Summary Operating System Windows 10 Pro 64-bit CPU Intel Mobile Core 2 Duo P8400 @ 2.26GHz 47 °C Penryn 45nm Technology RAM 4.00GB Dual-Channel DDR2 @ 332MHz (5-5-5-15) Motherboard Dell Inc. 0RX493 (Microprocessor) Graphics Generic PnP Monitor (1440x900@60Hz) Intel Mobile Intel 4 Series Express Chipset Family (Dell) Intel Mobile Intel 4 Series Express Chipset Family (Dell) Storage 298GB Hitachi HTS545032B9A300 (SATA ) 32 °C Optical Drives TSSTcorp DVD+-RW TS-U633A Audio IDT High Definition Audio CODEC Operating System Windows 10 Pro 64-bit Computer type: Portable Installation Date: 2019/06/12 9:42:19 PM Serial Number: Windows Security Center User Account Control (UAC) Enabled Notify level 2 - Default Firewall Enabled Windows Update AutoUpdate Not configured Windows Defender Windows Defender Disabled Antivirus Windows Defender Antivirus Disabled Virus Signature Database Up to date Malwarebytes Antivirus Enabled Virus Signature Database Up to date Kaspersky Free Antivirus Enabled Virus Signature Database Up to date .NET Frameworks installed v4.7 Full v4.7 Client v3.5 SP1 v3.0 SP2 v2.0 SP2 Internet Explorer Version 11.829.17134.0 PowerShell Version 5.1.17134.1 Environment Variables USERPROFILE C:\Users\Surgery SystemRoot C:\WINDOWS User Variables OneDrive C:\Users\Surgery\OneDrive Path C:\Users\Surgery\AppData\Local\Microsoft\WindowsApps TEMP C:\Users\Surgery\AppData\Local\Temp TMP C:\Users\Surgery\AppData\Local\Temp Machine Variables ComSpec C:\WINDOWS\system32\cmd.exe DriverData C:\Windows\System32\Drivers\DriverData NUMBER_OF_PROCESSORS 2 OS Windows_NT Path C:\WINDOWS\system32 C:\WINDOWS C:\WINDOWS\System32\Wbem C:\WINDOWS\System32\WindowsPowerShell\v1.0\ C:\WINDOWS\System32\OpenSSH\ PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE AMD64 PROCESSOR_IDENTIFIER Intel64 Family 6 Model 23 Stepping 6, GenuineIntel PROCESSOR_LEVEL 6 PROCESSOR_REVISION 1706 PSModulePath %ProgramFiles%\WindowsPowerShell\Modules C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules TEMP C:\WINDOWS\TEMP TMP C:\WINDOWS\TEMP USERNAME SYSTEM windir C:\WINDOWS Battery AC Line Online Battery Charge % 100 % Battery State High Remaining Battery Time Unknown Power Profile Active power scheme Balanced Hibernation Enabled Turn Off Monitor after: (On AC Power) 20 min Turn Off Monitor after: (On Battery Power) 5 min Turn Off Hard Disk after: (On AC Power) 20 min Turn Off Hard Disk after: (On Battery Power) 10 min Suspend after: (On AC Power) 30 min Suspend after: (On Battery Power) 15 min Screen saver Disabled Uptime Current Session Current Time 2019/06/17 3:54:15 PM Current Uptime 6 008 sec (0 d, 01 h, 40 m, 08 s) Last Boot Time 2019/06/17 2:14:07 PM Services Running Adobe Acrobat Update Service Running Andrea ST Filters Service Running Application Information Running Audio Service Running Background Tasks Infrastructure Service Running Base Filtering Engine Running Certificate Propagation Running CNG Key Isolation Running COM+ Event System Running Connected Devices Platform Service Running Connected Devices Platform User Service_34ec4 Running Connected User Experiences and Telemetry Running CoreMessaging Running Credential Manager Running Cryptographic Services Running Data Usage Running DCOM Server Process Launcher Running Delivery Optimization Running Dell Data Vault Collector Running Dell Data Vault Processor Running Dell Data Vault Service API Running Dell Hardware Support Running Dell SupportAssist Running DHCP Client Running Diagnostic Policy Service Running Diagnostic Service Host Running Diagnostic System Host Running Distributed Link Tracking Client Running DNS Client Running Geolocation Service Running Group Policy Client Running HitmanPro Scheduler Running Human Interface Device Service Running IP Helper Running Kaspersky Anti-Virus Service 19.0.0 Running Kaspersky Secure Connection Service 3.0.0 Running Local Session Manager Running Malwarebytes Service Running Network Connection Broker Running Network List Service Running Network Location Awareness Running Network Store Interface Service Running Payments and NFC/SE Manager Running Peer Networking Identity Manager Running Plug and Play Running Power Running Print Spooler Running Program Compatibility Assistant Service Running Radio Management Service Running Remote Access Connection Manager Running Remote Procedure Call (RPC) Running RPC Endpoint Mapper Running Secure Socket Tunneling Protocol Service Running Security Accounts Manager Running Security Center Running Server Running Shell Hardware Detection Running Smart Card Running SSDP Discovery Running State Repository Service Running Storage Service Running Superfetch Running Sync Host_34ec4 Running System Event Notification Service Running System Events Broker Running System Guard Runtime Monitor Broker Running Task Scheduler Running Telephony Running Themes Running Time Broker Running Touch Keyboard and Handwriting Panel Service Running Update Orchestrator Service Running User Manager Running User Profile Service Running Web Account Manager Running Windows Audio Running Windows Audio Endpoint Builder Running Windows Connection Manager Running Windows Defender Firewall Running Windows Defender Security Center Service Running Windows Event Log Running Windows Font Cache Service Running Windows License Manager Service Running Windows Management Instrumentation Running Windows Push Notifications System Service Running Windows Push Notifications User Service_34ec4 Running Windows Remediation Service Running Windows Search Running WinHTTP Web Proxy Auto-Discovery Service Running WLAN AutoConfig Running Workstation Stopped ActiveX Installer (AxInstSV) Stopped AllJoyn Router Service Stopped App Readiness Stopped Application Identity Stopped Application Layer Gateway Service Stopped Application Management Stopped AppX Deployment Service (AppXSVC) Stopped AssignedAccessManager Service Stopped Auto Time Zone Updater Stopped AVCTP service Stopped Background Intelligent Transfer Service Stopped BitLocker Drive Encryption Service Stopped Block Level Backup Engine Service Stopped Bluetooth Audio Gateway Service Stopped Bluetooth Support Service Stopped Bluetooth User Support Service_34ec4 Stopped BranchCache Stopped Capability Access Manager Service Stopped CaptureService_34ec4 Stopped Client License Service (ClipSVC) Stopped COM+ System Application Stopped Contact Data_34ec4 Stopped Data Sharing Service Stopped Device Association Service Stopped Device Install Service Stopped Device Management Enrollment Service Stopped Device Setup Manager Stopped DevicePicker_34ec4 Stopped DevicesFlow_34ec4 Stopped DevQuery Background Discovery Broker Stopped Diagnostic Execution Service Stopped Distributed Transaction Coordinator Stopped dmwappushsvc Stopped Downloaded Maps Manager Stopped Embedded Mode Stopped Encrypting File System (EFS) Stopped Enterprise App Management Service Stopped Extensible Authentication Protocol Stopped Fax Stopped File History Service Stopped Function Discovery Provider Host Stopped Function Discovery Resource Publication Stopped GameDVR and Broadcast User Service_34ec4 Stopped Google Chrome Elevation Service Stopped Google Update Service (gupdate) Stopped Google Update Service (gupdatem) Stopped GraphicsPerfSvc Stopped HitmanPro 3.8 Crusader (Boot) Stopped HV Host Service Stopped Hyper-V Data Exchange Service Stopped Hyper-V Guest Service Interface Stopped Hyper-V Guest Shutdown Service Stopped Hyper-V Heartbeat Service Stopped Hyper-V PowerShell Direct Service Stopped Hyper-V Remote Desktop Virtualization Service Stopped Hyper-V Time Synchronization Service Stopped Hyper-V Volume Shadow Copy Requestor Stopped IKE and AuthIP IPsec Keying Modules Stopped Infrared monitor service Stopped Internet Connection Sharing (ICS) Stopped IP Translation Configuration Service Stopped IPsec Policy Agent Stopped klvssbridge64_19.0.0 Stopped KtmRm for Distributed Transaction Coordinator Stopped Language Experience Service Stopped Link-Layer Topology Discovery Mapper Stopped Local Profile Assistant Service Stopped MessagingService_34ec4 Stopped Microsoft Diagnostics Hub Standard Collector Service Stopped Microsoft Account Sign-in Assistant Stopped Microsoft App-V Client Stopped Microsoft iSCSI Initiator Service Stopped Microsoft Passport Stopped Microsoft Passport Container Stopped Microsoft Software Shadow Copy Provider Stopped Microsoft Storage Spaces SMP Stopped Microsoft Store Install Service Stopped Microsoft Windows SMS Router Service. Stopped Natural Authentication Stopped Net.Tcp Port Sharing Service Stopped Netlogon Stopped Network Connected Devices Auto-Setup Stopped Network Connections Stopped Network Connectivity Assistant Stopped Network Setup Service Stopped Office Source Engine Stopped Offline Files Stopped OpenSSH Authentication Agent Stopped Optimize drives Stopped Parental Controls Stopped Peer Name Resolution Protocol Stopped Peer Networking Grouping Stopped Performance Counter DLL Host Stopped Performance Logs & Alerts Stopped Phone Service Stopped PNRP Machine Name Publication Service Stopped Portable Device Enumerator Service Stopped Printer Extensions and Notifications Stopped PrintWorkflow_34ec4 Stopped Problem Reports and Solutions Control Panel Support Stopped Quality Windows Audio Video Experience Stopped Remote Access Auto Connection Manager Stopped Remote Desktop Configuration Stopped Remote Desktop Services Stopped Remote Desktop Services UserMode Port Redirector Stopped Remote Procedure Call (RPC) Locator Stopped Remote Procedure Call (RPC) Net Stopped Remote Registry Stopped Retail Demo Service Stopped Routing and Remote Access Stopped Secondary Logon Stopped Sensor Data Service Stopped Sensor Monitoring Service Stopped Sensor Service Stopped Shared PC Account Manager Stopped Smart Card Device Enumeration Service Stopped Smart Card Removal Policy Stopped SNMP Trap Stopped Software Protection Stopped Spatial Data Service Stopped Spot Verifier Stopped Still Image Acquisition Events Stopped Storage Tiers Management Stopped TCP/IP NetBIOS Helper Stopped UPnP Device Host Stopped User Data Access_34ec4 Stopped User Data Storage_34ec4 Stopped User Experience Virtualization Service Stopped Virtual Disk Stopped Volume Shadow Copy Stopped Volumetric Audio Compositor Service Stopped WalletService Stopped WarpJITSvc Stopped WebClient Stopped Wi-Fi Direct Services Connection Manager Service Stopped Windows Backup Stopped Windows Biometric Service Stopped Windows Camera Frame Server Stopped Windows Connect Now - Config Registrar Stopped Windows Defender Advanced Threat Protection Service Stopped Windows Defender Antivirus Network Inspection Service Stopped Windows Defender Antivirus Service Stopped Windows Encryption Provider Host Service Stopped Windows Error Reporting Service Stopped Windows Event Collector Stopped Windows Image Acquisition (WIA) Stopped Windows Insider Service Stopped Windows Installer Stopped Windows Media Player Network Sharing Service Stopped Windows Mobile Hotspot Service Stopped Windows Modules Installer Stopped Windows Perception Service Stopped Windows Presentation Foundation Font Cache 3.0.0.0 Stopped Windows PushToInstall Service Stopped Windows Remote Management (WS-Management) Stopped Windows Time Stopped Windows Update Stopped Windows Update Medic Service Stopped Wired AutoConfig Stopped WMI Performance Adapter Stopped Work Folders Stopped WWAN AutoConfig Stopped Xbox Accessory Management Service Stopped Xbox Game Monitoring Stopped Xbox Live Auth Manager Stopped Xbox Live Game Save Stopped Xbox Live Networking Service TimeZone TimeZone GMT +2:00 Hours Language English (South Africa) Location South Africa Format English (South Africa) Currency R Date Format yyyy/MM/dd Time Format h:mm:ss tt Scheduler 2019/06/17 4:09 PM; GoogleUpdateTaskMachineUA 2019/06/17 10:09 PM; GoogleUpdateTaskMachineCore 2019/06/18 10:00 AM; Adobe Acrobat Update Task 2019/06/18 12:21 PM; OneDrive Standalone Update Task-S-1-5-21-107219719-2777607667-2193668656-1001 2019/06/19 8:23 PM; Dell SupportAssistAgent AutoUpdate Hotfixes Installed 2019/06/17 IDT - Audio - IDT High Definition Audio CODEC IDT Audio software update released in March, 2010 2019/06/15 Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.295.761.0) Install this update to revise the definition files that are used to detect viruses, spyware, and other potentially unwanted software. Once you have installed this item, it cannot be removed. 2019/06/14 Windows Malicious Software Removal Tool x64 - June 2019 (KB890830) After the download, this tool runs one time to check your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection that is found. If an infection is found, the tool will display a status report the next time that you start your computer. A new version of the tool will be offered every month. If you want to manually run the tool on your computer, you can download a copy from the Microsoft Download Center, or you can run an online version from microsoft.com. This tool is not a replacement for an antivirus product. To help protect your computer, you should use an antivirus product. 2019/06/14 Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.295.686.0) Install this update to revise the definition files that are used to detect viruses, spyware, and other potentially unwanted software. Once you have installed this item, it cannot be removed. 2019/06/13 2019-06 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4503286) Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer. 2019/06/13 Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.295.619.0) Install this update to revise the definition files that are used to detect viruses, spyware, and other potentially unwanted software. Once you have installed this item, it cannot be removed. 2019/06/13 Update for Windows Defender Antivirus antimalware platform - KB4052623 (Version 4.18.1905.4) This package will update Windows Defender Antivirus antimalware platform’s components on the user machine. 2019/06/13 2019-05 Update for Windows 10 Version 1803 for x64-based Systems (KB4023057) A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system. Not Installed System Folders Application Data C:\ProgramData Cookies C:\Users\Surgery\AppData\Local\Microsoft\Windows\INetCookies Desktop C:\Users\Surgery\Desktop Documents C:\Users\Public\Documents Fonts C:\WINDOWS\Fonts Global Favorites C:\Users\Surgery\Favorites Internet History C:\Users\Surgery\AppData\Local\Microsoft\Windows\History Local Application Data C:\Users\Surgery\AppData\Local Music C:\Users\Public\Music Path for burning CD C:\Users\Surgery\AppData\Local\Microsoft\Windows\Burn\Burn Physical Desktop C:\Users\Surgery\Desktop Pictures C:\Users\Public\Pictures Program Files C:\Program Files Public Desktop C:\Users\Public\Desktop Start Menu C:\ProgramData\Microsoft\Windows\Start Menu Start Menu Programs C:\ProgramData\Microsoft\Windows\Start Menu\Programs Startup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Templates C:\ProgramData\Microsoft\Windows\Templates Temporary Internet Files C:\Users\Surgery\AppData\Local\Microsoft\Windows\INetCache User Favorites C:\Users\Surgery\Favorites Videos C:\Users\Public\Videos Windows Directory C:\WINDOWS Windows/System C:\WINDOWS\system32 Process List AESTSr64.exe Process ID 2296 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_e085d3cd5b474ba6\AESTSr64.exe Memory Usage 2.33 MB Peak Memory Usage 2.85 MB armsvc.exe Process ID 2724 User SYSTEM Domain NT AUTHORITY Path C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe Memory Usage 5.67 MB Peak Memory Usage 6.62 MB audiodg.exe Process ID 8296 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\audiodg.exe Memory Usage 13 MB Peak Memory Usage 15 MB avp.exe Process ID 3952 User SYSTEM Domain NT AUTHORITY Path C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe Memory Usage 109 MB Peak Memory Usage 220 MB avp.exe Process ID 6708 User SYSTEM Domain NT AUTHORITY Path C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe Memory Usage 46 MB Peak Memory Usage 46 MB avpui.exe Process ID 6232 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe Memory Usage 5.78 MB Peak Memory Usage 106 MB chrome.exe Process ID 1304 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Memory Usage 29 MB Peak Memory Usage 31 MB chrome.exe Process ID 3136 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Memory Usage 63 MB Peak Memory Usage 69 MB chrome.exe Process ID 1160 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Memory Usage 37 MB Peak Memory Usage 40 MB chrome.exe Process ID 1152 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Memory Usage 104 MB Peak Memory Usage 147 MB chrome.exe Process ID 7640 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Memory Usage 7.31 MB Peak Memory Usage 7.43 MB chrome.exe Process ID 3448 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Memory Usage 83 MB Peak Memory Usage 169 MB chrome.exe Process ID 4360 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Memory Usage 7.79 MB Peak Memory Usage 8.15 MB chrome.exe Process ID 1084 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Memory Usage 103 MB Peak Memory Usage 135 MB chrome.exe Process ID 2420 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Memory Usage 55 MB Peak Memory Usage 60 MB chrome.exe Process ID 9404 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Memory Usage 23 MB Peak Memory Usage 23 MB chrome.exe Process ID 8700 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Memory Usage 68 MB Peak Memory Usage 79 MB chrome.exe Process ID 1676 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Memory Usage 70 MB Peak Memory Usage 78 MB chrome.exe Process ID 8684 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Memory Usage 59 MB Peak Memory Usage 67 MB cmd.exe Process ID 2352 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Windows\System32\cmd.exe Memory Usage 4.38 MB Peak Memory Usage 6.20 MB conhost.exe Process ID 6892 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Windows\System32\conhost.exe Memory Usage 12 MB Peak Memory Usage 16 MB conhost.exe Process ID 1908 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\conhost.exe Memory Usage 4.90 MB Peak Memory Usage 9.08 MB csrss.exe Process ID 644 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\csrss.exe Memory Usage 4.38 MB Peak Memory Usage 5.10 MB csrss.exe Process ID 740 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\csrss.exe Memory Usage 4.53 MB Peak Memory Usage 14 MB ctfmon.exe Process ID 2600 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Windows\System32\ctfmon.exe Memory Usage 13 MB Peak Memory Usage 13 MB DDVCollectorSvcApi.exe Process ID 9288 User SYSTEM Domain NT AUTHORITY Path C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe Memory Usage 6.24 MB Peak Memory Usage 6.81 MB DDVDataCollector.exe Process ID 8456 User SYSTEM Domain NT AUTHORITY Path C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe Memory Usage 15 MB Peak Memory Usage 21 MB DDVRulesProcessor.exe Process ID 7472 User SYSTEM Domain NT AUTHORITY Path C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe Memory Usage 11 MB Peak Memory Usage 13 MB dllhost.exe Process ID 7220 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Windows\System32\dllhost.exe Memory Usage 9.30 MB Peak Memory Usage 10 MB dllhost.exe Process ID 5644 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Windows\System32\dllhost.exe Memory Usage 5.93 MB Peak Memory Usage 6.26 MB DSAPI.exe Process ID 7764 User SYSTEM Domain NT AUTHORITY Path C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7033.2285\DSAPI.exe Memory Usage 52 MB Peak Memory Usage 65 MB dwm.exe Process ID 1108 User DWM-1 Domain Window Manager Path C:\Windows\System32\dwm.exe Memory Usage 60 MB Peak Memory Usage 67 MB explorer.exe Process ID 4864 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Windows\explorer.exe Memory Usage 99 MB Peak Memory Usage 111 MB fontdrvhost.exe Process ID 924 User UMFD-0 Domain Font Driver Host Path C:\Windows\System32\fontdrvhost.exe Memory Usage 2.91 MB Peak Memory Usage 3.88 MB fontdrvhost.exe Process ID 1036 User UMFD-1 Domain Font Driver Host Path C:\Windows\System32\fontdrvhost.exe Memory Usage 4.54 MB Peak Memory Usage 4.61 MB hmpsched.exe Process ID 2256 User SYSTEM Domain NT AUTHORITY Path C:\Program Files\HitmanPro\hmpsched.exe Memory Usage 4.70 MB Peak Memory Usage 17 MB ksde.exe Process ID 6216 User SYSTEM Domain NT AUTHORITY Path C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe Memory Usage 19 MB Peak Memory Usage 27 MB ksdeui.exe Process ID 6132 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe Memory Usage 1.33 MB Peak Memory Usage 16 MB LockApp.exe Process ID 1852 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe Memory Usage 35 MB Peak Memory Usage 44 MB lsass.exe Process ID 804 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\lsass.exe Memory Usage 15 MB Peak Memory Usage 15 MB MBAMService.exe Process ID 3164 User SYSTEM Domain NT AUTHORITY Path C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Memory Usage 105 MB Peak Memory Usage 203 MB mbamtray.exe Process ID 5420 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Memory Usage 29 MB Peak Memory Usage 36 MB Memory Compression Process ID 2020 User SYSTEM Domain NT AUTHORITY Memory Usage 139 MB Peak Memory Usage 164 MB MSASCuiL.exe Process ID 7012 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Program Files\Windows Defender\MSASCuiL.exe Memory Usage 8.07 MB Peak Memory Usage 8.87 MB pcdrwi.exe Process ID 7188 User SYSTEM Domain NT AUTHORITY Path C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7033.2285\pcdrwi.exe Memory Usage 51 MB Peak Memory Usage 106 MB Registry Process ID 88 User SYSTEM Domain NT AUTHORITY Memory Usage 27 MB Peak Memory Usage 82 MB RuntimeBroker.exe Process ID 2372 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Windows\System32\RuntimeBroker.exe Memory Usage 24 MB Peak Memory Usage 32 MB RuntimeBroker.exe Process ID 6532 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Windows\System32\RuntimeBroker.exe Memory Usage 25 MB Peak Memory Usage 29 MB RuntimeBroker.exe Process ID 1136 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Windows\System32\RuntimeBroker.exe Memory Usage 27 MB Peak Memory Usage 35 MB RuntimeBroker.exe Process ID 10044 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Windows\System32\RuntimeBroker.exe Memory Usage 27 MB Peak Memory Usage 31 MB SearchIndexer.exe Process ID 6852 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\SearchIndexer.exe Memory Usage 23 MB Peak Memory Usage 26 MB SearchUI.exe Process ID 2552 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe Memory Usage 83 MB Peak Memory Usage 170 MB SecurityHealthService.exe Process ID 3268 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\SecurityHealthService.exe Memory Usage 13 MB Peak Memory Usage 14 MB sedsvc.exe Process ID 6380 User SYSTEM Domain NT AUTHORITY Path C:\Program Files\rempl\sedsvc.exe Memory Usage 12 MB Peak Memory Usage 16 MB services.exe Process ID 796 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\services.exe Memory Usage 9.31 MB Peak Memory Usage 15 MB SgrmBroker.exe Process ID 9888 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\SgrmBroker.exe Memory Usage 4.48 MB Peak Memory Usage 4.86 MB ShellExperienceHost.exe Process ID 5300 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Memory Usage 70 MB Peak Memory Usage 99 MB sihost.exe Process ID 4792 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Windows\System32\sihost.exe Memory Usage 21 MB Peak Memory Usage 22 MB smss.exe Process ID 484 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\smss.exe Memory Usage 928 KB Peak Memory Usage 1.17 MB Speccy64.exe Process ID 4664 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Program Files\Speccy\Speccy64.exe Memory Usage 26 MB Peak Memory Usage 26 MB spoolsv.exe Process ID 2868 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\spoolsv.exe Memory Usage 11 MB Peak Memory Usage 14 MB stacsv64.exe Process ID 1764 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_e085d3cd5b474ba6\stacsv64.exe Memory Usage 7.63 MB Peak Memory Usage 8.35 MB sttray64.exe Process ID 7148 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Program Files\IDT\WDM\sttray64.exe Memory Usage 13 MB Peak Memory Usage 18 MB SupportAssistAgent.exe Process ID 9584 User SYSTEM Domain NT AUTHORITY Path C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe Memory Usage 105 MB Peak Memory Usage 126 MB svchost.exe Process ID 648 User NETWORK SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 11 MB Peak Memory Usage 11 MB svchost.exe Process ID 744 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 7.08 MB Peak Memory Usage 7.95 MB svchost.exe Process ID 1236 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 8.48 MB Peak Memory Usage 8.98 MB svchost.exe Process ID 1308 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 10 MB Peak Memory Usage 11 MB svchost.exe Process ID 1348 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 13 MB Peak Memory Usage 15 MB svchost.exe Process ID 1416 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 9.03 MB Peak Memory Usage 10 MB svchost.exe Process ID 1424 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 6.46 MB Peak Memory Usage 6.95 MB svchost.exe Process ID 1476 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 5.22 MB Peak Memory Usage 5.84 MB svchost.exe Process ID 1484 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 15 MB Peak Memory Usage 21 MB svchost.exe Process ID 1564 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 7.76 MB Peak Memory Usage 8.59 MB svchost.exe Process ID 1612 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 7.17 MB Peak Memory Usage 7.84 MB svchost.exe Process ID 1664 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 6.79 MB Peak Memory Usage 7.13 MB svchost.exe Process ID 1752 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 7.84 MB Peak Memory Usage 9.61 MB svchost.exe Process ID 1832 User NETWORK SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 11 MB Peak Memory Usage 12 MB svchost.exe Process ID 1932 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 4.96 MB Peak Memory Usage 5.73 MB svchost.exe Process ID 1948 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 77 MB Peak Memory Usage 95 MB svchost.exe Process ID 3732 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 10 MB Peak Memory Usage 12 MB svchost.exe Process ID 3428 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 5.46 MB Peak Memory Usage 6.47 MB svchost.exe Process ID 4800 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Windows\System32\svchost.exe Memory Usage 18 MB Peak Memory Usage 18 MB svchost.exe Process ID 4828 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Windows\System32\svchost.exe Memory Usage 29 MB Peak Memory Usage 35 MB svchost.exe Process ID 4432 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 6.72 MB Peak Memory Usage 7.45 MB svchost.exe Process ID 3352 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 4.75 MB Peak Memory Usage 5.57 MB svchost.exe Process ID 4648 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 13 MB Peak Memory Usage 14 MB svchost.exe Process ID 4768 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 10 MB Peak Memory Usage 13 MB svchost.exe Process ID 3180 User NETWORK SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 5.85 MB Peak Memory Usage 6.91 MB svchost.exe Process ID 3528 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 4.66 MB Peak Memory Usage 5.34 MB svchost.exe Process ID 3156 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 7.62 MB Peak Memory Usage 8.62 MB svchost.exe Process ID 1924 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 6.79 MB Peak Memory Usage 7.53 MB svchost.exe Process ID 4872 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 9.24 MB Peak Memory Usage 10 MB svchost.exe Process ID 3132 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 7.03 MB Peak Memory Usage 7.41 MB svchost.exe Process ID 4868 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Windows\System32\svchost.exe Memory Usage 10 MB Peak Memory Usage 11 MB svchost.exe Process ID 3108 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 32 MB Peak Memory Usage 38 MB svchost.exe Process ID 3100 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 19 MB Peak Memory Usage 20 MB svchost.exe Process ID 2292 User NETWORK SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 11 MB Peak Memory Usage 12 MB svchost.exe Process ID 7968 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 5.84 MB Peak Memory Usage 13 MB svchost.exe Process ID 2980 User NETWORK SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 6.70 MB Peak Memory Usage 7.71 MB svchost.exe Process ID 2964 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 11 MB Peak Memory Usage 12 MB svchost.exe Process ID 2912 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 17 MB Peak Memory Usage 21 MB svchost.exe Process ID 3344 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 18 MB Peak Memory Usage 20 MB svchost.exe Process ID 9704 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 7.75 MB Peak Memory Usage 8.32 MB svchost.exe Process ID 7480 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 7.52 MB Peak Memory Usage 8.23 MB svchost.exe Process ID 2788 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 12 MB Peak Memory Usage 13 MB svchost.exe Process ID 2692 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 11 MB Peak Memory Usage 15 MB svchost.exe Process ID 9008 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 7.69 MB Peak Memory Usage 10 MB svchost.exe Process ID 3060 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 4.77 MB Peak Memory Usage 4.87 MB svchost.exe Process ID 2608 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 18 MB Peak Memory Usage 18 MB svchost.exe Process ID 2532 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 16 MB Peak Memory Usage 16 MB svchost.exe Process ID 2524 User NETWORK SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 15 MB Peak Memory Usage 78 MB svchost.exe Process ID 2484 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 6.67 MB Peak Memory Usage 7.23 MB svchost.exe Process ID 2356 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 10 MB Peak Memory Usage 12 MB svchost.exe Process ID 2340 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 5.51 MB Peak Memory Usage 6.24 MB svchost.exe Process ID 2824 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 12 MB Peak Memory Usage 13 MB svchost.exe Process ID 2332 User NETWORK SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 7.34 MB Peak Memory Usage 7.64 MB svchost.exe Process ID 2300 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 11 MB Peak Memory Usage 13 MB svchost.exe Process ID 2168 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 14 MB Peak Memory Usage 16 MB svchost.exe Process ID 1256 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 15 MB Peak Memory Usage 21 MB svchost.exe Process ID 1384 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 6.30 MB Peak Memory Usage 7.32 MB svchost.exe Process ID 916 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 3.32 MB Peak Memory Usage 3.93 MB svchost.exe Process ID 8340 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 8.40 MB Peak Memory Usage 8.40 MB svchost.exe Process ID 1660 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 6.45 MB Peak Memory Usage 6.53 MB svchost.exe Process ID 1232 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 6.82 MB Peak Memory Usage 7.75 MB svchost.exe Process ID 1000 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 8.50 MB Peak Memory Usage 8.75 MB svchost.exe Process ID 6808 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 5.60 MB Peak Memory Usage 5.69 MB svchost.exe Process ID 2040 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 7.41 MB Peak Memory Usage 7.90 MB svchost.exe Process ID 1004 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\svchost.exe Memory Usage 22 MB Peak Memory Usage 34 MB System Process ID 4 Memory Usage 648 KB Peak Memory Usage 12 MB System Idle Process Process ID 0 taskhostw.exe Process ID 4944 User Jana_Mostert Domain DESKTOP-J7HTNHM Path C:\Windows\System32\taskhostw.exe Memory Usage 14 MB Peak Memory Usage 14 MB wininit.exe Process ID 732 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\wininit.exe Memory Usage 4.97 MB Peak Memory Usage 6.53 MB winlogon.exe Process ID 548 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\winlogon.exe Memory Usage 7.58 MB Peak Memory Usage 14 MB WmiPrvSE.exe Process ID 8660 User NETWORK SERVICE Domain NT AUTHORITY Path C:\Windows\SysWOW64\wbem\WmiPrvSE.exe Memory Usage 8.27 MB Peak Memory Usage 8.89 MB WmiPrvSE.exe Process ID 5156 User NETWORK SERVICE Domain NT AUTHORITY Path C:\Windows\System32\wbem\WmiPrvSE.exe Memory Usage 7.77 MB Peak Memory Usage 7.83 MB WmiPrvSE.exe Process ID 9432 User SYSTEM Domain NT AUTHORITY Path C:\Windows\System32\wbem\WmiPrvSE.exe Memory Usage 8.09 MB Peak Memory Usage 8.32 MB WmiPrvSE.exe Process ID 540 User NETWORK SERVICE Domain NT AUTHORITY Path C:\Windows\System32\wbem\WmiPrvSE.exe Memory Usage 20 MB Peak Memory Usage 20 MB WUDFHost.exe Process ID 908 User LOCAL SERVICE Domain NT AUTHORITY Path C:\Windows\System32\WUDFHost.exe Memory Usage 6.21 MB Peak Memory Usage 7.09 MB Security Options Accounts: Administrator account status Disabled Accounts: Block Microsoft accounts Not Defined Accounts: Guest account status Disabled Accounts: Limit local account use of blank passwords to console logon only Enabled Accounts: Rename administrator account Administrator Accounts: Rename guest account Guest Audit: Audit the access of global system objects Disabled Audit: Audit the use of Backup and Restore privilege Enabled Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings Enabled Audit: Shut down system immediately if unable to log security audits Disabled DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax Not Defined DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax Not Defined Devices: Allow undock without having to log on Enabled Devices: Allowed to format and eject removable media Not Defined Devices: Prevent users from installing printer drivers Disabled Devices: Restrict CD-ROM access to locally logged-on user only Not Defined Devices: Restrict floppy access to locally logged-on user only Not Defined Domain controller: Allow server operators to schedule tasks Not Defined Domain controller: LDAP server signing requirements Not Defined Domain controller: Refuse machine account password changes Not Defined Domain member: Digitally encrypt or sign secure channel data (always) Enabled Domain member: Digitally encrypt secure channel data (when possible) Enabled Domain member: Digitally sign secure channel data (when possible) Enabled Domain member: Disable machine account password changes Disabled Domain member: Maximum machine account password age 30 days Domain member: Require strong (Windows 2000 or later) session key Enabled Interactive logon: Display user information when the session is locked Not Defined Interactive logon: Do not require CTRL+ALT+DEL Not Defined Interactive logon: Don't display last signed-in Not Defined Interactive logon: Don't display username at sign-in Not Defined Interactive logon: Machine account lockout threshold Not Defined Interactive logon: Machine inactivity limit Not Defined Interactive logon: Message text for users attempting to log on Not Defined Interactive logon: Message title for users attempting to log on Interactive logon: Number of previous logons to cache (in case domain controller is not available) 10 logons Interactive logon: Prompt user to change password before expiration 5 days Interactive logon: Require Domain Controller authentication to unlock workstation Disabled Interactive logon: Require Windows Hello for Business or smart card Not Defined Interactive logon: Smart card removal behavior Not Defined Microsoft network client: Digitally sign communications (always) Disabled Microsoft network client: Digitally sign communications (if server agrees) Enabled Microsoft network client: Send unencrypted password to third-party SMB servers Disabled Microsoft network server: Amount of idle time required before suspending session Not Defined Microsoft network server: Attempt S4U2Self to obtain claim information Not Defined Microsoft network server: Digitally sign communications (always) Not Defined Microsoft network server: Digitally sign communications (if client agrees) Not Defined Microsoft network server: Disconnect clients when logon hours expire Not Defined Microsoft network server: Server SPN target name validation level Not Defined Network access: Allow anonymous SID/Name translation Disabled Network access: Do not allow anonymous enumeration of SAM accounts Enabled Network access: Do not allow anonymous enumeration of SAM accounts and shares Disabled Network access: Do not allow storage of passwords and credentials for network authentication Disabled Network access: Let Everyone permissions apply to anonymous users Disabled Network access: Named Pipes that can be accessed anonymously Network access: Remotely accessible registry paths System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion Network access: Remotely accessible registry paths and sub-paths System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion\Print,Software\Microsoft\Windows NT\CurrentVersion\Windows,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration,Software\Microsoft\Windows NT\CurrentVersion\Perflib,System\CurrentControlSet\Services\SysmonLog Network access: Restrict anonymous access to Named Pipes and Shares Enabled Network access: Restrict clients allowed to make remote calls to SAM Network access: Shares that can be accessed anonymously Not Defined Network access: Sharing and security model for local accounts Classic - local users authenticate as themselves Network security: Allow Local System to use computer identity for NTLM Not Defined Network security: Allow LocalSystem NULL session fallback Not Defined Network security: Allow PKU2U authentication requests to this computer to use online identities. Not Defined Network security: Configure encryption types allowed for Kerberos Not Defined Network security: Do not store LAN Manager hash value on next password change Enabled Network security: Force logoff when logon hours expire Disabled Network security: LAN Manager authentication level Not Defined Network security: LDAP client signing requirements Negotiate signing Network security: Minimum session security for NTLM SSP based (including secure RPC) clients Require 128-bit encryption Network security: Minimum session security for NTLM SSP based (including secure RPC) servers Require 128-bit encryption Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication Not Defined Network security: Restrict NTLM: Add server exceptions in this domain Not Defined Network security: Restrict NTLM: Audit Incoming NTLM Traffic Not Defined Network security: Restrict NTLM: Audit NTLM authentication in this domain Not Defined Network security: Restrict NTLM: Incoming NTLM traffic Not Defined Network security: Restrict NTLM: NTLM authentication in this domain Not Defined Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers Not Defined Recovery console: Allow automatic administrative logon Not Defined Recovery console: Allow floppy copy and access to all drives and all folders Not Defined Shutdown: Allow system to be shut down without having to log on Not Defined Shutdown: Clear virtual memory pagefile Disabled System cryptography: Force strong key protection for user keys stored on the computer Not Defined System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing Disabled System objects: Require case insensitivity for non-Windows subsystems Enabled System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) Enabled System settings: Optional subsystems System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies Not Defined User Account Control: Admin Approval Mode for the Built-in Administrator account Not Defined User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop Disabled User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode Prompt for consent for non-Windows binaries User Account Control: Behavior of the elevation prompt for standard users Prompt for credentials User Account Control: Detect application installations and prompt for elevation Enabled User Account Control: Only elevate executables that are signed and validated Disabled User Account Control: Only elevate UIAccess applications that are installed in secure locations Enabled User Account Control: Run all administrators in Admin Approval Mode Enabled User Account Control: Switch to the secure desktop when prompting for elevation Enabled User Account Control: Virtualize file and registry write failures to per-user locations Enabled Device Tree ACPI x64-based PC Microsoft ACPI-Compliant System ACPI Lid ACPI Power Button ACPI Sleep Button ACPI Thermal Zone Intel Core2 Duo CPU P8400 @ 2.26GHz Intel Core2 Duo CPU P8400 @ 2.26GHz Microsoft AC Adapter Microsoft ACPI-Compliant Control Method Battery Microsoft ACPI-Compliant Control Method Battery Microsoft Windows Management Interface for ACPI System board PCI Bus CPU to DRAM Controller Intel 82567LM Gigabit Network Connection Mobile Intel 4 Series Express Chipset Family (Microsoft Corporation - WDDM 1.1) PCI-to-PCI Bridge PCI-to-PCI Bridge SM Bus Controller System board System board Mobile Intel(R) 4 Series Express Chipset Family (Microsoft Corporation - WDDM 1.1) Generic PnP Monitor Intel(R) ICH9 Family USB Universal Host Controller - 2937 USB Root Hub Generic USB Hub USB Input Device HID Keyboard Device USB Input Device HID-compliant consumer control device HID-compliant mouse Intel(R) ICH9 Family USB Universal Host Controller - 2938 USB Root Hub Intel(R) ICH9 Family USB Universal Host Controller - 2939 USB Root Hub USB Composite Device Broadcom USH w/swipe sensor Microsoft Usbccid Smartcard Reader (WUDF) Smart card filter driver Intel(R) ICH9 Family USB2 Enhanced Host Controller - 293C USB Root Hub High Definition Audio Controller High Definition Audio Device IDT High Definition Audio CODEC Dock Mic (IDT High Definition Audio CODEC) Independent (R.T.C.) Headphones (IDT High Definition Audio CODEC) Internal Mic (IDT High Definition Audio CODEC) Microphone / Line In (IDT High Definition Audio CODEC) Speakers / Headphones (IDT High Definition Audio CODEC) PCI-to-PCI Bridge Intel WiFi Link 5100 AGN Intel(R) ICH9 Family USB Universal Host Controller - 2934 USB Root Hub Intel(R) ICH9 Family USB Universal Host Controller - 2935 USB Root Hub USB Input Device HID-compliant mouse Intel(R) ICH9 Family USB Universal Host Controller - 2936 USB Root Hub Intel(R) ICH9 Family USB2 Enhanced Host Controller - 293A USB Root Hub PCI-to-PCI Bridge Ricoh 1394 OHCI Compliant Host Controller Ricoh R/RL/5C476(II) or Compatible CardBus Controller Ricoh SD/MMC Host Controller SDA Standard Compliant SD Host Controller LPC Controller Direct memory access controller High precision event timer Microsoft ACPI-Compliant Embedded Controller Numeric data processor Programmable interrupt controller PS/2 Compatible Mouse Standard PS/2 Keyboard System board System board System CMOS/real time clock System speaker System timer Intel Chipset SATA RAID Controller Hitachi HTS545032B9A300 TSSTcorp DVD+-RW TS-U633A CPU Intel Mobile Core 2 Duo P8400 Cores 2 Threads 2 Name Intel Mobile Core 2 Duo P8400 Code Name Penryn Package Socket P (478) Technology 45nm Specification Intel Core2 Duo CPU P8400 @ 2.26GHz Family 6 Extended Family 6 Model 7 Extended Model 17 Stepping 6 Revision M0 Instructions MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, Intel 64, NX, VMX Virtualization Supported, Disabled Hyperthreading Not supported Bus Speed 266.0 MHz Rated Bus Speed 1064.0 MHz Stock Core Speed 2266 MHz Stock Bus Speed 266 MHz Average Temperature 47 °C Caches L1 Data Cache Size 2 x 32 KBytes L1 Instructions Cache Size 2 x 32 KBytes L2 Unified Cache Size 3072 KBytes Cores Core 0 Core Speed 2261.0 MHz Multiplier x 8.5 Bus Speed 266.0 MHz Rated Bus Speed 1064.0 MHz Temperature 47 °C Threads APIC ID: 0 Core 1 Core Speed 2261.0 MHz Multiplier x 8.5 Bus Speed 266.0 MHz Rated Bus Speed 1064.0 MHz Temperature 47 °C Threads APIC ID: 1 RAM Memory slots Total memory slots 2 Used memory slots 2 Free memory slots 0 Memory Type DDR2 Size 4096 MBytes Channels # Dual DRAM Frequency 332.5 MHz CAS# Latency (CL) 5 clocks RAS# to CAS# Delay (tRCD) 5 clocks RAS# Precharge (tRP) 5 clocks Cycle Time (tRAS) 15 clocks Physical Memory Memory Usage 64 % Total Physical 3.95 GB Available Physical 1.41 GB Total Virtual 5.33 GB Available Virtual 2.06 GB SPD Number Of SPD Modules 2 Slot #1 Type DDR2 Size 2048 MBytes Manufacturer Samsung Max Bandwidth PC2-6400 (400 MHz) Part Number M4 70T5663QZ3-CF7 Serial Number 1993732401 Week/year 39 / 09 Timing table JEDEC #1 Frequency 266.7 MHz CAS# Latency 4.0 RAS# To CAS# 4 RAS# Precharge 4 tRAS 12 tRC 16 Voltage 1.800 V JEDEC #2 Frequency 333.3 MHz CAS# Latency 5.0 RAS# To CAS# 5 RAS# Precharge 5 tRAS 15 tRC 20 Voltage 1.800 V JEDEC #3 Frequency 400.0 MHz CAS# Latency 6.0 RAS# To CAS# 6 RAS# Precharge 6 tRAS 18 tRC 24 Voltage 1.800 V Slot #2 Type DDR2 Size 2048 MBytes Manufacturer Kingston Max Bandwidth PC2-5300 (333 MHz) Part Number Serial Number 3107086014 Week/year 15 / 11 Timing table JEDEC #1 Frequency 200.0 MHz CAS# Latency 3.0 RAS# To CAS# 3 RAS# Precharge 3 tRAS 9 tRC 12 Voltage 1.800 V JEDEC #2 Frequency 266.7 MHz CAS# Latency 4.0 RAS# To CAS# 4 RAS# Precharge 4 tRAS 12 tRC 16 Voltage 1.800 V JEDEC #3 Frequency 333.3 MHz CAS# Latency 5.0 RAS# To CAS# 5 RAS# Precharge 5 tRAS 15 tRC 20 Voltage 1.800 V Motherboard Manufacturer Dell Inc. Model 0RX493 (Microprocessor) Chipset Vendor Intel Chipset Model GM45/GM47 Chipset Revision 07 Southbridge Vendor Intel Southbridge Model 82801IM (ICH9-M) Southbridge Revision 03 BIOS Brand Dell Inc. Version A34 Date 2013/06/04 PCI Data Slot PCMCIA Slot Type PCMCIA Slot Usage Available Bus Width 32 bit Slot Designation PCMCIA 0 Characteristics 5V, 3.3V, PC Card-16, CardBus, Zoom Video, Modem Ring Resume Slot Number 0 Graphics Monitor Name Generic PnP Monitor on Mobile Intel 4 Series Express Chipset Family (Microsoft Corporation - WDDM 1.1) Current Resolution 1440x900 pixels Work Resolution 1440x860 pixels State Enabled, Primary Monitor Width 1440 Monitor Height 900 Monitor BPP 32 bits per pixel Monitor Frequency 60 Hz Device \\.\DISPLAY1\Monitor0 Intel Mobile Intel 4 Series Express Chipset Family Manufacturer Intel Model Mobile Intel 4 Series Express Chipset Family Device ID 8086-2A42 Revision 8 Subvendor Dell (1028) Current Performance Level Level 0 Driver version 8.15.10.2702 Count of performance levels : 1 Level 1 - "Perf Level 0" Intel Mobile Intel 4 Series Express Chipset Family Manufacturer Intel Model Mobile Intel 4 Series Express Chipset Family Device ID 8086-2A43 Revision 8 Subvendor Dell (1028) Current Performance Level Level 0 Driver version 8.15.10.2702 Count of performance levels : 1 Level 1 - "Perf Level 0" Storage Hard drives Hitachi HTS545032B9A300 Manufacturer Hitachi Product Family Travelstar Series Prefix Standard Model Capacity For This Specific Drive 320GB Heads 16 Cylinders 38 913 Tracks 9 922 815 Sectors 625 137 345 SATA type SATA-II 3.0Gb/s Device type Fixed ATA Standard ATA8-ACS Serial Number 100202PBPC08QDFRGL1L Firmware Version Number PB3OC60S LBA Size 48-bit LBA Power On Count 2159 times Power On Time 50.2 days Speed 5400 RPM Features S.M.A.R.T., APM, AAM, NCQ Max. Transfer Mode SATA II 3.0Gb/s Used Transfer Mode SATA II 3.0Gb/s Interface SATA Capacity 298 GB Real size 320 071 851 520 bytes RAID Type None S.M.A.R.T Status Good Temperature 32 °C Temperature Range OK (less than 50 °C) S.M.A.R.T attributes 01 Attribute name Read Error Rate Real value 0 Current 100 Worst 100 Threshold 62 Raw Value 0000000000 Status Good 02 Attribute name Throughput Performance Real value 0 Current 100 Worst 100 Threshold 0 Raw Value 0000000000 Status Good 03 Attribute name Spin-Up Time Real value 2 ms Current 136 Worst 136 Threshold 33 Raw Value 0000000002 Status Good 04 Attribute name Start/Stop Count Real value 7 057 Current 96 Worst 96 Threshold 0 Raw Value 0000001B91 Status Good 05 Attribute name Reallocated Sectors Count Real value 0 Current 100 Worst 100 Threshold 5 Raw Value 0000000000 Status Good 07 Attribute name Seek Error Rate Real value 0 Current 100 Worst 100 Threshold 0 Raw Value 0000000000 Status Good 08 Attribute name Seek Time Performance Real value 0 Current 100 Worst 100 Threshold 0 Raw Value 0000000000 Status Good 09 Attribute name Power-On Hours (POH) Real value 50d 5h Current 98 Worst 98 Threshold 0 Raw Value 00000004B5 Status Good 0A Attribute name Spin Retry Count Real value 0 Current 100 Worst 100 Threshold 0 Raw Value 0000000000 Status Good 0C Attribute name Device Power Cycle Count Real value 2 159 Current 99 Worst 99 Threshold 0 Raw Value 000000086F Status Good A0 Attribute name Uncorrectable Sector Count when Read/Write Real value 0 Current 1 Worst 1 Threshold 0 Raw Value 0000000000 Status Good BF Attribute name G-sense error rate Real value 0 Current 100 Worst 100 Threshold 0 Raw Value 0000000000 Status Good C0 Attribute name Power-off Retract Count Real value 287 Current 99 Worst 99 Threshold 0 Raw Value 000000011F Status Good C1 Attribute name Load/Unload Cycle Count Real value 11 440 Current 99 Worst 99 Threshold 0 Raw Value 0000002CB0 Status Good C2 Attribute name Temperature Real value 32 °C Current 171 Worst 171 Threshold 0 Raw Value 0000070020 Status Good C4 Attribute name Reallocation Event Count Real value 0 Current 100 Worst 100 Threshold 0 Raw Value 0000000000 Status Good C5 Attribute name Current Pending Sector Count Real value 0 Current 100 Worst 100 Threshold 0 Raw Value 0000000000 Status Good C6 Attribute name Uncorrectable Sector Count Real value 0 Current 100 Worst 100 Threshold 0 Raw Value 0000000000 Status Good C7 Attribute name UltraDMA CRC Error Count Real value 0 Current 200 Worst 200 Threshold 0 Raw Value 0000000000 Status Good DF Attribute name Load/Unload Retry Count Real value 0 Current 100 Worst 100 Threshold 0 Raw Value 0000000000 Status Good F0 Attribute name Head Flying Hours Real value 49d 1h Current 98 Worst 98 Threshold 0 Raw Value 0000000499 Status Good F1 Attribute name Total LBAs Written Real value 5 045 259 885 Current 100 Worst 100 Threshold 0 Raw Value 002CB88E6D Status Good F2 Attribute name Total LBAs Read Real value 7 309 235 051 Current 100 Worst 100 Threshold 0 Raw Value 00B3AA136B Status Good FE Attribute name Free Fall Protection Real value 0 Current 100 Worst 100 Threshold 0 Raw Value 0000000000 Status Good Partition 0 Partition ID Disk #0, Partition #0 File System NTFS Volume Serial Number 9E6CF243 Size 499 MB Used Space 36.4 MB (7%) Free Space 463 MB (93%) Partition 1 Partition ID Disk #0, Partition #1 Disk Letter C: File System NTFS Volume Serial Number 927156B8 Size 297 GB Used Space 42 GB (14%) Free Space 254 GB (86%) Partition 2 Partition ID Disk #0, Partition #2 File System NTFS Volume Serial Number 960F6B3C Size 463 MB Used Space 383 MB (82%) Free Space 80 MB (18%) Optical Drives TSSTcorp DVD+-RW TS-U633A Media Type DVD Writer Name TSSTcorp DVD+-RW TS-U633A Availability Running/Full Power Capabilities Random Access, Supports Writing, Supports Removable Media Read capabilities CD-R, CD-RW, CD-ROM, DVD-RAM, DVD-ROM, DVD-R, DVD-RW, DVD+R, DVD+RW, DVD-R DL, DVD+R DL Write capabilities CD-R, CD-RW, DVD-RAM, DVD-R, DVD-RW, DVD+R, DVD+RW, DVD-R DL, DVD+R DL Config Manager Error Code Device is working properly Config Manager User Config FALSE Drive D: Media Loaded FALSE SCSI Bus 0 SCSI Logical Unit 0 SCSI Port 0 SCSI Target Id 1 Status OK Audio Sound Cards IDT High Definition Audio CODEC High Definition Audio Device Playback Devices Independent (R.T.C.) Headphones (IDT High Definition Audio CODEC) Speakers / Headphones (IDT High Definition Audio CODEC) (default) Recording Devices Microphone / Line In (IDT High Definition Audio CODEC) (default) Dock Mic (IDT High Definition Audio CODEC) Internal Mic (IDT High Definition Audio CODEC) Peripherals HID Keyboard Device Device Kind Keyboard Device Name HID Keyboard Device Vendor Unknown Location USB Input Device Driver Date 6-21-2006 Version 10.0.17134.1 File C:\WINDOWS\system32\DRIVERS\kbdhid.sys File C:\WINDOWS\system32\DRIVERS\kbdclass.sys Standard PS/2 Keyboard Device Kind Keyboard Device Name Standard PS/2 Keyboard Vendor PNP Location LPC Controller Driver Date 6-21-2006 Version 10.0.17134.1 File C:\WINDOWS\system32\DRIVERS\i8042prt.sys File C:\WINDOWS\system32\DRIVERS\kbdclass.sys PS/2 Compatible Mouse Device Kind Mouse Device Name PS/2 Compatible Mouse Vendor PNP Location LPC Controller Driver Date 6-21-2006 Version 10.0.17134.1 File C:\WINDOWS\system32\DRIVERS\mouclass.sys File C:\WINDOWS\system32\DRIVERS\i8042prt.sys HID-compliant mouse Device Kind Mouse Device Name HID-compliant mouse Vendor Unknown Location USB Input Device Driver Date 6-21-2006 Version 10.0.17134.1 File C:\WINDOWS\system32\DRIVERS\mouhid.sys File C:\WINDOWS\system32\DRIVERS\mouclass.sys HID-compliant mouse Device Kind Mouse Device Name HID-compliant mouse Vendor Logitech Location USB Input Device Driver Date 6-21-2006 Version 10.0.17134.1 File C:\WINDOWS\system32\DRIVERS\mouhid.sys File C:\WINDOWS\system32\DRIVERS\mouclass.sys Printers Fax Printer Port SHRFAX: Print Processor winprint Availability Always Priority 1 Duplex None Print Quality 200 * 200 dpi Monochrome Status Unknown Driver Driver Name Microsoft Shared Fax Driver (v4.00) Driver Path C:\WINDOWS\system32\spool\DRIVERS\x64\3\FXSDRV.DLL Microsoft Print to PDF (Default Printer) Printer Port PORTPROMPT: Print Processor winprint Availability Always Priority 1 Duplex None Print Quality 600 * 600 dpi Color Status Unknown Driver Driver Name Microsoft Print To PDF (v6.03) Driver Path C:\WINDOWS\System32\DriverStore\FileRepository\ntprint.inf_amd64_cd7876e74fb5d18d\Amd64\mxdwdrv.dll Microsoft XPS Document Writer Printer Port PORTPROMPT: Print Processor winprint Availability Always Priority 1 Duplex None Print Quality 600 * 600 dpi Color Status Unknown Driver Driver Name Microsoft XPS Document Writer v4 (v6.03) Driver Path C:\WINDOWS\System32\DriverStore\FileRepository\ntprint.inf_amd64_cd7876e74fb5d18d\Amd64\mxdwdrv.dll ????????? ? OneNote 16 Printer Port nul: Print Processor winprint Availability Always Priority 1 Duplex None Print Quality 600 * 600 dpi Color Status Unknown Driver Driver Name Send to Microsoft OneNote 16 Driver (v6.03) Driver Path C:\WINDOWS\System32\DriverStore\FileRepository\ntprint.inf_amd64_cd7876e74fb5d18d\Amd64\mxdwdrv.dll Network You are connected to the internet Connected through Intel WiFi Link 5100 AGN IP Address 192.168.0.111 Subnet mask 255.255.255.0 Gateway server 192.168.0.1 Preferred DNS server 192.168.0.1 DHCP Enabled DHCP server 192.168.0.1 Adapter Type IEEE 802.11 wireless NetBIOS over TCP/IP Enabled via DHCP NETBIOS Node Type Hybrid node Link Speed 211 Bps Computer Name NetBIOS Name DESKTOP-J7HTNHM DNS Name DESKTOP-J7HTNHM Membership Part of workgroup Workgroup WORKGROUP Remote Desktop Disabled Console State Active Domain DESKTOP-J7HTNHM WinInet Info LAN Connection Local system uses a local area network to connect to the Internet Local system has RAS to connect to the Internet Wi-Fi Info Using native Wi-Fi API version 2 Available access points count 3 Wi-Fi (Da Vinci Code) SSID Da Vinci Code Frequency 2462000 kHz Channel Number 11 Name Da Vinci Code Signal Strength/Quality 87 Security Enabled State The interface is connected to a network Dot11 Type Infrastructure BSS network Network Connectible Network Flags Currently Connected to this network Cipher Algorithm to be used when joining this network AES-CCMP algorithm Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK Wi-Fi (HUAWEI-B315-A01D) SSID HUAWEI-B315-A01D Frequency 2427000 kHz Channel Number 4 Name HUAWEI-B315-A01D Signal Strength/Quality 50 Security Enabled State The interface is connected to a network Dot11 Type Infrastructure BSS network Network Connectible Network Flags There is a profile for this network Cipher Algorithm to be used when joining this network AES-CCMP algorithm Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK Wi-Fi (ZTE_C9ED2B) SSID ZTE_C9ED2B Frequency 2432000 kHz Channel Number 5 Name ZTE_C9ED2B Signal Strength/Quality 30 Security Enabled State The interface is connected to a network Dot11 Type Infrastructure BSS network Network Connectible Network Flags There is a profile for this network Cipher Algorithm to be used when joining this network AES-CCMP algorithm Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK WinHTTPInfo WinHTTPSessionProxyType No proxy Session Proxy Session Proxy Bypass Connect Retries 5 Connect Timeout (ms) 60 000 HTTP Version HTTP 1.1 Max Connects Per 1.0 Servers INFINITE Max Connects Per Servers INFINITE Max HTTP automatic redirects 10 Max HTTP status continue 10 Send Timeout (ms) 30 000 IEProxy Auto Detect Yes IEProxy Auto Config IEProxy IEProxy Bypass Default Proxy Config Access Type No proxy Default Config Proxy Default Config Proxy Bypass Sharing and Discovery Network Discovery Disabled File and Printer Sharing Disabled File and printer sharing service Enabled Simple File Sharing Enabled Administrative Shares Enabled Network access: Sharing and security model for local accounts Classic - local users authenticate as themselves Adapters List Enabled Intel(R) 82567LM Gigabit Network Connection Connection Name Ethernet DHCP enabled Yes MAC Address 00-21-70-E5-6A-F5 Intel(R) WiFi Link 5100 AGN Connection-specific DNS Suffix www.tendawifi.com Connection Name Wi-Fi NetBIOS over TCPIP Yes DHCP enabled Yes MAC Address 00-22-FB-15-E4-E0 IP Address 192.168.0.111 Subnet mask 255.255.255.0 Gateway server 192.168.0.1 DHCP 192.168.0.1 DNS Server 192.168.0.1 Kaspersky Security Data Escort Adapter Connection Name Ethernet 2 DHCP enabled Yes MAC Address 00-FF-7E-4C-CE-A3 Network Shares No network shares Current TCP Connections avp.exe (3952) Local 127.0.0.1:50428 ESTABLISHED Remote 127.0.0.1:50429 (Querying... ) Local 127.0.0.1:50429 ESTABLISHED Remote 127.0.0.1:50428 (Querying... ) Local 127.0.0.1:49670 ESTABLISHED Remote 127.0.0.1:50404 (Querying... ) Local 127.0.0.1:49670 ESTABLISHED Remote 127.0.0.1:50403 (Querying... ) Local 127.0.0.1:49670 ESTABLISHED Remote 127.0.0.1:50402 (Querying... ) Local 127.0.0.1:49670 ESTABLISHED Remote 127.0.0.1:50107 (Querying... ) Local 127.0.0.1:49670 ESTABLISHED Remote 127.0.0.1:49996 (Querying... ) Local 127.0.0.1:49670 LISTEN Local 192.168.0.111:50090 ESTABLISHED Remote 81.19.104.111:443 (Querying... ) (HTTPS) Local 192.168.0.111:50092 ESTABLISHED Remote 195.122.177.147:443 (Querying... ) (HTTPS) Local 192.168.0.111:50093 ESTABLISHED Remote 195.122.177.147:443 (Querying... ) (HTTPS) Local 192.168.0.111:50430 ESTABLISHED Remote 66.110.49.51:443 (Querying... ) (HTTPS) avp.exe (6708) Local 192.168.0.111:50086 ESTABLISHED Remote 212.73.221.202:80 (Querying... ) (HTTP) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (1304) Local 192.168.0.111:50075 ESTABLISHED Remote 172.217.170.42:443 (Querying... ) (HTTPS) Local 127.0.0.1:50404 ESTABLISHED Remote 127.0.0.1:49670 (Querying... ) Local 127.0.0.1:49996 ESTABLISHED Remote 127.0.0.1:49670 (Querying... ) Local 127.0.0.1:50107 ESTABLISHED Remote 127.0.0.1:49670 (Querying... ) Local 127.0.0.1:50402 ESTABLISHED Remote 127.0.0.1:49670 (Querying... ) Local 127.0.0.1:50403 ESTABLISHED Remote 127.0.0.1:49670 (Querying... ) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe (2552) Local 192.168.0.111:50468 CLOSE-WAIT Remote 2.16.140.126:443 (Querying... ) (HTTPS) DSAPI.exe (7764) Local 127.0.0.1:49685 LISTEN Local 127.0.0.1:49684 ESTABLISHED Remote 127.0.0.1:49683 (Querying... ) lsass.exe (804) Local 0.0.0.0:49668 LISTEN MBAMService.exe (3164) Local 127.0.0.1:43227 LISTEN pcdrwi.exe (7188) Local 127.0.0.1:49683 LISTEN Local 127.0.0.1:49683 ESTABLISHED Remote 127.0.0.1:49684 (Querying... ) services.exe (796) Local 0.0.0.0:49669 LISTEN spoolsv.exe (2868) Local 0.0.0.0:49667 LISTEN SupportAssistAgent.exe (9584) Local 0.0.0.0:9012 LISTEN svchost.exe (1348) Local 0.0.0.0:49666 LISTEN svchost.exe (1484) Local 0.0.0.0:49665 LISTEN svchost.exe (2524) Local 0.0.0.0:7680 LISTEN Local 192.168.0.111:50088 ESTABLISHED Remote 40.69.218.62:443 (Querying... ) (HTTPS) Local 192.168.0.111:50091 ESTABLISHED Remote 40.69.220.46:443 (Querying... ) (HTTPS) svchost.exe (3344) Local 192.168.0.111:50375 ESTABLISHED Remote 40.67.254.36:443 (Querying... ) (HTTPS) svchost.exe (4648) Local 0.0.0.0:5040 LISTEN svchost.exe (648) Local 0.0.0.0:135 (DCE) LISTEN System Process Local 192.168.0.111:50024 TIME-WAIT Remote 151.101.224.133:443 (Querying... ) (HTTPS) Local 192.168.0.111:50087 TIME-WAIT Remote 77.74.177.174:443 (Querying... ) (HTTPS) Local 192.168.0.111:50085 TIME-WAIT Remote 62.67.238.150:443 (Querying... ) (HTTPS) Local 192.168.0.111:50089 TIME-WAIT Remote 77.74.177.174:443 (Querying... ) (HTTPS) Local 192.168.0.111:50084 TIME-WAIT Remote 81.19.104.42:443 (Querying... ) (HTTPS) Local 192.168.0.111:50083 TIME-WAIT Remote 80.239.197.100:80 (Querying... ) (HTTP) Local 192.168.0.111:50082 TIME-WAIT Remote 195.122.177.147:443 (Querying... ) (HTTPS) Local 192.168.0.111:50081 TIME-WAIT Remote 81.19.104.111:443 (Querying... ) (HTTPS) Local 192.168.0.111:50080 TIME-WAIT Remote 80.239.174.38:80 (Querying... ) (HTTP) Local 192.168.0.111:50079 TIME-WAIT Remote 195.122.177.147:443 (Querying... ) (HTTPS) Local 192.168.0.111:50078 TIME-WAIT Remote 195.122.177.186:443 (Querying... ) (HTTPS) Local 192.168.0.111:50077 TIME-WAIT Remote 62.67.238.150:443 (Querying... ) (HTTPS) Local 192.168.0.111:50040 TIME-WAIT Remote 151.101.224.133:443 (Querying... ) (HTTPS) Local 192.168.0.111:50039 TIME-WAIT Remote 151.101.224.133:443 (Querying... ) (HTTPS) System Process Local 0.0.0.0:445 (Windows shares) LISTEN Local 0.0.0.0:5700 LISTEN Local 127.0.0.1:8884 LISTEN Local 192.168.0.111:139 (NetBIOS session service) LISTEN wininit.exe (732) Local 0.0.0.0:49664 LISTEN Generated with Speccy v1.32.740