Date Thu Jun 21 2018 10:44 AM Last Restart Thu Jun 21 2018 10:42 AM (uptime 2 minutes) Original Install Date Fri Sep 30 2016 7:04 PM OS Name Windows 8.1 Pro 9600 x64 System Name WIN81PROX64 Virtualized VMWare, VMWare Tools 9.9.2.44151, VMWare Tools (VMTools) service: Running, Auto System Model VMware, Inc. VMware Virtual Platform BIOS Version/Date Phoenix Technologies LTD 6.00 05/20/2014 Processor Intel Core i7-4770 3.40 Ghz 1 Physical Processor(s) 4 Physical Core(s) 4 Logical Processor(s) Workgroup WORKGROUP Role Standalone Workstation Locale United States Time Zone Pacific Standard Time Installed Physical Memory (RAM) 16.00 GB Total Physical Memory 16.00 GB Available Physical Memory 13.30 GB Total Virtual Memory 18.87 GB Available Virtual Memory 16.37 GB Maximum Process Memory Size 131,072.00 GB Registry Current size: 92 MB Percent In Use: 4% Limit: 2048 MB RegistrySizeLimit: WMI Repository Current size: 19.45 MB (c:\windows\system32\wbem\repository\objects.data) Page Files C:\pagefile.sys Current: 2944 MB Initial: Maximum: =================================================================================================================================================== STORAGE/NETWORK/AUDIO/VIDEO DRIVERS (currently using hardware resources) =================================================================================================================================================== Type Name Manufacturer Version Date Size Description --------------------------------------------------------------------------------------------------------------------------------------------------- STORAGE (SCSI) LSI_SAS.SYS LSI Corporation 1.34.3.82 08/22/2013 107 KB (109,408 bytes) LSI Adapter SAS 3000 series 8-port with 1068 STORAGE (IDE) STORAHCI.SYS Microsoft Corporation 6.3.9600.16384 08/22/2013 105 KB (107,872 bytes) Standard SATA AHCI Controller STORAGE (IDE) INTELIDE.SYS Microsoft Corporation 6.3.9600.16384 08/22/2013 18 KB (18,272 bytes) Intel 82371AB/EB PCI Bus Master IDE Controller NETWORK E1I63X64.SYS Intel Corporation 12.6.47.0 06/18/2013 450 KB (460,288 bytes) Intel 82574L Gigabit Network Connection VIDEO VM3DMP.SYS VMware, Inc. 8.14.1.51 02/06/2015 229 KB (234,176 bytes) VMware SVGA 3D AUDIO HDAUDIO.SYS Microsoft Corporation 6.3.9600.16384 08/22/2013 386 KB (395,776 bytes) High Definition Audio Device =================================================================================================================================================== LAST 5 RESTARTS (6005 after 6006 = CLEAN, 6005 after 6008 = DIRTY, 6005 after 41 = DIRTY) =================================================================================================================================================== Type Date/Time ID Source Description --------------------------------------------------------------------------------------------------------------------------------------------------- CLEAN Thu Jun 21 2018 10:42 AM 6005 EventLog The Event log service was started. Sun Jun 17 2018 2:07 AM 6006 EventLog The Event log service was stopped. CLEAN Sun Jun 17 2018 1:55 AM 6005 EventLog The Event log service was started. Fri Aug 25 2017 4:23 PM 6006 EventLog The Event log service was stopped. CLEAN Fri Aug 25 2017 4:22 PM 6005 EventLog The Event log service was started. Fri Aug 25 2017 4:21 PM 6006 EventLog The Event log service was stopped. CLEAN Fri Aug 25 2017 3:35 PM 6005 EventLog The Event log service was started. Fri Sep 30 2016 9:27 AM 6006 EventLog The Event log service was stopped. CLEAN Fri Sep 30 2016 9:23 AM 6005 EventLog The Event log service was started. Fri Sep 30 2016 9:20 AM 6006 EventLog The Event log service was stopped. =================================================================================================================================================== SERVICES - AUTOMATIC BUT NOT STARTED =================================================================================================================================================== Display Name Started Startup Log On As Type PathName --------------------------------------------------------------------------------------------------------------------------------------------------- Google Update Service (gupdate) False Auto LocalSystem Own Process "c:\program files (x86)\google\update\googleupdate.exe" /svc =================================================================================================================================================== PERFORMANCE INFORMATION =================================================================================================================================================== MEMORY object (Win32_PerfFormattedData_PerfOS_Memory) --------------------------------------------------------------------------------------------------------------------------------------------------- Total Physical Memory* 16.00 GB (16,383.49 MB) (17179332608 bytes) Memory\Available Bytes 13.24 GB (13,554.45 MB) (14212874240 bytes) Memory\Pool Non Paged Bytes 0.07 GB (74.06 MB) (77656064 bytes) Memory\Pool Paged Bytes 0.16 GB (163.89 MB) (171851776 bytes) Memory\Pool Paged Resident Bytes 0.16 GB (161.75 MB) (169603072 bytes) Memory\System Cache Resident Bytes 0.21 GB (212.62 MB) (222945280 bytes) Memory\Commit Limit 18.87 GB (19,327.49 MB) (20266340352 bytes) Memory\Committed Bytes 2.55 GB (2,611.68 MB) (2738544640 bytes) Memory\% Committed Bytes In Use 13 % Memory\Free System Page Table Entries 16,616,953 * From Win32_ComputerSystem.TotalPhysicalMemory, since no performance counter exists for total physical memory. --------------------------------------------------------------------------------------------------------------------------------------------------- SYSTEM object (Win32_PerfFormattedData_PerfOS_System) --------------------------------------------------------------------------------------------------------------------------------------------------- System\Processes 56 System\Threads 849 System\% Registry Quota In Use 4 % (current: 92MB limit: 2048MB RegistrySizeLimit: ) --------------------------------------------------------------------------------------------------------------------------------------------------- VM PROCESSOR object (Win32_PerfRawData_vmGuestLib_VCPU) --------------------------------------------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------------------------------------------- VM MEMORY object (Win32_PerfRawData_vmGuestLib_VMEM) --------------------------------------------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------------------------------------------- SERVER object (Win32_PerfFormattedData_PerfNet_Server) --------------------------------------------------------------------------------------------------------------------------------------------------- Server\Work Item Shortages 0 Server\Pool Paged Failures 0 Server\Pool Nonpaged Failures 0 Server\Blocking Requests Rejected 0 Server\Files Open 0 Server\Files Opened Total 0 Server\File Directory Searches 0 Server\Logon Total 1 Server\Server Sessions 0 Server\Sessions Logged Off 0 Server\Sessions Errored Out 0 Server\Sessions Timed Out 0 Server\Sessions Forced Off 0 Server\Errors Access Permissions 0 Server\Errors Granted Access 0 Server\Errors Logon 0 Server\Errors System 0 --------------------------------------------------------------------------------------------------------------------------------------------------- REDIRECTOR object (Win32_PerfFormattedData_PerfNet_Redirector) --------------------------------------------------------------------------------------------------------------------------------------------------- Redirector\Server Sessions 0 Redirector\Server Disconnects 0 Redirector\Server Reconnects 0 Redirector\Server Sessions Hung 0 =================================================================================================================================================== BOOT INFORMATION - "bcdedit.exe /enum" output =================================================================================================================================================== Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale en-US inherit {globalsettings} integrityservices Enable default {current} resumeobject {221a1e5b-8782-11e6-b52f-ef085cfee60a} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows Boot Loader ------------------- identifier {current} device partition=C: path \Windows\system32\winload.exe description Windows 8.1 locale en-US inherit {bootloadersettings} recoverysequence {221a1e5d-8782-11e6-b52f-ef085cfee60a} integrityservices Enable recoveryenabled Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \Windows resumeobject {221a1e5b-8782-11e6-b52f-ef085cfee60a} nx OptIn bootmenupolicy Standard =================================================================================================================================================== LOGICAL DRIVES =================================================================================================================================================== Drive Total Size Free Space File System Page File --------------------------------------------------------------------------------------------------------------------------------------------------- C: 59.66 GB 45.63 GB NTFS C:\pagefile.sys Current: 2944 MB Initial: Maximum: =================================================================================================================================================== NETWORK ADAPTERS =================================================================================================================================================== --------------------------------------------------------------------------------------------------------------------------------------------------- Intel(R) 82574L Gigabit Network Connection --------------------------------------------------------------------------------------------------------------------------------------------------- IP Address 192.168.1.153 fe80::fc7c:f324:6bea:d42b Subnet mask 255.255.255.0 DHCP Enabled True DNS Server 192.168.1.1 MAC Address 00:0C:29:F7:EE:94 Driver e1i63x64.sys 12.6.47.0 06/18/2013 450 KB (460,288 bytes) =================================================================================================================================================== 3RD-PARTY RUNNING DRIVERS =================================================================================================================================================== File Name Manufacturer Version Date Size --------------------------------------------------------------------------------------------------------------------------------------------------- E1i63x64.sys Intel Corporation 12.6.47.0 06/18/2013 450 KB (460,288 bytes) Lsi_sas.sys LSI Corporation 1.34.3.82 08/22/2013 107 KB (109,408 bytes) Secdrv.sys Macrovision Corporation, Mac 4.3.86.0 08/22/2013 22 KB (23,040 bytes) Vm3dmp.sys VMware, Inc. 8.14.1.51 02/06/2015 229 KB (234,176 bytes) Vmci.sys VMware, Inc. 9.5.10.0 01/07/2015 84 KB (85,584 bytes) Vmhgfs.sys VMware, Inc. 9.2.86.0 02/06/2015 141 KB (144,576 bytes) Vmmemctl.sys VMware, Inc. 7.3.5.0 02/06/2015 23 KB (23,232 bytes) Vmmouse.sys VMware, Inc. 12.5.2.0 02/06/2015 14 KB (14,488 bytes) Vmrawdsk.sys VMware, Inc. 0.9.7.0 02/06/2015 46 KB (47,296 bytes) Vmusbmouse.sys VMware, Inc. 12.5.2.0 02/06/2015 15 KB (15,512 bytes) Vsock.sys VMware, Inc. 9.6.2.0 01/07/2015 75 KB (76,480 bytes) =================================================================================================================================================== MICROSOFT RUNNING DRIVERS =================================================================================================================================================== Branch File Name Manufacturer Version Date Size --------------------------------------------------------------------------------------------------------------------------------------------------- Acpi.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 510 KB (522,592 bytes) Acpiex.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 78 KB (79,712 bytes) Afd.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 554 KB (567,296 bytes) Ahcache.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 75 KB (76,800 bytes) Atapi.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 26 KB (26,464 bytes) Basicdisplay.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 50 KB (50,688 bytes) Basicrender.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 33 KB (33,792 bytes) Beep.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 8 KB (7,680 bytes) Bowser.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 100 KB (102,912 bytes) Bthenum.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 52 KB (53,248 bytes) Bthpan.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 116 KB (118,272 bytes) Bthusb.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 76 KB (77,312 bytes) Cdrom.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 160 KB (164,352 bytes) Clfs.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 369 KB (377,696 bytes) Cmbatt.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 25 KB (25,472 bytes) Cng.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 551 KB (564,520 bytes) Compositebus.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 36 KB (36,352 bytes) Condrv.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 42 KB (43,008 bytes) Csc.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 546 KB (559,616 bytes) Dfsc.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 132 KB (134,656 bytes) Disk.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 98 KB (100,192 bytes) Dxgkrnl.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 1,501 KB (1,537,376 bytes) Ehstorclass.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 81 KB (82,784 bytes) Fdc.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 30 KB (30,720 bytes) Fileinfo.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 77 KB (79,200 bytes) Flpydisk.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 24 KB (25,088 bytes) Fltmgr.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 350 KB (358,752 bytes) Fvevol.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 566 KB (579,424 bytes) Hdaudbus.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 76 KB (78,336 bytes) Hdaudio.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 386 KB (395,776 bytes) Hidusb.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 33 KB (33,792 bytes) Http.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 971 KB (994,144 bytes) I8042prt.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 105 KB (107,520 bytes) Intelide.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 18 KB (18,272 bytes) Intelpep.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 39 KB (39,776 bytes) Intelppm.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 96 KB (98,816 bytes) Kbdclass.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 57 KB (58,208 bytes) Kdnic.sys Microsoft Corporation 6.1.0.0 08/22/2013 19 KB (19,456 bytes) Ksecdd.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 98 KB (100,704 bytes) Ksecpkg.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 188 KB (192,864 bytes) Ksthunk.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 21 KB (21,248 bytes) Lltdio.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 58 KB (59,392 bytes) Luafv.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 121 KB (123,904 bytes) Monitor.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 30 KB (30,208 bytes) Mouclass.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 50 KB (51,040 bytes) Mouhid.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 30 KB (30,208 bytes) Mountmgr.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 99 KB (101,728 bytes) Mpsdrv.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 72 KB (74,240 bytes) Mrxsmb.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 393 KB (402,432 bytes) Mrxsmb10.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 277 KB (283,648 bytes) Mrxsmb20.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 202 KB (206,848 bytes) Msfs.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 30 KB (30,208 bytes) Msisadrv.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 17 KB (17,248 bytes) Mssmbios.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 37 KB (37,728 bytes) Mup.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 77 KB (78,688 bytes) Ndis.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 1,092 KB (1,118,552 bytes) Ndisvirtualbus.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 16 KB (16,384 bytes) Ndu.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 101 KB (103,424 bytes) Netbios.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 47 KB (48,128 bytes) Netbt.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 276 KB (282,624 bytes) Npfs.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 58 KB (58,880 bytes) Npsvctrig.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 22 KB (23,040 bytes) Nsiproxy.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 39 KB (39,936 bytes) Ntfs.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 1,964 KB (2,011,488 bytes) Null.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 6 KB (5,632 bytes) Pacer.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 148 KB (151,552 bytes) Partmgr.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 87 KB (88,928 bytes) Pci.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 279 KB (285,536 bytes) Pcw.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 49 KB (50,016 bytes) Pdc.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 85 KB (86,880 bytes) Peauth.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 648 KB (663,040 bytes) Pnpmem.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 16 KB (15,872 bytes) Rdbss.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 399 KB (408,576 bytes) Rdpbus.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 22 KB (22,528 bytes) Rdyboost.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 252 KB (258,400 bytes) Rfcomm.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 164 KB (167,424 bytes) Rspndr.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 78 KB (80,384 bytes) Serenum.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 22 KB (23,040 bytes) Serial.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 82 KB (83,456 bytes) Spaceport.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 362 KB (370,528 bytes) Srv.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 444 KB (454,656 bytes) Srv2.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 659 KB (674,816 bytes) Srvnet.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 238 KB (244,224 bytes) Storahci.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 105 KB (107,872 bytes) Swenum.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 14 KB (14,176 bytes) Tcpip.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 2,490 KB (2,549,600 bytes) Tcpipreg.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 48 KB (48,640 bytes) Tdx.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 105 KB (107,520 bytes) Tunnel.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 150 KB (154,112 bytes) Ucx01000.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 185 KB (189,792 bytes) Udfs.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 310 KB (316,928 bytes) Umbus.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 45 KB (46,080 bytes) Umpass.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 12 KB (11,776 bytes) Usbccgp.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 152 KB (155,488 bytes) Usbehci.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 88 KB (89,952 bytes) Usbhub.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 412 KB (422,240 bytes) Usbhub3.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 456 KB (466,784 bytes) Usbuhci.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 34 KB (34,816 bytes) Usbxhci.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 318 KB (325,472 bytes) Vdrvroot.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 37 KB (37,728 bytes) Vmgencounter.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 11 KB (11,264 bytes) Volmgr.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 72 KB (73,568 bytes) Volmgrx.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 369 KB (377,696 bytes) Volsnap.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 305 KB (312,160 bytes) Wdf01000.sys Microsoft Corporation 1.13.9600.16384 08/22/2013 820 KB (839,488 bytes) Wdfilter.sys Microsoft Corporation 4.3.9600.16384 08/22/2013 259 KB (265,056 bytes) Wdnisdrv.sys Microsoft Corporation 4.3.9600.16384 08/22/2013 121 KB (124,256 bytes) Wfplwfs.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 132 KB (135,520 bytes) Ws2ifsl.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 21 KB (21,504 bytes) Wudfpf.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 115 KB (117,760 bytes) Wudfrd.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 226 KB (230,912 bytes) Wudfrd.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 226 KB (230,912 bytes) Wudfrd.sys Microsoft Corporation 6.3.9600.16384 08/22/2013 226 KB (230,912 bytes) =================================================================================================================================================== 3RD-PARTY RUNNING PROCESSES =================================================================================================================================================== File Name Count Manufacturer Version Date Size --------------------------------------------------------------------------------------------------------------------------------------------------- Getsystemsummary_x64.exe 1 1.0.0.0 06/16/2018 452 KB (463,360 bytes) Googlecrashhandler.exe 1 Google Inc. 1.3.33.17 06/17/2018 282 KB (288,848 bytes) Googlecrashhandler64.exe 1 Google Inc. 1.3.33.17 06/17/2018 358 KB (366,160 bytes) Googleupdate.exe 3 Google Inc. 1.3.33.5 08/25/2017 150 KB (153,168 bytes) Tpautoconnect.exe 1 Cortado AG 8.8.776.2 02/06/2015 1,040 KB (1,064,784 bytes) Tpautoconnsvc.exe 1 Cortado AG 8.8.479.2 02/06/2015 501 KB (513,360 bytes) Vmtoolsd.exe 2 VMware, Inc. 9.9.2.44151 02/06/2015 72 KB (73,920 bytes) =================================================================================================================================================== MICROSOFT RUNNING PROCESSES =================================================================================================================================================== Branch File Name Count Manufacturer Version Date Size --------------------------------------------------------------------------------------------------------------------------------------------------- Conhost.exe 2 Microsoft Corporation 6.3.9600.16384 08/22/2013 348 KB (355,840 bytes) Cscript.exe 1 Microsoft Corporation 5.8.9600.16384 08/22/2013 146 KB (148,992 bytes) Dashost.exe 1 Microsoft Corporation 6.3.9600.16384 08/22/2013 90 KB (92,672 bytes) Dllhost.exe 2 Microsoft Corporation 6.3.9600.16384 08/22/2013 19 KB (19,296 bytes) Dwm.exe 1 Microsoft Corporation 6.3.9600.16384 08/22/2013 108 KB (110,080 bytes) Explorer.exe 1 Microsoft Corporation 6.3.9600.16384 08/22/2013 2,274 KB (2,328,880 bytes) Lsass.exe 1 Microsoft Corporation 6.3.9600.16384 08/22/2013 44 KB (45,008 bytes) Msdtc.exe 1 Microsoft Corporation 2001.12.10530.1638 08/22/2013 140 KB (142,848 bytes) Searchfilterhost.exe 1 Microsoft Corporation 7.0.9600.16384 08/22/2013 190 KB (194,048 bytes) Searchindexer.exe 1 Microsoft Corporation 7.0.9600.16384 08/22/2013 825 KB (844,800 bytes) Searchprotocolhost.exe 1 Microsoft Corporation 7.0.9600.16384 08/22/2013 312 KB (318,976 bytes) Spoolsv.exe 1 Microsoft Corporation 6.3.9600.16384 08/22/2013 780 KB (798,208 bytes) Svchost.exe 10 Microsoft Corporation 6.3.9600.16384 08/22/2013 37 KB (37,768 bytes) Taskhostex.exe 1 Microsoft Corporation 6.3.9600.16384 08/22/2013 78 KB (79,536 bytes) Tiworker.exe 1 Microsoft Corporation 6.3.9600.16384 08/22/2013 186 KB (190,464 bytes) Trustedinstaller.exe 1 Microsoft Corporation 6.3.9600.16384 08/22/2013 96 KB (98,816 bytes) Vssvc.exe 1 Microsoft Corporation 6.3.9600.16384 08/22/2013 1,402 KB (1,436,160 bytes) Wininit.exe 1 Microsoft Corporation 6.3.9600.16384 08/22/2013 141 KB (144,384 bytes) Winlogon.exe 1 Microsoft Corporation 6.3.9600.16384 08/22/2013 552 KB (564,736 bytes) Wmiapsrv.exe 1 Microsoft Corporation 6.3.9600.16384 08/22/2013 190 KB (195,072 bytes) Wmiprvse.exe 3 Microsoft Corporation 6.3.9600.16384 08/22/2013 467 KB (478,208 bytes) Wudfhost.exe 1 Microsoft Corporation 6.3.9600.16384 08/22/2013 282 KB (289,280 bytes) =================================================================================================================================================== INSTALLED PROGRAMS: 7 =================================================================================================================================================== Name Version Publisher Windows Installer Product Code --------------------------------------------------------------------------------------------------------------------------------------------------- Google Chrome 67.0.3396.87 Google Inc. Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 9.0.30729.6161 Microsoft Corporation {5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 9.0.30729.4148 Microsoft Corporation {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0 Microsoft Corporation Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 14.0.24123.0 Microsoft Corporation Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 14.0.24123.0 Microsoft Corporation VMware Tools 9.9.2.2496486 VMware, Inc. {EC7A4BA8-3A3E-4BC2-910E-2B2B4CD6B4E7} =================================================================================================================================================== SERVICES - ALL =================================================================================================================================================== Display Name Started Startup Log On As Type PathName --------------------------------------------------------------------------------------------------------------------------------------------------- ActiveX Installer (AxInstSV) False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k axinstsvgroup App Readiness False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k appreadiness Application Experience True Manual localSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Application Identity False Manual NT Authority\LocalService Share Process c:\windows\system32\svchost.exe -k localservicenetworkrestricted Application Information True Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Application Layer Gateway Service False Manual NT AUTHORITY\LocalService Own Process c:\windows\system32\alg.exe Application Management False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs AppX Deployment Service (AppXSVC) True Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k wsappx Background Intelligent Transfer Service True Auto LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Background Tasks Infrastructure Service True Auto LocalSystem Share Process c:\windows\system32\svchost.exe -k dcomlaunch Base Filtering Engine True Auto NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservicenonetwork BitLocker Drive Encryption Service False Manual localSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Block Level Backup Engine Service False Manual localSystem Own Process "c:\windows\system32\wbengine.exe" Bluetooth Support Service True Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservice BranchCache False Manual NT AUTHORITY\NetworkService Share Process c:\windows\system32\svchost.exe -k peerdist Certificate Propagation False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs CNG Key Isolation False Manual LocalSystem Share Process c:\windows\system32\lsass.exe COM+ Event System True Auto NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservice COM+ System Application True Manual LocalSystem Own Process c:\windows\system32\dllhost.exe /processid:{02d4b3f1-fd88-11d1-960d-00805fc79235} Computer Browser False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Credential Manager False Manual LocalSystem Share Process c:\windows\system32\lsass.exe Cryptographic Services True Auto NT Authority\NetworkService Share Process c:\windows\system32\svchost.exe -k networkservice DCOM Server Process Launcher True Auto LocalSystem Share Process c:\windows\system32\svchost.exe -k dcomlaunch Device Association Service True Auto LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted Device Install Service True Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k dcomlaunch Device Setup Manager True Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs DHCP Client True Auto NT Authority\LocalService Share Process c:\windows\system32\svchost.exe -k localservicenetworkrestricted Diagnostic Policy Service True Auto NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservicenonetwork Diagnostic Service Host True Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservice Diagnostic System Host True Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted Distributed Link Tracking Client True Auto LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted Distributed Transaction Coordinator True Manual NT AUTHORITY\NetworkService Own Process c:\windows\system32\msdtc.exe DNS Client True Auto NT AUTHORITY\NetworkService Share Process c:\windows\system32\svchost.exe -k networkservice Encrypting File System (EFS) False Manual LocalSystem Share Process c:\windows\system32\lsass.exe Extensible Authentication Protocol False Manual localSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Family Safety False Manual NT Authority\LocalService Share Process c:\windows\system32\svchost.exe -k localservicenetworkrestricted Fax False Manual NT AUTHORITY\NetworkService Own Process c:\windows\system32\fxssvc.exe File History Service False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted Function Discovery Provider Host True Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservice Function Discovery Resource Publication True Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localserviceandnoimpersonation Google Update Service (gupdate) False Auto LocalSystem Own Process "c:\program files (x86)\google\update\googleupdate.exe" /svc Google Update Service (gupdatem) False Manual LocalSystem Own Process "c:\program files (x86)\google\update\googleupdate.exe" /medsvc Group Policy Client True Auto LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Health Key and Certificate Management False Manual localSystem Share Process c:\windows\system32\svchost.exe -k netsvcs HomeGroup Listener False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted HomeGroup Provider True Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservicenetworkrestricted Human Interface Device Service False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted Hyper-V Data Exchange Service False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted Hyper-V Guest Service Interface False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted Hyper-V Guest Shutdown Service False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted Hyper-V Heartbeat Service False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k icservice Hyper-V Remote Desktop Virtualization Service False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k icservice Hyper-V Time Synchronization Service False Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservicenetworkrestricted Hyper-V Volume Shadow Copy Requestor False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted IKE and AuthIP IPsec Keying Modules False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Interactive Services Detection False Manual LocalSystem Own Process c:\windows\system32\ui0detect.exe Internet Connection Sharing (ICS) False Disabled LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Internet Explorer ETW Collector Service False Manual LocalSystem Own Process c:\windows\system32\ieetwcollector.exe /v IP Helper True Auto LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs IPsec Policy Agent False Manual NT Authority\NetworkService Share Process c:\windows\system32\svchost.exe -k networkservicenetworkrestricted KtmRm for Distributed Transaction Coordinator False Manual NT AUTHORITY\NetworkService Share Process c:\windows\system32\svchost.exe -k networkserviceandnoimpersonation Link-Layer Topology Discovery Mapper False Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservice Local Session Manager True Auto LocalSystem Share Process c:\windows\system32\svchost.exe -k dcomlaunch Microsoft Account Sign-in Assistant False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Microsoft iSCSI Initiator Service False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Microsoft Keyboard Filter False Disabled LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Microsoft Software Shadow Copy Provider False Manual LocalSystem Own Process c:\windows\system32\svchost.exe -k swprv Microsoft Storage Spaces SMP False Manual NT AUTHORITY\NetworkService Own Process c:\windows\system32\svchost.exe -k smphost Multimedia Class Scheduler True Auto LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Net.Tcp Port Sharing Service False Disabled NT AUTHORITY\LocalService Share Process c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe Netlogon False Manual LocalSystem Share Process c:\windows\system32\lsass.exe Network Access Protection Agent False Manual NT AUTHORITY\NetworkService Share Process c:\windows\system32\svchost.exe -k networkservice Network Connected Devices Auto-Setup True Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservicenonetwork Network Connection Broker True Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted Network Connections False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted Network Connectivity Assistant False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Network List Service True Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservice Network Location Awareness True Auto NT AUTHORITY\NetworkService Share Process c:\windows\system32\svchost.exe -k networkservice Network Store Interface Service True Auto NT Authority\LocalService Share Process c:\windows\system32\svchost.exe -k localservice Offline Files False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted Optimize drives False Manual localSystem Own Process c:\windows\system32\svchost.exe -k defragsvc Peer Name Resolution Protocol False Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservicepeernet Peer Networking Grouping False Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservicepeernet Peer Networking Identity Manager False Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservicepeernet Performance Counter DLL Host False Manual NT AUTHORITY\LocalService Own Process c:\windows\syswow64\perfhost.exe Performance Logs & Alerts False Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservicenonetwork Plug and Play True Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k dcomlaunch PNRP Machine Name Publication Service False Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservicepeernet Portable Device Enumerator Service False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted Power True Auto LocalSystem Share Process c:\windows\system32\svchost.exe -k dcomlaunch Print Spooler True Auto LocalSystem Own Process c:\windows\system32\spoolsv.exe Printer Extensions and Notifications False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k print Problem Reports and Solutions Control Panel Support False Manual localSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Program Compatibility Assistant Service True Auto LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted Quality Windows Audio Video Experience False Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localserviceandnoimpersonation Remote Access Auto Connection Manager False Manual localSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Remote Access Connection Manager False Manual localSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Remote Desktop Configuration False Manual localSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Remote Desktop Services False Manual NT Authority\NetworkService Share Process c:\windows\system32\svchost.exe -k networkservice Remote Desktop Services UserMode Port Redirector False Manual localSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted Remote Procedure Call (RPC) True Auto NT AUTHORITY\NetworkService Share Process c:\windows\system32\svchost.exe -k rpcss Remote Procedure Call (RPC) Locator False Manual NT AUTHORITY\NetworkService Own Process c:\windows\system32\locator.exe Remote Registry False Disabled NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservice Routing and Remote Access False Disabled localSystem Share Process c:\windows\system32\svchost.exe -k netsvcs RPC Endpoint Mapper True Auto NT AUTHORITY\NetworkService Share Process c:\windows\system32\svchost.exe -k rpcss Secondary Logon False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Secure Socket Tunneling Protocol Service False Manual NT Authority\LocalService Share Process c:\windows\system32\svchost.exe -k localservice Security Accounts Manager True Auto LocalSystem Share Process c:\windows\system32\lsass.exe Security Center True Auto NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservicenetworkrestricted Sensor Monitoring Service True Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localserviceandnoimpersonation Server True Auto LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Shell Hardware Detection True Auto LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Smart Card False Disabled NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localserviceandnoimpersonation Smart Card Device Enumeration Service False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted Smart Card Removal Policy False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs SNMP Trap False Manual NT AUTHORITY\LocalService Own Process c:\windows\system32\snmptrap.exe Software Protection True Auto NT AUTHORITY\NetworkService Own Process c:\windows\system32\sppsvc.exe Spot Verifier False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted SSDP Discovery True Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localserviceandnoimpersonation Still Image Acquisition Events False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted Storage Service False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted Superfetch True Auto LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted System Event Notification Service True Auto LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs System Events Broker True Auto LocalSystem Share Process c:\windows\system32\svchost.exe -k dcomlaunch Task Scheduler True Auto LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs TCP/IP NetBIOS Helper True Auto NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservicenetworkrestricted Telephony False Manual NT AUTHORITY\NetworkService Share Process c:\windows\system32\svchost.exe -k networkservice Themes True Auto LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Thread Ordering Server False Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservice Time Broker True Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localserviceandnoimpersonation Touch Keyboard and Handwriting Panel Service False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted TP AutoConnect Service True Manual LocalSystem Own Process "c:\program files\vmware\vmware tools\tpautoconnsvc.exe" TP VC Gateway Service False Manual LocalSystem Own Process "c:\program files\vmware\vmware tools\tpvcgateway.exe" UPnP Device Host False Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localserviceandnoimpersonation User Profile Service True Auto LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Virtual Disk False Manual LocalSystem Own Process c:\windows\system32\vds.exe VMware Snapshot Provider True Manual LocalSystem Own Process c:\windows\system32\dllhost.exe /processid:{92c82bc2-ea97-4bde-9515-acb45351a895} VMware Tools True Auto LocalSystem Own Process "c:\program files\vmware\vmware tools\vmtoolsd.exe" Volume Shadow Copy True Manual LocalSystem Own Process c:\windows\system32\vssvc.exe WebClient False Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservice Windows Audio True Auto NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservicenetworkrestricted Windows Audio Endpoint Builder True Auto LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted Windows Biometric Service False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k wbiosvcgroup Windows Color System False Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k wcssvc Windows Connect Now - Config Registrar False Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localserviceandnoimpersonation Windows Connection Manager True Auto NT Authority\LocalService Share Process c:\windows\system32\svchost.exe -k localservicenetworkrestricted Windows Defender Network Inspection Service True Manual NT AUTHORITY\LocalService Own Process "c:\program files\windows defender\nissrv.exe" Windows Defender Service True Auto LocalSystem Own Process "c:\program files\windows defender\msmpeng.exe" Windows Driver Foundation - User-mode Driver Framework True Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted Windows Encryption Provider Host Service False Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k wephostsvcgroup Windows Error Reporting Service True Manual localSystem Own Process c:\windows\system32\svchost.exe -k wersvcgroup Windows Event Collector False Manual NT AUTHORITY\NetworkService Share Process c:\windows\system32\svchost.exe -k networkservice Windows Event Log True Auto NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservicenetworkrestricted Windows Firewall True Auto NT Authority\LocalService Share Process c:\windows\system32\svchost.exe -k localservicenonetwork Windows Font Cache Service True Auto NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservice Windows Image Acquisition (WIA) False Manual NT Authority\LocalService Own Process c:\windows\system32\svchost.exe -k imgsvc Windows Installer False Manual LocalSystem Own Process c:\windows\system32\msiexec.exe /v Windows Location Framework Service False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Windows Management Instrumentation True Auto localSystem Share Process c:\windows\system32\svchost.exe -k netsvcs Windows Media Player Network Sharing Service False Manual NT AUTHORITY\NetworkService Own Process "c:\program files\windows media player\wmpnetwk.exe" Windows Modules Installer True Manual localSystem Own Process c:\windows\servicing\trustedinstaller.exe Windows Presentation Foundation Font Cache 3.0.0.0 False Manual NT Authority\LocalService Own Process c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe Windows Remote Management (WS-Management) False Manual NT AUTHORITY\NetworkService Share Process c:\windows\system32\svchost.exe -k networkservice Windows Search True Auto LocalSystem Own Process c:\windows\system32\searchindexer.exe /embedding Windows Store Service (WSService) True Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k wsappx Windows Time False Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservice Windows Update True Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k netsvcs WinHTTP Web Proxy Auto-Discovery Service True Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservice Wired AutoConfig False Manual localSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted WLAN AutoConfig False Manual LocalSystem Share Process c:\windows\system32\svchost.exe -k localsystemnetworkrestricted WMI Performance Adapter True Manual localSystem Own Process c:\windows\system32\wbem\wmiapsrv.exe Work Folders False Manual NT AUTHORITY\LocalService Share Process c:\windows\system32\svchost.exe -k localservice Workstation True Auto NT AUTHORITY\NetworkService Share Process c:\windows\system32\svchost.exe -k networkservice WWAN AutoConfig False Manual NT Authority\LocalService Share Process c:\windows\system32\svchost.exe -k localservicenonetwork =================================================================================================================================================== HKLM\SYSTEM\CurrentControlSet\Control =================================================================================================================================================== BootDriverFlags REG_DWORD 0x0000001C (28) CurrentUser REG_SZ USERNAME EarlyStartServices REG_MULTI_SZ RpcSs\0Power\0BrokerInfrastructure\0SystemEventsBroker\0DcomLaunch\0RpcEpMapper\0LSM FirmwareBootDevice REG_SZ multi(0)disk(0)rdisk(0)partition(1) LastBootShutdown REG_DWORD 0x00000001 (1) LastBootSucceeded REG_DWORD 0x00000001 (1) PreshutdownOrder REG_MULTI_SZ wuauserv\0gpsvc\0trustedinstaller ServiceControlManagerExtension REG_EXPAND_SZ C:\Windows\system32\scext.dll SystemBootDevice REG_SZ multi(0)disk(0)rdisk(0)partition(2) SystemStartOptions REG_SZ NOEXECUTE=OPTIN WaitToKillServiceTimeout REG_SZ 5000 =================================================================================================================================================== HKLM\SYSTEM\CurrentControlSet\Control\CrashControl =================================================================================================================================================== AutoReboot REG_DWORD 0x00000001 (1) CrashDumpEnabled REG_DWORD 0x00000007 (7) DumpFile REG_EXPAND_SZ C:\Windows\MEMORY.DMP DumpFilters REG_MULTI_SZ dumpfve.sys LogEvent REG_DWORD 0x00000001 (1) MinidumpDir REG_EXPAND_SZ C:\Windows\Minidump MinidumpsCount REG_DWORD 0x00000032 (50) Overwrite REG_DWORD 0x00000001 (1) =================================================================================================================================================== HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug =================================================================================================================================================== UserDebuggerHotKey REG_DWORD 0x00000000 (0) =================================================================================================================================================== HKLM\SOFTWARE\WoW6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug =================================================================================================================================================== UserDebuggerHotKey REG_DWORD 0x00000000 (0) =================================================================================================================================================== HKLM\SYSTEM\CurrentControlSet\Control\FileSystem =================================================================================================================================================== DisableDeleteNotification REG_DWORD 0x00000000 (0) FilterSupportedFeaturesMode REG_DWORD 0x00000000 (0) NtfsAllowExtendedCharacter8dot3Rename REG_DWORD 0x00000000 (0) NtfsBugcheckOnCorrupt REG_DWORD 0x00000000 (0) NtfsDisable8dot3NameCreation REG_DWORD 0x00000002 (2) NtfsDisableCompression REG_DWORD 0x00000000 (0) NtfsDisableEncryption REG_DWORD 0x00000000 (0) NtfsDisableLastAccessUpdate REG_DWORD 0x00000001 (1) NtfsDisableLfsDowngrade REG_DWORD 0x00000000 (0) NtfsDisableVolsnapHints REG_DWORD 0x00000000 (0) NtfsEncryptPagingFile REG_DWORD 0x00000000 (0) NtfsMemoryUsage REG_DWORD 0x00000000 (0) NtfsMftZoneReservation REG_DWORD 0x00000000 (0) NtfsQuotaNotifyRate REG_DWORD 0x00000E10 (3600) RefsDisableLastAccessUpdate REG_DWORD 0x00000001 (1) ScrubMode REG_DWORD 0x00000001 (1) SymlinkLocalToLocalEvaluation REG_DWORD 0x00000001 (1) SymlinkLocalToRemoteEvaluation REG_DWORD 0x00000001 (1) SymlinkRemoteToLocalEvaluation REG_DWORD 0x00000000 (0) SymlinkRemoteToRemoteEvaluation REG_DWORD 0x00000000 (0) UdfsCloseSessionOnEject REG_DWORD 0x00000003 (3) UdfsSoftwareDefectManagement REG_DWORD 0x00000000 (0) Win31FileSystem REG_DWORD 0x00000000 (0) Win95TruncatedExtensions REG_DWORD 0x00000001 (1) =================================================================================================================================================== HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management =================================================================================================================================================== ClearPageFileAtShutdown REG_DWORD 0x00000000 (0) DisablePagingExecutive REG_DWORD 0x00000000 (0) ExistingPageFiles REG_MULTI_SZ \??\C:\pagefile.sys LargeSystemCache REG_DWORD 0x00000000 (0) NonPagedPoolQuota REG_DWORD 0x00000000 (0) NonPagedPoolSize REG_DWORD 0x00000000 (0) PagedPoolQuota REG_DWORD 0x00000000 (0) PagedPoolSize REG_DWORD 0x00000000 (0) PagingFiles REG_MULTI_SZ ?:\pagefile.sys PhysicalAddressExtension REG_DWORD 0x00000001 (1) SecondLevelDataCache REG_DWORD 0x00000000 (0) SessionPoolSize REG_DWORD 0x00000004 (4) SessionViewSize REG_DWORD 0x00000030 (48) SystemPages REG_DWORD 0x00000000 (0) =================================================================================================================================================== HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive =================================================================================================================================================== AdditionalCriticalWorkerThreads REG_DWORD 0x00000000 (0) AdditionalDelayedWorkerThreads REG_DWORD 0x00000000 (0) UuidSequenceNumber REG_DWORD 0x003B8253 (3899987) =================================================================================================================================================== HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\I/O System =================================================================================================================================================== AllowRemoteDASD REG_DWORD 0x00000000 (0) =================================================================================================================================================== HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer =================================================================================================================================================== ForceActiveDesktopOn REG_DWORD 0x00000000 (0) NoActiveDesktop REG_DWORD 0x00000001 (1) NoActiveDesktopChanges REG_DWORD 0x00000001 (1) =================================================================================================================================================== HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer =================================================================================================================================================== ForceActiveDesktopOn REG_DWORD 0x00000000 (0) NoActiveDesktop REG_DWORD 0x00000001 (1) NoActiveDesktopChanges REG_DWORD 0x00000001 (1) =================================================================================================================================================== HKLM\Software\Microsoft\ASP.NET\2.0.50727.0\Parameters =================================================================================================================================================== =================================================================================================================================================== HKLM\SOFTWARE\Microsoft\OLE =================================================================================================================================================== DefaultLaunchPermission REG_BINARY 010004805C0000006C00000000000000140000000200480003000000000018001F00000001020000000000052000000020020000000014001F000000010100000000000504000000000014001F0000000101000000000005120000000102000000000005200000002002000001020000000000052000000020020000 EnableDCOM REG_SZ Y LegacyImpersonationLevel REG_DWORD 0x00000002 (2) MachineAccessRestriction REG_BINARY 010004808C0000009C000000000000001400000002007800050000000000140007000000010100000000000100000000000014000300000001010000000000050700000000001800070000000102000000000005200000003202000000001800070000000102000000000005200000002F0200000000180003000000010200000000000F02000000010000000102000000000005200000002002000001020000000000052000000020020000 MachineLaunchRestriction REG_BINARY 0100048090000000A0000000000000001400000002007C0005000000000018001F00000001020000000000052000000020020000000014000B000000010100000000000100000000000018001F00000001020000000000052000000032020000000018001F0000000102000000000005200000002F020000000018000B000000010200000000000F02000000010000000102000000000005200000002002000001020000000000052000000020020000 =================================================================================================================================================== HKLM\SOFTWARE\Microsoft\Rpc =================================================================================================================================================== DCOM Protocols REG_MULTI_SZ ncacn_ip_tcp UuidSequenceNumber REG_DWORD 0x01BCF674 (29161076) =================================================================================================================================================== HKLM\SOFTWARE\Microsoft\Terminal Server Gateway =================================================================================================================================================== =================================================================================================================================================== HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks =================================================================================================================================================== =================================================================================================================================================== HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability =================================================================================================================================================== 6005BT REG_BINARY 9921442A8709D401 LastAliveStamp REG_BINARY D0BAAD0B LastComputerName REG_SZ WIN81PROX64 TimeStampInterval REG_DWORD 0x00000001 (1) =================================================================================================================================================== HKLM\SOFTWARE\Microsoft\WBEM\CIMOM =================================================================================================================================================== ADAPDelay REG_DWORD 0x000000F0 (240) AllowAnonymousCallback REG_DWORD 0x00000000 (0) ArbSystemHighThreshold1 REG_DWORD 0x0000005A (90) ArbSystemHighThreshold1Mult REG_DWORD 0x00000002 (2) ArbSystemHighThreshold2 REG_DWORD 0x0000005F (95) ArbSystemHighThreshold2Mult REG_DWORD 0x00000003 (3) ArbSystemHighThreshold3 REG_DWORD 0x00000062 (98) ArbSystemHighThreshold3Mult REG_DWORD 0x00000004 (4) ArbTaskMaxSleep REG_DWORD 0x000493E0 (300000) Autorecover MOFs REG_MULTI_SZ \0%windir%\system32\wbem\cimwin32.mof\0%windir%\system32\wbem\ncprov.mof\0%windir%\system32\wbem\wmipcima.mof\0%windir%\system32\wbem\secrcw32.mof\0%windir%\system32\wbem\subscrpt.mof\0%windir%\system32\wbem\system.mof\0%windir%\system32\wbem\interop.mof\0%windir%\system32\wbem\scrcons.mof\0%windir%\system32\wbem\smtpcons.mof\0%windir%\system32\wbem\wbemcons.mof\0%windir%\system32\wbem\wmi.mof\0%windir%\system32\wbem\wmi_tracing.mof\0%windir%\system32\wbem\win32_printer.mof\0%windir%\system32\wbem\tcpip.mof\0%windir%\system32\wbem\qmgr.mof\0%windir%\system32\wbem\mmc.mof\0%windir%\system32\wbem\ncsi.mof\0%windir%\system32\wbem\nlasvc.mof\0%windir%\system32\wbem\tspkg.mof\0%windir%\system32\wbem\ssdpsrv.mof\0%windir%\system32\wbem\hnetcfg.mof\0%windir%\system32\wbem\services.mof\0%windir%\system32\wbem\scm.mof\0%windir%\system32\wbem\drvinst.mof\0%windir%\system32\wbem\umpnpmgr.mof\0%windir%\system32\wbem\wmp.mof\0%windir%\system32\wbem\mountmgr.mof\0%windir%\system32\wbem\wfs.mof\0%windir%\system32\wbem\cli.mof\0%windir%\system32\wbem\cliegaliases.mof\0%windir%\system32\wbem\krnlprov.mof\0%windir%\system32\wbem\wmitimep.mof\0%windir%\system32\wbem\regevent.mof\0%windir%\system32\wbem\dsprov.mof\0%windir%\system32\wbem\wmipiprt.mof\0%windir%\system32\wbem\wmipjobj.mof\0%windir%\system32\wbem\ntevt.mof\0%windir%\system32\wbem\msi.mof\0%windir%\system32\wbem\wmipicmp.mof\0%windir%\system32\wbem\wmipdfs.mof\0%windir%\system32\wbem\wmipdskq.mof\0%windir%\system32\wbem\wmipsess.mof\0%windir%\system32\wbem\rsop.mof\0%windir%\system32\wbem\ppcrsopcompschema.mof\0%windir%\system32\wbem\ppcrsopuserschema.mof\0%windir%\system32\wbem\printfilterpipelinesvc.mof\0%windir%\system32\wbem\wgxinstalledgame.mof\0%windir%\system32\wbem\wpcsprov.mof\0%windir%\system32\wbem\wpc.mof\0%windir%\system32\wbem\mstscax.mof\0%windir%\system32\wbem\mstsc.mof\0%windir%\system32\wbem\irmon.mof\0%windir%\system32\wbem\netttcim.mof\0%windir%\system32\wbem\netdacim.mof\0%windir%\system32\wbem\netnccim.mof\0%windir%\system32\wbem\vss.mof\0%windir%\system32\wbem\vds.mof\0%windir%\system32\wbem\wscenter.mof\0%windir%\system32\wbem\newdev.mof\0%windir%\system32\restartmanager.mof\0%windir%\system32\wbem\wpd_ci.mof\0%windir%\system32\wbem\winsat.mof\0%windir%\system32\wbem\napclientprov.mof\0%windir%\system32\wbem\napclientschema.mof\0%windir%\system32\wbem\fundisc.mof\0%windir%\system32\wbem\wsdapi.mof\0%windir%\system32\wbem\fdwsd.mof\0%windir%\system32\wbem\fdssdp.mof\0%windir%\system32\wbem\umb.mof\0%windir%\system32\wbem\umbus.mof\0%windir%\system32\wbem\umpass.mof\0%windir%\system32\wbem\win32_tpm.mof\0%windir%\system32\wbem\sppwmi.mof\0%windir%\system32\wbem\schannel.mof\0%windir%\system32\wbem\rdpencom.mof\0%windir%\system32\wbem\p2p-mesh.mof\0%windir%\system32\wbem\p2p-pnrp.mof\0%windir%\system32\wbem\ipsecsvc.mof\0%windir%\system32\wbem\polstore.mof\0%windir%\system32\wbem\winipsec.mof\0%windir%\system32\wbem\schedsvc.mof\0%windir%\system32\wbem\l2sechc.mof\0%windir%\system32\wbem\nci.mof\0%windir%\system32\wbem\sstpsvc.mof\0%windir%\system32\wbem\wininit.mof\0%windir%\system32\wbem\cimdmtf.mof\0%windir%\system32\wbem\powermeterprovider.mof\0%windir%\system32\wbem\profileassociationprovider.mof\0%windir%\system32\wbem\netprofm.mof\0%windir%\system32\wbem\nlmcim.mof\0%windir%\system32\wbem\lltdio.mof\0%windir%\system32\wbem\rspndr.mof\0%windir%\system32\wbem\lltdsvc.mof\0%windir%\system32\wbem\networkitemfactory.mof\0%windir%\system32\wbem\msv1_0.mof\0%windir%\system32\wbem\kerberos.mof\0%windir%\system32\wbem\wdigest.mof\0%windir%\system32\wbem\bcd.mof\0%windir%\system32\wbem\ntfs.mof\0%windir%\system32\wbem\setupapi.mof\0%windir%\system32\wbem\dimsjob.mof\0%windir%\system32\wbem\wsmauto.mof\0%windir%\system32\wbem\wsmagent.mof\0%windir%\system32\wbem\xwizards.mof\0%windir%\system32\wbem\ipmiprv.mof\0%windir%\system32\wbem\ipmidtrc.mof\0%windir%\system32\wbem\ipmiptrc.mof\0%windir%\system32\wbem\microsoft-windows-remote-filesystem.mof\0%windir%\system32\wbem\whqlprov.mof\0%windir%\system32\wbem\wmiperfclass.mof\0%windir%\system32\wbem\wmiperfinst.mof\0%windir%\system32\wbem\scersop.mof\0%windir%\system32\wbem\winlogon.mof\0%windir%\system32\wbem\wdacetwprov.mof\0%windir%\system32\wbem\auditrsop.mof\0%windir%\system32\wbem\sdbus.mof\0%windir%\system32\wbem\racwmiprov.mof\0%windir%\system32\wbem\msiscsi.mof\0%windir%\system32\wbem\iscsihba.mof\0%windir%\system32\wbem\iscsidsc.mof\0%windir%\system32\wbem\iscsiprf.mof\0%windir%\system32\wbem\iscsiwmiv2.mof\0%windir%\system32\wbem\hbaapi.mof\0%windir%\system32\wbem\dimsroam.mof\0%windir%\system32\wbem\rdpcore.mof\0%windir%\system32\wbem\imapiv2-base.mof\0%windir%\system32\wbem\imapiv2-filesystemsupport.mof\0%windir%\system32\wbem\imapiv2-legacyshim.mof\0%windir%\system32\wbem\userstatewmiprovider.mof\0%windir%\system32\wbem\folderredirectionwmiprovider.mof\0%windir%\system32\wbem\eaimeapi.mof\0%windir%\system32\wbem\filetrace.mof\0%windir%\system32\wbem\fdphost.mof\0%windir%\system32\wbem\fdwnet.mof\0%windir%\system32\wbem\fdrespub.mof\0%windir%\system32\wbem\pnpxassoc.mof\0%windir%\system32\wbem\nshipsec.mof\0%windir%\system32\wbem\stortrace.mof\0%windir%\system32\wbem\servicemodel.mof\0%windir%\system32\wbem\servicemodel35.mof\0%windir%\system32\wbem\irda.mof\0%windir%\system32\wbem\wpdsp.mof\0%ProgramFiles%\windows defender\protectionmanagement.mof\0%windir%\system32\wbem\smbwitnesswmiv2provider.mof\0%windir%\system32\wbem\wpdshext.mof\0%windir%\system32\wbem\wpdshserviceobj.mof\0%windir%\system32\wbem\refs.mof\0%windir%\system32\wbem\wlanhc.mof\0%windir%\system32\wbem\bthmtpenum.mof\0%windir%\system32\wbem\msfeedsbs.mof\0%windir%\system32\wbem\wpdmtp.mof\0%windir%\system32\wbem\nettcpip.mof\0%windir%\system32\wbem\mdmappprov.mof\0%windir%\system32\wbem\partmgr.mof\0%windir%\system32\wbem\dsccoreconfprov.mof\0%windir%\system32\wbem\npivwmi.mof\0%windir%\system32\wbem\wudfx.mof\0%windir%\system32\wbem\wpcsync.mof\0%windir%\system32\wbem\netadaptercim.mof\0%windir%\system32\wbem\netadaptercimtrace.mof\0%windir%\system32\wbem\printmanagementprovider.mof\0%windir%\system32\wbem\wdf01000.mof\0%windir%\system32\wbem\schedprov.mof\0%windir%\system32\wbem\portabledevicewiacompat.mof\0%windir%\system32\wbem\fwcfg.mof\0%windir%\system32\wbem\authfwcfg.mof\0%windir%\system32\wbem\wfp.mof\0%windir%\system32\wbem\wpdcomp.mof\0%windir%\system32\wbem\msfeeds.mof\0%windir%\system32\wbem\neteventpacketcapture.mof\0%windir%\system32\wbem\pcsvdevice.mof\0%windir%\system32\wbem\msnetimplatform.mof\0%windir%\system32\wbem\netswitchteam.mof\0%windir%\system32\wbem\win32_encryptablevolume.mof\0%windir%\system32\wbem\wpdbusenum.mof\0%windir%\system32\wbem\wpdfs.mof\0%windir%\system32\wbem\wlan.mof\0%windir%\system32\wbem\userprofilewmiprovider.mof\0%windir%\system32\wbem\userprofileconfigurationwmiprovider.mof\0%windir%\system32\wbem\appbackgroundtask.mof\0%windir%\system32\wbem\lsasrv.mof\0%windir%\system32\wbem\smbwmiv2.mof\0%windir%\system32\wbem\wfascim.mof\0%windir%\system32\wbem\tsmf.mof\0%windir%\system32\wbem\nlsvc.mof\0%windir%\system32\wbem\samsrv.mof\0%windir%\system32\wbem\wdacwmiprov.mof\0%windir%\system32\wbem\dsccore.mof\0%windir%\system32\wbem\mispace.mof\0%windir%\system32\wbem\mpssvc.mof\0%windir%\system32\wbem\mpsdrv.mof\0%windir%\system32\wbem\firewallapi.mof\0%windir%\system32\wbem\wfapigp.mof\0%windir%\system32\wbem\msdtcwmi.mof\0%windir%\system32\wbem\wudfx02000.mof\0%windir%\system32\wbem\wmpnetwk.mof\0%windir%\system32\wbem\portabledeviceapi.mof\0%windir%\system32\wbem\portabledevicetypes.mof\0%windir%\system32\wbem\portabledeviceclassextension.mof\0%windir%\system32\wbem\portabledeviceconnectapi.mof\0%windir%\system32\wbem\dnsclientpsprovider.mof\0%windir%\system32\wbem\wcncsvc.mof\0%windir%\system32\wbem\storagewmi.mof\0%windir%\system32\wbem\storagewmi_passthru.mof\0%windir%\system32\wbem\sr.mof\0%windir%\system32\wbem\mdmsettingsprov.mof\0%windir%\system32\wbem\portabledevicewmdrm.mof\0%windir%\system32\wbem\powerwmiprovider.mof\0%windir%\system32\wbem\ps_mmagent.mof\0%windir%\system32\wbem\mswmdm.mof\0%windir%\system32\psmodulediscoveryprovider.mof\0%windir%\system32\wbem\vpnclientpsprovider.mof\0%windir%\system32\wbem\qoswmi.mof\0%windir%\system32\wbem\qoswmitrc.mof\0%windir%\system32\wbem\dnsclientcim.mof\0%windir%\system32\wbem\en-us\cimwin32.mfl\0%windir%\system32\wbem\en-us\wmipcima.mfl\0%windir%\system32\wbem\en-us\secrcw32.mfl\0%windir%\system32\wbem\en-us\subscrpt.mfl\0%windir%\system32\wbem\en-us\ncprov.mfl\0%windir%\system32\wbem\en-us\system.mfl\0%windir%\system32\wbem\en-us\interop.mfl\0%windir%\system32\wbem\en-us\scrcons.mfl\0%windir%\system32\wbem\en-us\smtpcons.mfl\0%windir%\system32\wbem\en-us\wbemcons.mfl\0%windir%\system32\wbem\en-us\wmi.mfl\0%windir%\system32\wbem\en-us\win32_printer.mfl\0%windir%\system32\wbem\en-us\wfs.mfl\0%windir%\system32\wbem\en-us\cli.mfl\0%windir%\system32\wbem\en-us\cliegaliases.mfl\0%windir%\system32\wbem\en-us\krnlprov.mfl\0%windir%\system32\wbem\en-us\wmitimep.mfl\0%windir%\system32\wbem\en-us\regevent.mfl\0%windir%\system32\wbem\en-us\dsprov.mfl\0%windir%\system32\wbem\en-us\wmipiprt.mfl\0%windir%\system32\wbem\en-us\wmipjobj.mfl\0%windir%\system32\wbem\en-us\ntevt.mfl\0%windir%\system32\wbem\en-us\msi.mfl\0%windir%\system32\wbem\en-us\wmipicmp.mfl\0%windir%\system32\wbem\en-us\wmipdfs.mfl\0%windir%\system32\wbem\en-us\wmipdskq.mfl\0%windir%\system32\wbem\en-us\wmipsess.mfl\0%windir%\system32\wbem\en-us\rsop.mfl\0%windir%\system32\wbem\en-us\wgxinstalledgame.mfl\0%windir%\system32\wbem\en-us\mstscax.mfl\0%windir%\system32\wbem\en-us\mstsc.mfl\0%windir%\system32\wbem\en-us\irmon.mfl\0%windir%\system32\wbem\en-us\netttcim.mfl\0%windir%\system32\wbem\en-us\netdacim.mfl\0%windir%\system32\wbem\en-us\netnccim.mfl\0%windir%\system32\wbem\en-us\vss.mfl\0%windir%\system32\wbem\en-us\vds.mfl\0%windir%\system32\wbem\en-us\wscenter.mfl\0%windir%\system32\wbem\en-us\ipmiprv.mfl\0%windir%\system32\wbem\en-us\iscsiprf.mfl\0%windir%\system32\wbem\en-us\iscsidsc.mfl\0%windir%\system32\wbem\en-us\iscsiwmiv2.mfl\0%windir%\system32\wbem\en-us\whqlprov.mfl\0%windir%\system32\en-us\psmodulediscoveryprovider.mfl\0%windir%\system32\wbem\en-us\msdtcwmi.mfl\0%windir%\system32\wbem\en-us\wdacwmiprov.mfl\0%windir%\system32\wbem\en-us\neteventpacketcapture.mfl\0%windir%\system32\wbem\en-us\wininit.mfl\0%ProgramFiles%\windows defender\en-us\protectionmanagement.mfl\0%windir%\system32\wbem\en-us\wmpnetwk.mfl\0%windir%\system32\wbem\en-us\printmanagementprovider.mfl\0%windir%\system32\wbem\en-us\wfascim.mfl\0%windir%\system32\wbem\en-us\schedprov.mfl\0%windir%\system32\wbem\en-us\smbwitnesswmiv2provider.mfl\0%windir%\system32\wbem\en-us\nlmcim.mfl\0%windir%\system32\wbem\en-us\xwizards.mfl\0%windir%\system32\wbem\en-us\dnsclientpsprovider.mfl\0%windir%\system32\wbem\en-us\racwmiprov.mfl\0%windir%\system32\wbem\en-us\sppwmi.mfl\0%windir%\system32\en-us\restartmanager.mfl\0%windir%\system32\wbem\en-us\l2gpstore.mfl\0%windir%\system32\wbem\en-us\vpnclientpsprovider.mfl\0%windir%\system32\wbem\en-us\winlogon.mfl\0%windir%\system32\wbem\en-us\npivwmi.mfl\0%windir%\system32\wbem\en-us\wudfx.mfl\0%windir%\system32\wbem\en-us\hbaapi.mfl\0%windir%\system32\wbem\en-us\rdpencom.mfl\0%windir%\system32\wbem\en-us\wcncsvc.mfl\0%windir%\system32\wbem\en-us\mispace.mfl\0%windir%\system32\wbem\en-us\ps_mmagent.mfl\0%windir%\system32\wbem\en-us\msnetimplatform.mfl\0%windir%\system32\wbem\en-us\netswitchteam.mfl\0%windir%\system32\wbem\en-us\netadaptercim.mfl\0%windir%\system32\wbem\en-us\netadaptercimtrace.mfl\0%windir%\system32\wbem\en-us\folderredirectionwmiprovider.mfl\0%windir%\system32\wbem\en-us\userstatewmiprovider.mfl\0%windir%\system32\wbem\en-us\pcsvdevice.mfl\0%windir%\system32\wbem\en-us\nettcpip.mfl\0%windir%\system32\wbem\en-us\smbwmiv2.mfl\0%windir%\system32\wbem\en-us\sr.mfl\0%windir%\system32\wbem\en-us\msfeedsbs.mfl\0%windir%\system32\wbem\en-us\powerwmiprovider.mfl\0%windir%\system32\wbem\en-us\mdmsettingsprov.mfl\0%windir%\system32\wbem\en-us\rdpcore.mfl\0%windir%\system32\wbem\en-us\qoswmi.mfl\0%windir%\system32\wbem\en-us\qoswmitrc.mfl\0%windir%\system32\wbem\en-us\wudfx02000.mfl\0%windir%\system32\wbem\en-us\userprofilewmiprovider.mfl\0%windir%\system32\wbem\en-us\userprofileconfigurationwmiprovider.mfl\0%windir%\system32\wbem\en-us\appbackgroundtask.mfl\0%windir%\system32\wbem\en-us\msfeeds.mfl\0%windir%\system32\wbem\en-us\dsccoreconfprov.mfl\0%windir%\system32\wbem\en-us\mdmappprov.mfl\0%windir%\system32\wbem\en-us\filetrace.mfl\0%windir%\system32\wbem\en-us\storagewmi.mfl\0%windir%\system32\wbem\en-us\storagewmi_passthru.mfl\0%windir%\system32\wbem\en-us\dsccore.mfl\0%windir%\system32\wbem\en-us\cimdmtf.mfl\0%windir%\system32\wbem\en-us\powermeterprovider.mfl\0%windir%\system32\wbem\en-us\profileassociationprovider.mfl\0%windir%\system32\wbem\en-us\cimwin32.mfl\0%windir%\system32\wbem\en-us\wmipcima.mfl\0%windir%\system32\wbem\en-us\secrcw32.mfl\0%windir%\system32\wbem\en-us\subscrpt.mfl\0%windir%\system32\wbem\en-us\ncprov.mfl\0%windir%\system32\wbem\en-us\system.mfl\0%windir%\system32\wbem\en-us\interop.mfl\0%windir%\system32\wbem\en-us\scrcons.mfl\0%windir%\system32\wbem\en-us\smtpcons.mfl\0%windir%\system32\wbem\en-us\wbemcons.mfl\0%windir%\system32\wbem\en-us\wmi.mfl\0%windir%\system32\wbem\en-us\win32_printer.mfl\0%windir%\system32\wbem\en-us\wfs.mfl\0%windir%\system32\wbem\en-us\cli.mfl\0%windir%\system32\wbem\en-us\cliegaliases.mfl\0%windir%\system32\wbem\en-us\krnlprov.mfl\0%windir%\system32\wbem\en-us\wmitimep.mfl\0%windir%\system32\wbem\en-us\regevent.mfl\0%windir%\system32\wbem\en-us\dsprov.mfl\0%windir%\system32\wbem\en-us\wmipiprt.mfl\0%windir%\system32\wbem\en-us\wmipjobj.mfl\0%windir%\system32\wbem\en-us\ntevt.mfl\0%windir%\system32\wbem\en-us\msi.mfl\0%windir%\system32\wbem\en-us\wmipicmp.mfl\0%windir%\system32\wbem\en-us\wmipdfs.mfl\0%windir%\system32\wbem\en-us\wmipdskq.mfl\0%windir%\system32\wbem\en-us\wmipsess.mfl\0%windir%\system32\wbem\en-us\rsop.mfl\0%windir%\system32\wbem\en-us\wgxinstalledgame.mfl\0%windir%\system32\wbem\en-us\mstscax.mfl\0%windir%\system32\wbem\en-us\mstsc.mfl\0%windir%\system32\wbem\en-us\irmon.mfl\0%windir%\system32\wbem\en-us\netttcim.mfl\0%windir%\system32\wbem\en-us\netdacim.mfl\0%windir%\system32\wbem\en-us\netnccim.mfl\0%windir%\system32\wbem\en-us\vss.mfl\0%windir%\system32\wbem\en-us\vds.mfl\0%windir%\system32\wbem\en-us\wscenter.mfl\0%windir%\system32\wbem\en-us\ipmiprv.mfl\0%windir%\system32\wbem\en-us\iscsiprf.mfl\0%windir%\system32\wbem\en-us\iscsidsc.mfl\0%windir%\system32\wbem\en-us\iscsiwmiv2.mfl\0%windir%\system32\wbem\en-us\whqlprov.mfl\0%windir%\system32\en-us\psmodulediscoveryprovider.mfl\0%windir%\system32\wbem\en-us\msdtcwmi.mfl\0%windir%\system32\wbem\en-us\wdacwmiprov.mfl\0%windir%\system32\wbem\en-us\neteventpacketcapture.mfl\0%windir%\system32\wbem\en-us\wininit.mfl\0%ProgramFiles%\windows defender\en-us\protectionmanagement.mfl\0%windir%\system32\wbem\en-us\wmpnetwk.mfl\0%windir%\system32\wbem\en-us\printmanagementprovider.mfl\0%windir%\system32\wbem\en-us\wfascim.mfl\0%windir%\system32\wbem\en-us\schedprov.mfl\0%windir%\system32\wbem\en-us\smbwitnesswmiv2provider.mfl\0%windir%\system32\wbem\en-us\nlmcim.mfl\0%windir%\system32\wbem\en-us\xwizards.mfl\0%windir%\system32\wbem\en-us\dnsclientpsprovider.mfl\0%windir%\system32\wbem\en-us\racwmiprov.mfl\0%windir%\system32\wbem\en-us\sppwmi.mfl\0%windir%\system32\en-us\restartmanager.mfl\0%windir%\system32\wbem\en-us\l2gpstore.mfl\0%windir%\system32\wbem\en-us\vpnclientpsprovider.mfl\0%windir%\system32\wbem\en-us\winlogon.mfl\0%windir%\system32\wbem\en-us\npivwmi.mfl\0%windir%\system32\wbem\en-us\wudfx.mfl\0%windir%\system32\wbem\en-us\hbaapi.mfl\0%windir%\system32\wbem\en-us\rdpencom.mfl\0%windir%\system32\wbem\en-us\wcncsvc.mfl\0%windir%\system32\wbem\en-us\mispace.mfl\0%windir%\system32\wbem\en-us\ps_mmagent.mfl\0%windir%\system32\wbem\en-us\msnetimplatform.mfl\0%windir%\system32\wbem\en-us\netswitchteam.mfl\0%windir%\system32\wbem\en-us\netadaptercim.mfl\0%windir%\system32\wbem\en-us\netadaptercimtrace.mfl\0%windir%\system32\wbem\en-us\folderredirectionwmiprovider.mfl\0%windir%\system32\wbem\en-us\userstatewmiprovider.mfl\0%windir%\system32\wbem\en-us\pcsvdevice.mfl\0%windir%\system32\wbem\en-us\nettcpip.mfl\0%windir%\system32\wbem\en-us\smbwmiv2.mfl\0%windir%\system32\wbem\en-us\sr.mfl\0%windir%\system32\wbem\en-us\msfeedsbs.mfl\0%windir%\system32\wbem\en-us\powerwmiprovider.mfl\0%windir%\system32\wbem\en-us\mdmsettingsprov.mfl\0%windir%\system32\wbem\en-us\rdpcore.mfl\0%windir%\system32\wbem\en-us\qoswmi.mfl\0%windir%\system32\wbem\en-us\qoswmitrc.mfl\0%windir%\system32\wbem\en-us\wudfx02000.mfl\0%windir%\system32\wbem\en-us\userprofilewmiprovider.mfl\0%windir%\system32\wbem\en-us\userprofileconfigurationwmiprovider.mfl\0%windir%\system32\wbem\en-us\appbackgroundtask.mfl\0%windir%\system32\wbem\en-us\msfeeds.mfl\0%windir%\system32\wbem\en-us\dsccoreconfprov.mfl\0%windir%\system32\wbem\en-us\mdmappprov.mfl\0%windir%\system32\wbem\en-us\filetrace.mfl\0%windir%\system32\wbem\en-us\storagewmi.mfl\0%windir%\system32\wbem\en-us\storagewmi_passthru.mfl\0%windir%\system32\wbem\en-us\dsccore.mfl\0%windir%\system32\wbem\en-us\cimdmtf.mfl\0%windir%\system32\wbem\en-us\powermeterprovider.mfl\0%windir%\system32\wbem\en-us\profileassociationprovider.mfl\0%windir%\system32\wbem\en-us\microsoft-windows-offlinefiles.mfl\0%windir%\system32\wbem\microsoft-windows-offlinefiles.mof\0%windir%\system32\wbem\en-us\policman.mfl\0%windir%\system32\wbem\policman.mof\0%windir%\system32\wbem\rdpendp.mof\0%windir%\system32\wbem\en-us\polprocl.mfl\0%windir%\system32\wbem\polprocl.mof\0%windir%\system32\wbem\en-us\tscfgwmi.mfl\0%windir%\system32\wbem\tscfgwmi.mof\0%windir%\system32\wbem\en-us\netpeerdistcim.mfl\0%windir%\system32\wbem\en-us\embeddedlockdownwmi.mfl\0%windir%\system32\wbem\en-us\ddp.mfl\0%windir%\system32\wbem\en-us\offlinefileswmiprovider.mfl\0%windir%\system32\wbem\en-us\offlinefileswmiprovider_uninstall.mfl\0%windir%\system32\wbem\en-us\offlinefilesconfigurationwmiprovider.mfl\0%windir%\system32\wbem\en-us\offlinefilesconfigurationwmiprovider_uninstall.mfl\0%windir%\system32\wbem\offlinefileswmiprovider.mof\0%windir%\system32\wbem\offlinefilesconfigurationwmiprovider.mof\0%windir%\system32\wbem\embeddedlockdownwmi.mof\0%windir%\system32\wbem\mblctr.mof\0%windir%\system32\wbem\sensorscpl.mof\0%windir%\system32\wbem\netpeerdistcim.mof\0%windir%\system32\wbem\ddp.mof\0%windir%\system32\wbem\sensorsclassextension.mof\0C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\CLR.MOF Autorecover MOFs timestamp REG_SZ 131736996493653529 AutoRestoreEnabled REG_DWORD 0x00000001 (1) Build REG_SZ Aug 21 2013 16:23:00 ConfigValueCoreDatabaseDirty REG_DWORD 0x00000000 (0) ConfigValueCoreFsrepVersion REG_DWORD 0x00000006 (6) ConfigValueCoreNeedBackupCheck REG_DWORD 0x00000000 (0) ConfigValueEssNeedsLoading REG_DWORD 0x00000001 (1) ConfigValueEssToBeInitialized REG_DWORD 0x00000000 (0) Default Repository Driver REG_SZ {7998dc37-d3fe-487c-a60a-7701fcc70cc6} DefaultSecuredHost REG_DWORD 0x00000000 (0) EnableEvents REG_SZ 1 High Threshold On Events (B) REG_SZ 20000000 LastServiceStart REG_SZ 2018/6/21 17:42:48'576 List of event-active namespaces REG_BINARY 00000000000000001C317477D400000000010000000000007C317477D400000000220000830D0000000000000000 LodCtrDelay REG_DWORD 0x0000003C (60) Log File Max Size REG_SZ 65536 Logging REG_SZ 0 Logging Directory REG_EXPAND_SZ C:\Windows\system32\wbem\Logs\ Low Threshold On Events (B) REG_SZ 10000000 Max Async Result Queue Size REG_SZ 1 Max Class Cache Item Age (ms) REG_DWORD 0x0001D4C0 (120000) Max Class Cache Size REG_DWORD 0x004C4B40 (5000000) Max Tasks REG_DWORD 0x00001388 (5000) Max Wait On Events (ms) REG_SZ 2000 Merger Batching Threshold REG_DWORD 0x00020000 (131072) Merger Release Threshold REG_DWORD 0x00000005 (5) Merger Throttling Threshold REG_DWORD 0x0000000A (10) MOF Self-Install Directory REG_EXPAND_SZ C:\Windows\system32\WBEM\MOF NumWriteIdCheck REG_DWORD 0x0000000A (10) PreviousServiceShutdown REG_SZ 2018/6/17 9:7:31'679 ProcessID REG_DWORD 0x00000374 (884) Repository Directory REG_EXPAND_SZ C:\Windows\system32\wbem\repository SetupDate REG_SZ SetupTime REG_SZ ThrottleDrege REG_DWORD 0x00000001 (1) TimeOutMs REG_SZ 20000 TimeToFullDredge REG_DWORD 0xFFFFFFFF (-1) TimeToTerminateAdap REG_DWORD 0x000927C0 (600000) Unchecked Task Count REG_DWORD 0x000000FA (250) UnsecappAccessControlDefault REG_SZ 0 Working Directory REG_EXPAND_SZ C:\Windows\system32\wbem =================================================================================================================================================== HKLM\SYSTEM\CurrentControlSet\Services\Http\Parameters =================================================================================================================================================== =================================================================================================================================================== HKLM\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters =================================================================================================================================================== =================================================================================================================================================== HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters =================================================================================================================================================== AdjustedNullSessionPipes REG_DWORD 0x00000003 (3) autodisconnect REG_DWORD 0x0000000F (15) EnableAuthenticateUserSharing REG_DWORD 0x00000000 (0) enableforcedlogoff REG_DWORD 0x00000001 (1) enablesecuritysignature REG_DWORD 0x00000000 (0) Guid REG_BINARY C040190C0AF40043B7051D977A54C7AA Lmannounce REG_DWORD 0x00000000 (0) NullSessionPipes REG_MULTI_SZ requiresecuritysignature REG_DWORD 0x00000000 (0) restrictnullsessaccess REG_DWORD 0x00000001 (1) ServiceDll REG_EXPAND_SZ C:\Windows\system32\srvsvc.dll ServiceDllUnloadOnStop REG_DWORD 0x00000001 (1) Size REG_DWORD 0x00000001 (1) =================================================================================================================================================== HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters =================================================================================================================================================== EnablePlainTextPassword REG_DWORD 0x00000000 (0) EnableSecuritySignature REG_DWORD 0x00000001 (1) OtherDomains REG_MULTI_SZ RequireSecuritySignature REG_DWORD 0x00000000 (0) ServiceDll REG_EXPAND_SZ C:\Windows\System32\wkssvc.dll ServiceDllUnloadOnStop REG_DWORD 0x00000001 (1) =================================================================================================================================================== HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters =================================================================================================================================================== =================================================================================================================================================== HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters =================================================================================================================================================== DataBasePath REG_EXPAND_SZ C:\Windows\System32\drivers\etc DeadGWDetectDefault REG_DWORD 0x00000001 (1) DhcpNameServer REG_SZ 192.168.1.1 Domain REG_SZ DontAddDefaultGatewayDefault REG_DWORD 0x00000000 (0) EnableICMPRedirect REG_DWORD 0x00000001 (1) ForwardBroadcasts REG_DWORD 0x00000000 (0) Hostname REG_SZ win81Prox64 ICSDomain REG_SZ mshome.net IPEnableRouter REG_DWORD 0x00000000 (0) NameServer REG_SZ NV Hostname REG_SZ win81Prox64 SearchList REG_SZ SyncDomainWithMembership REG_DWORD 0x00000001 (1) UseDomainNameDevolution REG_DWORD 0x00000001 (1) =================================================================================================================================================== FILE VERSION INFORMATION =================================================================================================================================================== --------------------------------------------------------------------------------------------------------------------------------------------------- BASE --------------------------------------------------------------------------------------------------------------------------------------------------- ADVAPI32.DLL 6.3.9600.16384 08/22/2013 654 KB (669,392 bytes) CSRSS.EXE 6.3.9600.16384 08/22/2013 17 KB (17,120 bytes) HAL.DLL 6.3.9600.16384 08/22/2013 408 KB (418,144 bytes) NTDLL.DLL 6.3.9600.16384 08/22/2013 1,682 KB (1,722,608 bytes) NTOSKRNL.EXE 6.3.9600.16384 08/22/2013 7,242 KB (7,416,160 bytes) SVCHOST.EXE 6.3.9600.16384 08/22/2013 37 KB (37,768 bytes) WIN32K.SYS 6.3.9600.16384 08/22/2013 4,094 KB (4,191,744 bytes) WINSRV.DLL 6.3.9600.16384 08/22/2013 189 KB (193,536 bytes) --------------------------------------------------------------------------------------------------------------------------------------------------- MSI --------------------------------------------------------------------------------------------------------------------------------------------------- MSI.DLL 5.0.9600.16384 08/22/2013 2,700 KB (2,764,800 bytes) --------------------------------------------------------------------------------------------------------------------------------------------------- NETWORK --------------------------------------------------------------------------------------------------------------------------------------------------- AFD.SYS 6.3.9600.16384 08/22/2013 554 KB (567,296 bytes) BROWSER.DLL 6.3.9600.16384 08/22/2013 131 KB (134,144 bytes) DFSC.SYS 6.3.9600.16384 08/22/2013 132 KB (134,656 bytes) FDWNET.DLL 6.3.9600.16384 08/22/2013 28 KB (28,160 bytes) FWPKCLNT.SYS 6.3.9600.16384 08/22/2013 419 KB (428,896 bytes) HTTP.SYS 6.3.9600.16384 08/22/2013 971 KB (994,144 bytes) MPR.DLL 6.3.9600.16384 08/22/2013 96 KB (98,184 bytes) MRXSMB.SYS 6.3.9600.16384 08/22/2013 393 KB (402,432 bytes) MRXSMB10.SYS 6.3.9600.16384 08/22/2013 277 KB (283,648 bytes) MRXSMB20.SYS 6.3.9600.16384 08/22/2013 202 KB (206,848 bytes) MUP.SYS 6.3.9600.16384 08/22/2013 77 KB (78,688 bytes) NDIS.SYS 6.3.9600.16384 08/22/2013 1,092 KB (1,118,552 bytes) NETBIOS.SYS 6.3.9600.16384 08/22/2013 47 KB (48,128 bytes) RDBSS.SYS 6.3.9600.16384 08/22/2013 399 KB (408,576 bytes) SRV.SYS 6.3.9600.16384 08/22/2013 444 KB (454,656 bytes) SRV2.SYS 6.3.9600.16384 08/22/2013 659 KB (674,816 bytes) SRVNET.SYS 6.3.9600.16384 08/22/2013 238 KB (244,224 bytes) TCPIP.SYS 6.3.9600.16384 08/22/2013 2,490 KB (2,549,600 bytes) WS2_32.DLL 6.3.9600.16384 08/22/2013 348 KB (355,872 bytes) WSOCK32.DLL 6.3.9600.16384 08/22/2013 17 KB (17,408 bytes) --------------------------------------------------------------------------------------------------------------------------------------------------- PERFORMANCE MONITOR --------------------------------------------------------------------------------------------------------------------------------------------------- PDH.DLL 6.3.9600.16384 08/22/2013 292 KB (299,520 bytes) --------------------------------------------------------------------------------------------------------------------------------------------------- PRINT --------------------------------------------------------------------------------------------------------------------------------------------------- LOCALSPL.DLL 6.3.9600.16384 08/22/2013 1,020 KB (1,044,480 bytes) --------------------------------------------------------------------------------------------------------------------------------------------------- REGISTRY --------------------------------------------------------------------------------------------------------------------------------------------------- REG.EXE 6.3.9600.16384 08/22/2013 72 KB (73,216 bytes) REGSVC.DLL 6.3.9600.16384 08/22/2013 161 KB (164,864 bytes) --------------------------------------------------------------------------------------------------------------------------------------------------- RPC --------------------------------------------------------------------------------------------------------------------------------------------------- RPCRT4.DLL 6.3.9600.16384 08/22/2013 1,238 KB (1,268,056 bytes) --------------------------------------------------------------------------------------------------------------------------------------------------- SHELL --------------------------------------------------------------------------------------------------------------------------------------------------- SHELL32.DLL 6.3.9600.16384 08/22/2013 20,695 KB (21,192,024 bytes) --------------------------------------------------------------------------------------------------------------------------------------------------- STORAGE --------------------------------------------------------------------------------------------------------------------------------------------------- CLASSPNP.SYS 6.3.9600.16384 08/22/2013 330 KB (337,760 bytes) DISK.SYS 6.3.9600.16384 08/22/2013 98 KB (100,192 bytes) DISKDUMP.SYS 6.3.9600.16384 08/22/2013 35 KB (36,192 bytes) NTFS.SYS 6.3.9600.16384 08/22/2013 1,964 KB (2,011,488 bytes) PARTMGR.SYS 6.3.9600.16384 08/22/2013 87 KB (88,928 bytes) STORPORT.SYS 6.3.9600.16384 08/22/2013 365 KB (374,112 bytes) VOLMGR.SYS 6.3.9600.16384 08/22/2013 72 KB (73,568 bytes) VOLMGRX.SYS 6.3.9600.16384 08/22/2013 369 KB (377,696 bytes) VOLSNAP.SYS 6.3.9600.16384 08/22/2013 305 KB (312,160 bytes) VSSADMIN.EXE 6.3.9600.16384 08/22/2013 146 KB (149,504 bytes) VSSAPI.DLL 6.3.9600.16384 08/22/2013 1,522 KB (1,558,528 bytes) VSSVC.EXE 6.3.9600.16384 08/22/2013 1,402 KB (1,436,160 bytes) --------------------------------------------------------------------------------------------------------------------------------------------------- WINRM --------------------------------------------------------------------------------------------------------------------------------------------------- WSMSVC.DLL 6.3.9600.16384 08/22/2013 2,422 KB (2,479,616 bytes) --------------------------------------------------------------------------------------------------------------------------------------------------- WMI --------------------------------------------------------------------------------------------------------------------------------------------------- CIMWIN32.DLL 6.3.9600.16384 08/22/2013 1,754 KB (1,796,096 bytes) REPDRVFS.DLL 6.3.9600.16384 08/22/2013 383 KB (392,192 bytes) WMIPERFCLASS.DLL 6.3.9600.16384 08/22/2013 127 KB (130,048 bytes) Script completed in 38.03s