PNRP Machine Name Publication Service
            Stopped    Portable Device Enumerator Service
            Stopped    Printer Extensions and Notifications
            Stopped    Problem Reports and Solutions Control Panel Support
            Stopped    Quality Windows Audio Video Experience
            Stopped    Remote Access Auto Connection Manager
            Stopped    Remote Access Connection Manager
            Stopped    Remote Desktop Configuration
            Stopped    Remote Desktop Services
            Stopped    Remote Desktop Services UserMode Port Redirector
            Stopped    Remote Procedure Call (RPC) Locator
            Stopped    Remote Registry
            Stopped    Retail Demo Service
            Stopped    Routing and Remote Access
            Stopped    Secondary Logon
            Stopped    Secure Socket Tunneling Protocol Service
            Stopped    Sensor Data Service
            Stopped    Sensor Monitoring Service
            Stopped    Sensor Service
            Stopped    Skype Updater
            Stopped    Smart Card
            Stopped    Smart Card Device Enumeration Service
            Stopped    Smart Card Removal Policy
            Stopped    SNMP Trap
            Stopped    Software Protection
            Stopped    Spot Verifier
            Stopped    Still Image Acquisition Events
            Stopped    Storage Tiers Management
            Stopped    Telephony
            Stopped    Touch Keyboard and Handwriting Panel Service
            Stopped    Update Orchestrator Service
            Stopped    UPnP Device Host
            Stopped    Virtual Disk
            Stopped    Volume Shadow Copy
            Stopped    vssbrigde64
            Stopped    W3C Logging Service
            Stopped    WalletService
            Stopped    WebClient
            Stopped    Windows Backup
            Stopped    Windows Biometric Service
            Stopped    Windows Color System
            Stopped    Windows Connect Now - Config Registrar
            Stopped    Windows Defender Network Inspection Service
            Stopped    Windows Defender Service
            Stopped    Windows Encryption Provider Host Service
            Stopped    Windows Error Reporting Service
            Stopped    Windows Event Collector
            Paused    Windows Image Acquisition (WIA)
            Stopped    Windows Installer
            Stopped    Windows Media Player Network Sharing Service
            Stopped    Windows Mobile Hotspot Service
            Stopped    Windows Modules Installer
            Stopped    Windows Push Notifications Service
            Stopped    Windows Remote Management (WS-Management)
            Stopped    Windows Store Service (WSService)
            Stopped    Windows Update
            Stopped    Wired AutoConfig
            Stopped    WLAN AutoConfig
            Stopped    WMI Performance Adapter
            Stopped    Work Folders
            Stopped    WWAN AutoConfig
            Stopped    Xbox Live Game Save
            Stopped    Xbox Live Networking Service
        TimeZone
            TimeZone    GMT -6:00 Hours
            Language    English (United States)
            Location    United States
            Format    English (United States)
            Currency    $
            Date Format    M/d/yyyy
            Time Format    h:mm:ss tt
        Scheduler
            3/1/2016 2:37 PM;    Adobe Flash Player Updater
            3/1/2016 3:04 PM;    HPCustParticipation HP Officejet Pro 8610
            3/6/2016 1:42 PM;    Apple Diagnostics
            4/1/2016 4:04 AM;    UALU notificatin
            Adobe Acrobat Update Task
            HP AR Program Upload - d432f310de654d39a1c21d7f21d93dd605c40597a78b43ffa4369f811e27cac8
        Hotfixes
                Installed
                        2/13/2016  Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - February 2016 (KB890830)
                            After the download, this tool runs one time to check your computer
                            for infection by specific, prevalent malicious software (including
                            Blaster, Sasser, and Mydoom) and helps remove any infection that
                            is found. If an infection is found, the tool will display a status
                            report the next time that you start your computer. A new version
                            of the tool will be offered every month. If you want to manually
                            run the tool on your computer, you can download a copy from the
                            Microsoft Download Center, or you can run an online version from
                            microsoft.com. This tool is not a replacement for an antivirus
                            product. To help protect your computer, you should use an antivirus
                            product.
                        2/10/2016  Security Update for Adobe Flash Player for Windows 10 Version 1511 for x64-based Systems (KB3135782)
                            A security issue has been identified in a Microsoft software
                            product that could affect your system. You can help protect your
                            system by installing this update from Microsoft. For a complete
                            listing of the issues that are included in this update, see the
                            associated Microsoft Knowledge Base article. After you install
                            this update, you may have to restart your system.
                        2/10/2016  Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3135173)
                            A security issue has been identified in a Microsoft software
                            product that could affect your system. You can help protect your
                            system by installing this update from Microsoft. For a complete
                            listing of the issues that are included in this update, see the
                            associated Microsoft Knowledge Base article. After you install
                            this update, you may have to restart your system.
                        1/31/2016  Intel Corporation driver update for Intel® HD Graphics 4400
                            This driver was provided by Intel Corporation for support of
                            Intel HD Graphics 4400
                        1/27/2016  Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3124262)
                            A security issue has been identified in a Microsoft software
                            product that could affect your system. You can help protect your
                            system by installing this update from Microsoft. For a complete
                            listing of the issues that are included in this update, see the
                            associated Microsoft Knowledge Base article. After you install
                            this update, you may have to restart your system.
                        1/12/2016  Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3124263)
                            A security issue has been identified in a Microsoft software
                            product that could affect your system. You can help protect your
                            system by installing this update from Microsoft. For a complete
                            listing of the issues that are included in this update, see the
                            associated Microsoft Knowledge Base article. After you install
                            this update, you may have to restart your system.
                        1/12/2016  Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - January 2016 (KB890830)
                            After the download, this tool runs one time to check your computer
                            for infection by specific, prevalent malicious software (including
                            Blaster, Sasser, and Mydoom) and helps remove any infection that
                            is found. If an infection is found, the tool will display a status
                            report the next time that you start your computer. A new version
                            of the tool will be offered every month. If you want to manually
                            run the tool on your computer, you can download a copy from the
                            Microsoft Download Center, or you can run an online version from
                            microsoft.com. This tool is not a replacement for an antivirus
                            product. To help protect your computer, you should use an antivirus
                            product.
                        1/8/2016  Update for Internet Explorer Flash Player for Windows 10 Version 1511 for x64-based Systems (KB3133431)
                            Install this update to resolve issues in Windows. For a complete
                            listing of the issues that are included in this update, see the
                            associated Microsoft Knowledge Base article for more information.
                            After you install this item, you may have to restart your computer.
                        12/29/2015  Security Update for Internet Explorer Flash Player for Windows 10 Version 1511 for x64-based Systems (KB3132372)
                            A security issue has been identified in a Microsoft software
                            product that could affect your system. You can help protect your
                            system by installing this update from Microsoft. For a complete
                            listing of the issues that are included in this update, see the
                            associated Microsoft Knowledge Base article. After you install
                            this update, you may have to restart your system.
                        12/18/2015  Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3124200)
                            Install this update to resolve issues in Windows. For a complete
                            listing of the issues that are included in this update, see the
                            associated Microsoft Knowledge Base article for more information.
                            After you install this item, you may have to restart your computer.
                        12/13/2015  Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - December 2015 (KB890830)
                            After the download, this tool runs one time to check your computer
                            for infection by specific, prevalent malicious software (including
                            Blaster, Sasser, and Mydoom) and helps remove any infection that
                            is found. If an infection is found, the tool will display a status
                            report the next time that you start your computer. A new version
                            of the tool will be offered every month. If you want to manually
                            run the tool on your computer, you can download a copy from the
                            Microsoft Download Center, or you can run an online version from
                            microsoft.com. This tool is not a replacement for an antivirus
                            product. To help protect your computer, you should use an antivirus
                            product.
                        12/9/2015  Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3116900)
                            A security issue has been identified in a Microsoft software
                            product that could affect your system. You can help protect your
                            system by installing this update from Microsoft. For a complete
                            listing of the issues that are included in this update, see the
                            associated Microsoft Knowledge Base article. After you install
                            this update, you may have to restart your system.
                        12/9/2015  Security Update for Internet Explorer Flash Player for Windows 10 Version 1511 for x64-based Systems (KB3119147)
                            A security issue has been identified in a Microsoft software
                            product that could affect your system. You can help protect your
                            system by installing this update from Microsoft. For a complete
                            listing of the issues that are included in this update, see the
                            associated Microsoft Knowledge Base article. After you install
                            this update, you may have to restart your system.
                        12/9/2015  Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - December 2015 (KB890830)
                            After the download, this tool runs one time to check your computer
                            for infection by specific, prevalent malicious software (including
                            Blaster, Sasser, and Mydoom) and helps remove any infection that
                            is found. If an infection is found, the tool will display a status
                            report the next time that you start your computer. A new version
                            of the tool will be offered every month. If you want to manually
                            run the tool on your computer, you can download a copy from the
                            Microsoft Download Center, or you can run an online version from
                            microsoft.com. This tool is not a replacement for an antivirus
                            product. To help protect your computer, you should use an antivirus
                            product.
                        12/5/2015  Update for Windows 10 Version 1511 for x64-based Systems (KB3122947)
                            Install this update to resolve issues in Windows. For a complete
                            listing of the issues that are included in this update, see the
                            associated Microsoft Knowledge Base article for more information.
                            After you install this item, you may have to restart your computer.
                        12/3/2015  Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3116908)
                            Install this update to resolve issues in Windows. For a complete
                            listing of the issues that are included in this update, see the
                            associated Microsoft Knowledge Base article for more information.
                            After you install this item, you may have to restart your computer.
                        11/25/2015  Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3120677)
                            Install this update to resolve issues in Windows. For a complete
                            listing of the issues that are included in this update, see the
                            associated Microsoft Knowledge Base article for more information.
                            After you install this item, you may have to restart your computer.
                        11/19/2015  Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3118754)
                            Install this update to resolve issues in Windows. For a complete
                            listing of the issues that are included in this update, see the
                            associated Microsoft Knowledge Base article for more information.
                            After you install this item, you may have to restart your computer.
                        11/18/2015  Security Update for Internet Explorer Flash Player for Windows 10 Version 1511 for x64-based Systems (KB3103688)
                            A security issue has been identified in a Microsoft software
                            product that could affect your system. You can help protect your
                            system by installing this update from Microsoft. For a complete
                            listing of the issues that are included in this update, see the
                            associated Microsoft Knowledge Base article. After you install
                            this update, you may have to restart your system.
                        11/18/2015  Definition Update for Windows Defender - KB2267602 (Definition 1.211.4.0)
                            Install this update to revise the definition files that are used
                            to detect viruses, spyware, and other potentially unwanted software.
                            Once you have installed this item, it cannot be removed.
                        11/16/2015  Definition Update for Windows Defender - KB2267602 (Definition 1.209.3174.0)
                            Install this update to revise the definition files that are used
                            to detect viruses, spyware, and other potentially unwanted software.
                            Once you have installed this item, it cannot be removed.
                        11/15/2015  Definition Update for Windows Defender - KB2267602 (Definition 1.209.2988.0)
                            Install this update to revise the definition files that are used
                            to detect viruses, spyware, and other potentially unwanted software.
                            Once you have installed this item, it cannot be removed.
                        11/14/2015  Definition Update for Windows Defender - KB2267602 (Definition 1.209.2871.0)
                            Install this update to revise the definition files that are used
                            to detect viruses, spyware, and other potentially unwanted software.
                            Once you have installed this item, it cannot be removed.
                Not Installed
                        2/12/2016  Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - February 2016 (KB890830)
                            Installation Status    Failed
                            After the download, this tool runs one time to check your computer
                            for infection by specific, prevalent malicious software (including
                            Blaster, Sasser, and Mydoom) and helps remove any infection that
                            is found. If an infection is found, the tool will display a status
                            report the next time that you start your computer. A new version
                            of the tool will be offered every month. If you want to manually
                            run the tool on your computer, you can download a copy from the
                            Microsoft Download Center, or you can run an online version from
                            microsoft.com. This tool is not a replacement for an antivirus
                            product. To help protect your computer, you should use an antivirus
                            product.
                        2/11/2016  Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - February 2016 (KB890830)
                            Installation Status    Failed
                            After the download, this tool runs one time to check your computer
                            for infection by specific, prevalent malicious software (including
                            Blaster, Sasser, and Mydoom) and helps remove any infection that
                            is found. If an infection is found, the tool will display a status
                            report the next time that you start your computer. A new version
                            of the tool will be offered every month. If you want to manually
                            run the tool on your computer, you can download a copy from the
                            Microsoft Download Center, or you can run an online version from
                            microsoft.com. This tool is not a replacement for an antivirus
                            product. To help protect your computer, you should use an antivirus
                            product.
                        2/10/2016  Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - February 2016 (KB890830)
                            Installation Status    Failed
                            After the download, this tool runs one time to check your computer
                            for infection by specific, prevalent malicious software (including
                            Blaster, Sasser, and Mydoom) and helps remove any infection that
                            is found. If an infection is found, the tool will display a status
                            report the next time that you start your computer. A new version
                            of the tool will be offered every month. If you want to manually
                            run the tool on your computer, you can download a copy from the
                            Microsoft Download Center, or you can run an online version from
                            microsoft.com. This tool is not a replacement for an antivirus
                            product. To help protect your computer, you should use an antivirus
                            product.
                        1/27/2016  Hewlett-Packard  - Other hardware, Printer - Null Print - HP Officejet Pro 8610
                            Installation Status    Failed
                            Hewlett-Packard Other hardware, Printer software update released
                            in August, 2013
                        1/27/2016  Hewlett-Packard  - Other hardware, Printer - Null Print - HP Officejet Pro 8610
                            Installation Status    Failed
                            Hewlett-Packard Other hardware, Printer software update released
                            in August, 2013
                        1/26/2016  Hewlett-Packard  - Other hardware, Printer - Null Print - HP Officejet Pro 8610
                            Installation Status    Failed
                            Hewlett-Packard Other hardware, Printer software update released
                            in August, 2013
                        1/25/2016  Hewlett-Packard  - Other hardware, Printer - Null Print - HP Officejet Pro 8610
                            Installation Status    Failed
                            Hewlett-Packard Other hardware, Printer software update released
                            in August, 2013
                        1/24/2016  Hewlett-Packard  - Other hardware, Printer - Null Print - HP Officejet Pro 8610
                            Installation Status    Failed
                            Hewlett-Packard Other hardware, Printer software update released
                            in August, 2013
                        1/22/2016  Hewlett-Packard  - Other hardware, Printer - Null Print - HP Officejet Pro 8610
                            Installation Status    Failed
                            Hewlett-Packard Other hardware, Printer software update released
                            in August, 2013
                        12/13/2015  Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - December 2015 (KB890830)
                            Installation Status    Failed
                            After the download, this tool runs one time to check your computer
                            for infection by specific, prevalent malicious software (including
                            Blaster, Sasser, and Mydoom) and helps remove any infection that
                            is found. If an infection is found, the tool will display a status
                            report the next time that you start your computer. A new version
                            of the tool will be offered every month. If you want to manually
                            run the tool on your computer, you can download a copy from the
                            Microsoft Download Center, or you can run an online version from
                            microsoft.com. This tool is not a replacement for an antivirus
                            product. To help protect your computer, you should use an antivirus
                            product.
        System Folders
            Application Data    C:\ProgramData
            Cookies    C:\Users\Susan\AppData\Local\Microsoft\Windows\INetCookies
            Desktop    C:\Users\Susan\Desktop
            Documents    C:\Users\Public\Documents
            Fonts    C:\WINDOWS\Fonts
            Global Favorites    C:\Users\Susan\Favorites
            Internet History    C:\Users\Susan\AppData\Local\Microsoft\Windows\History
            Local Application Data    C:\Users\Susan\AppData\Local
            Music    C:\Users\Public\Music
            Path for burning CD    C:\Users\Susan\AppData\Local\Microsoft\Windows\Burn\Burn
            Physical Desktop    C:\Users\Susan\Desktop
            Pictures    C:\Users\Public\Pictures
            Program Files    C:\Program Files
            Public Desktop    C:\Users\Public\Desktop
            Start Menu    C:\ProgramData\Microsoft\Windows\Start Menu
            Start Menu Programs    C:\ProgramData\Microsoft\Windows\Start Menu\Programs
            Startup    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
            Templates    C:\ProgramData\Microsoft\Windows\Templates
            Temporary Internet Files    C:\Users\Susan\AppData\Local\Microsoft\Windows\INetCache
            User Favorites    C:\Users\Susan\Favorites
            Videos    C:\Users\Public\Videos
            Windows Directory    C:\WINDOWS
            Windows/System    C:\WINDOWS\system32
        Process List
                AgStdAlo.exe
                    Process ID    15312
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files\Acer\Acer Office Manager Agent\AgStdAlo.exe
                    Memory Usage    29 MB
                    Peak Memory Usage    30 MB
                AgSvc.exe
                    Process ID    9084
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files\Acer\Acer Office Manager Agent\AgSvc.exe
                    Memory Usage    16 MB
                    Peak Memory Usage    49 MB
                AppleMobileDeviceService.exe
                    Process ID    2848
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                    Memory Usage    4.06 MB
                    Peak Memory Usage    14 MB
                ApplicationFrameHost.exe
                    Process ID    17788
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Windows\System32\ApplicationFrameHost.exe
                    Memory Usage    29 MB
                    Peak Memory Usage    31 MB
                APSDaemon.exe
                    Process ID    11432
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
                    Memory Usage    15 MB
                    Peak Memory Usage    19 MB
                ASLSvc.exe
                    Process ID    2788
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe
                    Memory Usage    27 MB
                    Peak Memory Usage    33 MB
                audiodg.exe
                    Process ID    16300
                    User    LOCAL SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\audiodg.exe
                    Memory Usage    13 MB
                    Peak Memory Usage    20 MB
                avp.exe
                    Process ID    2868
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
                    Memory Usage    175 MB
                    Peak Memory Usage    502 MB
                avpui.exe
                    Process ID    17884
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
                    Memory Usage    7.16 MB
                    Peak Memory Usage    104 MB
                ConSvc.exe
                    Process ID    3500
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files\Acer\Acer Office Manager Console\ConSvc.exe
                    Memory Usage    18 MB
                    Peak Memory Usage    37 MB
                CSISYNCCLIENT.EXE
                    Process ID    14584
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
                    Memory Usage    29 MB
                    Peak Memory Usage    31 MB
                csrss.exe
                    Process ID    692
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\csrss.exe
                    Memory Usage    2.09 MB
                    Peak Memory Usage    4.00 MB
                csrss.exe
                    Process ID    16296
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\csrss.exe
                    Memory Usage    6.46 MB
                    Peak Memory Usage    30 MB
                dasHost.exe
                    Process ID    2288
                    User    LOCAL SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\dasHost.exe
                    Memory Usage    8.92 MB
                    Peak Memory Usage    11 MB
                dllhost.exe
                    Process ID    9764
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Windows\System32\dllhost.exe
                    Memory Usage    18 MB
                    Peak Memory Usage    50 MB
                Dual Smart Solution.exe
                    Process ID    7200
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe
                    Memory Usage    8.41 MB
                    Peak Memory Usage    8.54 MB
                dwm.exe
                    Process ID    5492
                    User    DWM-2
                    Domain    Window Manager
                    Path    C:\Windows\System32\dwm.exe
                    Memory Usage    40 MB
                    Peak Memory Usage    61 MB
                ETService.exe
                    Process ID    2780
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
                    Memory Usage    7.40 MB
                    Peak Memory Usage    22 MB
                explorer.exe
                    Process ID    10084
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Windows\explorer.exe
                    Memory Usage    98 MB
                    Peak Memory Usage    110 MB
                firefox.exe
                    Process ID    11884
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                    Memory Usage    366 MB
                    Peak Memory Usage    444 MB
                HeciServer.exe
                    Process ID    2756
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files\Intel\iCLS Client\HeciServer.exe
                    Memory Usage    1.65 MB
                    Peak Memory Usage    6.63 MB
                HPNetworkCommunicatorCom.exe
                    Process ID    19016
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
                    Memory Usage    11 MB
                    Peak Memory Usage    11 MB
                HPSupportSolutionsFrameworkService.exe
                    Process ID    9060
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
                    Memory Usage    8.02 MB
                    Peak Memory Usage    40 MB
                hpwuschd2.exe
                    Process ID    17276
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
                    Memory Usage    4.99 MB
                    Peak Memory Usage    5.39 MB
                HxMail.exe
                    Process ID    10364
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.46121.0_x64__8wekyb3d8bbwe\HxMail.exe
                    Memory Usage    54 MB
                    Peak Memory Usage    84 MB
                HxTsr.exe
                    Process ID    5336
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.46121.0_x64__8wekyb3d8bbwe\HxTsr.exe
                    Memory Usage    23 MB
                    Peak Memory Usage    26 MB
                iCloudDrive.exe
                    Process ID    3128
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
                    Memory Usage    24 MB
                    Peak Memory Usage    33 MB
                iCloudPhotos.exe
                    Process ID    17860
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
                    Memory Usage    25 MB
                    Peak Memory Usage    38 MB
                iCloudServices.exe
                    Process ID    17808
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
                    Memory Usage    124 MB
                    Peak Memory Usage    128 MB
                igfxCUIService.exe
                    Process ID    1472
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\igfxCUIService.exe
                    Memory Usage    4.33 MB
                    Peak Memory Usage    8.26 MB
                igfxEM.exe
                    Process ID    5220
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Windows\System32\igfxEM.exe
                    Memory Usage    11 MB
                    Peak Memory Usage    12 MB
                igfxHK.exe
                    Process ID    1124
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Windows\System32\igfxHK.exe
                    Memory Usage    8.50 MB
                    Peak Memory Usage    8.95 MB
                IntelMeFWService.exe
                    Process ID    8500
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files (x86)\Intel\Intel Management Engine Components\FWService\IntelMeFWService.exe
                    Memory Usage    1.20 MB
                    Peak Memory Usage    4.46 MB
                iPodService.exe
                    Process ID    7860
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files\iPod\bin\iPodService.exe
                    Memory Usage    4.38 MB
                    Peak Memory Usage    7.57 MB
                iTunesHelper.exe
                    Process ID    6380
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files\iTunes\iTunesHelper.exe
                    Memory Usage    15 MB
                    Peak Memory Usage    16 MB
                iusb3mon.exe
                    Process ID    12916
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files (x86)\Intel\Intel USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
                    Memory Usage    6.23 MB
                    Peak Memory Usage    6.76 MB
                Jhi_service.exe
                    Process ID    9176
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files (x86)\Intel\Intel Management Engine Components\DAL\Jhi_service.exe
                    Memory Usage    1.48 MB
                    Peak Memory Usage    5.54 MB
                jusched.exe
                    Process ID    13604
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                    Memory Usage    6.02 MB
                    Peak Memory Usage    6.63 MB
                kpm.exe
                    Process ID    16664
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm.exe
                    Memory Usage    80 MB
                    Peak Memory Usage    89 MB
                LMS.exe
                    Process ID    2880
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files (x86)\Intel\Intel Management Engine Components\LMS\LMS.exe
                    Memory Usage    2.78 MB
                    Peak Memory Usage    12 MB
                lsass.exe
                    Process ID    956
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\lsass.exe
                    Memory Usage    11 MB
                    Peak Memory Usage    14 MB
                mbam.exe
                    Process ID    5128
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
                    Memory Usage    45 MB
                    Peak Memory Usage    169 MB
                mbamscheduler.exe
                    Process ID    2824
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
                    Memory Usage    5.68 MB
                    Peak Memory Usage    12 MB
                mbamservice.exe
                    Process ID    2816
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
                    Memory Usage    116 MB
                    Peak Memory Usage    362 MB
                Microsoft.Photos.exe
                    Process ID    5160
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
                    Memory Usage    62 MB
                    Peak Memory Usage    290 MB
                mqsvc.exe
                    Process ID    2476
                    User    NETWORK SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\mqsvc.exe
                    Memory Usage    3.74 MB
                    Peak Memory Usage    12 MB
                MSOSYNC.EXE
                    Process ID    7040
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
                    Memory Usage    32 MB
                    Peak Memory Usage    33 MB
                notepad.exe
                    Process ID    12352
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Windows\System32\notepad.exe
                    Memory Usage    13 MB
                    Peak Memory Usage    13 MB
                OfficeClickToRun.exe
                    Process ID    13260
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
                    Memory Usage    21 MB
                    Peak Memory Usage    78 MB
                OneDrive.exe
                    Process ID    10912
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Users\Susan\AppData\Local\Microsoft\OneDrive\OneDrive.exe
                    Memory Usage    28 MB
                    Peak Memory Usage    32 MB
                PowerSaverTray.exe
                    Process ID    12232
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe
                    Memory Usage    8.19 MB
                    Peak Memory Usage    8.46 MB
                PresentationFontCache.exe
                    Process ID    4996
                    User    LOCAL SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
                    Memory Usage    6.46 MB
                    Peak Memory Usage    23 MB
                procexp.exe
                    Process ID    7280
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Users\Susan\Desktop\procexp.exe
                    Memory Usage    10 MB
                    Peak Memory Usage    12 MB
                procexp64.exe
                    Process ID    13404
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Users\Susan\AppData\Local\Temp\procexp64.exe
                    Memory Usage    59 MB
                    Peak Memory Usage    66 MB
                RAVCpl64.exe
                    Process ID    12952
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                    Memory Usage    12 MB
                    Peak Memory Usage    13 MB
                RuntimeBroker.exe
                    Process ID    2108
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Windows\System32\RuntimeBroker.exe
                    Memory Usage    77 MB
                    Peak Memory Usage    77 MB
                ScanToPCActivationApp.exe
                    Process ID    11932
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
                    Memory Usage    14 MB
                    Peak Memory Usage    15 MB
                SearchFilterHost.exe
                    Process ID    12992
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\SearchFilterHost.exe
                    Memory Usage    9.39 MB
                    Peak Memory Usage    9.41 MB
                SearchIndexer.exe
                    Process ID    1184
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\SearchIndexer.exe
                    Memory Usage    41 MB
                    Peak Memory Usage    41 MB
                SearchProtocolHost.exe
                    Process ID    17320
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\SearchProtocolHost.exe
                    Memory Usage    17 MB
                    Peak Memory Usage    17 MB
                SearchProtocolHost.exe
                    Process ID    15240
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Windows\System32\SearchProtocolHost.exe
                    Memory Usage    6.32 MB
                    Peak Memory Usage    6.32 MB
                SearchUI.exe
                    Process ID    9800
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                    Memory Usage    53 MB
                    Peak Memory Usage    92 MB
                services.exe
                    Process ID    940
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\services.exe
                    Memory Usage    5.02 MB
                    Peak Memory Usage    14 MB
                SettingSyncHost.exe
                    Process ID    11124
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Windows\System32\SettingSyncHost.exe
                    Memory Usage    17 MB
                    Peak Memory Usage    25 MB
                ShellExperienceHost.exe
                    Process ID    16952
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
                    Memory Usage    49 MB
                    Peak Memory Usage    74 MB
                sihost.exe
                    Process ID    17440
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Windows\System32\sihost.exe
                    Memory Usage    21 MB
                    Peak Memory Usage    21 MB
                SkypeHost.exe
                    Process ID    1900
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
                    Memory Usage    11 MB
                    Peak Memory Usage    41 MB
                SmartHookTestApp.exe
                    Process ID    18356
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\SmartHookTestApp.exe
                    Memory Usage    7.45 MB
                    Peak Memory Usage    7.92 MB
                smss.exe
                    Process ID    480
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\smss.exe
                    Memory Usage    528 KB
                    Peak Memory Usage    1.22 MB
                SMSvcHost.exe
                    Process ID    3444
                    User    NETWORK SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
                    Memory Usage    2.31 MB
                    Peak Memory Usage    15 MB
                SMSvcHost.exe
                    Process ID    3308
                    User    LOCAL SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
                    Memory Usage    2.58 MB
                    Peak Memory Usage    23 MB
                Speccy64.exe
                    Process ID    17232
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files\Speccy\Speccy64.exe
                    Memory Usage    29 MB
                    Peak Memory Usage    29 MB
                spoolsv.exe
                    Process ID    1972
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\spoolsv.exe
                    Memory Usage    14 MB
                    Peak Memory Usage    21 MB
                svchost.exe
                    Process ID    1084
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\svchost.exe
                    Memory Usage    80 MB
                    Peak Memory Usage    117 MB
                svchost.exe
                    Process ID    1168
                    User    LOCAL SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\svchost.exe
                    Memory Usage    21 MB
                    Peak Memory Usage    31 MB
                svchost.exe
                    Process ID    1244
                    User    LOCAL SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\svchost.exe
                    Memory Usage    19 MB
                    Peak Memory Usage    29 MB
                svchost.exe
                    Process ID    1392
                    User    LOCAL SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\svchost.exe
                    Memory Usage    19 MB
                    Peak Memory Usage    108 MB
                svchost.exe
                    Process ID    2452
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\svchost.exe
                    Memory Usage    2.65 MB
                    Peak Memory Usage    10 MB
                svchost.exe
                    Process ID    2236
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\svchost.exe
                    Memory Usage    19 MB
                    Peak Memory Usage    28 MB
                svchost.exe
                    Process ID    1596
                    User    NETWORK SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\svchost.exe
                    Memory Usage    17 MB
                    Peak Memory Usage    49 MB
                svchost.exe
                    Process ID    2528
                    User    LOCAL SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\svchost.exe
                    Memory Usage    4.00 MB
                    Peak Memory Usage    14 MB
                svchost.exe
                    Process ID    2228
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\svchost.exe
                    Memory Usage    2.88 MB
                    Peak Memory Usage    9.91 MB
                svchost.exe
                    Process ID    2072
                    User    NETWORK SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\svchost.exe
                    Memory Usage    3.45 MB
                    Peak Memory Usage    7.75 MB
                svchost.exe
                    Process ID    548
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\svchost.exe
                    Memory Usage    50 MB
                    Peak Memory Usage    194 MB
                svchost.exe
                    Process ID    1056
                    User    LOCAL SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\svchost.exe
                    Memory Usage    8.12 MB
                    Peak Memory Usage    8.15 MB
                svchost.exe
                    Process ID    2572
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\svchost.exe
                    Memory Usage    16 MB
                    Peak Memory Usage    20 MB
                svchost.exe
                    Process ID    380
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\svchost.exe
                    Memory Usage    14 MB
                    Peak Memory Usage    28 MB
                svchost.exe
                    Process ID    492
                    User    NETWORK SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\svchost.exe
                    Memory Usage    8.20 MB
                    Peak Memory Usage    11 MB
                svchost.exe
                    Process ID    1204
                    User    LOCAL SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\svchost.exe
                    Memory Usage    6.39 MB
                    Peak Memory Usage    11 MB
                svchost.exe
                    Process ID    10576
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Windows\System32\svchost.exe
                    Memory Usage    41 MB
                    Peak Memory Usage    46 MB
                System
                    Process ID    4
                    Memory Usage    388 MB
                    Peak Memory Usage    659 MB
                System Idle Process
                    Process ID    0
                SystemSettings.exe
                    Process ID    13020
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Windows\ImmersiveControlPanel\SystemSettings.exe
                    Memory Usage    34 MB
                    Peak Memory Usage    44 MB
                taskhostw.exe
                    Process ID    13048
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Windows\System32\taskhostw.exe
                    Memory Usage    14 MB
                    Peak Memory Usage    15 MB
                TestDDCCI.exe
                    Process ID    18496
                    User    Susan
                    Domain    SUSAN-PC
                    Path    C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe
                    Memory Usage    8.27 MB
                    Peak Memory Usage    9.61 MB
                unsecapp.exe
                    Process ID    3060
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\wbem\unsecapp.exe
                    Memory Usage    2.86 MB
                    Peak Memory Usage    6.01 MB
                wininit.exe
                    Process ID    816
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\wininit.exe
                    Memory Usage    2.65 MB
                    Peak Memory Usage    4.77 MB
                winlogon.exe
                    Process ID    11332
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\winlogon.exe
                    Memory Usage    6.59 MB
                    Peak Memory Usage    15 MB
                WmiPrvSE.exe
                    Process ID    3588
                    User    NETWORK SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\wbem\WmiPrvSE.exe
                    Memory Usage    19 MB
                    Peak Memory Usage    19 MB
                WmiPrvSE.exe
                    Process ID    19440
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\wbem\WmiPrvSE.exe
                    Memory Usage    11 MB
                    Peak Memory Usage    11 MB
                WmiPrvSE.exe
                    Process ID    15536
                    User    NETWORK SERVICE
                    Domain    NT AUTHORITY
                    Path    C:\Windows\System32\wbem\WmiPrvSE.exe
                    Memory Usage    7.41 MB
                    Peak Memory Usage    7.46 MB
        Security Options
            Accounts: Administrator account status    Disabled
            Accounts: Block Microsoft accounts    Not Defined
            Accounts: Guest account status    Disabled
            Accounts: Limit local account use of blank passwords to console logon only    Enabled
            Accounts: Rename administrator account    Administrator
            Accounts: Rename guest account    Guest
            Audit: Audit the access of global system objects    Disabled
            Audit: Audit the use of Backup and Restore privilege    Disabled
            Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings    Not Defined
            Audit: Shut down system immediately if unable to log security audits    Disabled
            DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax    Not Defined
            DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax    Not Defined
            Devices: Allow undock without having to log on    Enabled
            Devices: Allowed to format and eject removable media    Not Defined
            Devices: Prevent users from installing printer drivers    Disabled
            Devices: Restrict CD-ROM access to locally logged-on user only    Not Defined
            Devices: Restrict floppy access to locally logged-on user only    Not Defined
            Domain controller: Allow server operators to schedule tasks    Not Defined
            Domain controller: LDAP server signing requirements    Not Defined
            Domain controller: Refuse machine account password changes    Not Defined
            Domain member: Digitally encrypt or sign secure channel data (always)    Enabled
            Domain member: Digitally encrypt secure channel data (when possible)    Enabled
            Domain member: Digitally sign secure channel data (when possible)    Enabled
            Domain member: Disable machine account password changes    Disabled
            Domain member: Maximum machine account password age    30 days
            Domain member: Require strong (Windows 2000 or later) session key    Enabled
            Interactive logon: Display user information when the session is locked    Not Defined
            Interactive logon: Do not display last user name    Disabled
            Interactive logon: Do not require CTRL+ALT+DEL    Not Defined
            Interactive logon: Machine account lockout threshold    Not Defined
            Interactive logon: Machine inactivity limit    Not Defined
            Interactive logon: Message text for users attempting to log on
            Interactive logon: Message title for users attempting to log on
            Interactive logon: Number of previous logons to cache (in case domain controller is not available)    10 logons
            Interactive logon: Prompt user to change password before expiration    5 days
            Interactive logon: Require Domain Controller authentication to unlock workstation    Disabled
            Interactive logon: Require smart card    Disabled
            Interactive logon: Smart card removal behavior    No Action
            Microsoft network client: Digitally sign communications (always)    Disabled
            Microsoft network client: Digitally sign communications (if server agrees)    Enabled
            Microsoft network client: Send unencrypted password to third-party SMB servers    Disabled
            Microsoft network server: Amount of idle time required before suspending session    Not Defined
            Microsoft network server: Attempt S4U2Self to obtain claim information    Not Defined
            Microsoft network server: Digitally sign communications (always)    Disabled
            Microsoft network server: Digitally sign communications (if client agrees)    Disabled
            Microsoft network server: Disconnect clients when logon hours expire    Enabled
            Microsoft network server: Server SPN target name validation level    Not Defined
            Network access: Allow anonymous SID/Name translation    Disabled
            Network access: Do not allow anonymous enumeration of SAM accounts    Enabled
            Network access: Do not allow anonymous enumeration of SAM accounts and shares    Disabled
            Network access: Do not allow storage of passwords and credentials for network authentication    Disabled
            Network access: Let Everyone permissions apply to anonymous users    Disabled
            Network access: Named Pipes that can be accessed anonymously
            Network access: Remotely accessible registry paths    System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion
            Network access: Remotely accessible registry paths and sub-paths    System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion\Print,Software\Microsoft\Windows NT\CurrentVersion\Windows,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration,Software\Microsoft\Windows NT\CurrentVersion\Perflib,System\CurrentControlSet\Services\SysmonLog
            Network access: Restrict anonymous access to Named Pipes and Shares    Enabled
            Network access: Shares that can be accessed anonymously    Not Defined
            Network access: Sharing and security model for local accounts    Classic - local users authenticate as themselves
            Network security: Allow Local System to use computer identity for NTLM    Not Defined
            Network security: Allow LocalSystem NULL session fallback    Not Defined
            Network security: Allow PKU2U authentication requests to this computer to use online identities.

    Not Defined
            Network security: Configure encryption types allowed for Kerberos    Not Defined
            Network security: Do not store LAN Manager hash value on next password change    Enabled
            Network security: Force logoff when logon hours expire    Disabled
            Network security: LAN Manager authentication level    Not Defined
            Network security: LDAP client signing requirements    Negotiate signing
            Network security: Minimum session security for NTLM SSP based (including secure RPC) clients    Require 128-bit encryption
            Network security: Minimum session security for NTLM SSP based (including secure RPC) servers    Require 128-bit encryption
            Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication    Not Defined
            Network security: Restrict NTLM: Add server exceptions in this domain    Not Defined
            Network security: Restrict NTLM: Audit Incoming NTLM Traffic    Not Defined
            Network security: Restrict NTLM: Audit NTLM authentication in this domain    Not Defined
            Network security: Restrict NTLM: Incoming NTLM traffic    Not Defined
            Network security: Restrict NTLM: NTLM authentication in this domain    Not Defined
            Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers    Not Defined
            Recovery console: Allow automatic administrative logon    Not Defined
            Recovery console: Allow floppy copy and access to all drives and all folders    Not Defined
            Shutdown: Allow system to be shut down without having to log on    Enabled
            Shutdown: Clear virtual memory pagefile    Disabled
            System cryptography: Force strong key protection for user keys stored on the computer    Not Defined
            System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing    Disabled
            System objects: Require case insensitivity for non-Windows subsystems    Enabled
            System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)    Enabled
            System settings: Optional subsystems    Posix
            System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies    Disabled
            User Account Control: Admin Approval Mode for the Built-in Administrator account    Not Defined
            User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop    Disabled
            User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode    Elevate without prompting
            User Account Control: Behavior of the elevation prompt for standard users    Prompt for credentials
            User Account Control: Detect application installations and prompt for elevation    Enabled
            User Account Control: Only elevate executables that are signed and validated    Disabled
            User Account Control: Only elevate UIAccess applications that are installed in secure locations    Enabled
            User Account Control: Run all administrators in Admin Approval Mode    Enabled
            User Account Control: Switch to the secure desktop when prompting for elevation    Disabled
            User Account Control: Virtualize file and registry write failures to per-user locations    Enabled
        Device Tree
                ACPI x64-based PC
                        Microsoft ACPI-Compliant System
                            ACPI Fan
                            ACPI Fan
                            ACPI Fan
                            ACPI Fan
                            ACPI Fan
                            ACPI Fixed Feature Button
                            ACPI Power Button
                            ACPI Thermal Zone
                            ACPI Thermal Zone
                            Intel Core i3-4130 CPU @ 3.40GHz
                            Intel Core i3-4130 CPU @ 3.40GHz
                            Intel Core i3-4130 CPU @ 3.40GHz
                            Intel Core i3-4130 CPU @ 3.40GHz
                            Microsoft Windows Management Interface for ACPI
                                PCI Express Root Complex
                                    Intel 4th Gen Core processor DRAM Controller - 0C00
                                    Intel 8 Series/C220 Series PCI Express Root Port #1 - 8C10
                                    Intel 8 Series/C220 Series SMBus Controller - 8C22
                                    Intel Management Engine Interface
                                    Motherboard resources
                                    System board
                                        Intel® HD Graphics 4400
                                            LG FULLHD(Analog)
                                        Intel® USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)
                                                USB Root Hub (xHCI)
                                                        USB Composite Device
                                                                USB Input Device (Logitech Download Assistant)
                                                                    HID Keyboard Device
                                                                USB Input Device
                                                                    HID-compliant consumer control device
                                                                    HID-compliant mouse
                                                                    HID-compliant system controller
                                                                    HID-compliant vendor-defined device
                                                                USB Input Device
                                                                    HID-compliant vendor-defined device
                                                                    HID-compliant vendor-defined device
                                                                    HID-compliant vendor-defined device
                                                        USB Composite Device
                                                                USB Input Device
                                                                    HID Keyboard Device
                                                                USB Input Device
                                                                    HID-compliant consumer control device
                                                                    HID-compliant system controller
                                        Intel® 8 Series/C220 Series USB EHCI #2 - 8C2D
                                                USB Root Hub
                                                        Generic USB Hub
                                                            Realtek USB 2.0 Card Reader
                                        High Definition Audio Controller
                                                Realtek High Definition Audio
                                                    Speakers (Realtek High Definition Audio)
                                        Intel® 8 Series/C220 Series PCI Express Root Port #3 - 8C14
                                            Realtek PCIe GBE Family Controller
                                        Intel® 8 Series/C220 Series USB EHCI #1 - 8C26
                                                USB Root Hub
                                                    Generic USB Hub
                                        Intel® H81 LPC Controller - 8C5C
                                            Communications Port (COM1)
                                            Communications Port (COM2)
                                            Direct memory access controller
                                            High precision event timer
                                            Legacy device
                                            Motherboard resources
                                            Motherboard resources
                                            Motherboard resources
                                            Motherboard resources
                                            Numeric data processor
                                            Programmable interrupt controller
                                            System CMOS/real time clock
                                            System timer
                                                Printer Port (LPT1)
                                                    Printer Port Logical Interface
                                        Intel® 8 Series/C220 Chipset Family SATA AHCI Controller
                                            HL-DT-ST DVDRAM GHB0N SCSI CdRom Device
                                            WDC WD10EZEX-21M2NA0 SCSI Disk Device
CPU
        Intel Core i3 4130
            Cores    2
            Threads    4
            Name    Intel Core i3 4130
            Code Name    Haswell
            Package    Socket 1150 LGA
            Technology    22nm
            Specification    Intel Core i3-4130 CPU @ 3.40GHz
            Family    6
            Extended Family    6
            Model    C
            Extended Model    3C
            Stepping    3
            Revision    C0
            Instructions    MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, Intel 64, NX, VMX, AVX, AVX2, FMA3
            Virtualization    Supported, Enabled
            Hyperthreading    Supported, Enabled
            Fan Speed    1030 RPM
            Stock Core Speed    3400 MHz
            Stock Bus Speed    100 MHz
            Average Temperature    31 °C
                Caches
                    L1 Data Cache Size    2 x 32 KBytes
                    L1 Instructions Cache Size    2 x 32 KBytes
                    L2 Unified Cache Size    2 x 256 KBytes
                    L3 Unified Cache Size    3072 KBytes
                Cores
                        Core 0
                            Core Speed    798.1 MHz
                            Multiplier    x 8.0
                            Bus Speed    99.8 MHz
                            Temperature    30 °C
                            Threads    APIC ID: 0, 1
                        Core 1
                            Core Speed    798.1 MHz
                            Multiplier    x 8.0
                            Bus Speed    99.8 MHz
                            Temperature    31 °C
                            Threads    APIC ID: 2, 3
RAM
        Memory slots
            Total memory slots    2
            Used memory slots    1
            Free memory slots    1
        Memory
            Type    DDR3
            Size    4096 MBytes
            Channels #    Single
            DRAM Frequency    798.1 MHz
            CAS# Latency (CL)    11 clocks
            RAS# to CAS# Delay (tRCD)    11 clocks
            RAS# Precharge (tRP)    11 clocks
            Cycle Time (tRAS)    28 clocks
            Command Rate (CR)    1T
        Physical Memory
            Memory Usage    77 %
            Total Physical    3.87 GB
            Available Physical    892 MB
            Total Virtual    7.75 GB
            Available Virtual    3.54 GB
        SPD
            Number Of SPD Modules    1
                Slot #1
                    Type    DDR3
                    Size    4096 MBytes
                    Manufacturer    Kingston
                    Max Bandwidth    PC3-12800 (800 MHz)
                    Part Number    ACR16D3LU1KFG/4G
                    Serial Number    2433980733
                    Week/year    15 / 14
                        Timing table
                                JEDEC #1
                                    Frequency    457.1 MHz
                                    CAS# Latency    6.0
                                    RAS# To CAS#    6
                                    RAS# Precharge    6
                                    tRAS    16
                                    tRC    22
                                    Voltage    1.350 V
                                JEDEC #2
                                    Frequency    533.3 MHz
                                    CAS# Latency    7.0
                                    RAS# To CAS#    7
                                    RAS# Precharge    7
                                    tRAS    19
                                    tRC    26
                                    Voltage    1.350 V
                                JEDEC #3
                                    Frequency    609.5 MHz
                                    CAS# Latency    8.0
                                    RAS# To CAS#    8
                                    RAS# Precharge    8
                                    tRAS    22
                                    tRC    30
                                    Voltage    1.350 V
                                JEDEC #4
                                    Frequency    685.7 MHz
                                    CAS# Latency    9.0
                                    RAS# To CAS#    9
                                    RAS# Precharge    9
                                    tRAS    24
                                    tRC    33
                                    Voltage    1.350 V
                                JEDEC #5
                                    Frequency    761.9 MHz
                                    CAS# Latency    10.0
                                    RAS# To CAS#    10
                                    RAS# Precharge    10
                                    tRAS    27
                                    tRC    37
                                    Voltage    1.350 V
                                JEDEC #6
                                    Frequency    800.0 MHz
                                    CAS# Latency    11.0
                                    RAS# To CAS#    11
                                    RAS# Precharge    11
                                    tRAS    28
                                    tRC    39
                                    Voltage    1.350 V
Motherboard
    Manufacturer    Acer
    Model    Veriton M2631 (SOCKET 0)
    Version    V:1.0
    Chipset Vendor    Intel
    Chipset Model    Haswell
    Chipset Revision    06
    Southbridge Vendor    Intel
    Southbridge Model    H81
    Southbridge Revision    C2
    System Temperature    28 °C
        BIOS
            Brand    Acer
            Version    P21-A3
            Date    1/16/2014
        Voltage
            CPU CORE    1.722 V
            MEMORY CONTROLLER    1.799 V
            +3.3V    1.842 V
            +5V    3.406 V
            +12V    7.412 V
            +5V HIGH THRESHOLD    2.747 V
            CMOS BATTERY    1.624 V
        PCI Data
                Slot PCI-E x16
                    Slot Type    PCI-E x16
                    Slot Usage    Available
                    Data lanes    x16
                    Slot Designation    PCIE16X
                    Characteristics    3.3V, Shared, PME
                    Slot Number    0
                Slot PCI-E
                    Slot Type    PCI-E
                    Slot Usage    Available
                    Data lanes    x1
                    Slot Designation    PCIE1X_1
                    Characteristics    3.3V, Shared, PME
                    Slot Number    1
                Slot PCI-E
                    Slot Type    PCI-E
                    Slot Usage    Available
                    Data lanes    x1
                    Slot Designation    PCIE1X_2
                    Characteristics    3.3V, Shared, PME
                    Slot Number    2
                Slot PCI
                    Slot Type    PCI
                    Slot Usage    Available
                    Bus Width    32 bit
                    Slot Designation    PCI
                    Characteristics    3.3V, Shared, PME
                    Slot Number    3
Graphics
        Monitor
            Name    LG FULL HD on Intel HD Graphics 4400
            Current Resolution    1920x1080 pixels
            Work Resolution    1920x1040 pixels
            State    Enabled, Primary, Output devices support
            Monitor Width    1920
            Monitor Height    1080
            Monitor BPP    32 bits per pixel
            Monitor Frequency    60 Hz
            Device    \\.\DISPLAY1\Monitor0
        Intel HD Graphics 4400
            Manufacturer    Intel
            Model    HD Graphics 4400
            Device ID    8086-041E
            Revision    7
            Subvendor    Acer Incorporated [ALI] (1025)
            Current Performance Level    Level 0
            Driver version    20.19.15.4331
                Count of performance levels : 1
                    Level 1 - "Perf Level 0"
Storage
        Hard drives
                WDC WD10EZEX-21M2NA0 SCSI Disk Device
                    Manufacturer    Western Digital
                    Heads    16
                    Cylinders    121,601
                    Tracks    31,008,255
                    Sectors    1,953,520,065
                    SATA type    SATA-III 6.0Gb/s
                    Device type    Fixed
                    ATA Standard    ACS2
                    Serial Number    WCC3F2485347
                    Firmware Version Number    01.01A01
                    LBA Size    48-bit LBA
                    Power On Count    1026 times
                    Power On Time    49.4 days
                    Speed    7200 RPM
                    Features    S.M.A.R.T., NCQ
                    Max. Transfer Mode    SATA III 6.0Gb/s
                    Used Transfer Mode    SATA III 6.0Gb/s
                    Interface    SATA
                    Capacity    931 GB
                    Real size    1,000,204,886,016 bytes
                    RAID Type    None
                        S.M.A.R.T
                            Status    Good
                            Temperature    32 °C
                            Temperature Range    OK (less than 50 °C)
                                S.M.A.R.T attributes
                                        01
                                            Attribute name    Read Error Rate
                                            Real value    0
                                            Current    200
                                            Worst    200
                                            Threshold    51
                                            Raw Value    0000000000
                                            Status    Good
                                        03
                                            Attribute name    Spin-Up Time
                                            Real value    2350 ms
                                            Current    173
                                            Worst    171
                                            Threshold    21
                                            Raw Value    000000092E
                                            Status    Good
                                        04
                                            Attribute name    Start/Stop Count
                                            Real value    1,027
                                            Current    99
                                            Worst    99
                                            Threshold    0
                                            Raw Value    0000000403
                                            Status    Good
                                        05
                                            Attribute name    Reallocated Sectors Count
                                            Real value    0
                                            Current    200
                                            Worst    200
                                            Threshold    140
                                            Raw Value    0000000000
                                            Status    Good
                                        07
                                            Attribute name    Seek Error Rate
                                            Real value    0
                                            Current    200
                                            Worst    200
                                            Threshold    0
                                            Raw Value    0000000000
                                            Status    Good
                                        09
                                            Attribute name    Power-On Hours (POH)
                                            Real value    49d 10h
                                            Current    99
                                            Worst    99
                                            Threshold    0
                                            Raw Value    00000004A2
                                            Status    Good
                                        0A
                                            Attribute name    Spin Retry Count
                                            Real value    0
                                            Current    100
                                            Worst    100
                                            Threshold    0
                                            Raw Value    0000000000
                                            Status    Good
                                        0B
                                            Attribute name    Recalibration Retries
                                            Real value    0
                                            Current    100
                                            Worst    100
                                            Threshold    0
                                            Raw Value    0000000000
                                            Status    Good
                                        0C
                                            Attribute name    Device Power Cycle Count
                                            Real value    1,026
                                            Current    99
                                            Worst    99
                                            Threshold    0
                                            Raw Value    0000000402
                                            Status    Good
                                        C0
                                            Attribute name    Power-off Retract Count
                                            Real value    7
                                            Current    200
                                            Worst    200
                                            Threshold    0
                                            Raw Value    0000000007
                                            Status    Good
                                        C1
                                            Attribute name    Load/Unload Cycle Count
                                            Real value    1,026
                                            Current    200
                                            Worst    200
                                            Threshold    0
                                            Raw Value    0000000402
                                            Status    Good
                                        C2
                                            Attribute name    Temperature
                                            Real value    32 °C
                                            Current    111
                                            Worst    100
                                            Threshold    0
                                            Raw Value    0000000020
                                            Status    Good
                                        C4
                                            Attribute name    Reallocation Event Count
                                            Real value    0
                                            Current    200
                                            Worst    200
                                            Threshold    0
                                            Raw Value    0000000000
                                            Status    Good
                                        C5
                                            Attribute name    Current Pending Sector Count
                                            Real value    0
                                            Current    200
                                            Worst    200
                                            Threshold    0
                                            Raw Value    0000000000
                                            Status    Good
                                        C6
                                            Attribute name    Uncorrectable Sector Count
                                            Real value    0
                                            Current    200
                                            Worst    200
                                            Threshold    0
                                            Raw Value    0000000000
                                            Status    Good
                                        C7
                                            Attribute name    UltraDMA CRC Error Count
                                            Real value    0
                                            Current    200
                                            Worst    200
                                            Threshold    0
                                            Raw Value    0000000000
                                            Status    Good
                                        C8
                                            Attribute name    Write Error Rate / Multi-Zone Error Rate
                                            Real value    0
                                            Current    200
                                            Worst    200
                                            Threshold    0
                                            Raw Value    0000000000
                                            Status    Good
                        Partition 0
                            Partition ID    Disk #0, Partition #0
                            File System    NTFS
                            Volume Serial Number    063EF579
                            Size    13 GB
                            Used Space    11.3 GB (87%)
                            Free Space    1.68 GB (13%)
                        Partition 1
                            Partition ID    Disk #0, Partition #1
                            File System    NTFS
                            Volume Serial Number    FA34227E
                            Size    355 MB
                            Used Space    45 MB (12%)
                            Free Space    310 MB (88%)
                        Partition 2
                            Partition ID    Disk #0, Partition #2
                            Disk Letter    C:
                            File System    NTFS
                            Volume Serial Number    F435A41A
                            Size    459 GB
                            Used Space    71 GB (15%)
                            Free Space    388 GB (85%)
                        Partition 3
                            Partition ID    Disk #0, Partition #3
                            Disk Letter    D:
                            File System    NTFS
                            Volume Serial Number    F2F2F627
                            Size    459 GB
                            Used Space    149 MB (0%)
                            Free Space    458 GB (100%)
Optical Drives
        HL-DT-ST DVDRAM GHB0N SCSI CdRom Device
            Media Type    DVD Writer
            Name    HL-DT-ST DVDRAM GHB0N SCSI CdRom Device
            Availability    Running/Full Power
            Capabilities    Random Access, Supports Writing, Supports Removable Media
            Read capabilities    CD-R, CD-RW, CD-ROM, DVD-RAM, DVD-ROM, DVD-R, DVD-RW, DVD+R, DVD+RW, DVD-R DL, DVD+R DL
            Write capabilities    CD-R, CD-RW, DVD-RAM, DVD-R, DVD-RW, DVD+R, DVD+RW, DVD-R DL, DVD+R DL
            Config Manager Error Code    Device is working properly
            Config Manager User Config    FALSE
            Drive    E:
            Media Loaded    FALSE
            SCSI Bus    4
            SCSI Logical Unit    0
            SCSI Port    0
            SCSI Target Id    0
            Status    OK
Audio
        Sound Card
            Realtek High Definition Audio
        Playback Device
            Speakers (Realtek High Definition Audio)
        Speaker Configuration
            Speaker type    Stereo
        Speaker Configuration
            Speaker type    Stereo
Peripherals
        HID Keyboard Device
            Device Kind    Keyboard
            Device Name    HID Keyboard Device
            Vendor    Primax Electronics
            Location    USB Input Device
                Driver
                    Date    6-21-2006
                    Version    10.0.10586.0
                    File    C:\WINDOWS\system32\DRIVERS\kbdhid.sys
                    File    C:\WINDOWS\system32\DRIVERS\kbdclass.sys
        HID Keyboard Device
            Device Kind    Keyboard
            Device Name    HID Keyboard Device
            Vendor    Logitech
            Location    USB Input Device (Logitech Download Assistant)
                Driver
                    Date    6-21-2006
                    Version    10.0.10586.0
                    File    C:\WINDOWS\system32\DRIVERS\kbdhid.sys
                    File    C:\WINDOWS\system32\DRIVERS\kbdclass.sys
        HID-compliant mouse
            Device Kind    Mouse
            Device Name    HID-compliant mouse
            Vendor    Logitech
            Location    USB Input Device
                Driver
                    Date    6-21-2006
                    Version    10.0.10586.0
                    File    C:\WINDOWS\system32\DRIVERS\mouhid.sys
                    File    C:\WINDOWS\system32\DRIVERS\mouclass.sys
        HP Officejet Pro 8610
            Device Kind    Printer
            Device Name    HP Officejet Pro 8610
            Vendor    HP
            Location    HP9D70FE (HP Officejet Pro 8610)
                Driver
                    Date    8-11-2013
                    Version    13.33.0.2473
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\hpoj_8610.gpd
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\hppcl13-pipelineconfig.xml
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\hpbxpsrender.dll
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\UNIDRV.DLL
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\UNIRES.DLL
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\UNIDRVUI.DLL
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\STDNAMES.GPD
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\STDDTYPE.GDL
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\STDSCHEM.GDL
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\STDSCHMX.GDL
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\UNIDRV.HLP
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\LOCALE.GPD
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\hpmacronames.gpd
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\hpbytxdrv13.dll
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\hpbytxUI13.dll
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\hpvplres13.dll
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\hpfime52.dll
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\hpbx3config13.ini
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\UIDialog.dll
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\MSXPSINC.GPD
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\hpinksts7112LM.dll
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\hpinksts7112.dll
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\xpssvcs.dll
                    File    C:\WINDOWS\system32\spool\DRIVERS\x64\{1761A3C0-89D3-4A3F-9B31-DC25A4875C19}\mxdwdrv.dll
                    File    C:\WINDOWS\system32\hpinkcoi7112.dll
                    File    C:\WINDOWS\system32\hpinkins7112.exe
                    File    C:\WINDOWS\system32\hpinksts7112LM.dll
        HP Officejet Pro 8610 (NET)
            Device Kind    Camera/scanner
            Device Name    HP Officejet Pro 8610 (NET)
            Vendor    Hewlett-Packard
                Driver
                    Date    8-11-2013
                    Version    32.0.40.44552
                    File    C:\WINDOWS\system32\HPWia2_OJ8610.dll
                    File    C:\WINDOWS\system32\HPScanTRDrv_OJ8610.dll
                    File    C:\WINDOWS\system32\drivers\serscan.sys
        WSD Scan Device
            Device Kind    Camera/scanner
            Device Name    WSD Scan Device
            Vendor    Hewlett-Packard
            Comment    HP9D70FE (HP Officejet Pro 8610)
            Location    http://192.168.1.69:3911/
                Driver
                    Date    6-21-2006
                    Version    10.0.10586.0
                    File    C:\WINDOWS\system32\DRIVERS\WSDScan.sys
        Printers
                Fax
                    Printer Port    SHRFAX:
                    Print Processor    winprint
                    Availability    Always
                    Priority    1
                    Duplex    None
                    Print Quality    200 * 200 dpi Monochrome
                    Status    Unknown
                        Driver
                            Driver Name    Microsoft Shared Fax Driver (v4.00)
                            Driver Path    C:\WINDOWS\system32\spool\DRIVERS\x64\3\FXSDRV.DLL
                HP9D70FE (HP Officejet Pro 8610) (Default Printer)
                    Printer Port    WSD-ef511ad9-ad3e-4647-a7d7-23157bedb08c.0068
                    Print Processor    winprint
                    Availability    Always
                    Priority    1
                    Duplex    None
                    Print Quality    600 * 600 dpi Color
                    Status    Unknown
                        Driver
                            Driver Name    HP Officejet Pro 8610 (v6.03)
                            Driver Path    C:\WINDOWS\system32\spool\DRIVERS\x64\3\mxdwdrv.dll
                Microsoft Print to PDF
                    Printer Port    PORTPROMPT:
                    Print Processor    winprint
                    Availability    Always
                    Priority    1
                    Duplex    None
                    Print Quality    600 * 600 dpi Color
                    Status    Unknown
                        Driver
                            Driver Name    Microsoft Print To PDF (v6.03)
                            Driver Path    C:\WINDOWS\System32\DriverStore\FileRepository\ntprint.inf_amd64_f9853ae82ff0dda6\Amd64\mxdwdrv.dll
                Microsoft XPS Document Writer
                    Printer Port    PORTPROMPT:
                    Print Processor    winprint
                    Availability    Always
                    Priority    1
                    Duplex    None
                    Print Quality    600 * 600 dpi Color
                    Status    Unknown
                        Driver
                            Driver Name    Microsoft XPS Document Writer v4 (v6.03)
                            Driver Path    C:\WINDOWS\System32\DriverStore\FileRepository\ntprint.inf_amd64_f9853ae82ff0dda6\Amd64\mxdwdrv.dll
                Send To OneNote 2016
                    Printer Port    nul:
                    Print Processor    winprint
                    Availability    Always
                    Priority    1
                    Duplex    None
                    Print Quality    600 * 600 dpi Color
                    Status    Unknown
                        Driver
                            Driver Name    Send to Microsoft OneNote 16 Driver (v6.03)
                            Driver Path    C:\WINDOWS\System32\DriverStore\FileRepository\ntprint.inf_amd64_f9853ae82ff0dda6\Amd64\mxdwdrv.dll
Network
    You are connected to the internet
    Connected through    Realtek PCIe GBE Family Controller
    IP Address    192.168.1.76
    Subnet mask    255.255.255.0
    Gateway server    192.168.1.254
    Preferred DNS server    192.168.1.254
    DHCP    Enabled
    DHCP server    192.168.1.254
    External IP Address    108.248.108.80
    Adapter Type    Ethernet
    NetBIOS over TCP/IP    Enabled via DHCP
    NETBIOS Node Type    Hybrid node
    Link Speed    464 Bps
        Computer Name
            NetBIOS Name    SUSAN-PC
            DNS Name    Susan-PC
            Membership    Part of workgroup
            Workgroup    WORKGROUP
        Remote Desktop
            Disabled
                Console
                    State    Active
                    Domain    SUSAN-PC
        WinInet Info
            LAN Connection
            Local system uses a local area network to connect to the Internet
            Local system has RAS to connect to the Internet
        Wi-Fi Info
            Wi-Fi not enabled
        WinHTTPInfo
            WinHTTPSessionProxyType    No proxy
            Session Proxy
            Session Proxy Bypass
            Connect Retries    5
            Connect Timeout (ms)    60,000
            HTTP Version    HTTP 1.1
            Max Connects Per 1.0 Servers    INFINITE
            Max Connects Per Servers    INFINITE
            Max HTTP automatic redirects    10
            Max HTTP status continue    10
            Send Timeout (ms)    30,000
            IEProxy Auto Detect    Yes
            IEProxy Auto Config
            IEProxy
            IEProxy Bypass
            Default Proxy Config Access Type    No proxy
            Default Config Proxy
            Default Config Proxy Bypass
        Sharing and Discovery
            Network Discovery    Enabled
            File and Printer Sharing    Enabled
            File and printer sharing service    Disabled
            Simple File Sharing    Enabled
            Administrative Shares    Enabled
            Network access: Sharing and security model for local accounts    Classic - local users authenticate as themselves
        Adapters List
                Enabled
                        Realtek PCIe GBE Family Controller
                            Connection-specific DNS Suffix    attlocal.net
                            Connection Name    Local Area Connection
                            NetBIOS over TCPIP    Yes
                            DHCP enabled    Yes
                            MAC Address    C0-3F-D5-5D-DA-E3
                            IP Address    192.168.1.76
                            Subnet mask    255.255.255.0
                            Gateway server    192.168.1.254
                            DHCP    192.168.1.254
                            DNS Server    192.168.1.254
        Network Shares
            Users    C:\Users
        Current TCP Connections
                AgSvc.exe (9084)
                    Local 0.0.0.0:21092    LISTEN
                AppleMobileDeviceService.exe (2848)
                    Local 127.0.0.1:27015    LISTEN
                    Local 127.0.0.1:27015    ESTABLISHED Remote 127.0.0.1:51062 (Querying... )
                avp.exe (2868)
                    Local 127.0.0.1:49706    ESTABLISHED Remote 127.0.0.1:53678 (Querying... )
                    Local 127.0.0.1:49706    ESTABLISHED Remote 127.0.0.1:53679 (Querying... )
                    Local 127.0.0.1:49706    ESTABLISHED Remote 127.0.0.1:53758 (Querying... )
                    Local 127.0.0.1:49706    ESTABLISHED Remote 127.0.0.1:53770 (Querying... )
                    Local 127.0.0.1:49706    ESTABLISHED Remote 127.0.0.1:53836 (Querying... )
                    Local 127.0.0.1:49706    ESTABLISHED Remote 127.0.0.1:54089 (Querying... )
                    Local 127.0.0.1:49707    LISTEN
                    Local 127.0.0.1:49707    ESTABLISHED Remote 127.0.0.1:53652 (Querying... )
                    Local 127.0.0.1:49707    ESTABLISHED Remote 127.0.0.1:53745 (Querying... )
                    Local 127.0.0.1:49707    ESTABLISHED Remote 127.0.0.1:53823 (Querying... )
                    Local 127.0.0.1:49707    ESTABLISHED Remote 127.0.0.1:53874 (Querying... )
                    Local 192.168.1.76:56923    CLOSE-WAIT Remote 206.33.36.253:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54146    ESTABLISHED Remote 96.16.6.96:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:50919    ESTABLISHED Remote 62.128.100.73:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54221    ESTABLISHED Remote 38.113.165.98:443 (Querying... ) (HTTPS)
                    Local 127.0.0.1:49707    ESTABLISHED Remote 127.0.0.1:53876 (Querying... )
                    Local 127.0.0.1:49707    ESTABLISHED Remote 127.0.0.1:54220 (Querying... )
                    Local 192.168.1.76:54239    ESTABLISHED Remote 62.128.100.57:443 (Querying... ) (HTTPS)
                    Local 127.0.0.1:49707    ESTABLISHED Remote 127.0.0.1:53899 (Querying... )
                    Local 127.0.0.1:49707    ESTABLISHED Remote 127.0.0.1:53898 (Querying... )
                    Local 192.168.1.76:54255    ESTABLISHED Remote 38.113.165.110:443 (Querying... ) (HTTPS)
                    Local 127.0.0.1:49707    ESTABLISHED Remote 127.0.0.1:53875 (Querying... )
                    Local 127.0.0.1:49706    LISTEN
                    Local 192.168.1.76:54253    ESTABLISHED Remote 62.128.100.161:443 (Querying... ) (HTTPS)
                C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (11432)
                    Local 192.168.1.76:51096    ESTABLISHED Remote 17.110.230.24:5223 (Querying... )
                C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (3128)
                    Local 192.168.1.76:51083    CLOSE-WAIT Remote 17.248.129.174:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:51082    CLOSE-WAIT Remote 23.75.253.245:443 (Querying... ) (HTTPS)
                C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe (17860)
                    Local 192.168.1.76:51081    CLOSE-WAIT Remote 17.248.129.174:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:51078    CLOSE-WAIT Remote 23.75.253.245:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:51089    CLOSE-WAIT Remote 17.248.129.174:443 (Querying... ) (HTTPS)
                C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (17808)
                    Local 192.168.1.76:53559    CLOSE-WAIT Remote 17.248.131.168:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53314    CLOSE-WAIT Remote 17.248.131.143:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53553    CLOSE-WAIT Remote 17.248.139.75:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53494    CLOSE-WAIT Remote 17.248.128.206:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53292    CLOSE-WAIT Remote 17.248.131.143:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53354    CLOSE-WAIT Remote 17.248.131.142:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53238    CLOSE-WAIT Remote 17.248.139.81:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53227    CLOSE-WAIT Remote 17.248.131.141:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53213    CLOSE-WAIT Remote 17.248.128.201:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53617    CLOSE-WAIT Remote 17.248.128.204:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53200    CLOSE-WAIT Remote 17.248.129.211:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54042    CLOSE-WAIT Remote 17.248.139.40:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53485    CLOSE-WAIT Remote 17.248.139.105:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53191    CLOSE-WAIT Remote 17.248.128.238:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53475    CLOSE-WAIT Remote 17.248.139.44:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53460    CLOSE-WAIT Remote 17.248.129.237:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53172    CLOSE-WAIT Remote 17.248.139.46:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53068    CLOSE-WAIT Remote 17.248.139.76:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53337    CLOSE-WAIT Remote 17.248.139.79:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53329    CLOSE-WAIT Remote 17.248.139.78:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:51905    CLOSE-WAIT Remote 17.248.139.105:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53633    CLOSE-WAIT Remote 17.248.128.245:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53427    CLOSE-WAIT Remote 17.248.131.149:443 (Querying... ) (HTTPS)
                C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm.exe (16664)
                    Local 192.168.1.76:53457    CLOSE-WAIT Remote 38.117.98.204:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:51085    ESTABLISHED Remote 62.128.100.176:443 (Querying... ) (HTTPS)
                C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (5128)
                    Local 192.168.1.76:52060    CLOSE-WAIT Remote 23.21.77.3:443 (Querying... ) (HTTPS)
                C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE (7040)
                    Local 192.168.1.76:54025    ESTABLISHED Remote 104.46.38.64:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54024    ESTABLISHED Remote 23.97.61.137:443 (Querying... ) (HTTPS)
                C:\Program Files (x86)\Mozilla Firefox\firefox.exe (11884)
                    Local 192.168.1.76:53882    ESTABLISHED Remote 173.194.115.44:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53955    ESTABLISHED Remote 54.83.59.199:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53956    ESTABLISHED Remote 54.230.6.180:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53881    ESTABLISHED Remote 173.194.115.44:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53880    ESTABLISHED Remote 173.194.115.44:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53879    ESTABLISHED Remote 199.59.150.46:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53964    ESTABLISHED Remote 52.71.113.17:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53872    ESTABLISHED Remote 216.58.218.195:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53871    ESTABLISHED Remote 74.125.21.106:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53870    ESTABLISHED Remote 74.125.21.106:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53867    ESTABLISHED Remote 173.194.115.44:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53973    ESTABLISHED Remote 74.125.198.95:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53866    ESTABLISHED Remote 23.211.16.117:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53865    ESTABLISHED Remote 23.211.16.117:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53863    ESTABLISHED Remote 204.11.109.76:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53856    ESTABLISHED Remote 23.4.59.27:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53983    ESTABLISHED Remote 54.230.6.145:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53984    ESTABLISHED Remote 54.230.6.145:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53849    ESTABLISHED Remote 96.16.216.130:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53848    ESTABLISHED Remote 54.154.215.99:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53991    ESTABLISHED Remote 54.230.6.145:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53839    ESTABLISHED Remote 74.121.140.179:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53993    ESTABLISHED Remote 54.230.6.242:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53994    ESTABLISHED Remote 54.230.6.145:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53995    ESTABLISHED Remote 54.230.6.130:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53838    ESTABLISHED Remote 74.121.140.179:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53832    ESTABLISHED Remote 173.194.115.47:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53999    ESTABLISHED Remote 54.230.6.242:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54000    ESTABLISHED Remote 54.230.6.242:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53835    ESTABLISHED Remote 136.243.13.5:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53826    ESTABLISHED Remote 173.194.115.47:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54003    ESTABLISHED Remote 216.58.218.206:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54004    ESTABLISHED Remote 54.230.6.155:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54005    ESTABLISHED Remote 54.230.6.155:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53822    ESTABLISHED Remote 96.17.193.210:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54007    ESTABLISHED Remote 54.230.6.155:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53821    ESTABLISHED Remote 96.17.193.210:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53820    ESTABLISHED Remote 96.17.193.210:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53819    ESTABLISHED Remote 96.17.193.210:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53818    ESTABLISHED Remote 96.17.193.210:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53817    ESTABLISHED Remote 96.17.193.210:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53815    ESTABLISHED Remote 31.13.66.36:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53813    ESTABLISHED Remote 173.194.115.44:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54019    ESTABLISHED Remote 216.58.219.6:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53807    ESTABLISHED Remote 64.233.168.155:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54021    ESTABLISHED Remote 173.194.115.45:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54022    ESTABLISHED Remote 74.125.21.106:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53806    ESTABLISHED Remote 23.235.44.68:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53805    ESTABLISHED Remote 107.22.211.31:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53802    ESTABLISHED Remote 31.13.66.5:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53799    ESTABLISHED Remote 96.16.6.160:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53798    ESTABLISHED Remote 96.16.6.160:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53797    ESTABLISHED Remote 216.58.218.206:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53794    ESTABLISHED Remote 216.58.218.110:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53793    ESTABLISHED Remote 216.58.218.110:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53792    ESTABLISHED Remote 216.58.218.194:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53785    ESTABLISHED Remote 192.229.163.25:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53782    ESTABLISHED Remote 23.235.40.134:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53781    ESTABLISHED Remote 96.17.193.210:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53780    ESTABLISHED Remote 216.58.218.110:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53776    ESTABLISHED Remote 216.58.218.194:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54057    ESTABLISHED Remote 173.194.115.44:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53774    ESTABLISHED Remote 216.58.218.110:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54059    ESTABLISHED Remote 52.22.252.76:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54060    ESTABLISHED Remote 52.22.252.76:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54077    ESTABLISHED Remote 54.84.78.178:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54078    ESTABLISHED Remote 54.84.78.178:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54079    ESTABLISHED Remote 107.22.211.31:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54090    ESTABLISHED Remote 204.11.109.67:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54091    FIN-WAIT-2 Remote 204.11.109.67:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54092    ESTABLISHED Remote 23.79.148.64:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54098    ESTABLISHED Remote 52.71.44.57:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54107    ESTABLISHED Remote 54.173.94.21:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54112    ESTABLISHED Remote 52.4.69.193:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53920    ESTABLISHED Remote 108.168.240.194:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54117    ESTABLISHED Remote 52.90.51.199:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54121    ESTABLISHED Remote 54.164.88.12:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54122    ESTABLISHED Remote 54.164.88.12:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54123    ESTABLISHED Remote 96.16.7.75:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54124    ESTABLISHED Remote 74.121.133.1:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54125    ESTABLISHED Remote 216.137.43.132:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54128    ESTABLISHED Remote 216.137.43.132:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54130    ESTABLISHED Remote 23.79.154.38:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54131    ESTABLISHED Remote 23.75.236.168:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54132    ESTABLISHED Remote 52.71.212.170:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54134    ESTABLISHED Remote 23.79.148.64:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54136    ESTABLISHED Remote 52.4.81.218:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54138    ESTABLISHED Remote 104.72.248.246:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54144    ESTABLISHED Remote 74.125.198.95:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53921    ESTABLISHED Remote 173.194.115.45:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54149    ESTABLISHED Remote 216.58.218.195:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54154    ESTABLISHED Remote 104.72.252.66:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54156    ESTABLISHED Remote 23.79.148.64:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54159    ESTABLISHED Remote 104.72.252.66:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53916    ESTABLISHED Remote 204.144.140.22:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53913    ESTABLISHED Remote 8.43.72.61:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53925    ESTABLISHED Remote 173.194.115.45:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54217    ESTABLISHED Remote 96.16.218.2:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53909    ESTABLISHED Remote 204.11.109.68:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53929    ESTABLISHED Remote 216.58.218.162:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54176    ESTABLISHED Remote 216.137.43.157:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54099    ESTABLISHED Remote 96.16.219.45:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53932    ESTABLISHED Remote 204.144.141.28:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53908    ESTABLISHED Remote 204.11.109.68:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53934    ESTABLISHED Remote 204.144.140.26:80 (Querying... ) (HTTP)
                    Local 127.0.0.1:54220    ESTABLISHED Remote 127.0.0.1:49707 (Querying... )
                    Local 127.0.0.1:54089    ESTABLISHED Remote 127.0.0.1:49706 (Querying... )
                    Local 192.168.1.76:54191    ESTABLISHED Remote 131.253.40.50:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54195    ESTABLISHED Remote 204.79.197.200:80 (Querying... ) (HTTP)
                    Local 127.0.0.1:53899    ESTABLISHED Remote 127.0.0.1:49707 (Querying... )
                    Local 127.0.0.1:53898    ESTABLISHED Remote 127.0.0.1:49707 (Querying... )
                    Local 192.168.1.76:54200    ESTABLISHED Remote 67.228.177.87:80 (Querying... ) (HTTP)
                    Local 127.0.0.1:53876    ESTABLISHED Remote 127.0.0.1:49707 (Querying... )
                    Local 127.0.0.1:53875    ESTABLISHED Remote 127.0.0.1:49707 (Querying... )
                    Local 127.0.0.1:53874    ESTABLISHED Remote 127.0.0.1:49707 (Querying... )
                    Local 192.168.1.76:54206    ESTABLISHED Remote 31.13.66.5:443 (Querying... ) (HTTPS)
                    Local 127.0.0.1:53836    ESTABLISHED Remote 127.0.0.1:49706 (Querying... )
                    Local 127.0.0.1:53823    ESTABLISHED Remote 127.0.0.1:49707 (Querying... )
                    Local 192.168.1.76:54212    ESTABLISHED Remote 23.79.145.226:80 (Querying... ) (HTTP)
                    Local 127.0.0.1:53770    ESTABLISHED Remote 127.0.0.1:49706 (Querying... )
                    Local 127.0.0.1:53758    ESTABLISHED Remote 127.0.0.1:49706 (Querying... )
                    Local 127.0.0.1:53745    ESTABLISHED Remote 127.0.0.1:49707 (Querying... )
                    Local 192.168.1.76:54177    ESTABLISHED Remote 216.137.43.157:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54218    ESTABLISHED Remote 52.9.110.197:80 (Querying... ) (HTTP)
                    Local 127.0.0.1:53679    ESTABLISHED Remote 127.0.0.1:49706 (Querying... )
                    Local 192.168.1.76:53906    ESTABLISHED Remote 204.11.109.68:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54222    ESTABLISHED Remote 54.68.214.235:80 (Querying... ) (HTTP)
                    Local 127.0.0.1:53678    ESTABLISHED Remote 127.0.0.1:49706 (Querying... )
                    Local 192.168.1.76:54226    ESTABLISHED Remote 64.12.245.38:80 (Querying... ) (HTTP)
                    Local 127.0.0.1:53652    ESTABLISHED Remote 127.0.0.1:49707 (Querying... )
                    Local 127.0.0.1:53647    ESTABLISHED Remote 127.0.0.1:53646 (Querying... )
                    Local 192.168.1.76:54229    ESTABLISHED Remote 104.28.29.94:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54232    ESTABLISHED Remote 52.6.220.61:80 (Querying... ) (HTTP)
                    Local 127.0.0.1:53646    ESTABLISHED Remote 127.0.0.1:53647 (Querying... )
                    Local 192.168.1.76:53905    ESTABLISHED Remote 204.11.109.68:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54236    ESTABLISHED Remote 50.17.215.79:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54237    ESTABLISHED Remote 23.4.59.27:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53938    ESTABLISHED Remote 23.235.44.175:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53902    ESTABLISHED Remote 204.11.109.68:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54240    ESTABLISHED Remote 104.16.24.235:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53940    ESTABLISHED Remote 52.0.157.21:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53901    ESTABLISHED Remote 216.58.218.198:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53942    ESTABLISHED Remote 50.31.164.165:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53944    ESTABLISHED Remote 23.235.33.196:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53894    ESTABLISHED Remote 96.16.7.56:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53893    ESTABLISHED Remote 96.16.7.56:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53890    ESTABLISHED Remote 107.23.176.142:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53889    ESTABLISHED Remote 173.194.115.45:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54251    ESTABLISHED Remote 23.4.59.27:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53886    ESTABLISHED Remote 216.58.195.34:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53883    ESTABLISHED Remote 204.11.109.68:80 (Querying... ) (HTTP)
                C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe (19016)
                    Local 192.168.1.76:51064    ESTABLISHED Remote 192.168.1.69:8080 (Querying... )
                C:\Program Files\iTunes\iTunesHelper.exe (6380)
                    Local 127.0.0.1:51062    ESTABLISHED Remote 127.0.0.1:27015 (Querying... )
                C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe (1900)
                    Local 192.168.1.76:53412    LISTEN
                C:\Users\Susan\AppData\Local\Microsoft\OneDrive\OneDrive.exe (10912)
                    Local 192.168.1.76:51072    ESTABLISHED Remote 65.52.108.226:443 (Querying... ) (HTTPS)
                C:\Windows\explorer.exe (10084)
                    Local 192.168.1.76:54244    ESTABLISHED Remote 23.221.41.13:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54247    ESTABLISHED Remote 96.16.7.56:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54248    ESTABLISHED Remote 96.16.7.56:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:51039    ESTABLISHED Remote 65.52.108.222:443 (Querying... ) (HTTPS)
                C:\Windows\System32\svchost.exe (10576)
                    Local 192.168.1.76:51993    ESTABLISHED Remote 152.163.0.66:993 (Querying... )
                lsass.exe (956)
                    Local 0.0.0.0:49672    LISTEN
                mbamservice.exe (2816)
                    Local 127.0.0.1:43227    LISTEN
                mqsvc.exe (2476)
                    Local 0.0.0.0:1801    LISTEN
                    Local 0.0.0.0:2103    LISTEN
                    Local 0.0.0.0:2105    LISTEN
                    Local 0.0.0.0:2107    LISTEN
                    Local 0.0.0.0:49677    LISTEN
                services.exe (940)
                    Local 0.0.0.0:49692    LISTEN
                spoolsv.exe (1972)
                    Local 0.0.0.0:49667    LISTEN
                svchost.exe (1244)
                    Local 0.0.0.0:49665    LISTEN
                svchost.exe (2236)
                    Local 192.168.1.76:54250    ESTABLISHED Remote 64.4.54.254:443 (Querying... ) (HTTPS)
                svchost.exe (492)
                    Local 0.0.0.0:135 (DCE)    LISTEN
                svchost.exe (548)
                    Local 0.0.0.0:49666    LISTEN
                System Process
                    Local 127.0.0.1:53869    TIME-WAIT Remote 127.0.0.1:49706 (Querying... )
                    Local 192.168.1.76:53873    TIME-WAIT Remote 216.58.218.195:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53877    TIME-WAIT Remote 136.243.12.20:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53963    TIME-WAIT Remote 93.184.215.81:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53960    TIME-WAIT Remote 74.217.253.60:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53957    TIME-WAIT Remote 54.83.59.199:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53954    TIME-WAIT Remote 108.161.189.5:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53953    TIME-WAIT Remote 108.161.189.5:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53884    TIME-WAIT Remote 173.194.115.44:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53885    TIME-WAIT Remote 38.113.165.98:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53952    TIME-WAIT Remote 108.161.189.5:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53887    TIME-WAIT Remote 38.113.165.80:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53950    TIME-WAIT Remote 108.161.189.5:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53949    TIME-WAIT Remote 108.161.189.5:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53891    TIME-WAIT Remote 107.23.176.142:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53892    TIME-WAIT Remote 192.31.109.33:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53948    TIME-WAIT Remote 74.217.253.90:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53946    TIME-WAIT Remote 23.79.145.226:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53895    TIME-WAIT Remote 23.4.59.27:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53897    TIME-WAIT Remote 54.174.32.185:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53941    TIME-WAIT Remote 52.0.157.21:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53939    TIME-WAIT Remote 23.235.44.175:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53937    TIME-WAIT Remote 104.16.25.235:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53935    TIME-WAIT Remote 204.144.140.26:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53907    TIME-WAIT Remote 23.4.59.27:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53933    TIME-WAIT Remote 204.144.141.28:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53926    TIME-WAIT Remote 173.194.115.45:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53911    TIME-WAIT Remote 104.16.25.235:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53912    TIME-WAIT Remote 23.4.59.27:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53923    TIME-WAIT Remote 54.213.45.55:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53914    TIME-WAIT Remote 8.43.72.61:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53915    TIME-WAIT Remote 204.144.140.22:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54249    TIME-WAIT Remote 172.217.0.226:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54245    TIME-WAIT Remote 68.67.128.107:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54242    TIME-WAIT Remote 204.154.110.151:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54241    TIME-WAIT Remote 104.16.24.235:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54238    TIME-WAIT Remote 23.4.59.27:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54235    TIME-WAIT Remote 52.4.24.89:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54233    TIME-WAIT Remote 52.6.220.61:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54228    TIME-WAIT Remote 104.28.29.94:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54227    TIME-WAIT Remote 64.12.245.38:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54223    TIME-WAIT Remote 54.68.214.235:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54219    TIME-WAIT Remote 52.9.110.197:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54216    TIME-WAIT Remote 96.16.218.2:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54214    TIME-WAIT Remote 95.131.122.232:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54213    TIME-WAIT Remote 23.79.145.226:80 (Querying... ) (HTTP)
                    Local 127.0.0.1:53814    TIME-WAIT Remote 127.0.0.1:49706 (Querying... )
                    Local 192.168.1.76:54211    TIME-WAIT Remote 74.217.253.70:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54209    TIME-WAIT Remote 74.217.253.90:80 (Querying... ) (HTTP)
                    Local 127.0.0.1:53859    TIME-WAIT Remote 127.0.0.1:49706 (Querying... )
                    Local 127.0.0.1:53868    TIME-WAIT Remote 127.0.0.1:49706 (Querying... )
                    Local 192.168.1.76:53997    TIME-WAIT Remote 23.4.59.27:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54205    TIME-WAIT Remote 208.81.233.64:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54204    TIME-WAIT Remote 208.81.233.64:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54202    TIME-WAIT Remote 208.81.233.32:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54199    TIME-WAIT Remote 198.41.214.67:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54198    TIME-WAIT Remote 98.139.225.43:80 (Querying... ) (HTTP)
                    Local 127.0.0.1:53961    TIME-WAIT Remote 127.0.0.1:49706 (Querying... )
                    Local 127.0.0.1:53966    TIME-WAIT Remote 127.0.0.1:49706 (Querying... )
                    Local 127.0.0.1:53968    TIME-WAIT Remote 127.0.0.1:49706 (Querying... )
                    Local 127.0.0.1:53985    TIME-WAIT Remote 127.0.0.1:49706 (Querying... )
                    Local 127.0.0.1:53986    TIME-WAIT Remote 127.0.0.1:49706 (Querying... )
                    Local 127.0.0.1:53987    TIME-WAIT Remote 127.0.0.1:49706 (Querying... )
                    Local 127.0.0.1:54038    TIME-WAIT Remote 127.0.0.1:49706 (Querying... )
                    Local 127.0.0.1:54041    TIME-WAIT Remote 127.0.0.1:49706 (Querying... )
                    Local 127.0.0.1:54046    TIME-WAIT Remote 127.0.0.1:49706 (Querying... )
                    Local 127.0.0.1:54053    TIME-WAIT Remote 127.0.0.1:49706 (Querying... )
                    Local 127.0.0.1:54055    TIME-WAIT Remote 127.0.0.1:49706 (Querying... )
                    Local 192.168.1.76:54190    TIME-WAIT Remote 31.13.66.5:80 (Querying... ) (HTTP)
                    Local 127.0.0.1:54164    TIME-WAIT Remote 127.0.0.1:49706 (Querying... )
                    Local 127.0.0.1:54188    TIME-WAIT Remote 127.0.0.1:49706 (Querying... )
                    Local 127.0.0.1:54189    TIME-WAIT Remote 127.0.0.1:49706 (Querying... )
                    Local 192.168.1.76:54187    TIME-WAIT Remote 54.173.236.228:80 (Querying... ) (HTTP)
                    Local 127.0.0.1:54231    TIME-WAIT Remote 127.0.0.1:49706 (Querying... )
                    Local 192.168.1.76:53922    TIME-WAIT Remote 173.194.115.45:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54182    TIME-WAIT Remote 204.154.110.151:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54181    TIME-WAIT Remote 204.154.110.151:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54179    TIME-WAIT Remote 216.137.43.157:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54178    TIME-WAIT Remote 216.137.43.157:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54175    TIME-WAIT Remote 204.154.111.224:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54173    TIME-WAIT Remote 74.217.253.60:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54171    TIME-WAIT Remote 192.229.163.175:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54169    TIME-WAIT Remote 54.230.6.145:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54168    TIME-WAIT Remote 108.161.188.218:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54167    TIME-WAIT Remote 74.125.198.95:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54166    TIME-WAIT Remote 108.161.188.218:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54165    TIME-WAIT Remote 108.161.188.218:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54162    TIME-WAIT Remote 204.154.110.151:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54161    TIME-WAIT Remote 204.154.110.151:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54158    TIME-WAIT Remote 23.79.148.64:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54157    TIME-WAIT Remote 23.79.148.64:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54150    TIME-WAIT Remote 216.58.218.195:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54145    TIME-WAIT Remote 108.161.189.5:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54143    TIME-WAIT Remote 108.161.189.5:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54141    TIME-WAIT Remote 108.161.189.5:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54140    TIME-WAIT Remote 108.161.189.5:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54137    TIME-WAIT Remote 52.4.81.218:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54133    TIME-WAIT Remote 52.71.212.170:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54127    TIME-WAIT Remote 216.137.43.132:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54126    TIME-WAIT Remote 216.137.43.132:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54118    TIME-WAIT Remote 52.90.51.199:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54116    TIME-WAIT Remote 96.16.219.45:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54109    TIME-WAIT Remote 204.154.110.79:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54106    TIME-WAIT Remote 54.173.94.21:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54105    TIME-WAIT Remote 138.108.6.20:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54102    TIME-WAIT Remote 192.31.109.33:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54100    TIME-WAIT Remote 38.113.165.110:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54097    TIME-WAIT Remote 52.71.44.57:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54095    TIME-WAIT Remote 8.247.103.240:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54094    TIME-WAIT Remote 8.247.103.240:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54084    TIME-WAIT Remote 38.113.165.110:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54083    TIME-WAIT Remote 68.67.128.110:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53749    TIME-WAIT Remote 23.97.61.137:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53756    TIME-WAIT Remote 23.235.33.196:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53757    TIME-WAIT Remote 38.113.165.110:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53773    TIME-WAIT Remote 38.113.165.110:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54058    TIME-WAIT Remote 173.194.115.47:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53775    TIME-WAIT Remote 216.58.218.110:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54056    TIME-WAIT Remote 31.13.66.5:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53777    TIME-WAIT Remote 216.58.218.194:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53778    TIME-WAIT Remote 216.58.218.104:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53779    TIME-WAIT Remote 216.58.218.104:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54054    TIME-WAIT Remote 96.16.6.160:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54048    TIME-WAIT Remote 192.229.163.175:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54040    TIME-WAIT Remote 104.16.24.235:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53783    TIME-WAIT Remote 23.4.59.27:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53784    TIME-WAIT Remote 23.4.59.27:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54037    TIME-WAIT Remote 104.16.24.35:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53787    TIME-WAIT Remote 104.16.24.35:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53789    TIME-WAIT Remote 104.16.25.235:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53791    TIME-WAIT Remote 216.58.218.194:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54036    TIME-WAIT Remote 198.41.214.67:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54033    TIME-WAIT Remote 192.229.163.25:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54032    TIME-WAIT Remote 108.161.189.5:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53795    TIME-WAIT Remote 216.58.218.110:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53796    TIME-WAIT Remote 216.58.218.110:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54031    TIME-WAIT Remote 108.161.189.5:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54030    TIME-WAIT Remote 108.161.189.5:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54029    TIME-WAIT Remote 108.161.189.5:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53801    TIME-WAIT Remote 66.150.48.65:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54028    TIME-WAIT Remote 108.161.189.5:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53803    TIME-WAIT Remote 216.58.218.206:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54026    TIME-WAIT Remote 54.152.239.53:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54023    TIME-WAIT Remote 216.58.218.130:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54020    TIME-WAIT Remote 216.58.219.6:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54017    TIME-WAIT Remote 93.184.215.81:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54015    TIME-WAIT Remote 74.217.253.70:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53816    TIME-WAIT Remote 96.17.193.210:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54012    TIME-WAIT Remote 54.241.136.187:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54011    TIME-WAIT Remote 54.241.136.187:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54010    TIME-WAIT Remote 54.241.136.187:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54009    TIME-WAIT Remote 54.241.136.187:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:54008    TIME-WAIT Remote 54.230.6.155:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54006    TIME-WAIT Remote 54.230.6.155:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53825    TIME-WAIT Remote 23.235.33.196:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54002    TIME-WAIT Remote 54.230.6.130:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53919    TIME-WAIT Remote 108.168.240.194:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53834    TIME-WAIT Remote 136.243.13.5:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:54001    TIME-WAIT Remote 54.230.6.242:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53996    TIME-WAIT Remote 23.4.59.27:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53992    TIME-WAIT Remote 54.230.6.130:443 (Querying... ) (HTTPS)
                    Local 192.168.1.76:53990    TIME-WAIT Remote 54.230.6.145:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53989    TIME-WAIT Remote 108.161.188.218:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53855    TIME-WAIT Remote 107.22.211.31:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53980    TIME-WAIT Remote 108.161.188.218:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53857    TIME-WAIT Remote 23.4.59.27:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53861    TIME-WAIT Remote 174.35.21.155:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53978    TIME-WAIT Remote 108.161.188.218:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53864    TIME-WAIT Remote 204.11.109.76:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53977    TIME-WAIT Remote 108.161.188.218:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53974    TIME-WAIT Remote 74.125.198.95:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53970    TIME-WAIT Remote 96.16.6.160:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53969    TIME-WAIT Remote 96.16.6.160:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53967    TIME-WAIT Remote 31.13.66.5:80 (Querying... ) (HTTP)
                    Local 192.168.1.76:53965    TIME-WAIT Remote 52.71.113.17:80 (Querying... ) (HTTP)
                System Process
                    Local 192.168.1.76:139 (NetBIOS session service)    LISTEN
                    Local 0.0.0.0:445 (Windows shares)    LISTEN
                    Local 0.0.0.0:5357    LISTEN
                    Local 0.0.0.0:8092    LISTEN
                    Local 0.0.0.0:80 (HTTP)    LISTEN
                wininit.exe (816)
                    Local 0.0.0.0:49664    LISTEN
Generated with Speccy v1.29.714


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP